diff options
Diffstat (limited to 'release/tools')
| -rw-r--r-- | release/tools/arm.subr | 75 | ||||
| -rw-r--r-- | release/tools/azure.conf | 13 | ||||
| -rw-r--r-- | release/tools/basic-ci.conf | 1 | ||||
| -rw-r--r-- | release/tools/basic-cloudinit.conf | 36 | ||||
| -rw-r--r-- | release/tools/ec2-base.conf | 52 | ||||
| -rw-r--r-- | release/tools/ec2-cloud-init.conf | 32 | ||||
| -rw-r--r-- | release/tools/ec2.conf | 124 | ||||
| -rw-r--r-- | release/tools/gce.conf | 19 | ||||
| -rw-r--r-- | release/tools/oci.conf | 94 | ||||
| -rw-r--r-- | release/tools/openstack.conf | 3 | ||||
| -rw-r--r-- | release/tools/vagrant-virtualbox.conf | 2 | ||||
| -rw-r--r-- | release/tools/vagrant-vmware.conf | 2 | ||||
| -rw-r--r-- | release/tools/vagrant.conf | 6 | ||||
| -rw-r--r-- | release/tools/vmimage.subr | 123 |
14 files changed, 393 insertions, 189 deletions
diff --git a/release/tools/arm.subr b/release/tools/arm.subr index d07dbb41b48b..983c3ea75dc7 100644 --- a/release/tools/arm.subr +++ b/release/tools/arm.subr @@ -1,7 +1,6 @@ #!/bin/sh #- # Copyright (c) 2015-2017 The FreeBSD Foundation -# All rights reserved. # # Portions of this software were developed by Glen Barber # under sponsorship from the FreeBSD Foundation. @@ -29,7 +28,6 @@ # # Common subroutines used to build arm, arm64, or RISC-V SD card images. # -# $FreeBSD$ # cleanup() { @@ -69,22 +67,25 @@ arm_create_disk() { # Create the target raw file and temporary work directory. chroot ${CHROOTDIR} gpart create -s ${PART_SCHEME} ${mddev} + + arm_create_partitions + if [ "${PART_SCHEME}" = "GPT" ]; then chroot ${CHROOTDIR} gpart add -t efi -l efi -a 512k -s ${FAT_SIZE} ${mddev} - chroot ${CHROOTDIR} newfs_msdos -L efi -F ${FAT_TYPE} /dev/${mddev}p1 chroot ${CHROOTDIR} gpart add -t freebsd-ufs -l rootfs -a 64k ${mddev} - chroot ${CHROOTDIR} newfs -U -L rootfs /dev/${mddev}p2 fi if [ "${PART_SCHEME}" = "MBR" ]; then chroot ${CHROOTDIR} gpart add -t '!12' -a 512k -s ${FAT_SIZE} ${mddev} chroot ${CHROOTDIR} gpart set -a active -i 1 ${mddev} - chroot ${CHROOTDIR} newfs_msdos -L msdosboot -F ${FAT_TYPE} /dev/${mddev}s1 chroot ${CHROOTDIR} gpart add -t freebsd ${mddev} - chroot ${CHROOTDIR} gpart create -s bsd ${mddev}s2 - chroot ${CHROOTDIR} gpart add -t freebsd-ufs -a 64k -b 64k ${mddev}s2 - chroot ${CHROOTDIR} newfs -U -L rootfs /dev/${mddev}s2a + chroot ${CHROOTDIR} gpart create -s bsd ${mddev}${BSDLABEL_SUFFIX} + chroot ${CHROOTDIR} gpart add -t freebsd-ufs -a 64k -b 64k ${mddev}${BSDLABEL_SUFFIX} fi + # Create the EFI and UFS filesystems + chroot ${CHROOTDIR} newfs_msdos -L efi -F ${FAT_TYPE} /dev/${mddev}${EFIPART_SUFFIX} + chroot ${CHROOTDIR} newfs -U -L rootfs /dev/${mddev}${ROOTFSPART_SUFFIX} + return 0 } @@ -173,12 +174,7 @@ arm_setup_minimal_loader() { } arm_install_base() { - if [ "${PART_SCHEME}" = "GPT" ]; then - chroot ${CHROOTDIR} mount /dev/${mddev}p2 ${DESTDIR} - fi - if [ "${PART_SCHEME}" = "MBR" ]; then - chroot ${CHROOTDIR} mount /dev/${mddev}s2a ${DESTDIR} - fi + chroot ${CHROOTDIR} mount /dev/${mddev}${ROOTFSPART_SUFFIX} ${DESTDIR} _OSVERSION=$(chroot ${CHROOTDIR} /usr/bin/uname -U) REVISION=$(chroot ${CHROOTDIR} make -C /usr/src/release -V REVISION) BRANCH=$(chroot ${CHROOTDIR} make -C /usr/src/release -V BRANCH) @@ -189,7 +185,8 @@ arm_install_base() { DESTDIR=${DESTDIR} KERNCONF=${KERNEL} \ ${CONF_FILES} installworld installkernel distribution chroot ${CHROOTDIR} mkdir -p ${DESTDIR}/boot/efi - chroot ${CHROOTDIR} mkdir -p ${DESTDIR}/boot/msdos + # Compatibility symlink to /boot/msdos for 13.1 and earlier + chroot ${CHROOTDIR} ln -s efi ${DESTDIR}/boot/msdos arm_create_user arm_setup_usb_otg @@ -200,31 +197,26 @@ arm_install_base() { echo '# Custom /etc/fstab for FreeBSD embedded images' \ > ${CHROOTDIR}/${DESTDIR}/etc/fstab - if [ "${PART_SCHEME}" = "GPT" ]; then - echo "/dev/ufs/rootfs / ufs rw 1 1" \ - >> ${CHROOTDIR}/${DESTDIR}/etc/fstab - echo "/dev/msdosfs/EFI /boot/efi msdosfs rw,noatime 0 0" \ - >> ${CHROOTDIR}/${DESTDIR}/etc/fstab - fi - if [ "${PART_SCHEME}" = "MBR" ]; then - echo "/dev/ufs/rootfs / ufs rw 1 1" \ - >> ${CHROOTDIR}/${DESTDIR}/etc/fstab - echo "/dev/msdosfs/MSDOSBOOT /boot/msdos msdosfs rw,noatime 0 0" \ - >> ${CHROOTDIR}/${DESTDIR}/etc/fstab - fi + echo "/dev/ufs/rootfs / ufs rw 1 1" \ + >> ${CHROOTDIR}/${DESTDIR}/etc/fstab + echo "/dev/msdosfs/EFI /boot/efi msdosfs rw,noatime 0 0" \ + >> ${CHROOTDIR}/${DESTDIR}/etc/fstab echo "tmpfs /tmp tmpfs rw,mode=1777 0 0" \ >> ${CHROOTDIR}/${DESTDIR}/etc/fstab local hostname hostname="$(echo ${KERNEL} | tr '[:upper:]' '[:lower:]')" echo "hostname=\"${hostname}\"" > ${CHROOTDIR}/${DESTDIR}/etc/rc.conf - echo 'ifconfig_DEFAULT="DHCP"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf + echo 'ifconfig_DEFAULT="DHCP inet6 accept_rtadv"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf echo 'sshd_enable="YES"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf echo 'sendmail_enable="NONE"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf echo 'sendmail_submit_enable="NO"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf echo 'sendmail_outbound_enable="NO"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf echo 'sendmail_msp_queue_enable="NO"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf echo 'growfs_enable="YES"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf + if [ -n "${CONFIG_POWERD_ENABLE}" ]; then + echo 'powerd_enable="YES"' >> ${CHROOTDIR}/${DESTDIR}/etc/rc.conf + fi sync umount_loop ${CHROOTDIR}/${DESTDIR} @@ -236,14 +228,8 @@ arm_install_boot() { FATMOUNT="${DESTDIR%${KERNEL}}/fat" UFSMOUNT="${DESTDIR%${KERNEL}}/ufs" chroot ${CHROOTDIR} mkdir -p "${FATMOUNT}" "${UFSMOUNT}" - if [ "${PART_SCHEME}" = "GPT" ]; then - dospart="/dev/${mddev}p1" - ufspart="/dev/${mddev}p2" - fi - if [ "${PART_SCHEME}" = "MBR" ]; then - dospart="/dev/${mddev}s1" - ufspart="/dev/${mddev}s2a" - fi + dospart="/dev/${mddev}${EFIPART_SUFFIX}" + ufspart="/dev/${mddev}${ROOTFSPART_SUFFIX}" chroot ${CHROOTDIR} mount_msdosfs ${dospart} ${FATMOUNT} chroot ${CHROOTDIR} mount ${ufspart} ${UFSMOUNT} @@ -277,3 +263,20 @@ arm_install_uboot() { arm_do_quirk() { # Override in the ${EMBEDDED_TARGET}/${BOARDNAME}.conf file. } + +arm_create_partitions() { + # Override in the ${EMBEDDED_TARGET}/${BOARDNAME}.conf file. + + # Set defaults for EFIPART_SUFFIX, ROOTFSPART_SUFFIX, and + # BSDLABEL_SUFFIX (MBR only), needed elsewhere. + + if [ "${PART_SCHEME}" = "GPT" ]; then + export EFIPART_SUFFIX=p1 + export ROOTFSPART_SUFFIX=p2 + fi + if [ "${PART_SCHEME}" = "MBR" ]; then + export EFIPART_SUFFIX=s1 + export BSDLABEL_SUFFIX=s2 + export ROOTFSPART_SUFFIX=s2a + fi +} diff --git a/release/tools/azure.conf b/release/tools/azure.conf index a9126ed8c389..9da2b19de694 100644 --- a/release/tools/azure.conf +++ b/release/tools/azure.conf @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # # Convention of Linux type VM on Azure is 30G @@ -16,21 +15,23 @@ export VM_RC_LIST="ntpd sshd waagent firstboot_freebsd_update firstboot_pkgs" # See ResourceDisk.EnableSwap and ResourceDisk.SwapSizeMB in waagent.conf export NOSWAP=YES -# https://docs.microsoft.com/en-us/azure/marketplace/azure-vm-create-certification-faq#vm-images-must-have-1mb-free-space +# https://learn.microsoft.com/en-us/partner-center/marketplace/azure-vm-certification-faq#vm-images-must-have-1-mb-of-free-space export VM_BOOTPARTSOFFSET=1M vm_extra_pre_umount() { + mount -t devfs devfs ${DESTDIR}/dev + # The firstboot_pkgs rc.d script will download the repository # catalogue and install or update pkg when the instance first # launches, so these files would just be replaced anyway; removing # them from the image allows it to boot faster. - mount -t devfs devfs ${DESTDIR}/dev chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ /usr/sbin/pkg delete -f -y pkg - umount ${DESTDIR}/dev rm ${DESTDIR}/var/db/pkg/repo-*.sqlite - yes | chroot ${DESTDIR} ${EMULATOR} /usr/local/sbin/waagent -deprovision + chroot ${DESTDIR} ${EMULATOR} pw usermod root -h - + + umount ${DESTDIR}/dev cat << EOF >> ${DESTDIR}/etc/rc.conf ifconfig_hn0="SYNCDHCP" @@ -52,7 +53,5 @@ EOF touch ${DESTDIR}/firstboot - rm -f ${DESTDIR}/etc/resolv.conf - return 0 } diff --git a/release/tools/basic-ci.conf b/release/tools/basic-ci.conf index 9dc05c57d0f4..5acc04b1e530 100644 --- a/release/tools/basic-ci.conf +++ b/release/tools/basic-ci.conf @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # # Should be enough for base image, image can be resized in needed diff --git a/release/tools/basic-cloudinit.conf b/release/tools/basic-cloudinit.conf new file mode 100644 index 000000000000..da4bed5ea5b5 --- /dev/null +++ b/release/tools/basic-cloudinit.conf @@ -0,0 +1,36 @@ +#!