tools/mk-base-image


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183

#!/usr/bin/env bash
#
# Create a base CentOS Docker image.
#
# This script is useful on systems with yum installed (e.g., building
# a CentOS image on CentOS).  See contrib/mkimage-rinse.sh for a way
# to build CentOS images on other systems.

yum_config=$1
target=$2
projectdir=$3
profile_id=$4

setopt="group_package_types=mandatory,default,optional"

case $profile_id in
    "x86_64_COTS" )
        kernel_version="5.17.15-1.el8.x86_64"
        append_package_to_install="$projectdir/package/kernel-ml-core-$kernel_version.rpm
                    $projectdir/package/kernel-ml-modules-$kernel_version.rpm
                    $projectdir/package/kernel-ml-$kernel_version.rpm
                    $projectdir/package/kernel-ml-devel-$kernel_version.rpm"
        ;;
    *)
        kernel_version="error_profile_id"
        echo "Set kernel_version failed, error profile_id: $profile_id"
        ;;
esac

case $profile_id in
    "x86_64_COTS" )
        base_package_to_install="@base @core @debugging @anaconda-tools @additional-devel @guest-agents @system-tools
                    @hardware-monitoring @network-file-system-client @performance @remote-system-management adcli certmonger
                    ipa-client clevis-dracut clevis-udisks2 krb5-pkinit krb5-workstation sssd-polkit-rules krb5-pkinit luksmeta
                    nscd nss-pam-ldapd grub2 epel-release efibootmgr yum-utils ipmitool OpenIPMI docker-ce docker-ce-cli
                    containerd.io lrzsz python3 watchdog pcm git tmux fish kernel kernel-devel kernel-tools-libs kernel-modules
                    kernel-tools kernel-core rpm-build libtool kernel-rpm-macros python36-devel tcsh kernel-modules-extra gcc-gfortran
                    libdb-devel fuse-devel python3-Cython cmake perl-generators libstdc++-devel libmnl-devel bison flex gcc-c++
                    python3-docutils libnsl liburing hwloc-gui perl-open perl python2 js-d3-flame-graph xmlstarlet conntrack-tools crudini"

        ;;
    "aarch64_COTS" )
        base_package_to_install="@base @core @debugging @anaconda-tools @additional-devel @guest-agents @system-tools
                    @hardware-monitoring @network-file-system-client @performance @remote-system-management adcli certmonger
                    ipa-client clevis-dracut clevis-udisks2 krb5-pkinit krb5-workstation sssd-polkit-rules krb5-pkinit luksmeta
                    nscd nss-pam-ldapd grub2 epel-release efibootmgr yum-utils ipmitool OpenIPMI docker-ce docker-ce-cli
                    containerd.io lrzsz python3 watchdog git tmux fish kernel kernel-devel kernel-tools-libs kernel-modules
                    kernel-tools kernel-core rpm-build libtool kernel-rpm-macros tcsh kernel-modules-extra gcc-gfortran
                    libdb-devel fuse-devel python3-Cython cmake perl-generators libstdc++-devel libmnl-devel bison flex gcc-c++
                    python3-docutils libnsl liburing hwloc-gui perl-open perl js-d3-flame-graph xmlstarlet conntrack-tools crudini"

        ;;
    *)
        base_package_to_install="error_profile_id"
        echo "Set base_package_to_install failed, error profile_id: $profile_id"
        exit 1
        ;;
esac

set -ex

yum -c "$yum_config" --installroot="$target" -y makecache

yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $base_package_to_install --disablerepo='ofed'
case $profile_id in
    "x86_64_COTS" )
        yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $append_package_to_install
        ;;
    *)
        ;;
esac

