From ea6af8e5ada09ddd6ac73144d2f438c62a0a238b Mon Sep 17 00:00:00 2001 From: Fabio Erculiani Date: Tue, 24 Jul 2012 16:13:17 +0200 Subject: [PATCH] [molecules] Add Amazon EC2 EBS Sabayon filesystem images for amd64 and x86 --- ...bayon-amd64-spinbase-amazon-ebs-image.spec | 12 +++ ...sabayon-x86-spinbase-amazon-ebs-image.spec | 12 +++ .../spinbase-amazon-ami-ebs-image.common | 95 ++++++++++++++++ remaster/ec2_image/ebs.ec2.start | 23 ++++ .../amazon_ebs_image_inner_chroot_script.sh | 30 ++++++ ...zon_ebs_image_inner_chroot_script_after.sh | 102 ++++++++++++++++++ scripts/amazon_ebs_image_pre_tar_script.sh | 10 ++ scripts/amazon_ebs_image_remaster_post.sh | 16 +++ scripts/iso_build.sh | 22 ++-- 9 files changed, 313 insertions(+), 9 deletions(-) create mode 100644 molecules/sabayon-amd64-spinbase-amazon-ebs-image.spec create mode 100644 molecules/sabayon-x86-spinbase-amazon-ebs-image.spec create mode 100644 molecules/spinbase-amazon-ami-ebs-image.common create mode 100755 remaster/ec2_image/ebs.ec2.start create mode 100755 scripts/amazon_ebs_image_inner_chroot_script.sh create mode 100755 scripts/amazon_ebs_image_inner_chroot_script_after.sh create mode 100755 scripts/amazon_ebs_image_pre_tar_script.sh create mode 100755 scripts/amazon_ebs_image_remaster_post.sh diff --git a/molecules/sabayon-amd64-spinbase-amazon-ebs-image.spec b/molecules/sabayon-amd64-spinbase-amazon-ebs-image.spec new file mode 100644 index 0000000..4b6859b --- /dev/null +++ b/molecules/sabayon-amd64-spinbase-amazon-ebs-image.spec @@ -0,0 +1,12 @@ +# Use abs path, otherwise daily builds automagic won't work +%import /sabayon/molecules/spinbase-amazon-ami-ebs-image.common + +# pre chroot command, example, for 32bit chroots on 64bit system, you always +# have to append "linux32" this is useful for inner_chroot_script +# prechroot: + +# Path to source ISO file (MANDATORY) +source_iso: /sabayon/iso/Sabayon_Linux_SpinBase_DAILY_amd64.iso + +release_version: 9 +tar_name: Sabayon_Linux_SpinBase_9_amd64_Amazon_EBS_ext4_filesystem_image.tar.gz diff --git a/molecules/sabayon-x86-spinbase-amazon-ebs-image.spec b/molecules/sabayon-x86-spinbase-amazon-ebs-image.spec new file mode 100644 index 0000000..a331dc3 --- /dev/null +++ b/molecules/sabayon-x86-spinbase-amazon-ebs-image.spec @@ -0,0 +1,12 @@ +# Use abs path, otherwise daily builds automagic won't work +%import /sabayon/molecules/spinbase-amazon-ami-ebs-image.common + +# pre chroot command, example, for 32bit chroots on 64bit system, you always +# have to append "linux32" this is useful for inner_chroot_script +prechroot: linux32 + +# Path to source ISO file (MANDATORY) +source_iso: /sabayon/iso/Sabayon_Linux_SpinBase_DAILY_x86.iso + +release_version: 9 +tar_name: Sabayon_Linux_SpinBase_9_x86_Amazon_EBS_ext4_filesystem_image.tar.gz diff --git a/molecules/spinbase-amazon-ami-ebs-image.common b/molecules/spinbase-amazon-ami-ebs-image.common new file mode 100644 index 0000000..09dbb76 --- /dev/null +++ b/molecules/spinbase-amazon-ami-ebs-image.common @@ -0,0 +1,95 @@ +# Define an alternative execution strategy, in this case, the value must be +execution_strategy: iso_to_tar + +# Error script command, executed when something went wrong and molecule has +# to terminate the execution +# Variables exported: +# LOOP_DEVICE = loop device (/dev/loopN) currently in use +error_script: /sabayon/scripts/image_error_script.sh + +# Outer chroot script command, to be executed outside destination chroot before +# before entering it (and before inner_chroot_script) +outer_chroot_script: /sabayon/scripts/remaster_pre.sh + +# Inner chroot script command, to be executed inside destination chroot before +# packing