/bin/sh +# +# + +# Should be enough for base image, image can be resized in needed +export VMSIZE=5g + +# 1M config drive should be enough in most cases +export CONFIG_DRIVE=YES +export CONFIG_DRIVE_SIZE=1M + +# Set to a list of third-party software to enable in rc.conf(5). +export VM_RC_LIST="sshd growfs nuageinit" + +vm_extra_pre_umount() { + cat << EOF >> ${DESTDIR}/etc/rc.conf +dumpdev="AUTO" +ifconfig_DEFAULT="DHCP" +sshd_enable="YES" +EOF + + cat << EOF >> ${DESTDIR}/boot/loader.conf +autoboot_delay="-1" +beastie_disable="YES" +loader_logo="none" +console="comconsole,vidconsole" +EOF + cat <<EOF >> ${DESTDIR}/etc/ssh/sshd_config +PasswordAuthentication yes +UsePAM no +EOF + + touch ${DESTDIR}/firstboot + + return 0 +} diff --git a/release/tools/ec2-base.conf b/release/tools/ec2-base.conf new file mode 100644 index 000000000000..f4c46fe285cd --- /dev/null +++ b/release/tools/ec2-base.conf @@ -0,0 +1,52 @@ +#!/bin/sh + +. ${WORLDDIR}/release/tools/ec2.conf + +# Packages to install into the image we're creating. In addition to packages +# present on all EC2 AMIs, we install: +# * ec2-scripts, which provides a range of EC2ification startup scripts, +# * firstboot-freebsd-update, to install security updates at first boot, +# * firstboot-pkgs, to install packages at first boot, and +# * isc-dhcp44-client, used for IPv6 network setup. +export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ec2-scripts \ + firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client" + +# Services to enable in rc.conf(5). +export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \ + ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs \ + growfs sshd" + +vm_extra_pre_umount() { + # The AWS CLI tools are generally useful, and small enough that they + # will download quickly; but users will often override this setting + # via EC2 user-data. + echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf + + # EC2 instances use DHCP to get their network configuration. IPv6 + # requires accept_rtadv. + echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf + + # Enable IPv6 on all interfaces, and spawn DHCPv6 via rtsold + echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf + echo 'rtsold_enable="YES"' >> ${DESTDIR}/etc/rc.conf + echo 'rtsold_flags="-M /usr/local/libexec/rtsold-M -a"' >> ${DESTDIR}/etc/rc.conf + + # Provide a script which rtsold can use to launch DHCPv6 + mkdir -p ${DESTDIR}/usr/local/libexec + cat > ${DESTDIR}/usr/local/libexec/rtsold-M <<'EOF' +#!/bin/sh + +/usr/local/sbin/dhclient -6 -nw -N -cf /dev/null $1 +EOF + chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M + + # Any EC2 ephemeral disks seen when the system first boots will + # be "new" disks; there is no "previous boot" when they might have + # been seen and used already. + touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen + + # Configuration common to all EC2 AMIs + ec2_common + + return 0 +} diff --git a/release/tools/ec2-cloud-init.conf b/release/tools/ec2-cloud-init.conf new file mode 100644 index 000000000000..7682d635b1d6 --- /dev/null +++ b/release/tools/ec2-cloud-init.conf @@ -0,0 +1,32 @@ +#!/bin/sh + +. ${WORLDDIR}/release/tools/ec2.conf + +# Packages to install into the image we're creating. In addition to packages +# present on all EC2 AMIs, we install cloud-init. +export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} net/cloud-init" + +# Services to enable in rc.conf(5). +export VM_RC_LIST="${VM_RC_LIST} cloudinit sshd" + +vm_extra_pre_umount() { + # Configuration common to all EC2 AMIs + ec2_common + + # Configure cloud-init + cat <<-'EOF' > ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_ec2.cfg + disable_root: true + system_info: + distro: freebsd + default_user: + name: ec2-user + lock_passwd: True + groups: [wheel] + shell: /bin/sh + homedir: /home/ec2-user + doas: + - permit nopass ec2-user + EOF + + return 0 +} diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf index a61b711c24ce..989e8a05a318 100644 --- a/release/tools/ec2.conf +++ b/release/tools/ec2.conf @@ -1,101 +1,47 @@ #!