Build ubuntu bionic minimal images for control plane

So that we can stop dealing with distro or provider images, just
start building our own images.

Depends-On: https://review.openstack.org/640027
Change-Id: I8f1d15024dd5d8162cad9e8e2f7e5f12851dd448
changes/44/640044/5
Monty Taylor 4 years ago
parent 81071e975d
commit 0c3e41384a
  1. 2
      nodepool/elements/control-plane-minimal/element-deps
  2. 11
      nodepool/elements/control-plane-minimal/package-installs.yaml
  3. 17
      nodepool/elements/control-plane-minimal/post-install.d/80-enable-haveged
  4. 17
      nodepool/elements/control-plane-minimal/post-install.d/80-enable-infra-services
  5. 33
      nodepool/elements/control-plane-minimal/post-install.d/89-sshd
  6. 37
      nodepool/nodepool.yaml

@ -0,0 +1,2 @@
openssh-server
package-installs

@ -0,0 +1,11 @@
acpid:
coreutils:
cron:
util-linux:
python3:
phase: pre-install.d
ntp:
ntpdate:
lvm2:
haveged:
iptables:

@ -0,0 +1,17 @@
#!/bin/bash
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
case "$DIB_INIT_SYSTEM" in
systemd)
systemctl enable haveged.service
;;
*)
echo "Unsupported init system $DIB_INIT_SYSTEM"
exit 1
;;
esac

@ -0,0 +1,17 @@
#!/bin/bash
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
case "$DIB_INIT_SYSTEM" in
systemd)
systemctl enable ntp.service
;;
*)
echo "Unsupported init system $DIB_INIT_SYSTEM"
exit 1
;;
esac

@ -0,0 +1,33 @@
#!/bin/bash
# Copyright (C) 2011-2013 OpenStack Foundation
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
#
# See the License for the specific language governing permissions and
# limitations under the License.
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
# NOTE(pabelanger): Glean configures access for root user, so allow us to
# properly login.
sed -i -e'/PermitRootLogin/d' /etc/ssh/sshd_config \
&& echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
# NOTE(clarkb): Glean configures ssh keys only and not passwords. Disable
# unnecessary password auth.
sed -i -e '/PasswordAuthentication/d' /etc/ssh/sshd_config \
&& echo "PasswordAuthentication no" >> /etc/ssh/sshd_config

@ -118,6 +118,20 @@ providers:
rate: 0.01
diskimages: *provider_diskimages
- name: rax-dfw-control-plane
region-name: DFW
cloud: rax-control-plane
rate: 0.001
diskimages: &control_plane_diskimages
- name: ubuntu-bionic-minimal
config-drive: true
- name: vexxhost-sjc1-control-plane
region-name: sjc1
cloud: vexxhost-control-plane
rate: 0.001
diskimages: *control_plane_diskimages
diskimages:
- name: centos-7
pause: false
@ -375,3 +389,26 @@ diskimages:
GIT_HTTP_LOW_SPEED_TIME: '300'
GIT_HTTP_LOW_SPEED_LIMIT: '1000'
DIB_SHOW_IMAGE_USAGE: '1'
- name: ubuntu-bionic-minimal
pause: false
elements:
- ubuntu-minimal
- vm
- simple-init
- growroot
- openssh-server
- control-plane-minimal
release: bionic
env-vars:
TMPDIR: /opt/dib_tmp
DIB_CHECKSUM: '1'
DIB_IMAGE_CACHE: /opt/dib_cache
DIB_APT_LOCAL_CACHE: '0'
DIB_DISABLE_APT_CLEANUP: '1'
DIB_GRUB_TIMEOUT: '0'
# DIB_DISTRIBUTION_MIRROR excluded on purpose
DIB_DEBOOTSTRAP_EXTRA_ARGS: '--no-check-gpg'
DIB_DEBIAN_COMPONENTS: 'main,universe'
GIT_HTTP_LOW_SPEED_TIME: '300'
GIT_HTTP_LOW_SPEED_LIMIT: '1000'
DIB_SHOW_IMAGE_USAGE: '1'

Loading…
Cancel
Save