it +inner_chroot_script: /sabayon/scripts/amazon_ebs_image_inner_chroot_script.sh + +# Inner chroot script command, to be executed inside destination chroot after +# packages installation and removal +inner_chroot_script_after: /sabayon/scripts/amazon_ebs_image_inner_chroot_script_after.sh + +# Outer chroot script command, to be executed outside destination chroot before +# before entering it (and AFTER inner_chroot_script) +outer_chroot_script_after: /sabayon/scripts/amazon_ebs_image_remaster_post.sh + +# Pre-tar building script. Hook called before tar file creation +# Variables exported: +# CHROOT_DIR = path pointing to the working chroot (the one that gets modified) +# TAR_PATH = path pointing to the destination tar file +# TAR_CHECKSUM_PATH = path pointing to the destination tar file checksum (md5) +pre_tar_script: /sabayon/scripts/amazon_ebs_image_pre_tar_script.sh + +# Destination directory for the image path (MANDATORY) +destination_tar_directory: /sabayon/images + +# Compression method (default is: gz). Supported compression methods: gz, bz2 +# compression_method: gz + +# Specify an alternative tar file name (tar file name will be automatically +# produced otherwise) +# tar_name: + +# Alternative ISO file mount command (default is: mount -o loop -t iso9660) +# iso_mounter: + +# Alternative ISO umounter command (default is: umount) +# iso_umounter: + +# Alternative squashfs file mount command (default is: mount -o loop -t squashfs) +# squash_mounter: + +# Alternative ISO squashfs umount command (default is: umount) +# squash_umounter: + +# List of packages that would be removed from chrooted system (comma separated) +packages_to_remove: + app-admin/anaconda, + net-misc/networkmanager, + net-firewall/ufw, + sys-kernel/linux-sabayon, + sys-boot/grub:2 + +# Custom shell call to packages removal (default is: equo remove) +# custom_packages_remove_cmd: + +# List of packages that would be added from chrooted system (comma separated) +packages_to_add: + app-admin/aws-rds-tools, + app-admin/aws-iam-tools, + app-admin/ec2-ami-tools, + app-admin/ec2-api-tools, + app-admin/eselect-bzimage, + sys-kernel/linux-ec2, + sys-process/atop + +# NOTE: +# once dev-java/oracle-jre-bin is in Entropy, please +# migrate to it (from oracle-jdk-bin), forcing dev-java/oracle-jre-bin +# in the dependencies and unmasking icedtea and icedtea-bin + +# Custom shell call to packages add (default is: equo install) +# custom_packages_add_cmd: + +# Custom command for updating repositories (default is: equo update) +# repositories_update_cmd: + +# Determine whether repositories update should be run (if packages_to_add is set) +# (default is: no), values are: yes, no. +# execute_repositories_update: no + +# Directories to remove completely (comma separated) +# paths_to_remove: + +# Directories to empty (comma separated) +# paths_to_empty: diff --git a/remaster/ec2_image/ebs.ec2.start b/remaster/ec2_image/ebs.ec2.start new file mode 100755 index 0000000..ec8e12d --- /dev/null +++ b/remaster/ec2_image/ebs.ec2.start @@ -0,0 +1,23 @@ +#!/bin/sh + +# Setup Amazon EC2 provided SSH key + +ssh_home=/home/ec2-user/.ssh +if [ ! -d "${ssh_home}" ] ; then + mkdir -p "${ssh_home}" +fi +chmod 700 "${ssh_home}" +chown ec2-user:users "${ssh_home}" + +tmp_file=$(mktemp) +wget -q -O - http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > "${tmp_file}" +if [ "${?}" = "0" ]; then + auth_key_file="${ssh_home}"/authorized_keys + cat "${tmp_file}" > "${auth_key_file}" + chown ec2-user:users "${auth_key_file}" + chmod 600 "${auth_key_file}" +fi +rm -f "${tmp_file}" + +# delete myself in a safe way +( rm -f /etc/local.d/ebs.ec2.start ) diff --git a/scripts/amazon_ebs_image_inner_chroot_script.sh b/scripts/amazon_ebs_image_inner_chroot_script.sh new file mode 100755 index 0000000..e319d5f --- /dev/null +++ b/scripts/amazon_ebs_image_inner_chroot_script.