/bin/sh -# -# $FreeBSD$ -# - -# Packages to install into the image we're creating. This is a deliberately -# minimalist set, providing only the packages necessary to bootstrap further -# package installation as specified via EC2 user-data. -export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ec2-scripts \ - firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client \ - ebsnvme-id" - -# Include the amazon-ssm-agent package in amd64 images, since some users want -# to be able to use it on systems which are not connected to the Internet. -# (It is not enabled by default, however.) This package does not exist for -# aarch64, so we have to be selective about when we install it. -if [ "${TARGET_ARCH}" = "amd64" ]; then - export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} amazon-ssm-agent" -fi -# Set to a list of third-party software to enable in rc.conf(5). -export VM_RC_LIST="ec2_configinit ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs ntpd dev_aws_disk ec2_ephemeral_swap" +# Packages which should be installed onto all EC2 AMIs: +# * ebsnvme-id, which is very minimal and provides important EBS-specific +# functionality, +# * amazon-ssm-agent (not enabled by default, but some users need to use +# it on systems not connected to the internet). +export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} ebsnvme-id amazon-ssm-agent" + +# Services which should be enabled by default in rc.conf(5). +export VM_RC_LIST="dev_aws_disk ntpd" -# Build with a 4.9 GB UFS partition; the growfs rc.d script will expand +# Build with a 5.9 GB partition; the growfs rc.d script will expand # the partition to fill the root disk after the EC2 instance is launched. # Note that if this is set to <N>G, we will end up with an <N+1> GB disk -# image since VMSIZE is the size of the UFS partition, not the disk which -# it resides within. -export VMSIZE=5000m - -# No swap space; the ec2_ephemeralswap rc.d script will allocate swap -# space on EC2 ephemeral disks. (If they exist -- the T2 low-cost instances -# and the C4 compute-optimized instances don't have ephemeral disks. But -# it would be silly to bloat the image and increase costs for every instance -# just for those two families, especially since instances ranging in size -# from 1 GB of RAM to 60 GB of RAM would need different sizes of swap space -# anyway.) +# image since VMSIZE is the size of the filesystem partition, not the disk +# which it resides within. +export VMSIZE=6000m + +# No swap space; it doesn't make sense to provision any as part of the disk +# image when we could be launching onto a system with anywhere between 0.5 +# and 4096 GB of RAM. export NOSWAP=YES -vm_extra_pre_umount() { - # The firstboot_pkgs rc.d script will download the repository - # catalogue and install or update pkg when the instance first - # launches, so these files would just be replaced anyway; removing - # them from the image allows it to boot faster. +ec2_common() { + # Delete the pkg package and the repo database; they will likely be + # long out of date before the EC2 instance is launched. mount -t devfs devfs ${DESTDIR}/dev chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ /usr/sbin/pkg delete -f -y pkg umount ${DESTDIR}/dev rm ${DESTDIR}/var/db/pkg/repo-*.sqlite - # The size of the EC2 root disk can be configured at instance launch - # time; expand our filesystem to fill the disk. - echo 'growfs_enable="YES"' >> ${DESTDIR}/etc/rc.conf - - # EC2 instances use DHCP to get their network configuration. IPv6 - # requires accept_rtadv. - echo 'ifconfig_DEFAULT="SYNCDHCP accept_rtadv"' >> ${DESTDIR}/etc/rc.conf - - # Unless the system has been configured via EC2 user-data, the user - # will need to SSH in to do anything. - echo 