feat: Add new autoupdates element

This patch proposes a new element which creates a mechanism for the image to have automatic updates enabled from the first boot. A custom config file, is expected during build time, which is injected into the image. Change-Id: Ib4c7513db4e00d592447fda1b1d0ed2bc649e1cf Signed-off-by: Charalampos Kominos <hkominos@gmail.com>
2024-07-12 15:08:32 +02:00 · 2024-07-12 15:08:32 +02:00 · 7e1bb74831
commit 7e1bb74831
parent e89f59393a
7 changed files with 129 additions and 0 deletions
--- a/diskimage_builder/elements/autoupdates/README.rst
+++ b/diskimage_builder/elements/autoupdates/README.rst
@ -0,0 +1,23 @@
+===========
+autoupdates
+===========
+
+This element will configure both debian family and redhat family images to have an automatic updates mechanism built into the image, for example to update automatically from the security repos.
+For Debian based images it is based on unuattended-upgrades and for Redhat on dnf-automatic.
+
+Environment Variables
+---------------------
+
+DIB_DEB_UPDATES_CONF
+   :Required: Yes for the Debian Family
+   :Default: None
+   :Description: The location of a custom 50unattended-upgrades file on the builder which will be injected into the image.
+   :Example: ``DIB_DEB_UPDATES_CONF=/home/50unattended-upgrades``
+
+DIB_YUM_UPDATES_CONF
+   :Required: Yes for the Redhat Family
+   :Default: None
+   :Description: The location of a custom automatic.conf file on the builder which will be injected into the image.
+   :Example: ``DIB_YUM_UPDATES_CONF=/home/automatic.conf``
+
+.. element_deps::
--- a/diskimage_builder/elements/autoupdates/element-deps
+++ b/diskimage_builder/elements/autoupdates/element-deps
@ -0,0 +1,2 @@
+package-installs
+pkg-map
--- a/diskimage_builder/elements/autoupdates/package-installs.yaml
+++ b/diskimage_builder/elements/autoupdates/package-installs.yaml
@ -0,0 +1,2 @@
+autoupdates:
+  phase: install.d
--- a/diskimage_builder/elements/autoupdates/pkg-map
+++ b/diskimage_builder/elements/autoupdates/pkg-map
@ -0,0 +1,18 @@
+{
+    "family":{
+        "redhat": {
+            "autoupdates": "dnf-automatic"
+        },
+        "debian":{
+            "autoupdates": "unattended-upgrades"
+        },
+        "suse": {
+            "autoupdates": ""
+        },
+        "gentoo": {
+            "autoupdates": ""
+        }
+    }
+}
+
+
--- a/diskimage_builder/elements/autoupdates/post-install.d/82-enable-autoupdate
+++ b/diskimage_builder/elements/autoupdates/post-install.d/82-enable-autoupdate
@ -0,0 +1,35 @@
+#!/bin/bash
+# Copyright (c) 2024 ECMWF
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+#
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+case "$DIB_INIT_SYSTEM" in
+    systemd)
+        if [[ $DISTRO_NAME =~ (ubuntu|debian)$ ]]; then
+            systemctl enable unattended-upgrades.service
+        elif [[ $DISTRO_NAME =~ (centos|rocky|rhel|openeuler)$ ]]; then
+            systemctl enable dnf-automatic.timer
+        else
+            echo "The 'autoupdates' element does not support this distribution."
+            echo "Exiting"
+            exit 1
+        fi
+esac
--- a/diskimage_builder/elements/autoupdates/root.d/61-create-update-config
+++ b/diskimage_builder/elements/autoupdates/root.d/61-create-update-config
@ -0,0 +1,38 @@
+#!/bin/bash
+# Copyright (c) 2024 ECMWF
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+#
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+# Check that only one of DIB_DEB_UPDATES_CONF or DIB_YUM_UPDATES_CONF is set
+
+if [[ -n ${DIB_DEB_UPDATES_CONF:-} && -n ${DIB_YUM_UPDATES_CONF:-} ]]; then
+    echo "Error: Both DIB_DEB_UPDATES_CONF and DIB_YUM_UPDATES_CONF are set. Please select only one based on the distro." >&2
+    exit 1
+elif [[ -z ${DIB_DEB_UPDATES_CONF:-} && -z ${DIB_YUM_UPDATES_CONF:-} ]]; then
+    echo "Warning: Neither DIB_DEB_UPDATES_CONF nor DIB_YUM_UPDATES_CONF is set. Continuing without adding a config file." >&2
+fi
+
+# Copy the appropriate configuration file if one is set
+if [[ -n ${DIB_DEB_UPDATES_CONF:-} ]]; then
+    sudo cp ${DIB_DEB_UPDATES_CONF} $TARGET_ROOT/etc/apt/apt.conf.d/50unattended-upgrades
+elif [[ -n ${DIB_YUM_UPDATES_CONF:-} ]]; then
+    sudo cp ${DIB_YUM_UPDATES_CONF} $TARGET_ROOT/etc/dnf/automatic.conf
+fi
--- a/releasenotes/notes/add-autoupdates-element-8225a5d8b19cec74.yaml
+++ b/releasenotes/notes/add-autoupdates-element-8225a5d8b19cec74.yaml
@ -0,0 +1,11 @@
+---
+features:
+  - |
+    A new element ``autoupdates`` is added to DIB. This element, with proper
+    configuration, will enable and configure cloud images to have a system that
+    automatically updates the image, from the upstream binaries. To this end,
+    ``DIB_DEB_UPDATES_CONF`` or ``DIB_YUM_UPDATES_CONF`` must be set during build time.
+other:
+  - |
+    The ``autoupdates`` element has only been tested in Rocky and Ubuntu images.
+    In addition, the element does not check the validity of the configuration files in any way.