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +# make sure there is no stale pid file around that prevents entropy from running +rm -f /var/run/entropy/entropy.lock + +export FORCE_EAPI=2 +equo update +if [ "${?}" != "0" ]; then + sleep 1200 || exit 1 + equo update || exit 1 +fi + +# disable all mirrors but GARR +for repo_conf in /etc/entropy/repositories.conf /etc/entropy/repositories.conf.d/entropy_*; do + # skip .example files + if [[ "${repo_conf}" =~ .*\.example$ ]]; then + echo "skipping ${repo_conf}" + continue + fi + sed -n -e "/pkg.sabayon.org/p" -e "/garr.it/p" -e "/^branch/p" \ + -e "/^product/p" -e "/^official-repository-id/p" -e "/^differential-update/p" \ + -i "${repo_conf}" +done + +# mask icedtea and icedtea-bin, waiting to have virtual/jre-1.7.0 and +# dev-java/oracle-jre-bin in Entropy +# Once there, remove this script and use "remaster_generic_inner_chroot_script.sh" +# instead. +equo mask "dev-java/icedtea-bin" +equo mask "dev-java/icedtea" diff --git a/scripts/amazon_ebs_image_inner_chroot_script_after.sh b/scripts/amazon_ebs_image_inner_chroot_script_after.sh new file mode 100755 index 0000000..7240b58 --- /dev/null +++ b/scripts/amazon_ebs_image_inner_chroot_script_after.sh @@ -0,0 +1,102 @@ +#!/bin/sh + +echo +echo "Configuring AMI root filesystem" +echo "Ext4 is the expected filesystem type" +echo "/dev/sda1 is the expected root filesystem partition" +echo "ec2-user is the expected user" +echo + +/usr/sbin/env-update +. /etc/profile + +# setup networking, make sure networkmanager is gone +rc-update del NetworkManager boot +rc-update del NetworkManager default +# add eth0, should get dhcp by default already +rc-update add net.eth0 default + +# drop other useless services +rc-update del sabayonlive boot +rc-update del x-setup boot + +# Enable ssh +rc-update add sshd default + +# delete root password, only ssh allowed +passwd -d root + +# create ec2-user +useradd -d /home/ec2-user -k /etc/skel -g users -G wheel,disk,crontab -m ec2-user || exit 1 + +# enable passwordless sudo for ec2-user +echo -e "\n# molecule generated rule\nec2-user ALL=NOPASSWD: ALL" >> /etc/sudoers + +# setup UTC clock +sed -i 's:clock=".*":clock="UTC":' /etc/conf.d/hwclock || exit 1 + +# setup fstab +echo "# molecule generated fstab +/dev/sda1 / ext4 defaults 1 1 +none /dev/shm tmpfs defaults 0 0" > /etc/fstab + +# setup networking, reset /etc/conf.d/net +echo > /etc/conf.d/net + +echo -5 | equo conf update +mount -t proc proc /proc + +export ETP_NONINTERACTIVE=1 + +# setup kernel +eselect bzimage set 1 || exit 1 + +rm -f /boot/grub/grub.{cfg,conf}* +echo " +default=0 +fallback=1 +timeout=3 +hiddenmenu + +title Sabayon Linux AMI (PV) +root (hd0) +kernel /boot/bzImage root=/dev/sda1 console=hvc0 rootfstype=ext4 +initrd /boot/Initrd +" > /boot/grub/grub.conf + +# Generate list of installed packages +equo query list installed -qv > /etc/sabayon-pkglist + +/lib/rc/bin/rc-depend -u + +echo "Vacuum cleaning client db" +rm /var/lib/entropy/client/database/*/sabayonlinux.org -rf +rm /var/lib/entropy/client/database/*/sabayon-weekly -rf +equo rescue vacuum + +# restore original repositories.conf (all mirrors were filtered for speed) +cp /etc/entropy/repositories.conf.example /etc/entropy/repositories.conf || exit 1 +for repo_conf in /etc/entropy/repositories.conf.d/entropy_*.example; do + new_repo_conf="${repo_conf%.example}" + cp "${repo_conf}" "${new_repo_conf}" +done + +# cleanup log dir +rm /var/lib/entropy/logs -rf + +# Generate openrc cache +touch /lib/rc/init.d/softlevel +/etc/init.d/savecache start +/etc/init.d/savecache zap + +ldconfig +ldconfig +umount /proc + + +# remove hw hash +rm -f /etc/entropy/.hw.hash +# remove entropy pid file +rm -f /var/run/entropy/entropy.lock + +exit 0 diff --git a/scripts/amazon_ebs_image_pre_tar_script.sh b/scripts/amazon_ebs_image_pre_tar_script.sh new file mode 100755 index 0000000..e54784d --- /dev/null +++ b/scripts/amazon_ebs_image_pre_tar_script.