a3333c4d37
LAT uses the host's /etc/resolv.conf for DNS lookups when installing the rootfs. It does not clear out the host information when it is finished, so clear it out when we are done. Test Plan PASS Build ISO PASS Boot ISO PASS Check for empty /etc/resolv.conf Story: 2009965 Task: 45527 Signed-off-by: Charles Short <charles.short@windriver.com> Change-Id: I0e52191eb99d866fb22a7687bfebf291f17d66db
305 lines
10 KiB
YAML
305 lines
10 KiB
YAML
---
|
|
name: starlingx
|
|
machine: intel-x86-64
|
|
image_type:
|
|
- iso
|
|
- ostree-repo
|
|
debootstrap-mirror: http://deb.debian.org/debian
|
|
package_feeds: []
|
|
package_type: external-debian
|
|
wic:
|
|
OSTREE_WKS_BOOT_SIZE: ''
|
|
OSTREE_WKS_EFI_SIZE: --size=32M
|
|
OSTREE_WKS_ROOT_SIZE: ''
|
|
OSTREE_WKS_FLUX_SIZE: ''
|
|
OSTREE_FLUX_PART: fluxdata
|
|
gpg:
|
|
gpg_path: /tmp/.lat_gnupg_root
|
|
ostree:
|
|
gpgid: Wind-River-Linux-Sample
|
|
gpgkey: $OECORE_NATIVE_SYSROOT/usr/share/genimage/rpm_keys/RPM-GPG-PRIVKEY-Wind-River-Linux-Sample
|
|
gpg_password: windriver
|
|
grub:
|
|
BOOT_GPG_NAME: SecureBootCore
|
|
BOOT_GPG_PASSPHRASE: SecureCore
|
|
BOOT_KEYS_DIR: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys
|
|
BOOT_GPG_KEY: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys/BOOT-GPG-PRIVKEY-SecureBootCore
|
|
BOOT_SINGED_SHIM: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64.efi
|
|
BOOT_SINGED_SHIMTOOL: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/mmx64.efi
|
|
BOOT_SINGED_GRUB: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/grubx64.efi
|
|
BOOT_EFITOOL: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/LockDown.efi
|
|
BOOT_GRUB_CFG: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/grub.cfg
|
|
BOOT_NOSIG_GRUB: $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi
|
|
EFI_SECURE_BOOT: enable
|
|
packages: []
|
|
external-packages: []
|
|
include-default-packages: '0'
|
|
rootfs-pre-scripts:
|
|
- |
|
|
# The StarlingX customize pacakges includes:
|
|
# - ostree 2019.1
|
|
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
|
chroot $IMAGE_ROOTFS bash << SCRIPT_ENDOF
|
|
set -e
|
|
apt update
|
|
apt install -y --no-install-recommends linux-image-5.10.0-6-amd64-unsigned linux-rt-image-5.10.0-6-rt-amd64-unsigned grub-common
|
|
apt install -y --allow-downgrades --allow-unauthenticated --no-install-recommends ostree ostree-boot libostree-1-1 ostree-upgrade-mgr
|
|
apt install --no-install-recommends -y ifupdown
|
|
apt install -y bc vim uuid-runtime
|
|
SCRIPT_ENDOF
|
|
- |
|
|
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
|
chroot $IMAGE_ROOTFS bash << SCRIPT_ENDOF
|
|
groupadd nobody
|
|
SCRIPT_ENDOF
|
|
- |-
|
|
# FIXME: openstack-dashboard will not install without this due to
|
|
# FileNotFoundError: [Errno 2] No such file or directory: '/etc/platform/platform.conf'
|
|
# dpkg: error processing package openstack-dashboard (--configure):
|
|
mkdir -p -m 0775 $IMAGE_ROOTFS/etc/platform
|
|
cat << SCRIPT_ENDOF > $IMAGE_ROOTFS/etc/platform/platform.conf
|
|
SCRIPT_ENDOF
|
|
rootfs-post-scripts:
|
|
- |-
|
|
# Remove user admin whether it exists or not
|
|
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
|
chroot $IMAGE_ROOTFS deluser admin || true
|
|
- |-
|
|
# Set password 'root' to root"
|
|
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
|
chroot $IMAGE_ROOTFS usermod -p '$6$hEv/K.fPeg/$ezIWhJPrMG3WtdEwqQRdyBwdYmPZkqW2PONFAcDd6TqWliYc9dHAwW4MFTlLanVH3/clE0/34FheDMpbAqZVG.' root;
