diff options
Diffstat (limited to 'imagebuild/tinyipa/finalise-tinyipa.sh')
| -rwxr-xr-x | imagebuild/tinyipa/finalise-tinyipa.sh | 246 |
1 files changed, 0 insertions, 246 deletions
diff --git a/imagebuild/tinyipa/finalise-tinyipa.sh b/imagebuild/tinyipa/finalise-tinyipa.sh deleted file mode 100755 index d8f967d4..00000000 --- a/imagebuild/tinyipa/finalise-tinyipa.sh +++ /dev/null @@ -1,246 +0,0 @@ -#!/bin/bash - -set -ex -WORKDIR=$(readlink -f $0 | xargs dirname) -FINALDIR="$WORKDIR/tinyipafinal" -DST_DIR=$FINALDIR -source ${WORKDIR}/common.sh - -BUILDDIR="$WORKDIR/tinyipabuild" -BUILD_AND_INSTALL_TINYIPA=${BUILD_AND_INSTALL_TINYIPA:-true} -TINYCORE_MIRROR_URL=${TINYCORE_MIRROR_URL:-} -ENABLE_SSH=${ENABLE_SSH:-false} -INSTALL_SSH=${INSTALL_SSH:-true} -AUTHORIZE_SSH=${ENABLE_SSH:-false} - -if $ENABLE_SSH; then - echo "WARNING: using ENABLE_SSH is deprecated, use INSTALL_SSH and AUTHORIZE_SSH variables instead" - INSTALL_SSH=true - AUTHORIZE_SSH=true -fi - -SSH_PUBLIC_KEY=${SSH_PUBLIC_KEY:-} -PYOPTIMIZE_TINYIPA=${PYOPTIMIZE_TINYIPA:-true} -TINYIPA_REQUIRE_BIOSDEVNAME=${TINYIPA_REQUIRE_BIOSDEVNAME:-false} -TINYIPA_REQUIRE_IPMITOOL=${TINYIPA_REQUIRE_IPMITOOL:-true} -TINYIPA_UDEV_SETTLE_TIMEOUT=${TINYIPA_UDEV_SETTLE_TIMEOUT:-20} -USE_PYTHON3=${USE_PYTHON3:-True} - - -echo "Finalising tinyipa:" - -if $AUTHORIZE_SSH ; then - echo "Validating location of public SSH key" - if [ -n "$SSH_PUBLIC_KEY" ]; then - if [ -f "$SSH_PUBLIC_KEY" ]; then - _found_ssh_key="$SSH_PUBLIC_KEY" - fi - else - for fmt in rsa dsa; do - if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then - _found_ssh_key="$HOME/.ssh/id_$fmt.pub" - break - fi - done - fi - - if [ -z $_found_ssh_key ]; then - echo "Failed to find neither provided nor default SSH key" - exit 1 - fi -fi - -sudo -v - -if [ -d "$FINALDIR" ]; then - sudo rm -rf "$FINALDIR" -fi - -mkdir "$FINALDIR" - -# Extract rootfs from .gz file -( cd "$FINALDIR" && zcat $WORKDIR/build_files/corepure64.gz | sudo cpio -i -H newc -d ) - -# Setup Final Dir -setup_tce "$DST_DIR" - -# Modify ldconfig for x86-64 -$CHROOT_CMD cp /sbin/ldconfig /sbin/ldconfigold -printf '#!/bin/sh\n/sbin/ldconfigold $@ | sed -r "s/libc6|ELF/libc6,x86-64/"' | $CHROOT_CMD tee -a /sbin/ldconfignew -$CHROOT_CMD cp /sbin/ldconfignew /sbin/ldconfig -$CHROOT_CMD chmod u+x /sbin/ldconfig - -# Copy python wheels from build to final dir -cp -Rp "$BUILDDIR/tmp/wheels" "$FINALDIR/tmp/wheelhouse" - -cp $WORKDIR/build_files/tgt.* $FINALDIR/tmp/builtin/optional -cp $WORKDIR/build_files/qemu-utils.* $FINALDIR/tmp/builtin/optional -cp $WORKDIR/build_files/lshw.* $FINALDIR/tmp/builtin/optional - -if $TINYIPA_REQUIRE_BIOSDEVNAME; then - cp $WORKDIR/build_files/biosdevname.* $FINALDIR/tmp/builtin/optional -fi -if $TINYIPA_REQUIRE_IPMITOOL; then - cp $WORKDIR/build_files/ipmitool.