#git clone --depth 1 https://github.com/brendangregg/FlameGraph.git /opt/tools/FlameGraph/
#git clone --depth 1 https://github.com/brendangregg/perf-tools.git /opt/tools/perf-tools/
case $profile_id in
    "x86_64_COTS" )
        test -d "$target"/opt/tsg/tools/ || mkdir -p "$target"/opt/tsg/tools/
        tar -zxf $projectdir/tools/FlameGraph.tar.gz -C "$target"/opt/tsg/tools/
        tar -zxf $projectdir/tools/perf-tools.tar.gz -C "$target"/opt/tsg/tools/
        cp $projectdir/tools/run_flamegrah.sh "$target"/opt/tsg/tools/
        ;;
    *)
        ;;
esac

cat > "$target"/etc/sysconfig/network <<EOF
NETWORKING=yes
HOSTNAME=localhost.localdomain
EOF

mkdir -p $target/etc/profile.d

cat > $target/etc/profile.d/prompt_command.sh << EOF
oobc_enable_file_path="/var/lib/.tsg-os-oobc-enable"

read_oobc_value()
{
    if [ -e "\$oobc_enable_file_path" ]; then
        echo "(OOBC) "
    fi
}
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "\${USER}" "\${HOSTNAME%%.*}" "\${PWD/#\$HOME/\~}"; PS1="[\\\u@\\\h \$(read_oobc_value)\\\W]\\\\$ "'
EOF

chmod 0755 $target/etc/profile.d/prompt_command.sh

# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb
# --keep-services "$target".  Stolen from mkimage-rinse.sh
#  locales
# rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
#  docs
# rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
#  cracklib
# rm -rf "$target"/usr/share/cracklib
#  i18n
# rm -rf "$target"/usr/share/i18n
#  sln
# rm -rf "$target"/sbin/sln

#  ldconfig
rm -rf "$target"/etc/ld.so.cache
rm -rf "$target"/var/cache/ldconfig/*

case $profile_id in
    "x86_64_COTS" )
        cd $target/boot
        ln -sf vmlinuz-$kernel_version vmlinuz
        ln -sf initramfs-$kernel_version.img initrd.img
        cd -
        ;;
    "aarch64_COTS" )
        cd $target/boot
        kernel_version=$(rpm --root $target -q kernel --qf "%{VERSION}-%{RELEASE}.%{ARCH}")
        echo $kernel_version
        ln -sf vmlinuz-$kernel_version vmlinuz
        ln -sf initramfs-$kernel_version.img initrd.img
        cd -
        ;;
    *)
        ;;
esac

cp -a /dev/null $target/dev/
cp -a /dev/zero $target/dev/
cp -a /dev/urandom $target/dev/
cp -a /dev/random $target/dev/


# install ONIE helpers
chmod 0755 $projectdir/rootconf/sysroot-bin/*
chmod 0755 $projectdir/rootconf/sysroot-lib/*
cp -rf $projectdir/rootconf/sysroot-bin/* $target/bin/
cp -rf $projectdir/rootconf/sysroot-lib/* $target/lib/
cp -rf $projectdir/rootconf/sysroot-usr/service/* $target/usr/lib/systemd/system
cp -rf $projectdir/rootconf/sysroot-usr/sysctl/* $target/usr/lib/sysctl.d/

ln -vfs --relative  $target/usr/lib/systemd/system/ldconfig.service $target/usr/lib/systemd/system/sysinit.target.wants/ldconfig.service

#tty audit using pam
if [ ! -f "$target/etc/pam.d/system-auth-local" ]; then
    mv $target/etc/pam.d/system-auth $target/etc/pam.d/system-auth-local
    echo "session     required      pam_tty_audit.so  enable=*" >> $target/etc/pam.d/system-auth-local
    ln -vfs --relative $target/etc/pam.d/system-auth-local $target/etc/pam.d/system-auth

fi

if [ ! -f "$target/etc/pam.d/password-auth-local" ]; then
    mv $target/etc/pam.d/password-auth $target/etc/pam.d/password-auth-local
    echo "session     required      pam_tty_audit.so  enable=*" >> $target/etc/pam.d/password-auth-local
    ln -vfs --relative $target/etc/pam.d/password-auth-local $target/etc/pam.d/password-auth
fi

# ansible-playbook -i tsg-9140-scripts/install_config/tsg_9140_host tsg-9140-scripts/tsg_9140_deploy.yml
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt clean all

rm -rf $target/tmp/*
rm -rf $target/core.*
#rm -rf $target/etc/machine-id
#cat /dev/null > $target/etc/machine-id

# tar --numeric-owner -c -C centos_mkroot/ . | pbzip2 -p9 > input/centos-7-chroot.tar.bz2

#rm -rf "$target"