git: f8bbe032b286 - stable/13 - release/oci: add Oracle Cloud image builder

Tue, 11 Apr 2023 06:50:09 -0700 

The branch stable/13 has been updated by emaste:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=f8bbe032b286fa261e93b2b2516ba97d5b4a07a7

commit f8bbe032b286fa261e93b2b2516ba97d5b4a07a7
Author:     Dave Cottlehuber <d...@freebsd.org>
AuthorDate: 2022-11-27 11:12:02 +0000
Commit:     Ed Maste <ema...@freebsd.org>
CommitDate: 2023-04-11 13:40:53 +0000

    release/oci: add Oracle Cloud image builder
    
    Provides an OCI (Oracle Cloud Infrastructure) release target for
    Oracle's KVM-based VM implementation. Tested using 13.1-RELEASE,
    primarily on Ampere CPU on A1.Flex VM shapes, but also works on
    amd64 shapes.
    
    - supports cloud-init and custom scripts
    - provides a freebsd@ sudo-enabled user
    - root user disabled over ssh & console
    
    Reviewed by:    emaste
    Sponsored by:   The FreeBSD Foundation
    Sponsored by:   SkunkWerks, GmbH
    Technical assistance from:  Oracle
    Differential Revision: https://reviews.freebsd.org/D34746
    
    (cherry picked from commit 0af49f00b3096a5809f992d87b416cc0f70435ea)
---
 release/Makefile.vm         |  4 ++
 release/release.conf.sample |  2 +-
 release/tools/oci.conf      | 94 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 99 insertions(+), 1 deletion(-)

diff --git a/release/Makefile.vm b/release/Makefile.vm
index 64a3dc31b90a..5ce0ffafd69c 100644
--- a/release/Makefile.vm
+++ b/release/Makefile.vm
@@ -19,6 +19,7 @@ RAW_DESC=     Unformatted raw disk image
 CLOUDWARE?=    BASIC-CI \
                EC2 \
                GCE \
+               OCI \
                VAGRANT-VIRTUALBOX \
                VAGRANT-VMWARE
 AZURE_FORMAT=  vhdf
@@ -33,6 +34,9 @@ EC2_DISK=     ${OSRELEASE}.${EC2_FORMAT}
 GCE_FORMAT=    raw
 GCE_DESC=      Google Compute Engine image
 GCE_DISK=      disk.${GCE_FORMAT}
+OCI_FORMAT=    qcow2
+OCI_DESC=      Oracle Cloud Infrastructure image
+OCI_DISK=      ${OSRELEASE}.${OCI_FORMAT}
 OPENSTACK_FORMAT=qcow2
 OPENSTACK_DESC=        OpenStack platform image
 OPENSTACK_DISK=        ${OSRELEASE}.${OPENSTACK_FORMAT}
diff --git a/release/release.conf.sample b/release/release.conf.sample
index f9cebf82491b..e4e37909c34e 100644
--- a/release/release.conf.sample
+++ b/release/release.conf.sample
@@ -113,4 +113,4 @@ PORTBRANCH="main"
 
 ## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers
 ## to create disk images.
-#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE"
+#CLOUDWARE="EC2 GCE OCI VAGRANT-VIRTUALBOX VAGRANT-VMWARE"
diff --git a/release/tools/oci.conf b/release/tools/oci.conf
new file mode 100644
index 000000000000..7260cd24defd
--- /dev/null
+++ b/release/tools/oci.conf
@@ -0,0 +1,94 @@
+#!/bin/sh
+# Set to a list of packages to install.
+export VM_EXTRA_PACKAGES="
+    comms/py-pyserial
+    converters/base64
+    devel/oci-cli
+    devel/py-babel
+    devel/py-iso8601
+    devel/py-pbr
+    devel/py-six
+    ftp/curl
+    lang/python
+    lang/python3
+    net/cloud-init
+    net/py-eventlet
+    net/py-netaddr
+    net/py-netifaces
+    net/py-oauth
+    net/rsync
+    panicmail
+    security/ca_root_nss
+    security/sudo
+    sysutils/firstboot-freebsd-update
+    sysutils/firstboot-pkgs
+    sysutils/panicmail
+    textproc/jq
+    "
+
+# Should be enough for base image, image can be resized in needed
+export VMSIZE=5g
+
+# Set to a list of third-party software to enable in rc.conf(5).
+export VM_RC_LIST="
+    cloudinit
+    firstboot_pkgs
+    firstboot_freebsd_update
+    growfs
+    ntpd
+    ntpd_sync_on_start
+    sshd
+    zfs"
+
+vm_extra_pre_umount() {
+       cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
+               dumpdev=AUTO
+               sendmail_enable=NONE
+EOF
+
+       cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
+               autoboot_delay="5"
+               beastie_disable="YES"
+               boot_serial="YES"
+               loader_logo="none"
+               cryptodev_load="YES"
+               opensolaris_load="YES"
+               xz_load="YES"
+               zfs_load="YES"
+EOF
+
+       cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
+               # S11 Configure the SSH service to prevent password-based login
+               PermitRootLogin prohibit-password
+               PasswordAuthentication no
+               KbdInteractiveAuthentication no
+               PermitEmptyPasswords no
+               UseDNS no
+EOF
+
+        # S14 Root user login must be disabled on serial-over-ssh console
+        pw -R ${DESTDIR} usermod root -w no
+        # OCI requirements override the default FreeBSD cloud-init settings
+        cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg
+               disable_root: true
+               system_info:
+                  distro: freebsd
+                  default_user:
+                    name: freebsd
+                    lock_passwd: True
+                    gecos: "OCI Default User"
+                    groups: [wheel]
+                    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+                    shell: /bin/sh
+                  network:
+                     renderers: ['freebsd']
+EOF
+
+       # Use Oracle Cloud Infrastructure NTP server
+       sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
+        ${DESTDIR}/etc/ntp.conf
+
+       touch ${DESTDIR}/firstboot
+
+       return 0
+}

Reply via email to