--- name: starlingx machine: intel-x86-64 image_type: - iso - ostree-repo - ustart debootstrap-mirror: http://deb.debian.org/debian package_feeds: [] package_type: external-debian wic: OSTREE_WKS_BOOT_SIZE: '' OSTREE_WKS_EFI_SIZE: --size=32M OSTREE_WKS_ROOT_SIZE: '' OSTREE_WKS_FLUX_SIZE: '' OSTREE_FLUX_PART: fluxdata gpg: gpg_path: /tmp/.lat_gnupg_root ostree: gpgid: Wind-River-Linux-Sample gpgkey: $OECORE_NATIVE_SYSROOT/usr/share/genimage/rpm_keys/RPM-GPG-PRIVKEY-Wind-River-Linux-Sample gpg_password: windriver grub: BOOT_GPG_NAME: SecureBootCore BOOT_GPG_PASSPHRASE: SecureCore BOOT_KEYS_DIR: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys BOOT_GPG_KEY: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys/BOOT-GPG-PRIVKEY-SecureBootCore BOOT_SINGED_SHIM: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64.efi BOOT_SINGED_SHIMTOOL: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/mmx64.efi BOOT_SINGED_GRUB: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/grubx64.efi BOOT_EFITOOL: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/LockDown.efi BOOT_GRUB_CFG: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/grub.cfg BOOT_NOSIG_GRUB: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi EFI_SECURE_BOOT: enable packages: [] external-packages: [] include-default-packages: '0' rootfs-pre-scripts: - | # The StarlingX customize pacakges includes: # - ostree 2019.1 export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin chroot $IMAGE_ROOTFS bash << SCRIPT_ENDOF set -e apt update apt install -y --no-install-recommends linux-image-5.10.0-6-amd64-unsigned grub-common apt install -y --allow-downgrades --allow-unauthenticated --no-install-recommends ostree ostree-boot libostree-1-1 ostree-upgrade-mgr apt install --no-install-recommends -y ifupdown apt install -y bc vim uuid-runtime SCRIPT_ENDOF - | export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin chroot $IMAGE_ROOTFS bash << SCRIPT_ENDOF groupadd nobody SCRIPT_ENDOF - |- # FIXME: openstack-dashboard will not install without this due to # FileNotFoundError: [Errno 2] No such file or directory: '/etc/platform/platform.conf' # dpkg: error processing package openstack-dashboard (--configure): mkdir -p -m 0775 $IMAGE_ROOTFS/etc/platform cat << SCRIPT_ENDOF > $IMAGE_ROOTFS/etc/platform/platform.conf SCRIPT_ENDOF rootfs-post-scripts: - |- # Remove user admin whether it exists or not export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin chroot $IMAGE_ROOTFS deluser admin || true - |- # Set password 'root' to root" export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin chroot $IMAGE_ROOTFS usermod -p '$6$hEv/K.fPeg/$ezIWhJPrMG3WtdEwqQRdyBwdYmPZkqW2PONFAcDd6TqWliYc9dHAwW4MFTlLanVH3/clE0/34FheDMpbAqZVG.' root; - |- # Set bash as default shell ln -snf --relative $IMAGE_ROOTFS/bin/bash $IMAGE_ROOTFS/bin/sh - |- # Allow root ssh login export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin chroot $IMAGE_ROOTFS sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config - |- # Setup the sysadmin user and force the user to change the password # on first login. # Lock the root account export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin chroot $IMAGE_ROOTFS useradd sysadmin -m --shell /bin/bash -G sudo --password 4SuW8cnXFyxsk chroot $IMAGE_ROOTFS chage -d 0 sysadmin chroot $IMAGE_ROOTFS passwd -l root - |- # FIXME: OSTree will not set up a link to scratch automagically. Need to # relocate scratch to a more ostree friendly locale mkdir $IMAGE_ROOTFS/var/rootdirs/scratch ln -snf --relative $IMAGE_ROOTFS/var/rootdirs/scratch $IMAGE_ROOTFS/scratch environments: - NO_RECOMMENDATIONS="1" - DEBIAN_FRONTEND=noninteractive ostree: ostree_use_ab: '0' ostree_osname: debian ostree_skip_boot_diff: '2' ostree_remote_url: '' ostree_install_device: '/dev/sda' OSTREE_GRUB_USER: root OSTREE_GRUB_PW_FILE: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys/ostree_grub_pw OSTREE_FDISK_BLM: 2506 OSTREE_FDISK_BSZ: 512 OSTREE_FDISK_RSZ: 20480 OSTREE_FDISK_VSZ: 20480 OSTREE_FDISK_FSZ: 32 OSTREE_CONSOLE: console=ttyS0,115200 console=tty1 debootstrap-key: '' apt-keys: - /opt/LAT/pubkey.rsa iso-post-script: | cd ${ISO_DIR} # 1. Kickstart mkdir -p kickstart # 1.1 Kickstart example for PXE cat << ENDOF > kickstart/pxe-ks.cfg lat-disk --install-device=/dev/disk/by-path/pci-0000:af:00.0-scsi-0:2:0:0 ENDOF # 1.2 Kickstart example for ISO cat << ENDOF > kickstart/iso-ks.cfg lat-disk --install-device=/dev/sda ENDOF # 1.3 Kickstart from image rootfs (provided by package platform-kickstarts) if [ -e $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart.cfg ]; then cp $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart.cfg kickstart/ fi # 2. PXE mkdir -p pxeboot/pxelinux.cfg # 2.1 Kernel and initramfs install -m 644 bzImage* pxeboot install -m 644 initrd* pxeboot # 2.2 Bootloader # 2.2.1 Legacy BIOS PXE cp $OECORE_TARGET_SYSROOT/usr/share/syslinux/pxelinux.0 pxeboot/ cp isolinux/isolinux.cfg pxeboot/pxelinux.cfg/default for f in libcom32.c32 ldlinux.c32 libutil.c32 vesamenu.c32; do cp isolinux/$f pxeboot/ done # 2.2.2 EFI PXE cp -a EFI pxeboot if [ -e $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi ]; then cp $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi pxeboot/EFI/BOOT/ fi # 2.3 Edit grub.cfg and pxelinux.cfg/default # 2.3.1 Drop to install from local ostree repo sed -i "s#instl=/ostree_repo#@BOOTPARAMS@#g" \ pxeboot/EFI/BOOT/grub.cfg \ pxeboot/pxelinux.cfg/default # 2.3.2 Install from remote ostree repo sed -i "s#insturl=file://NOT_SET#insturl=http://pxecontroller:8080/feed/debian/ostree_repo#g" \ pxeboot/EFI/BOOT/grub.cfg \ pxeboot/pxelinux.cfg/default # 2.3.3 Configure kickstart url BOOT_PARAMS="ks=http://pxecontroller:8080/feed/debian/kickstart/pxe-ks.cfg" # 2.3.4 Verbose installation #BOOT_PARAMS="${BOOT_PARAMS} instsh=2" # 2.3.5 Update boot params sed -i "s#@BOOTPARAMS@#${BOOT_PARAMS}#g" \ pxeboot/EFI/BOOT/grub.cfg \ pxeboot/pxelinux.cfg/default # 2.3.6 Add `Boot from hard drive' entry to grub.cfg cat <> pxeboot/EFI/BOOT/grub.cfg export skip_check_cfg menuentry 'UEFI Boot from hard drive' { search --set=root --label otaefi configfile /efi/boot/grub.cfg } ENDOF # 2.4 Tweak PXE if EFI secure boot enabled if [ "$EFI_SECURE_BOOT" = enable ]; then # On some host, PXE make bootx64.efi search grubx64.efi # from tftp/ dir other than tftp/EFI/BOOT/ install -m 0644 EFI/BOOT/grubx64.efi pxeboot/ # Resign grub.cfg rm pxeboot/EFI/BOOT/grub.cfg.sig echo 'SecureCore' | gpg --pinentry-mode loopback \ --batch \ --homedir /tmp/.lat_gnupg_root \ -u SecureBootCore \ --detach-sign \ --passphrase-fd 0 \ pxeboot/EFI/BOOT/grub.cfg fi # 3. ISO # 3.1 Edit grub.cfg and isolinux.cfg # 3.1.1 Configure local kickstart url BOOT_PARAMS="ks=file:///kickstart/kickstart.cfg" # 3.1.2 Verbose installation #BOOT_PARAMS="${BOOT_PARAMS} instsh=2" # 3.1.3 Update boot params sed -i "s#instl=/ostree_repo#& ${BOOT_PARAMS}#g" \ EFI/BOOT/grub.cfg \ isolinux/isolinux.cfg # 3.2 Resign grub.cfg if EFI secure boot enabled if [ "$EFI_SECURE_BOOT" = enable ]; then rm EFI/BOOT/grub.cfg.sig echo 'SecureCore' | gpg --pinentry-mode loopback \ --batch \ --homedir /tmp/.lat_gnupg_root \ -u SecureBootCore \ --detach-sign \ --passphrase-fd 0 \ EFI/BOOT/grub.cfg fi multiple-kernels: vmlinuz-*-amd64 default-kernel: vmlinuz-*-amd64 system: - contains: - /localdisk/deploy/lat-initramfs.yaml