|
|
- |-
|
|
# Set bash as default shell
|
|
ln -snf --relative $IMAGE_ROOTFS/bin/bash $IMAGE_ROOTFS/bin/sh
|
|
- |-
|
|
# Allow root ssh login
|
|
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
|
chroot $IMAGE_ROOTFS sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
|
|
- |-
|
|
# Setup the sysadmin user and force the user to change the password
|
|
# on first login.
|
|
# Lock the root account
|
|
export PATH=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
|
chroot $IMAGE_ROOTFS useradd sysadmin -m --shell /bin/bash -G sudo --password 4SuW8cnXFyxsk
|
|
chroot $IMAGE_ROOTFS chage -d 0 sysadmin
|
|
chroot $IMAGE_ROOTFS passwd -l root
|
|
- |-
|
|
# FIXME: OSTree will not set up a link to scratch automagically. Need to
|
|
# relocate scratch to a more ostree friendly locale
|
|
mkdir $IMAGE_ROOTFS/var/rootdirs/scratch
|
|
ln -snf --relative $IMAGE_ROOTFS/var/rootdirs/scratch $IMAGE_ROOTFS/scratch
|
|
- |-
|
|
cat /dev/null > $IMAGE_ROOTFS/etc/resolv.conf
|
|
environments:
|
|
- NO_RECOMMENDATIONS="1"
|
|
- DEBIAN_FRONTEND=noninteractive
|
|
ostree:
|
|
ostree_use_ab: '0'
|
|
ostree_osname: debian
|
|
ostree_skip_boot_diff: '2'
|
|
ostree_remote_url: ''
|
|
ostree_install_device: '/dev/sda'
|
|
OSTREE_GRUB_USER: root
|
|
OSTREE_GRUB_PW_FILE: $OECORE_NATIVE_SYSROOT/usr/share/bootfs/boot_keys/ostree_grub_pw
|
|
OSTREE_FDISK_BLM: 2506
|
|
OSTREE_FDISK_BSZ: 512
|
|
OSTREE_FDISK_RSZ: 20480
|
|
OSTREE_FDISK_VSZ: 20480
|
|
OSTREE_FDISK_FSZ: 32
|
|
OSTREE_CONSOLE: console=ttyS0,115200 console=tty1
|
|
debootstrap-key: ''
|
|
apt-keys:
|
|
- /opt/LAT/pubkey.rsa
|
|
iso-grub-entry: |
|
|
menuentry "UEFI All-in-one Controller Configuration" --unrestricted {
|
|
set fallback=1
|
|
efi-watchdog enable 0 180
|
|
linux /bzImage-std %BOOT_PARAMS% traits=controller,worker defaultkernel=vmlinuz-*[!t]-amd64
|
|
initrd @INITRD@
|
|
}
|
|
|
|
menuentry "UEFI Standard Controller Configuration" --unrestricted {
|
|
set fallback=1
|
|
efi-watchdog enable 0 180
|
|
linux /bzImage-std %BOOT_PARAMS% traits=controller defaultkernel=vmlinuz-*[!t]-amd64
|
|
initrd @INITRD@
|
|
}
|
|
|
|
menuentry "UEFI All-in-one (lowlatency) Controller Configuration" --unrestricted {
|
|
set fallback=1
|
|
efi-watchdog enable 0 180
|
|
linux /bzImage-rt %BOOT_PARAMS% traits=controller,worker,lowlatency defaultkernel=vmlinuz-*-rt-amd64 efi=runtime
|
|
initrd @INITRD@
|
|
}
|
|
|
|
iso-syslinux-entry: |
|
|
LABEL 0
|
|
menu label ^All-in-one Controller Configuration
|
|
kernel /bzImage-std
|
|
ipappend 2
|
|
append initrd=@INITRD@ %BOOT_PARAMS% traits=controller,worker defaultkernel=vmlinuz-*[!t]-amd64
