From 0c3e41384a0582e86a9fd90ec316e760d3d3152f Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Thu, 28 Feb 2019 12:20:55 +0000 Subject: [PATCH] Build ubuntu bionic minimal images for control plane So that we can stop dealing with distro or provider images, just start building our own images. Depends-On: https://review.openstack.org/640027 Change-Id: I8f1d15024dd5d8162cad9e8e2f7e5f12851dd448 --- .../control-plane-minimal/element-deps | 2 + .../package-installs.yaml | 11 ++++++ .../post-install.d/80-enable-haveged | 17 +++++++++ .../post-install.d/80-enable-infra-services | 17 +++++++++ .../post-install.d/89-sshd | 33 +++++++++++++++++ nodepool/nodepool.yaml | 37 +++++++++++++++++++ 6 files changed, 117 insertions(+) create mode 100644 nodepool/elements/control-plane-minimal/element-deps create mode 100644 nodepool/elements/control-plane-minimal/package-installs.yaml create mode 100755 nodepool/elements/control-plane-minimal/post-install.d/80-enable-haveged create mode 100755 nodepool/elements/control-plane-minimal/post-install.d/80-enable-infra-services create mode 100755 nodepool/elements/control-plane-minimal/post-install.d/89-sshd diff --git a/nodepool/elements/control-plane-minimal/element-deps b/nodepool/elements/control-plane-minimal/element-deps new file mode 100644 index 0000000000..89d13d0a34 --- /dev/null +++ b/nodepool/elements/control-plane-minimal/element-deps @@ -0,0 +1,2 @@ +openssh-server +package-installs diff --git a/nodepool/elements/control-plane-minimal/package-installs.yaml b/nodepool/elements/control-plane-minimal/package-installs.yaml new file mode 100644 index 0000000000..96097aa875 --- /dev/null +++ b/nodepool/elements/control-plane-minimal/package-installs.yaml @@ -0,0 +1,11 @@ +acpid: +coreutils: +cron: +util-linux: +python3: + phase: pre-install.d +ntp: +ntpdate: +lvm2: +haveged: +iptables: diff --git a/nodepool/elements/control-plane-minimal/post-install.d/80-enable-haveged b/nodepool/elements/control-plane-minimal/post-install.d/80-enable-haveged new file mode 100755 index 0000000000..49f6031ddc --- /dev/null +++ b/nodepool/elements/control-plane-minimal/post-install.d/80-enable-haveged @@ -0,0 +1,17 @@ +#!/bin/bash + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +case "$DIB_INIT_SYSTEM" in + systemd) + systemctl enable haveged.service + ;; + *) + echo "Unsupported init system $DIB_INIT_SYSTEM" + exit 1 + ;; +esac diff --git a/nodepool/elements/control-plane-minimal/post-install.d/80-enable-infra-services b/nodepool/elements/control-plane-minimal/post-install.d/80-enable-infra-services new file mode 100755 index 0000000000..e7698dcffa --- /dev/null +++ b/nodepool/elements/control-plane-minimal/post-install.d/80-enable-infra-services @@ -0,0 +1,17 @@ +#!/bin/bash + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +case "$DIB_INIT_SYSTEM" in + systemd) + systemctl enable ntp.service + ;; + *) + echo "Unsupported init system $DIB_INIT_SYSTEM" + exit 1 + ;; +esac diff --git a/nodepool/elements/control-plane-minimal/post-install.d/89-sshd b/nodepool/elements/control-plane-minimal/post-install.d/89-sshd new file mode 100755 index 0000000000..46cc60f68e --- /dev/null +++ b/nodepool/elements/control-plane-minimal/post-install.d/89-sshd @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright (C) 2011-2013 OpenStack Foundation +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# NOTE(pabelanger): Glean configures access for root user, so allow us to +# properly login. +sed -i -e'/PermitRootLogin/d' /etc/ssh/sshd_config \ + && echo "PermitRootLogin yes" >> /etc/ssh/sshd_config + +# NOTE(clarkb): Glean configures ssh keys only and not passwords. Disable +# unnecessary password auth. +sed -i -e '/PasswordAuthentication/d' /etc/ssh/sshd_config \ + && echo "PasswordAuthentication no" >> /etc/ssh/sshd_config diff --git a/nodepool/nodepool.yaml b/nodepool/nodepool.yaml index 9c0ebff1a9..a84b1d3ee8 100644 --- a/nodepool/nodepool.yaml +++ b/nodepool/nodepool.yaml @@ -118,6 +118,20 @@ providers: rate: 0.01 diskimages: *provider_diskimages + - name: rax-dfw-control-plane + region-name: DFW + cloud: rax-control-plane + rate: 0.001 + diskimages: &control_plane_diskimages + - name: ubuntu-bionic-minimal + config-drive: true + + - name: vexxhost-sjc1-control-plane + region-name: sjc1 + cloud: vexxhost-control-plane + rate: 0.001 + diskimages: *control_plane_diskimages + diskimages: - name: centos-7 pause: false @@ -375,3 +389,26 @@ diskimages: GIT_HTTP_LOW_SPEED_TIME: '300' GIT_HTTP_LOW_SPEED_LIMIT: '1000' DIB_SHOW_IMAGE_USAGE: '1' + - name: ubuntu-bionic-minimal + pause: false + elements: + - ubuntu-minimal + - vm + - simple-init + - growroot + - openssh-server + - control-plane-minimal + release: bionic + env-vars: + TMPDIR: /opt/dib_tmp + DIB_CHECKSUM: '1' + DIB_IMAGE_CACHE: /opt/dib_cache + DIB_APT_LOCAL_CACHE: '0' + DIB_DISABLE_APT_CLEANUP: '1' + DIB_GRUB_TIMEOUT: '0' + # DIB_DISTRIBUTION_MIRROR excluded on purpose + DIB_DEBOOTSTRAP_EXTRA_ARGS: '--no-check-gpg' + DIB_DEBIAN_COMPONENTS: 'main,universe' + GIT_HTTP_LOW_SPEED_TIME: '300' + GIT_HTTP_LOW_SPEED_LIMIT: '1000' + DIB_SHOW_IMAGE_USAGE: '1'