'sshd_enable="YES"' >> ${DESTDIR}/etc/rc.conf - - # The AWS CLI tools are generally useful, and small enough that they - # will download quickly; but users will often override this setting - # via EC2 user-data. - echo 'firstboot_pkgs_list="awscli"' >> ${DESTDIR}/etc/rc.conf - - # Enable IPv6 on all interfaces, and spawn DHCPv6 via rtsold - echo 'ipv6_activate_all_interfaces="YES"' >> ${DESTDIR}/etc/rc.conf - echo 'rtsold_enable="YES"' >> ${DESTDIR}/etc/rc.conf - echo 'rtsold_flags="-M /usr/local/libexec/rtsold-M -a"' >> ${DESTDIR}/etc/rc.conf - # Turn off IPv6 Duplicate Address Detection; the EC2 networking # configuration makes it unnecessary. echo 'net.inet6.ip6.dad_count=0' >> ${DESTDIR}/etc/sysctl.conf - # Provide a script which rtsold can use to launch DHCPv6 - mkdir -p ${DESTDIR}/usr/local/libexec - cat > ${DESTDIR}/usr/local/libexec/rtsold-M <<'EOF' -#!/bin/sh - -/usr/local/sbin/dhclient -6 -nw -N -cf /dev/null $1 -EOF - chmod 755 ${DESTDIR}/usr/local/libexec/rtsold-M - - # The EC2 console is output-only, so while printing a backtrace can - # be useful, there's no point dropping into a debugger or waiting - # for a keypress. - echo 'debug.trace_on_panic=1' >> ${DESTDIR}/boot/loader.conf - echo 'debug.debugger_on_panic=0' >> ${DESTDIR}/boot/loader.conf - echo 'kern.panic_reboot_wait_time=0' >> ${DESTDIR}/boot/loader.conf - - # The console is not interactive, so we might as well boot quickly. + # Booting quickly is more important than giving users a chance to + # access the boot loader via the serial port. echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf - # Tell gptboot not to wait 3 seconds for a keypress which won't - # arrive either. + # Tell gptboot not to wait 3 seconds for a keypress which will + # never arrive. printf -- "-n\n" > ${DESTDIR}/boot.config # The emulated keyboard attached to EC2 instances is inaccessible to @@ -127,11 +73,9 @@ EOF 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \ ${DESTDIR}/etc/ssh/sshd_config - # Use FreeBSD Update and Portsnap mirrors hosted in AWS + # Use FreeBSD Update mirrors hosted in AWS sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \ ${DESTDIR}/etc/freebsd-update.conf - sed -i '' -e 's/portsnap.FreeBSD.org/aws.portsnap.FreeBSD.org/' \ - ${DESTDIR}/etc/portsnap.conf # Use the NTP service provided by Amazon sed -i '' -e 's/^pool/#pool/' \ @@ -155,24 +99,8 @@ echo "-nfsv4,minorversion=1,oneopenown ${FS}.efs.${REGION}.amazonaws.com:/" EOF chmod 755 ${DESTDIR}/etc/autofs/special_efs - # The first time the AMI boots, the installed "first boot" scripts - # should be allowed to run: - # * ec2_configinit (download and process EC2 user-data) - # * ec2_fetchkey (arrange for SSH using the EC2-provided public key) - # * growfs (expand the filesystem to fill the provided disk) - # * firstboot_freebsd_update (install critical updates) - # * firstboot_pkgs (install packages) + # The first time the AMI boots, run "first boot" scripts. touch ${DESTDIR}/firstboot - # Any EC2 ephemeral disks seen when the system first boots will - # be "new" disks; there is no "previous boot" when they might have - # been seen and used already. - touch ${DESTDIR}/var/db/ec2_ephemeral_diskseen - - if ! [ -z "${QEMUSTATIC}" ]; then - rm -f ${DESTDIR}/${EMULATOR} - fi - rm -f ${DESTDIR}/etc/resolv.conf - return 0 } diff --git a/release/tools/gce.conf b/release/tools/gce.conf index 74e7455cb9dd..5ad83bcded53 100644 --- a/release/tools/gce.conf +++ b/release/tools/gce.conf @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # # The default of 3GB is too small for GCE, so override the size here. @@ -8,8 +7,8 @@ export VMSIZE=20g # Set to a list of packages to install. export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \ - firstboot-pkgs \ google-cloud-sdk panicmail sudo \ - sysutils/py-google-compute-engine lang/python lang/python2 \ + firstboot-pkgs google-cloud-sdk panicmail sudo \ + sysutils/py-google-compute-engine lang/python \ lang/python3" # Set to a list of third-party software to enable in rc.conf(5). @@ -84,9 +83,7 @@ EOF cat << EOF >> ${DESTDIR}/etc/sysctl.conf net.inet.icmp.drop_redirect=1 