|
|
|
|
LABEL 1
|
|
menu label ^Standard Controller Configuration
|
|
kernel /bzImage-std
|
|
ipappend 2
|
|
append initrd=@INITRD@ %BOOT_PARAMS% traits=controller defaultkernel=vmlinuz-*[!t]-amd64
|
|
|
|
LABEL 2
|
|
menu label ^All-in-one (lowlatency) Controller Configuration
|
|
kernel /bzImage-rt
|
|
ipappend 2
|
|
append initrd=@INITRD@ %BOOT_PARAMS% traits=controller,worker,lowlatency defaultkernel=vmlinuz-*-rt-amd64
|
|
|
|
iso-post-script: |
|
|
cd ${ISO_DIR}
|
|
|
|
# 0. Prepare
|
|
# According to `multiple-kernels' in lat yaml, install std
|
|
# or rt kernel to ISO
|
|
for k in ${OSTREE_MULTIPLE_KERNELS}; do
|
|
if [ "${k%%-rt-amd64}" != "${k}" ]; then
|
|
cp ${DEPLOY_DIR_IMAGE}/${k} bzImage-rt
|
|
if [ -e ${DEPLOY_DIR_IMAGE}/${k}.sig ]; then
|
|
cp ${DEPLOY_DIR_IMAGE}/${k}.sig bzImage-rt.sig
|
|
fi
|
|
else
|
|
cp ${DEPLOY_DIR_IMAGE}/${k} bzImage-std
|
|
if [ -e ${DEPLOY_DIR_IMAGE}/${k}.sig ]; then
|
|
cp ${DEPLOY_DIR_IMAGE}/${k}.sig bzImage-std.sig
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# 1. Kickstart
|
|
mkdir -p kickstart
|
|
# 1.1 Kickstart example for PXE
|
|
cat << ENDOF > kickstart/pxe-ks.cfg
|
|
lat-disk --install-device=/dev/disk/by-path/pci-0000:af:00.0-scsi-0:2:0:0
|
|
ENDOF
|
|
|
|
# 1.2 Kickstart example for ISO
|
|
cat << ENDOF > kickstart/iso-ks.cfg
|
|
lat-disk --install-device=/dev/sda
|
|
ENDOF
|
|
|
|
# 1.3 Kickstart from image rootfs (provided by package platform-kickstarts)
|
|
if [ -e $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart.cfg ]; then
|
|
cp $IMAGE_ROOTFS/var/www/pages/feed/rel-*/kickstart.cfg kickstart/
|
|
fi
|
|
|
|
# 2. PXE
|
|
mkdir -p pxeboot/pxelinux.cfg
|
|
|
|
# 2.1 Kernel and initramfs
|
|
install -m 644 bzImage* pxeboot
|
|
install -m 644 initrd* pxeboot
|
|
|
|
# 2.2 Bootloader
|
|
# 2.2.1 Legacy BIOS PXE
|
|
cp $OECORE_TARGET_SYSROOT/usr/share/syslinux/pxelinux.0 pxeboot/
|
|
cp isolinux/isolinux.cfg pxeboot/pxelinux.cfg/default
|
|
for f in libcom32.c32 ldlinux.c32 libutil.c32 vesamenu.c32; do
|
|
cp isolinux/$f pxeboot/
|
|
done
|
|
|
|
# 2.2.2 EFI PXE
|
|
cp -a EFI pxeboot
|
|
if [ -e $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi ]; then
|
|
cp $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi pxeboot/EFI/BOOT/
|
|
fi
|
|
|
|
# 2.3 Edit grub.cfg and pxelinux.cfg/default
|
|
# 2.3.1 Drop to install from local ostree repo
|
|
sed -i "s#instl=/ostree_repo#@BOOTPARAMS@#g" \
|
|
pxeboot/EFI/BOOT/grub.cfg \
|
|
pxeboot/pxelinux.cfg/default
|
|
|
|
# 2.3.2 Install from remote ostree repo
|
|
sed -i "s#insturl=file://NOT_SET#insturl=http://pxecontroller:8080/feed/debian/ostree_repo#g" \
