Intial commit for oracle-linux-image-tools

oracle-linux-image-tools/README.md

@@ -0,0 +1,33 @@
+# Description
+This repository provides tools to build Oracle Linux images for deployment in Microsoft Azure cloud and Oracle VM Server. 
+The images built by these tools contain a minimal installation with a set of pre-installed packages and target packages. 
+Image building is accomplished using Packer to build images from the Oracle Linux ISO using Oracle VM VirtualBox. 
+Images built for Oracle VM Server are OVA format. Images for Azure are VHD format.
+
+Target packages for Azure: WALinuxAgent
+
+Target packages for OVM: oracle-template-config + vmapi
+
+### Environment Properties
+
+Setup env.properties file in your workspace directory with appropriate settings. A sample file can be found in the repo.
+
+### Build instructions
+
+1) Install packer and VirtualBox: `yum --enablerepo=ol7_developer install packer VirtualBox-6.0`
+
+2) Clone this repo to the build system: `git clone https://github.com/oracle/ol-sample-scripts`
+
+3) Set up a separate workspace directory where the image will be built. Export WORKSPACE environment variable with the workspace directory:
+
+ `export WORKSPACE=/Image-build`
+
+4) Copy Kickstart Config files `azure.cf` and `ol.cf` to a http server that is accessible from the build system.
+
+5) OVM images require `mkovf`, which is provided by the `open-ovf` package on the Oracle VM Server ISO or from upstream.
+
+6) Copy the Azure license file provided in the repo to a http server.
+
+7) Build the image: `sh -x packer_builder.sh`
+
+8) Image will copied to: `$WORKSPACE/vm_images`

oracle-linux-image-tools/clouds/azure/ol7/azure_provision.sh

@@ -0,0 +1,85 @@
+#/bin/bash -e 
+# Azure specific installation methods
+#
+# Copyright © 2019 Oracle Corp., Inc. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
+#
+
+install_WALinuxAgent()
+{
+ curl http://public-yum.oracle.com/public-yum-ol7.repo -o /etc/yum.repos.d/public-yum-ol7.repo && DOWNLOADED_YUM_REPO=Yes
+ disable_repo ol7_UEK_latest
+ enable_repo ol7_addons
+ disable_repo ol7_UEKR4
+ enable_repo ol7_UEKR5
+ enable_repo ol7_MODRHCK
+ yum install -y parted python-pyasn1 hypervkvpd 
+ yum -y install WALinuxAgent dnsmasq
+ yum remove -y dracut-config-rescue
+ rpm -e kernel-uek kernel-uek-firmware
+ yum install -y kernel-uek kernel-uek-firmware
+ new_uek="$(rpm -q kernel-uek --qf '%{VERSION}-%{RELEASE}.%{ARCH}')"
+ ${DRACUT_CMD} -f "/boot/initramfs-${new_uek}.img" "${new_uek}"
+ grubby --set-default "/boot/vmlinuz-${new_uek}"
+ chkconfig --add waagent
+ chkconfig waagent on
+}
+
+azure_cfg()
+{
+# simple eth0 config, again not hard-coded to the build hardware
+ cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
+DEVICE=eth0
+ONBOOT=yes
+BOOTPROTO=dhcp
+TYPE=Ethernet
+USERCTL=no
+PEERDNS=yes
+IPV6INIT=no
+NM_CONTROLLED=no
+EOF
+
+# Disable NetworkManager handling of the SRIOV interfaces
+# Fix for Bug 16391: For Accelerated Networking Azure, use udev rule to prevent Hyper-V PCI device renaming
+ cat << EOF > /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
+# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
+# This interface is transparently bonded to the synthetic interface,
+# so NetworkManager should just ignore any SRIOV interfaces.
+SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
+EOF
+
+ # Disable some unneeded services by default
+ systemctl disable wpa_supplicant 
+ systemctl disable iptables
+ systemctl disable ip6tables 
+ systemctl enable network
+ systemctl enable dnsmasq
+
+ mkdir -m 0700 /var/lib/waagent
+ mv /lib/udev/rules.d/75-persistent-net-generator.rules /var/lib/waagent/ 2>/dev/null
+ touch /etc/udev/rules.d/75-persistent-net-generator.rules 2>/dev/null
+
+ # Install Network Manager 
+ yum -y install NetworkManager 
+
+ grubby --update-kernel=ALL --args="console=tty1 console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300 net.ifnames=0"
+ sed -i 's/^\(GRUB_CMDLINE_LINUX\)=".*"$/\1="console=tty1 console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300 net.ifnames=0"/g' /etc/default/grub
+ sed -i 's/^#\(ClientAliveInterval\).*$/\1 180/g' /etc/ssh/sshd_config
+
+ waagent -install
+ # Configure waagent to add 2GB swap space for all instances by default
+ sed -i -e "s/ResourceDisk.EnableSwap.*/ResourceDisk.EnableSwap=y/" /etc/waagent.conf
+ sed -i -e "s/ResourceDisk.SwapSizeMB.*/ResourceDisk.SwapSizeMB=2048/" /etc/waagent.conf
+ # update EULA
+ curl ${AZURE_DBLICENSE} -o /usr/share/oraclelinux-release/EULA 
+ curl ${AZURE_DBLICENSE} -o /usr/share/eula/eula.en_US
+
+ # Add support for new yum repo scheme
+ /usr/bin/ol_yum_configure.sh
+}
+
+install_azure()
+{
+ install_WALinuxAgent
+ azure_cfg
+}

