diff --git a/release/Makefile.vm b/release/Makefile.vm index 2ab5b4e373e3..81f46a23b2ac 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -1,182 +1,186 @@ # # $FreeBSD$ # # # Makefile for building virtual machine and cloud provider disk images. # VMTARGETS= vm-image VMFORMATS?= vhd vmdk qcow2 raw VMSIZE?= 5120m VMFS?= ufs SWAPSIZE?= 1g VMBASE?= vm VHD_DESC= Azure, VirtualPC, Hyper-V, Xen disk image VMDK_DESC= VMWare, VirtualBox disk image QCOW2_DESC= Qemu, KVM disk image RAW_DESC= Unformatted raw disk image CLOUDWARE?= BASIC-CI \ EC2 \ GCE \ + OCI \ VAGRANT-VIRTUALBOX \ VAGRANT-VMWARE AZURE_FORMAT= vhdf AZURE_DESC= Microsoft Azure platform image AZURE_DISK= ${OSRELEASE}.${AZURE_FORMAT} BASIC-CI_FORMAT= raw BASIC-CI_DESC= Image for CI BASIC-CI_DISK= ${OSRELEASE}.${BASIC-CI_FORMAT} EC2_FORMAT= raw EC2_DESC= Amazon EC2 image EC2_DISK= ${OSRELEASE}.${EC2_FORMAT} GCE_FORMAT= raw GCE_DESC= Google Compute Engine image GCE_DISK= disk.${GCE_FORMAT} +OCI_FORMAT= qcow2 +OCI_DESC= Oracle Cloud Infrastructure image +OCI_DISK= ${OSRELEASE}.${OCI_FORMAT} OPENSTACK_FORMAT=qcow2 OPENSTACK_DESC= OpenStack platform image OPENSTACK_DISK= ${OSRELEASE}.${OPENSTACK_FORMAT} VAGRANT-VIRTUALBOX_FORMAT= vmdk VAGRANT-VIRTUALBOX_DESC= Vagrant Image for VirtualBox VAGRANT-VIRTUALBOX_DISK= ${OSRELEASE}.vbox.${VAGRANT_FORMAT} VAGRANT-VMWARE_FORMAT= vmdk VAGRANT-VMWARE_DESC= Vagrant Image for VMWare VAGRANT-VMWARE_DISK= ${OSRELEASE}.vmware.${VAGRANT_FORMAT} .for _V in TYPE BRANCH REVISION . if !defined(${_V}) || empty(${_V}) ${_V}!= eval $$(awk '/^${_V}=/{print}' ${.CURDIR}/../sys/conf/newvers.sh); echo $$${_V} . endif .endfor emulator-portinstall: .if ${TARGET_ARCH} != ${MACHINE_ARCH} .if ( ${TARGET_ARCH} != "i386" ) || ( ${MACHINE_ARCH} != "amd64" ) .if !exists(/usr/local/bin/qemu-${TARGET_ARCH}-static) .if exists(${PORTSDIR}/emulators/qemu-user-static/Makefile) env - UNAME_r=${UNAME_r} PATH=$$PATH make -C ${PORTSDIR}/emulators/qemu-user-static BATCH=1 all install clean .else .if !exists(/usr/local/sbin/pkg-static) env ASSUME_ALWAYS_YES=yes pkg bootstrap -y .endif env ASSUME_ALWAYS_YES=yes pkg install -y emulators/qemu-user-static .endif .endif QEMUSTATIC=/usr/local/bin/qemu-${TARGET_ARCH}-static .endif .endif .if defined(WITH_CLOUDWARE) && !empty(WITH_CLOUDWARE) && !empty(CLOUDWARE) . for _CW in ${CLOUDWARE} CLOUDTARGETS+= cw-${_CW:tl} CLEANDIRS+= cw-${_CW:tl} CLEANFILES+= ${_CW:tl}.img \ ${_CW:tl}.${${_CW:tu}_FORMAT} \ ${_CW:tl}.${${_CW:tu}_FORMAT}.raw \ cw${_CW:tl}-package CLOUDPACKAGE+= cw${_CW:tl}-package ${_CW:tu}IMAGE= ${_CW:tl}.${${_CW:tu}_FORMAT} . if exists(${.CURDIR}/tools/${_CW:tl}.conf) && !defined(${_CW:tu}CONF) ${_CW:tu}CONF?= ${.CURDIR}/tools/${_CW:tl}.conf . endif cw-${_CW:tl}: emulator-portinstall mkdir -p ${.OBJDIR}/${.TARGET} env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} SWAPSIZE=${SWAPSIZE} \ QEMUSTATIC=${QEMUSTATIC} \ ${.CURDIR}/scripts/mk-vmimage.sh \ -C ${.CURDIR}/tools/vmimage.subr -d ${.OBJDIR}/${.TARGET} -F ${VMFS} \ -i ${.OBJDIR}/${_CW:tl}.img -s ${VMSIZE} -f ${${_CW:tu}_FORMAT} \ -S ${WORLDDIR} -o ${.OBJDIR}/${${_CW:tu}IMAGE} -c ${${_CW:tu}CONF} touch ${.TARGET} cw${_CW:tl}-package: @# Special target to handle packaging cloud images in the formats @# specific to each hosting provider. .if exists(${.CURDIR}/tools/${_CW:tl}-package.sh) env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} \ ${.CURDIR}/tools/${_CW:tl}-package.sh \ -D ${DESTDIR} -I ${${_CW}_DISK} -S ${WORLDDIR} .endif touch ${.TARGET} . endfor .endif .if defined(WITH_VMIMAGES) && !empty(WITH_VMIMAGES) CLEANDIRS+= ${VMTARGETS} . for FORMAT in ${VMFORMATS} CLEANFILES+= ${FORMAT}.img CLEANFILES+= ${VMBASE}.${FORMAT} . endfor .endif vm-base: vm-image vm-image: .if defined(WITH_VMIMAGES) && !empty(WITH_VMIMAGES) . for FORMAT in ${VMFORMATS} mkdir -p ${.OBJDIR}/${.TARGET} env TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} SWAPSIZE=${SWAPSIZE} \ ${.CURDIR}/scripts/mk-vmimage.sh \ -C ${.CURDIR}/tools/vmimage.subr -d ${.OBJDIR}/${.TARGET} -F ${VMFS} \ -i ${.OBJDIR}/${FORMAT}.img -s ${VMSIZE} -f ${FORMAT} \ -S ${WORLDDIR} -o ${.OBJDIR}/${VMBASE}.