|
|
pxeboot/EFI/BOOT/grub.cfg \
|
|
pxeboot/pxelinux.cfg/default
|
|
|
|
# 2.3.3 Configure kickstart url
|
|
BOOT_PARAMS="ks=http://pxecontroller:8080/feed/debian/kickstart/pxe-ks.cfg"
|
|
|
|
# 2.3.4 Verbose installation
|
|
#BOOT_PARAMS="${BOOT_PARAMS} instsh=2"
|
|
|
|
# 2.3.5 Update boot params
|
|
sed -i "s#@BOOTPARAMS@#${BOOT_PARAMS}#g" \
|
|
pxeboot/EFI/BOOT/grub.cfg \
|
|
pxeboot/pxelinux.cfg/default
|
|
|
|
# 2.3.6 Add `Boot from hard drive' entry to grub.cfg
|
|
cat <<ENDOF>> pxeboot/EFI/BOOT/grub.cfg
|
|
|
|
export skip_check_cfg
|
|
menuentry 'UEFI Boot from hard drive' {
|
|
search --set=root --label otaefi
|
|
configfile /efi/boot/grub.cfg
|
|
}
|
|
ENDOF
|
|
|
|
# 2.4 Tweak PXE if EFI secure boot enabled
|
|
if [ "$EFI_SECURE_BOOT" = enable ]; then
|
|
# On some host, PXE make bootx64.efi search grubx64.efi
|
|
# from tftp/ dir other than tftp/EFI/BOOT/
|
|
install -m 0644 EFI/BOOT/grubx64.efi pxeboot/
|
|
|
|
# Resign grub.cfg
|
|
rm pxeboot/EFI/BOOT/grub.cfg.sig
|
|
echo 'SecureCore' | gpg --pinentry-mode loopback \
|
|
--batch \
|
|
--homedir /tmp/.lat_gnupg_root \
|
|
-u SecureBootCore \
|
|
--detach-sign \
|
|
--passphrase-fd 0 \
|
|
pxeboot/EFI/BOOT/grub.cfg
|
|
fi
|
|
|
|
# 3. ISO
|
|
# 3.1 Edit grub.cfg and isolinux.cfg
|
|
# 3.1.1 Configure local kickstart url
|
|
BOOT_PARAMS="ks=file:///kickstart/kickstart.cfg"
|
|
|
|
# 3.1.2 Verbose installation
|
|
#BOOT_PARAMS="${BOOT_PARAMS} instsh=2"
|
|
|
|
# 3.1.3 Update boot params
|
|
sed -i "s#instl=/ostree_repo#& ${BOOT_PARAMS}#g" \
|
|
EFI/BOOT/grub.cfg \
|
|
isolinux/isolinux.cfg
|
|
|
|
# According to `default-kernel' in lat yaml, set which
|
|
# bootloader menu entry to boot
|
|
if [ "${OSTREE_DEFAULT_KERNEL%%-rt-amd64}" != "${OSTREE_DEFAULT_KERNEL}" ]; then
|
|
# Boot rt kernel by default
|
|
sed -i "s/ set default=.*/ set default=2/g" \
|
|
EFI/BOOT/grub.cfg
|
|
|
|
sed -i "s/^DEFAULT .*/DEFAULT 2/g" \
|
|
isolinux/isolinux.cfg
|
|
else
|
|
# Boot std kernel by default
|
|
sed -i "s/^DEFAULT .*/DEFAULT 0/g" \
|
|
isolinux/isolinux.cfg
|
|
fi
|
|
|
|
# 3.2 Resign grub.cfg if EFI secure boot enabled
|
|
if [ "$EFI_SECURE_BOOT" = enable ]; then
|
|
rm EFI/BOOT/grub.cfg.sig
|
|
echo 'SecureCore' | gpg --pinentry-mode loopback \
|
|
--batch \
|
|
--homedir /tmp/.lat_gnupg_root \
|
|
-u SecureBootCore \
|
|
--detach-sign \
|
|
--passphrase-fd 0 \
|
|
EFI/BOOT/grub.cfg
|
|
fi
|
|
multiple-kernels: vmlinuz-*[!t]-amd64 vmlinuz-*-rt-amd64
|
|
default-kernel: vmlinuz-*[!t]-amd64
|
|
system:
|
|
- contains:
|
|
- /localdisk/deploy/lat-initramfs.yaml
|