* $FINALDIR/tmp/builtin/optional -fi - -mkdir $FINALDIR/tmp/overides -cp $WORKDIR/build_files/fakeuname $FINALDIR/tmp/overides/uname - -PY_REQS="finalreqs_python2.lst" -if [[ $USE_PYTHON3 == "True" ]]; then - PY_REQS="finalreqs_python3.lst" -fi - -while read line; do - $TC_CHROOT_CMD tce-load -wic $line -done < <(paste $WORKDIR/build_files/finalreqs.lst $WORKDIR/build_files/$PY_REQS) - -if $INSTALL_SSH ; then - # Install and configure bare minimum for SSH access - $TC_CHROOT_CMD tce-load -wic openssh - # Configure OpenSSH - $CHROOT_CMD cp /usr/local/etc/ssh/sshd_config.orig /usr/local/etc/ssh/sshd_config - echo "PasswordAuthentication no" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config - # Generate and configure host keys - RSA, DSA, Ed25519 - # NOTE(pas-ha) ECDSA host key will still be re-generated fresh on every image boot - $CHROOT_CMD ssh-keygen -t rsa -N "" -f /usr/local/etc/ssh/ssh_host_rsa_key - $CHROOT_CMD ssh-keygen -t dsa -N "" -f /usr/local/etc/ssh/ssh_host_dsa_key - $CHROOT_CMD ssh-keygen -t ed25519 -N "" -f /usr/local/etc/ssh/ssh_host_ed25519_key - echo "HostKey /usr/local/etc/ssh/ssh_host_rsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config - echo "HostKey /usr/local/etc/ssh/ssh_host_dsa_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config - echo "HostKey /usr/local/etc/ssh/ssh_host_ed25519_key" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config - - # setup user and SSH keys - if $AUTHORIZE_SSH; then - $CHROOT_CMD mkdir -p /home/tc - $CHROOT_CMD chown -R tc.staff /home/tc - $TC_CHROOT_CMD mkdir -p /home/tc/.ssh - cat $_found_ssh_key | $TC_CHROOT_CMD tee /home/tc/.ssh/authorized_keys - $CHROOT_CMD chown tc.staff /home/tc/.ssh/authorized_keys - $TC_CHROOT_CMD chmod 600 /home/tc/.ssh/authorized_keys - fi -fi - -$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/tgt.tcz -$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/qemu-utils.tcz -$TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/lshw.tcz -if $TINYIPA_REQUIRE_BIOSDEVNAME; then - $TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/biosdevname.tcz -fi -if $TINYIPA_REQUIRE_IPMITOOL; then - $TC_CHROOT_CMD tce-load -ic /tmp/builtin/optional/ipmitool.tcz -fi - -# Ensure tinyipa picks up installed kernel modules -$CHROOT_CMD depmod -a `$WORKDIR/build_files/fakeuname -r` - -PIP_COMMAND="pip" -TINYIPA_PYTHON_EXE="python" -if [[ $USE_PYTHON3 == "True" ]]; then - PIP_COMMAND="pip3" - TINYIPA_PYTHON_EXE="python3" -fi - -# Install pip -$CHROOT_CMD ${TINYIPA_PYTHON_EXE} -m ensurepip --upgrade - -# If flag is set install python now -if $BUILD_AND_INSTALL_TINYIPA ; then - $CHROOT_CMD $PIP_COMMAND install --no-index --find-links=file:///tmp/wheelhouse --pre ironic_python_agent - rm -rf $FINALDIR/tmp/wheelhouse -fi - -# Unmount /proc and clean up everything -cleanup_tce "$DST_DIR" - -# Copy bootlocal.sh to opt -sudo cp "$WORKDIR/build_files/bootlocal.sh" "$FINALDIR/opt/." - -# Copy udhcpc.script to opt -sudo cp "$WORKDIR/udhcpc.script" "$FINALDIR/opt/" - -# Replace etc/init.d/dhcp.sh -sudo cp "$WORKDIR/build_files/dhcp.sh" "$FINALDIR/etc/init.d/dhcp.sh" -sudo sed -i "s/%UDEV_SETTLE_TIMEOUT%/$TINYIPA_UDEV_SETTLE_TIMEOUT/" "$FINALDIR/etc/init.d/dhcp.sh" - -# Disable ZSwap -sudo sed -i '/# Main/a NOZSWAP=1' "$FINALDIR/etc/init.d/tc-config" -# sudo cp $WORKDIR/build_files/tc-config $FINALDIR/etc/init.d/tc-config - -if $PYOPTIMIZE_TINYIPA; then - # Precompile all python - if [[ $USE_PYTHON3 == "True" ]]; then - set +e - $CHROOT_CMD /bin/bash -c "python3 -OO -m compileall /usr/local/lib/python3.6" - set -e - find $FINALDIR/usr/local/lib/python3.6 -name "*.py" -not -path "*ironic_python_agent/api/config.py" | sudo