net.inet.ip.redirect=0 -net.inet.tcp.blackhole=2 -net.inet.udp.blackhole=1 -kern.ipc.somaxconn=1024 +kern.ipc.soacceptqueue=1024 debug.trace_on_panic=1 debug.debugger_on_panic=0 EOF @@ -121,7 +118,15 @@ EOF touch ${DESTDIR}/firstboot - rm -f ${DESTDIR}/etc/resolv.conf + return 0 +} +# Do everything except deleting resolv.conf since we construct our own +# Googlized resolv.conf file in vm_extra_install_base. +vm_emulation_cleanup() { + if ! [ -z "${QEMUSTATIC}" ]; then + rm -f ${DESTDIR}/${EMULATOR} + fi + umount_loop ${DESTDIR}/dev return 0 } diff --git a/release/tools/oci.conf b/release/tools/oci.conf new file mode 100644 index 000000000000..a4fe54ad3031 --- /dev/null +++ b/release/tools/oci.conf @@ -0,0 +1,94 @@ +#!/bin/sh +# Set to a list of packages to install. +export VM_EXTRA_PACKAGES=" + comms/py-pyserial + converters/base64 + devel/oci-cli + devel/py-babel + devel/py-iso8601 + devel/py-pbr + devel/py-six + ftp/curl + lang/python + lang/python3 + net/cloud-init + net/py-eventlet + net/py-netaddr + net/py-netifaces + net/py-oauth + net/rsync + panicmail + security/ca_root_nss + security/sudo + sysutils/firstboot-freebsd-update + sysutils/firstboot-pkgs + sysutils/panicmail + textproc/jq + " + +# Should be enough for base image, image can be resized in needed +export VMSIZE=6g + +# Set to a list of third-party software to enable in rc.conf(5). +export VM_RC_LIST=" + cloudinit + firstboot_pkgs + firstboot_freebsd_update + growfs + ntpd + ntpd_sync_on_start + sshd + zfs" + +vm_extra_pre_umount() { + cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf + dumpdev=AUTO + sendmail_enable=NONE +EOF + + cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf + autoboot_delay="5" + beastie_disable="YES" + boot_serial="YES" + loader_logo="none" + cryptodev_load="YES" + opensolaris_load="YES" + xz_load="YES" + zfs_load="YES" +EOF + + cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config + # S11 Configure the SSH service to prevent password-based login + PermitRootLogin prohibit-password + PasswordAuthentication no + KbdInteractiveAuthentication no + PermitEmptyPasswords no + UseDNS no +EOF + + # S14 Root user login must be disabled on serial-over-ssh console + pw -R ${DESTDIR} usermod root -w no + # OCI requirements override the default FreeBSD cloud-init settings + cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg + disable_root: true + system_info: + distro: freebsd + default_user: + name: freebsd + lock_passwd: True + gecos: "OCI Default User" + groups: [wheel] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/sh + network: + renderers: ['freebsd'] +EOF + + # Use Oracle Cloud Infrastructure NTP server + sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \ + ${DESTDIR}/etc/ntp.conf + + touch ${DESTDIR}/firstboot + + return 0 +} diff --git a/release/tools/openstack.conf b/release/tools/openstack.conf index ff156333cb17..05d2d13bbb39 100644 --- a/release/tools/openstack.conf +++ b/release/tools/openstack.conf @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # # Set to a list of packages to install. @@ -36,8 +35,6 @@ vm_extra_pre_umount() { echo 'ALL ALL=(ALL) NOPASSWD:ALL' >> \ ${DESTDIR}/usr/local/etc/sudoers.d/cloud-init - rm -f ${DESTDIR}/etc/resolv.conf - # The console is not interactive, so we might as well boot quickly. echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf diff --git a/release/tools/vagrant-virtualbox.conf b/release/tools/vagrant-virtualbox.conf index c29d5716bac2..9e0e430bbc88 100644 --- a/release/tools/vagrant-virtualbox.conf +++ b/release/tools/vagrant-virtualbox.conf @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # . ${WORLDDIR}/release/tools/vagrant.conf @@ -15,5 +14,4 @@ vm_extra_pre_umount () { # Setup the Vagrant common items vagrant_common - rm -f ${DESTDIR}/etc/resolv.conf } diff --git a/release/tools/vagrant-vmware.conf b/release/tools/vagrant-vmware.conf index 4e0f02c0e76c..fff929829222 100644 --- a/release/tools/vagrant-vmware.conf +++ b/release/tools/vagrant-vmware.conf @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # . ${WORLDDIR}/release/tools/vagrant.conf @@ -19,5 +18,4 @@ vm_extra_pre_umount () { # Setup the Vagrant common items vagrant_common - rm -f ${DESTDIR}/etc/resolv.conf } diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf index ebf69338b7d7..83a72b8e8aac 100644 --- a/release/tools/vagrant.conf +++ b/release/tools/vagrant.conf @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # # The default of 3GB is too small for Vagrant, so override the size here. @@ -51,12 +50,13 @@ vagrant_common () { usermod root -h 0 # Configure sudo to allow the vagrant user - echo 'vagrant ALL=(ALL) NOPASSWD: ALL' >> ${DESTDIR}/usr/local/etc/sudoers + echo 'vagrant ALL=(ALL:ALL) NOPASSWD: ALL' >> ${DESTDIR}/usr/local/etc/sudoers - # Configure the vagrant ssh key + # Configure the vagrant ssh keys mkdir ${DESTDIR}/home/vagrant/.ssh chmod 700 ${DESTDIR}/home/vagrant/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > ${DESTDIR}/home/vagrant/.ssh/authorized_keys + echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1YdxBpNlzxDqfJyw/QKow1F+wvG9hXGoqiysfJOn5Y vagrant insecure public key" >> ${DESTDIR}/home/vagrant/.ssh/authorized_keys chown -R 1001 ${DESTDIR}/home/vagrant/.ssh chmod 600 ${DESTDIR}/home/vagrant/.ssh/authorized_keys diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index 0d9202431822..9a60be57acf3 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -1,6 +1,5 @@ #!/bin/sh # -# $FreeBSD$ # # # Common functions for virtual machine image build scripts. @@ -39,8 +38,6 @@ cleanup() { } vm_create_base() { - # Creates the UFS root filesystem for the virtual machine disk, - # written to the formatted disk image with mkimg(1). mkdir -p ${DESTDIR} @@ -59,19 +56,18 @@ vm_install_base() { installworld installkernel distribution || \ err "\n\nCannot install the base system to ${DESTDIR}." - # Bootstrap etcupdate(8) and mergemaster(8) databases. + # Bootstrap etcupdate(8) database. mkdir -p ${DESTDIR}/var/db/etcupdate etcupdate extract -B \ -M "TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH}" \ -s ${WORLDDIR} -d ${DESTDIR}/var/db/etcupdate - sh ${WORLDDIR}/release/scripts/mm-mtree.sh -m ${WORLDDIR} \ - -F "TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH}" \ - -D ${DESTDIR} echo '# Custom /etc/fstab for FreeBSD VM images' \ > ${DESTDIR}/etc/fstab - echo "/dev/${ROOTLABEL}/rootfs / ufs rw 1 1" \ - >> ${DESTDIR}/etc/fstab + if [ "${VMFS}" != zfs ]; then + echo "/dev/${ROOTLABEL}/rootfs / ${VMFS} rw 1 1" \ + >> ${DESTDIR}/etc/fstab + fi if [ -z "${NOSWAP}" ]; then echo '/dev/gpt/swapfs none swap sw 0 0' \ >> ${DESTDIR}/etc/fstab @@ -80,7 +76,18 @@ vm_install_base() { local hostname hostname="$(echo $(uname -o) | tr '[:upper:]' '[:lower:]')" echo "hostname=\"${hostname}\"" >> ${DESTDIR}/etc/rc.conf + if [ "${VMFS}" = zfs ]; then + echo "zfs_enable=\"YES\"" >> ${DESTDIR}/etc/rc.conf + echo "zpool_reguid=\"zroot\"" >> ${DESTDIR}/etc/rc.conf + echo "zpool_upgrade=\"zroot\"" >> ${DESTDIR}/etc/rc.conf + echo "kern.geom.label.disk_ident.enable=0" >> ${DESTDIR}/boot/loader.conf + echo "zfs_load=YES" >> ${DESTDIR}/boot/loader.conf + fi + return 0 +} + +vm_emulation_setup() { if ! [ -z "${QEMUSTATIC}" ]; then export EMULATOR=/qemu cp ${QEMUSTATIC} ${DESTDIR}/${EMULATOR} @@ -90,8 +97,6 @@ vm_install_base() { mount -t devfs devfs ${DESTDIR}/dev chroot ${DESTDIR} ${EMULATOR} /usr/bin/newaliases chroot ${DESTDIR} ${EMULATOR} /bin/sh /etc/rc.d/ldconfig forcestart - umount_loop ${DESTDIR}/dev - cp /etc/resolv.conf ${DESTDIR}/etc/resolv.conf return 0 @@ -127,15 +132,12 @@ vm_extra_install_packages() { if [ -z "${VM_EXTRA_PACKAGES}" ]; then return 0 fi - mkdir -p ${DESTDIR}/dev - mount -t devfs devfs ${DESTDIR}/dev chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ /usr/sbin/pkg bootstrap -y for p in ${VM_EXTRA_PACKAGES}; do chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ /usr/sbin/pkg install -y ${p} done - umount_loop ${DESTDIR}/dev return 0 } @@ -150,13 +152,16 @@ vm_extra_install_ports() { vm_extra_pre_umount() { # Prototype. When overridden, performs additional tasks within the # virtual machine environment prior to unmounting the filesystem. - # Note: When overriding this function, removing resolv.conf