${FORMAT} . endfor .endif touch ${.TARGET} vm-cloudware: ${CLOUDTARGETS} list-vmtargets: list-cloudware @${ECHO} @${ECHO} "Supported virtual machine disk image formats:" .for FORMAT in ${VMFORMATS:tu} @${ECHO} " ${FORMAT:tl}: ${${FORMAT}_DESC}" .endfor list-cloudware: .if !empty(CLOUDWARE) @${ECHO} @${ECHO} "Supported cloud hosting provider images:" . for _CW in ${CLOUDWARE} @${ECHO} " ${_CW:tu}: ${${_CW:tu}_DESC}" . endfor .endif vm-install: .if defined(WITH_VMIMAGES) && !empty(WITH_VMIMAGES) mkdir -p ${DESTDIR}/vmimages . for FORMAT in ${VMFORMATS} cp -p ${VMBASE}.${FORMAT} \ ${DESTDIR}/vmimages/${OSRELEASE}.${FORMAT} . endfor . if defined(WITH_COMPRESSED_VMIMAGES) && !empty(WITH_COMPRESSED_VMIMAGES) . for FORMAT in ${VMFORMATS} # Don't keep the originals. There is a copy in ${.OBJDIR} if needed. ${XZ_CMD} ${DESTDIR}/vmimages/${OSRELEASE}.${FORMAT} . endfor . endif cd ${DESTDIR}/vmimages && sha512 ${OSRELEASE}* > \ ${DESTDIR}/vmimages/CHECKSUM.SHA512 cd ${DESTDIR}/vmimages && sha256 ${OSRELEASE}* > \ ${DESTDIR}/vmimages/CHECKSUM.SHA256 .endif vm-release: .if defined(WITH_VMIMAGES) && !empty(WITH_VMIMAGES) ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} ${VMTARGETS} .endif cloudware-release: .if defined(WITH_CLOUDWARE) && !empty(WITH_CLOUDWARE) && !empty(CLOUDWARE) ${MAKE} -C ${.CURDIR} ${.MAKEFLAGS} ${CLOUDTARGETS} .endif .include "${.CURDIR}/Makefile.azure" .include "${.CURDIR}/Makefile.ec2" .include "${.CURDIR}/Makefile.gce" .include "${.CURDIR}/Makefile.vagrant" .include "${.CURDIR}/Makefile.inc1" diff --git a/release/release.conf.sample b/release/release.conf.sample index bd7be15b0227..40f8457e8f89 100644 --- a/release/release.conf.sample +++ b/release/release.conf.sample @@ -1,116 +1,116 @@ #!/bin/sh # ## Redefine environment variables here to override prototypes ## defined in release.sh. #load_chroot_env() { } #load_target_env() { } #buildenv_setup() { } ## Set the directory within which the release will be built. CHROOTDIR="/scratch" ## Do not explicitly require the devel/git port to be installed. #NOGIT=1 ## Set the version control system host. GITROOT="https://git.freebsd.org/" GITSRC="src.git" GITPORTS="ports.git" ## Set the src/, ports/, and doc/ branches or tags. SRCBRANCH="main" PORTBRANCH="main" ## Sample configuration for using git from ports. #GITCMD="/usr/local/bin/git clone -q --branch main" ## Set to override the default target architecture. #TARGET="amd64" #TARGET_ARCH="amd64" #KERNEL="GENERIC" ## Multiple kernels may be set. #KERNEL="GENERIC XENHVM" ## Set to specify a custom make.conf and/or src.conf #MAKE_CONF="/etc/local/make.conf" #SRC_CONF="/etc/local/src.conf" ## Set to use make(1) flags. #MAKE_FLAGS="-s" ## Set to use world- and kernel-specific make(1) flags. #WORLD_FLAGS="-j $(sysctl -n hw.ncpu)" #KERNEL_FLAGS="-j $(( $(( $(sysctl -n hw.ncpu) + 1 )) / 2 ))" ## Set miscellaneous 'make release' settings. #NOPORTS= #NOSRC= #WITH_DVD= #WITH_COMPRESSED_IMAGES= ## Set to '1' to disable multi-threaded xz(1) compression. #XZ_THREADS=0 ## Set when building embedded images. #EMBEDDEDBUILD= ## Set to a list of ports required to build embedded system-on-chip ## images, such as sysutils/u-boot-rpi. #EMBEDDEDPORTS= ## Set to the hardware platform of the target userland. This value ## is passed to make(1) to set the TARGET (value of uname -m) to cross ## build. #EMBEDDED_TARGET= ## Set to the machine processor architecture of the target userland. ## This value is passed to make(1) to set the TARGET_ARCH (value of uname -p) ## to cross build. #EMBEDDED_TARGET_ARCH= ## Set to skip the chroot environment buildworld/installworld/distribution ## step if it is expected the build