aboutsummaryrefslogtreecommitdiff
path: root/release/tools
diff options
context:
space:
mode:
authorDave Cottlehuber <dch@FreeBSD.org>2022-11-27 11:12:02 +0000
committerDave Cottlehuber <dch@FreeBSD.org>2022-11-27 11:12:02 +0000
commit0af49f00b3096a5809f992d87b416cc0f70435ea (patch)
tree869a4ba9f28b2510ec587b44ec86b2985a354964 /release/tools
parent671f55828d038e17fb29fd115b88e7cdf53500c3 (diff)
release/oci: add Oracle Cloud image builder
Provides an OCI (Oracle Cloud Infrastructure) release target for Oracle's KVM-based VM implementation. Tested using 13.1-RELEASE, primarily on Ampere CPU on A1.Flex VM shapes, but also works on amd64 shapes. - supports cloud-init and custom scripts - provides a freebsd@ sudo-enabled user - root user disabled over ssh & console Approved by: gjb Reviewed by: emaste MFS after: 1 week Sponsored by: The FreeBSD Foundation Sponsored by: SkunkWerks, GmbH Technical assistance from: Oracle Differential Revision: https://reviews.freebsd.org/D34746
Diffstat (limited to 'release/tools')
-rw-r--r--release/tools/oci.conf94
1 files changed, 94 insertions, 0 deletions
diff --git a/release/tools/oci.conf b/release/tools/oci.conf
new file mode 100644
index 000000000000..7260cd24defd
--- /dev/null
+++ b/release/tools/oci.conf
@@ -0,0 +1,94 @@
+#!/bin/sh
+# Set to a list of packages to install.
+export VM_EXTRA_PACKAGES="
+ comms/py-pyserial
+ converters/base64
+ devel/oci-cli
+ devel/py-babel
+ devel/py-iso8601
+ devel/py-pbr
+ devel/py-six
+ ftp/curl
+ lang/python
+ lang/python3
+ net/cloud-init
+ net/py-eventlet
+ net/py-netaddr
+ net/py-netifaces
+ net/py-oauth
+ net/rsync
+ panicmail
+ security/ca_root_nss
+ security/sudo
+ sysutils/firstboot-freebsd-update
+ sysutils/firstboot-pkgs
+ sysutils/panicmail
+ textproc/jq
+ "
+
+# Should be enough for base image, image can be resized in needed
+export VMSIZE=5g
+
+# Set to a list of third-party software to enable in rc.conf(5).
+export VM_RC_LIST="
+ cloudinit
+ firstboot_pkgs
+ firstboot_freebsd_update
+ growfs
+ ntpd
+ ntpd_sync_on_start
+ sshd
+ zfs"
+
+vm_extra_pre_umount() {
+ cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
+ dumpdev=AUTO
+ sendmail_enable=NONE
+EOF
+
+ cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
+ autoboot_delay="5"
+ beastie_disable="YES"
+ boot_serial="YES"
+ loader_logo="none"
+ cryptodev_load="YES"
+ opensolaris_load="YES"
+ xz_load="YES"
+ zfs_load="YES"
+EOF
+
+ cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
+ # S11 Configure the SSH service to prevent password-based login
+ PermitRootLogin prohibit-password
+ PasswordAuthentication no
+ KbdInteractiveAuthentication no
+ PermitEmptyPasswords no
+ UseDNS no
+EOF
+
+ # S14 Root user login must be disabled on serial-over-ssh console
+ pw -R ${DESTDIR} usermod root -w no
+ # OCI requirements override the default FreeBSD cloud-init settings
+ cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg
+ disable_root: true
+ system_info:
+ distro: freebsd
+ default_user:
+ name: freebsd
+ lock_passwd: True
+ gecos: "OCI Default User"
+ groups: [wheel]
+ sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+ shell: /bin/sh
+ network:
+ renderers: ['freebsd']
+EOF
+
+ # Use Oracle Cloud Infrastructure NTP server
+ sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
+ ${DESTDIR}/etc/ntp.conf
+
+ touch ${DESTDIR}/firstboot
+
+ return 0
+}