xargs --no-run-if-empty rm - find $FINALDIR/usr/local/lib/python3.6 -name "*.pyc" ! -name "*opt-2*" | sudo xargs --no-run-if-empty rm - sudo find $FINALDIR/usr/local/lib/python3.6 -type d -name __pycache__ -exec sh -c 'cd "$1"; for f in *; do mv -i "$f" .. ; done' find-sh {} \; - find $FINALDIR/usr/local/lib/python3.6 -name "*.cpython-36.opt-2*" | sed 'p;s/\.cpython-36\.opt-2//' | sudo xargs -n2 --no-run-if-empty mv - fi - set +e - $CHROOT_CMD /bin/bash -c "python -OO -m compileall /usr/local/lib/python2.7" - set -e - find $FINALDIR/usr/local/lib/python2.7 -name "*.py" -not -path "*ironic_python_agent/api/config.py" | sudo xargs --no-run-if-empty rm - find $FINALDIR/usr/local/lib/python2.7 -name "*.pyc" | sudo xargs --no-run-if-empty rm - if $INSTALL_SSH && $AUTHORIZE_SSH ; then - # NOTE(pas-ha) for Ansible+Python to work we need to ensure that - # PYTHONOPTIMIZE=1 is set for all sessions from 'tc' user including - # those that are elevated with 'sudo' afterwards - echo "PYTHONOPTIMIZE=1" | $TC_CHROOT_CMD tee -a /home/tc/.ssh/environment - echo "PermitUserEnvironment yes" | $CHROOT_CMD tee -a /usr/local/etc/ssh/sshd_config - echo 'Defaults env_keep += "PYTHONOPTIMIZE"' | $CHROOT_CMD tee -a /etc/sudoers - fi -else - sudo sed -i "s/PYTHONOPTIMIZE=1/PYTHONOPTIMIZE=0/" "$FINALDIR/opt/bootlocal.sh" -fi - -# Delete unnecessary Babel .dat files -find $FINALDIR -path "*babel/locale-data/*.dat" -not -path "*en_US*" | sudo xargs --no-run-if-empty rm - -# NOTE(pas-ha) Apparently on TinyCore Ansible's 'command' module is -# not searching for executables in the '/usr/local/(s)bin' paths. -# Thus we symlink everything from there to '/usr/(s)bin' which is being searched, -# so that 'command' module picks full utilities installed by 'util-linux' -# instead of built-in simplified BusyBox ones. -set +x -echo "Symlink all from /usr/local/sbin to /usr/sbin" -pushd "$FINALDIR/usr/local/sbin" -for target in *; do - if [ ! -f "$FINALDIR/usr/sbin/$target" ]; then - $CHROOT_CMD ln -s "/usr/local/sbin/$target" "/usr/sbin/$target" - fi -done -popd -echo "Symlink all from /usr/local/bin to /usr/bin" -# this also includes symlinking Python to the place expected by Ansible -pushd "$FINALDIR/usr/local/bin" -for target in *; do - if [ ! -f "$FINALDIR/usr/bin/$target" ]; then - $CHROOT_CMD ln -s "/usr/local/bin/$target" "/usr/bin/$target" - fi -done -popd -set -x - -# Rebuild build directory into gz file -( cd "$FINALDIR" && sudo find | sudo cpio -o -H newc | gzip -9 > "$WORKDIR/tinyipa${BRANCH_EXT}.gz" ) - -# Copy vmlinuz to new name -cp "$WORKDIR/build_files/vmlinuz64" "$WORKDIR/tinyipa${BRANCH_EXT}.vmlinuz" - -# Create tar.gz containing tinyipa files -tar czf tinyipa${BRANCH_EXT}.tar.gz tinyipa${BRANCH_EXT}.gz tinyipa${BRANCH_EXT}.vmlinuz - -# Create sha256 files which will be uploaded by the publish jobs along with -# the tinyipa ones in order to provide a way to verify the integrity of the tinyipa -# builds. -for f in tinyipa${BRANCH_EXT}.{gz,tar.gz,vmlinuz}; do - sha256sum $f > $f.sha256 -done - -# Output files with sizes created by this script -echo "Produced files:" -du -h tinyipa${BRANCH_EXT}.gz tinyipa${BRANCH_EXT}.tar.gz tinyipa${BRANCH_EXT}.vmlinuz -echo "Checksums: " tinyipa${BRANCH_EXT}.*sha256 |