environment will exist via alternate ## means. #CHROOTBUILD_SKIP= ## Set to a non-empty value skip checkout or update of /usr/src in ## the chroot. This is intended for use when /usr/src already exists. #SRC_UPDATE_SKIP= ## Set to a non-empty value skip checkout or update of /usr/ports in ## the chroot. This is intended for use when /usr/ports already exists. #PORTS_UPDATE_SKIP= ## Set to pass additional flags to make(1) for the build chroot setup, such ## as TARGET/TARGET_ARCH. #CHROOT_MAKEENV= ## Set to a non-empty value to build virtual machine images as part of the ## release build. #WITH_VMIMAGES= ## Set to a non-empty value to compress virtual machine images with xz(1) ## as part of the release build. #WITH_COMPRESSED_VMIMAGES= ## If WITH_VMIMAGES is set to a non-empty value, this is the name of the ## file to use for the installed userland/kernel. #VMBASE="vm" ## If WITH_VMIMAGES is set to a non-empty value, this is the size of the ## virtual machine disk filesystem. Valid size values are described in ## the makefs(8) manual page. #VMSIZE="20g" ## If WITH_VMIMAGES is set to a non-empty value, this is a list of disk ## image formats to create. Valid values are listed in the mkimg(1) ## manual page, as well as 'mkimg --formats' output. #VMFORMATS="vhdf vmdk qcow2 raw" ## Set to a non-empty value to build virtual machine images for various ## cloud providers as part of the release build. #WITH_CLOUDWARE= ## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers ## to create disk images. -#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE" +#CLOUDWARE="EC2 GCE OCI VAGRANT-VIRTUALBOX VAGRANT-VMWARE" diff --git a/release/tools/oci.conf b/release/tools/oci.conf new file mode 100644 index 000000000000..7260cd24defd --- /dev/null +++ b/release/tools/oci.conf @@ -0,0 +1,94 @@ +#!/bin/sh +# Set to a list of packages to install. +export VM_EXTRA_PACKAGES=" + comms/py-pyserial + converters/base64 + devel/oci-cli + devel/py-babel + devel/py-iso8601 + devel/py-pbr + devel/py-six + ftp/curl + lang/python + lang/python3 + net/cloud-init + net/py-eventlet + net/py-netaddr + net/py-netifaces + net/py-oauth + net/rsync + panicmail + security/ca_root_nss + security/sudo + sysutils/firstboot-freebsd-update + sysutils/firstboot-pkgs + sysutils/panicmail + textproc/jq + " + +# Should be enough for base image, image can be resized in needed +export VMSIZE=5g + +# Set to a list of third-party software to enable in rc.conf(5). +export VM_RC_LIST=" + cloudinit + firstboot_pkgs + firstboot_freebsd_update + growfs + ntpd + ntpd_sync_on_start + sshd + zfs" + +vm_extra_pre_umount() { + cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf + dumpdev=AUTO + sendmail_enable=NONE +EOF + + cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf + autoboot_delay="5" + beastie_disable="YES" + boot_serial="YES" + loader_logo="none" + cryptodev_load="YES" + opensolaris_load="YES" + xz_load="YES" + zfs_load="YES" +EOF + + cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config + # S11 Configure the SSH service to prevent password-based login + PermitRootLogin prohibit-password + PasswordAuthentication no + KbdInteractiveAuthentication no + PermitEmptyPasswords no + UseDNS no +EOF + + # S14 Root user login must be disabled on serial-over-ssh console + pw -R ${DESTDIR} usermod root -w no + # OCI requirements override the default FreeBSD cloud-init settings + cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg + disable_root: true + system_info: + distro: freebsd + default_user: + name: freebsd + lock_passwd: True + gecos: "OCI Default User" + groups: [wheel] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/sh + network: + renderers: ['freebsd'] +EOF + + # Use Oracle Cloud Infrastructure NTP server + sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \ + ${DESTDIR}/etc/ntp.conf + + touch ${DESTDIR}/firstboot + + return 0 +}