release/oci: add Oracle Cloud image builder

Provides an OCI (Oracle Cloud Infrastructure) release target for
Oracle's KVM-based VM implementation. Tested using 13.1-RELEASE,
primarily on Ampere CPU on A1.Flex VM shapes, but also works on
amd64 shapes.

- supports cloud-init and custom scripts
- provides a freebsd@ sudo-enabled user
- root user disabled over ssh & console

Reviewed by:    emaste
Sponsored by:   The FreeBSD Foundation
Sponsored by:   SkunkWerks, GmbH
Technical assistance from:  Oracle
Differential Revision: https://reviews.freebsd.org/D34746

(cherry picked from commit 0af49f00b3096a5809f992d87b416cc0f70435ea)

3 files changed, 99 insertions, 1 deletions

diff --git a/release/Makefile.vm b/release/Makefile.vm
index 64a3dc31b90a..5ce0ffafd69c 100644
--- a/release/Makefile.vm
+++ b/release/Makefile.vm
@@ -19,6 +19,7 @@ RAW_DESC=	Unformatted raw disk image
 CLOUDWARE?=	BASIC-CI \
 		EC2 \
 		GCE \
+		OCI \
 		VAGRANT-VIRTUALBOX \
 		VAGRANT-VMWARE
 AZURE_FORMAT=	vhdf
@@ -33,6 +34,9 @@ EC2_DISK=	${OSRELEASE}.${EC2_FORMAT}
 GCE_FORMAT=	raw
 GCE_DESC=	Google Compute Engine image
 GCE_DISK=	disk.${GCE_FORMAT}
+OCI_FORMAT=	qcow2
+OCI_DESC=	Oracle Cloud Infrastructure image
+OCI_DISK=	${OSRELEASE}.${OCI_FORMAT}
 OPENSTACK_FORMAT=qcow2
 OPENSTACK_DESC=	OpenStack platform image
 OPENSTACK_DISK=	${OSRELEASE}.${OPENSTACK_FORMAT}
diff --git a/release/release.conf.sample b/release/release.conf.sample
index f9cebf82491b..e4e37909c34e 100644
--- a/release/release.conf.sample
+++ b/release/release.conf.sample
@@ -113,4 +113,4 @@ PORTBRANCH="main"
 
 ## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers
 ## to create disk images.
-#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE"
+#CLOUDWARE="EC2 GCE OCI VAGRANT-VIRTUALBOX VAGRANT-VMWARE"
diff --git a/release/tools/oci.conf b/release/tools/oci.conf
new file mode 100644
index 000000000000..7260cd24defd
--- /dev/null
+++ b/release/tools/oci.conf
@@ -0,0 +1,94 @@
+#!/bin/sh
+# Set to a list of packages to install.
+export VM_EXTRA_PACKAGES="
+    comms/py-pyserial
+    converters/base64
+    devel/oci-cli
+    devel/py-babel
+    devel/py-iso8601
+    devel/py-pbr
+    devel/py-six
+    ftp/curl
+    lang/python
+    lang/python3
+    net/cloud-init
+    net/py-eventlet
+    net/py-netaddr
+    net/py-netifaces
+    net/py-oauth
+    net/rsync
+    panicmail
+    security/ca_root_nss
+    security/sudo
+    sysutils/firstboot-freebsd-update
+    sysutils/firstboot-pkgs
+    sysutils/panicmail
+    textproc/jq
+    "
+
+# Should be enough for base image, image can be resized in needed
+export VMSIZE=5g
+
+# Set to a list of third-party software to enable in rc.conf(5).
+export VM_RC_LIST="
+    cloudinit
+    firstboot_pkgs
+    firstboot_freebsd_update
+    growfs
+    ntpd
+    ntpd_sync_on_start
+    sshd
+    zfs"
+
+vm_extra_pre_umount() {
+	cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
+		dumpdev=AUTO
+		sendmail_enable=NONE
+EOF
+
+	cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
+		autoboot_delay="5"
+		beastie_disable="YES"
+		boot_serial="YES"
+		loader_logo="none"
+		cryptodev_load="YES"
+		opensolaris_load="YES"
+		xz_load="YES"
+		zfs_load="YES"
+EOF
+
+	cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
+		# S11 Configure the SSH service to prevent password-based login
+		PermitRootLogin prohibit-password
+		PasswordAuthentication no
+		KbdInteractiveAuthentication no
+		PermitEmptyPasswords no
+		UseDNS no
+EOF
+
+	 # S14 Root user login must be disabled on serial-over-ssh console
+	 pw -R ${DESTDIR} usermod root -w no
+	 # OCI requirements override the default FreeBSD cloud-init settings
+	 cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg
+		disable_root: true
+		system_info:
+		   distro: freebsd
+		   default_user:
+		     name: freebsd
+		     lock_passwd: True
+		     gecos: "OCI Default User"
+		     groups: [wheel]
+		     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+		     shell: /bin/sh
+		   network:
+		      renderers: ['freebsd']
+EOF
+
+	# Use Oracle Cloud Infrastructure NTP server
+	sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
+        ${DESTDIR}/etc/ntp.conf
+
+	touch ${DESTDIR}/firstboot
+
+	return 0
+}