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +# Copy packages list outside tarball +pkglist_file="${CHROOT_DIR}/etc/sabayon-pkglist" +if [ -f "${pkglist_file}" ]; then + tar_dirname=$(dirname "${TAR_PATH}") + if [ -d "${tar_dirname}" ]; then + cp "${pkglist_file}" "${TAR_PATH}.pkglist" + fi +fi diff --git a/scripts/amazon_ebs_image_remaster_post.sh b/scripts/amazon_ebs_image_remaster_post.sh new file mode 100755 index 0000000..d04831f --- /dev/null +++ b/scripts/amazon_ebs_image_remaster_post.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# execute parent script +/sabayon/scripts/remaster_post.sh +if [ "${?}" != "0" ]; then + exit 1 +fi + +# Setup provisioning script for Amazon EC2 to load at startup +EC2_DIR="/sabayon/remaster/ec2_image" +PROV_SCRIPT="ebs.ec2.start" +cp -p "${EC2_DIR}/${PROV_SCRIPT}" "${CHROOT_DIR}/etc/local.d/" || exit 1 +chown root:root "${CHROOT_DIR}/etc/local.d/${PROV_SCRIPT}" || exit 1 +chmod 744 "${CHROOT_DIR}/etc/local.d/${PROV_SCRIPT}" || exit 1 + +exit 0 diff --git a/scripts/iso_build.sh b/scripts/iso_build.sh index c90d2b9..ac13e08 100755 --- a/scripts/iso_build.sh +++ b/scripts/iso_build.sh @@ -65,13 +65,17 @@ if [ "${ACTION}" = "weekly" ]; then "Sabayon_Linux_DAILY_amd64_ForensicsXfce.iso" "Sabayon_Linux_DAILY_x86_ForensicsXfce.iso" ) - REMASTER_OPENVZ_SPECS=( + REMASTER_TAR_SPECS=( "sabayon-x86-spinbase-openvz-template.spec" "sabayon-amd64-spinbase-openvz-template.spec" + "sabayon-x86-spinbase-amazon-ebs-image.spec" + "sabayon-amd64-spinbase-amazon-ebs-image.spec" ) - REMASTER_OPENVZ_SPECS_TAR=( + REMASTER_TAR_SPECS_TAR=( "Sabayon_Linux_SpinBase_DAILY_x86_openvz.tar.gz" "Sabayon_Linux_SpinBase_DAILY_amd64_openvz.tar.gz" + "Sabayon_Linux_SpinBase_DAILY_x86_Amazon_EBS_ext4_filesystem_image.tar.gz" + "Sabayon_Linux_SpinBase_DAILY_x86_Amazon_EBS_ext4_filesystem_image.tar.gz" ) elif [ "${ACTION}" = "daily" ]; then ARM_SOURCE_SPECS=() @@ -119,8 +123,8 @@ elif [ "${ACTION}" = "daily" ]; then "Sabayon_Linux_ServerBase_DAILY_amd64.iso" "Sabayon_Linux_ServerBase_DAILY_x86.iso" ) - REMASTER_OPENVZ_SPECS=() - REMASTER_OPENVZ_SPECS_TAR=() + REMASTER_TAR_SPECS=() + REMASTER_TAR_SPECS_TAR=() fi [[ -d "/sabayon/molecules/daily" ]] || mkdir -p /sabayon/molecules/daily @@ -205,17 +209,17 @@ build_sabayon() { remaster_specs+="${dst} " done - for i in ${!REMASTER_OPENVZ_SPECS[@]} + for i in ${!REMASTER_TAR_SPECS[@]} do - src="/sabayon/molecules/${REMASTER_OPENVZ_SPECS[i]}" - dst="/sabayon/molecules/daily/remaster/${REMASTER_OPENVZ_SPECS[i]}" + src="/sabayon/molecules/${REMASTER_TAR_SPECS[i]}" + dst="/sabayon/molecules/daily/remaster/${REMASTER_TAR_SPECS[i]}" cp "${src}" "${dst}" -p || return 1 # tweak tar name sed -i "s/^#.*tar_name/tar_name:/" "${dst}" || return 1 - sed -i "s/tar_name.*/tar_name: ${REMASTER_OPENVZ_SPECS_TAR[i]}/" "${dst}" || return 1 + sed -i "s/tar_name.*/tar_name: ${REMASTER_TAR_SPECS_TAR[i]}/" "${dst}" || return 1 # tweak release version sed -i "s/release_version.*/release_version: ${CUR_DATE}/" "${dst}" || return 1 - echo "${dst}: tar: ${REMASTER_OPENVZ_SPECS_TAR[i]} date: ${CUR_DATE}" + echo "${dst}: tar: ${REMASTER_TAR_SPECS_TAR[i]} date: ${CUR_DATE}" remaster_specs+="${dst} " done