oracle-linux-image-tools/clouds/azure/ol7/ol.cf

@@ -0,0 +1,177 @@
+# System authorization information
+auth --enableshadow --passalgo=sha512
+
+# Use CDROM installation media
+cdrom
+text
+reboot
+# Run the Setup Agent on first boot
+firstboot --disable
+ignoredisk --only-use=sda
+# Keyboard layouts
+keyboard --vckeymap=us --xlayouts='us'
+# System language
+lang en_US.UTF-8
+# System timezone
+timezone America/New_York --isUtc
+# Network information
+network --bootproto=dhcp --device=eth0 --onboot=yes --ipv6=auto --hostname=localhost.localdomain
+# Root password
+rootpw --iscrypted $6$ylmLz2.YAPdyIOtl$CUEkx7r3MDxSG5owUmvHicE8X7dNzTaVdqKqxBsgrE7eFzQV8us6Wb18TaeSHbIkb4WhKgHed6pryzOuKw7ll1
+# System services
+services --disabled="firewalld,kdump,rhsmcertd" --enabled="ip6tables,iptables,network,sshd,rsyslog,chronyd"
+selinux --permissive
+firewall --service=ssh
+# System bootloader configuration
+bootloader --append="console=tty0" --location=mbr --timeout=10 --boot-drive=sda
+# Partition clearing information
+zerombr
+clearpart --all --initlabel
+# Disk partitioning information
+part /boot --fstype="xfs" --ondisk=sda --size=500 --label=/boot
+part btrfs.12 --fstype="btrfs" --ondisk=sda --size=4096 --grow
+btrfs none --label=btr_pool --data=single btrfs.12
+btrfs / --subvol --name=root btr_pool
+%include /tmp/swap_partition
+
+%packages --nobase
+yum
+initscripts
+passwd
+rsyslog
+vim-minimal
+openssh-server
+openssh-clients
+dhclient
+chkconfig
+rootfiles
+policycoreutils
+checkpolicy
+selinux-policy
+selinux-policy-targeted
+libselinux
+oraclelinux-release
+yum-rhn-plugin
+yum-plugin-security
+device-mapper-libs
+device-mapper
+kpartx
+net-tools
+iptables-services
+btrfs-progs
+bind-utils
+chrony
+acpid
+tmpwatch
+
+## Packages to Remove
+-acl
+-attr
+-audit
+-oraclelinux-release-notes
+-efibootmgr
+-kexec-tools
+
+# deps for efibootmgr and kexec-tools
+-bc
+-busybox
+-elfutils-libs
+-mdadm
+-pciutils-libs
+-snappy
+
+# crontabs related pkgs
+-cronie-anacron
+-cronie
+-crontabs
+-cyrus-sasl
+-postfix
+-lzo
+-mysql-libs
+
+# others
+-NetworkManager
+-aic94xx-firmware
+-alsa-firmware
+-alsa-lib
+-alsa-tools-firmware
+-iprutils
+-ivtv-firmware
+-iwl100-firmware
+-iwl1000-firmware
+-iwl105-firmware
+-iwl135-firmware
+-iwl2000-firmware
+-iwl2030-firmware
+-iwl3160-firmware
+-iwl3945-firmware
+-iwl4965-firmware
+-iwl5000-firmware
+-iwl5150-firmware
+-iwl6000-firmware
+-iwl6000g2a-firmware
+-iwl6000g2b-firmware
+-iwl6050-firmware
+-iwl7260-firmware
+-libertas-sd8686-firmware
+-libertas-sd8787-firmware
+-libertas-usb8388-firmware
+-plymouth
+-biosdevname
+-b43-openfwwf
+-wireless-tools
+-system-config-securitylevel-tui
+
+%end
+
+# Add custom pre install scripts
+#
+%pre --interpreter /bin/sh 
+
+# determine if the swap partition is needed and generate the command for it
+touch /tmp/swap_partition
+cat /proc/cmdline | grep 'setup_swap=yes'
+if [ $? -eq 0 ] 
+then
+echo 'part swap --fstype="swap" --ondisk=sda --size=4096 --label=SWAP-VM' >> /tmp/swap_partition
+fi
+
+%end
+
+%post --interpreter /bin/sh 
+
+echo -n "Network fixes"
+# initscripts don't like this file to be missing.
+cat > /etc/sysconfig/network << EOF
+NETWORKING=yes
+NOZEROCONF=yes
+EOF
+
+# 'eth0' _is_ the predictable device name, since
+# we don't want to be tied to specific virtual (!) hardware
+rm -f /etc/udev/rules.d/70*
+ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
+
+# simple eth0 config, again not hard-coded to the build hardware
+cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
+DEVICE="eth0"
+BOOTPROTO="dhcp"
+ONBOOT="yes"
+TYPE="Ethernet"
+USERCTL="yes"
+PEERDNS="yes"
+IPV6INIT="no"
+PERSISTENT_DHCLIENT="1"
+NM_CONTROLLED="no"
+EOF
+
+# generic localhost names
+cat > /etc/hosts << EOF
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+EOF
+echo .
+# make sure firstboot doesn't start
+echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
+%end