in the - # disk image must be included. + return 0 +} + +vm_emulation_cleanup() { if ! [ -z "${QEMUSTATIC}" ]; then rm -f ${DESTDIR}/${EMULATOR} fi rm -f ${DESTDIR}/etc/resolv.conf + umount_loop ${DESTDIR}/dev return 0 } @@ -169,6 +174,41 @@ vm_extra_pkg_rmcache() { return 0 } +buildfs() { + local md tmppool + + case "${VMFS}" in + ufs) + makefs ${MAKEFSARGS} -o label=rootfs -o version=2 -o softupdates=1 \ + ${VMBASE} ${DESTDIR} + ;; + zfs) + makefs -t zfs ${MAKEFSARGS} \ + -o poolname=zroot -o bootfs=zroot/ROOT/default -o rootpath=/ \ + -o fs=zroot\;mountpoint=none \ + -o fs=zroot/ROOT\;mountpoint=none \ + -o fs=zroot/ROOT/default\;mountpoint=/ \ + -o fs=zroot/home\;mountpoint=/home \ + -o fs=zroot/tmp\;mountpoint=/tmp\;exec=on\;setuid=off \ + -o fs=zroot/usr\;mountpoint=/usr\;canmount=off \ + -o fs=zroot/usr/ports\;setuid=off \ + -o fs=zroot/usr/src \ + -o fs=zroot/usr/obj \ + -o fs=zroot/var\;mountpoint=/var\;canmount=off \ + -o fs=zroot/var/audit\;setuid=off\;exec=off \ + -o fs=zroot/var/crash\;setuid=off\;exec=off \ + -o fs=zroot/var/log\;setuid=off\;exec=off \ + -o fs=zroot/var/mail\;atime=on \ + -o fs=zroot/var/tmp\;setuid=off \ + ${VMBASE} ${DESTDIR} + ;; + *) + echo "Unexpected VMFS value '${VMFS}'" + exit 1 + ;; + esac +} + umount_loop() { DIR=$1 i=0 @@ -188,8 +228,7 @@ umount_loop() { } vm_create_disk() { - echo "Creating image... Please wait." - echo + local BOOTFILES BOOTPARTSOFFSET FSPARTTYPE X86GPTBOOTFILE if [ -z "${NOSWAP}" ]; then SWAPOPT="-p freebsd-swap/swapfs::${SWAPSIZE}" @@ -199,34 +238,56 @@ vm_create_disk() { BOOTPARTSOFFSET=":${VM_BOOTPARTSOFFSET}" fi + if [ -n "${CONFIG_DRIVE}" ]; then + CONFIG_DRIVE="-p freebsd/config-drive::${CONFIG_DRIVE_SIZE}" + fi + + case "${VMFS}" in + ufs) + FSPARTTYPE=freebsd-ufs + X86GPTBOOTFILE=i386/gptboot/gptboot + ;; + zfs) + FSPARTTYPE=freebsd-zfs + X86GPTBOOTFILE=i386/gptzfsboot/gptzfsboot + ;; + *) + echo "Unexpected VMFS value '${VMFS}'" + return 1 + ;; + esac + + echo "Creating image... Please wait." + echo BOOTFILES="$(env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \ WITH_UNIFIED_OBJDIR=yes \ make -C ${WORLDDIR}/stand -V .OBJDIR)" BOOTFILES="$(realpath ${BOOTFILES})" + MAKEFSARGS="-s ${VMSIZE}" case "${TARGET}:${TARGET_ARCH}" in amd64:amd64 | i386:i386) ESP=yes BOOTPARTS="-b ${BOOTFILES}/i386/pmbr/pmbr \ - -p freebsd-boot/bootfs:=${BOOTFILES}/i386/gptboot/gptboot${BOOTPARTSOFFSET}" - ROOTFSPART="-p freebsd-ufs/rootfs:=${VMBASE}" - MAKEFSARGS="-B little" + -p freebsd-boot/bootfs:=${BOOTFILES}/${X86GPTBOOTFILE}${BOOTPARTSOFFSET}" + ROOTFSPART="-p ${FSPARTTYPE}/rootfs:=${VMBASE}" + MAKEFSARGS="$MAKEFSARGS -B little" ;; - arm64:aarch64 | riscv:riscv64*) + arm:armv7 | arm64:aarch64 | riscv:riscv64*) ESP=yes BOOTPARTS= - ROOTFSPART="-p freebsd-ufs/rootfs:=${VMBASE}" - MAKEFSARGS="-B little" + ROOTFSPART="-p ${FSPARTTYPE}/rootfs:=${VMBASE}" + MAKEFSARGS="$MAKEFSARGS -B little" ;; powerpc:powerpc*) ESP=no BOOTPARTS="-p prepboot:=${BOOTFILES}/powerpc/boot1.chrp/boot1.elf -a 1" ROOTFSPART="-p freebsd:=${VMBASE}" if [ ${TARGET_ARCH} = powerpc64le ]; then - MAKEFSARGS="-B little" + MAKEFSARGS="$MAKEFSARGS -B little" else - MAKEFSARGS="-B big" + MAKEFSARGS="$MAKEFSARGS -B big" fi ;; *) @@ -239,25 +300,27 @@ vm_create_disk() { # Create an ESP espfilename=$(mktemp /tmp/efiboot.XXXXXX) make_esp_file ${espfilename} ${fat32min} ${BOOTFILES}/efi/loader_lua/loader_lua.efi - BOOTPARTS="${BOOTPARTS} -p efi/efiesp:=${espfilename}" + BOOTPARTS="${BOOTPARTS} -p efi/efiboot0:=${espfilename}" # Add this to fstab mkdir -p ${DESTDIR}/boot/efi - echo "/dev/${ROOTLABEL}/efiesp /boot/efi msdosfs rw 2 2" \ + echo "/dev/${ROOTLABEL}/efiboot0 /boot/efi msdosfs rw 2 2" \ >> ${DESTDIR}/etc/fstab fi echo "Building filesystem... Please wait." - makefs ${MAKEFSARGS} -o label=rootfs -o version=2 -o softupdates=1 \ - -s ${VMSIZE} ${VMBASE} ${DESTDIR} + buildfs echo "Building final disk image... Please wait." mkimg -s ${PARTSCHEME} -f ${VMFORMAT} \ ${BOOTPARTS} \ ${SWAPOPT} \ + ${CONFIG_DRIVE} \ ${ROOTFSPART} \ -o ${VMIMAGE} + echo "Disk image ${VMIMAGE} created." + if [ ${ESP} = "yes" ]; then rm ${espfilename} fi |