Commit 5717ce96 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Merge branch 'remove-qemu-ga' into 'master'

Remove qemu-guest-agent + removing vagrant only stuff from the cloud-image

Closes #89

See merge request !142
parents 0a767a3c 2d52c10e
Pipeline #2836 passed with stages
in 30 minutes and 9 seconds
......@@ -36,7 +36,7 @@ shfmt:
- export $(< build.env)
- ./build-host.sh
after_script:
- echo "image_size_megabytes{image=\"qcow2\"} $(du -m output/*cloudimg*qcow2)" > metrics.txt
- echo "image_size_megabytes{image=\"cloudimg\"} $(du -m output/*cloudimg*qcow2)" > metrics.txt
- echo "image_size_megabytes{image=\"libvirt\"} $(du -m output/*libvirt*box)" >> metrics.txt
- echo "image_size_megabytes{image=\"virtualbox\"} $(du -m output/*virtualbox*box)" >> metrics.txt
artifacts:
......
......@@ -11,8 +11,23 @@ Arch-boxes provides automated builds of the Arch Linux releases for different pr
### Vagrant
If you're a vagrant user, you can just go to [**our Vagrant Cloud page**](https://app.vagrantup.com/archlinux/boxes/archlinux) and follow the instructions there.
### Plain qcow2 image
If you want to use the plain qcow2 image with `qemu` or other hypervisors, you can use the [**nightly qcow2 images**](https://gitlab.archlinux.org/archlinux/arch-boxes/-/jobs/artifacts/master/browse/output?job=build:secure) we provide.
### Cloud image
If you want to run Arch Linux in the cloud, you can use our cloud-image, which is preconfigured to work in most cloud environments. It is built daily and can be downloaded [here](https://gitlab.archlinux.org/archlinux/arch-boxes/-/jobs/artifacts/master/browse/output?job=build:secure) (`Arch-Linux-x86_64-cloudimg-xxxxxxxx.xxxx.qcow2`).
The default user is `arch`.
If you are running the cloud-image with QEMU, it can in some cases\* be beneficial to run the [QEMU guest-agent](https://wiki.qemu.org/Features/GuestAgent). This can be done with the following user-data:
```yaml
#cloud-config
packages:
- qemu-guest-agent
runcmd:
- [ systemctl, daemon-reload ]
- [ systemctl, enable, qemu-guest-agent ]
- [ systemctl, start, qemu-guest-agent ]
```
*\*ex: when using [Proxmox](https://pve.proxmox.com/wiki/Qemu-guest-agent) or [oVirt](https://www.ovirt.org/develop/internal/guest-agent/understanding-guest-agents-and-other-tools.html). Please be aware, that the agent basically gives the host root access to the guest.*
Be advised, however, that our automatic builds are cleaned up after a few days so you can't hard-code a specific image version anywhere.
You can use this snippet to always get the most recent image and check its integrity (you need to install `hq` for this):
......@@ -43,27 +58,5 @@ We have CI in place to build all images even for merge requests.
Releases are done automatically via [GitLab CI schedule](https://gitlab.archlinux.org/archlinux/arch-boxes/-/pipeline_schedules).
No manual intervention is required or desired.
## Checking cloud-init support in our qcow2 images:
```bash
$ packer build -only=cloud -except=sign config.json
$ cp Arch-Linux-cloudimg-2020-02-24.qcow2 disk.qcow2
# Copied from (with minor changes): https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
$ { echo instance-id: iid-local01; echo local-hostname: cloudimg; } > meta-data
$ printf "#cloud-config\npassword: passw0rd\nchpasswd: { expire: False }\nssh_pwauth: True\n" > user-data
## create a disk to attach with some user-data and meta-data (require cdrkit)
$ genisoimage -output seed.iso -volid cidata -joliet -rock user-data meta-data
## create a new qcow image to boot, backed by your original image
$ qemu-img create -f qcow2 -b disk.qcow2 boot-disk.qcow2
## boot the image and login as 'arch' with password 'passw0rd'
## note, passw0rd was set as password through the user-data above,
## there is no password set on these images.
$ qemu-system-x86_64 -m 256 \
-net nic -net user,hostfwd=tcp::2222-:22 \
-drive file=boot-disk.qcow2,if=virtio \
-drive file=seed.iso,if=virtio
```
## Checking cloud-init support in our cloud image:
Please see the example in `man cloud-localds`.
......@@ -73,7 +73,7 @@ EOF
echo "Server = ${MIRROR}" >mirrorlist
# We use the hosts package cache
pacstrap -c -C pacman.conf -M "${MOUNT}" base linux grub openssh sudo polkit haveged btrfs-progs reflector
pacstrap -c -C pacman.conf -M "${MOUNT}" base linux grub openssh sudo haveged btrfs-progs reflector
cp mirrorlist "${MOUNT}/etc/pacman.d/"
}
......@@ -171,7 +171,7 @@ function cloud_image() {
# The growpart module[1] requires the growpart program, provided by the
# cloud-guest-utils package
# [1] https://cloudinit.readthedocs.io/en/latest/topics/modules.html#growpart
arch-chroot "${MOUNT}" /usr/bin/pacman -S --noconfirm qemu-guest-agent cloud-init cloud-guest-utils
arch-chroot "${MOUNT}" /usr/bin/pacman -S --noconfirm cloud-init cloud-guest-utils
arch-chroot "${MOUNT}" /usr/bin/systemctl enable cloud-init-local.service cloud-init.service cloud-config.service cloud-final.service
}
......@@ -180,9 +180,17 @@ function cloud_image_post() {
rm "${1}"
}
function vagrant_qemu() {
arch-chroot "${MOUNT}" /bin/bash < <(cat "${ORIG_PWD}"/http/install-{chroot,common}.sh)
arch-chroot "${MOUNT}" /usr/bin/pacman -S --noconfirm netctl qemu-guest-agent
function vagrant_common() {
arch-chroot "${MOUNT}" /bin/bash < <(cat "${ORIG_PWD}"/http/install-{vagrant,common}.sh)
arch-chroot "${MOUNT}" /usr/bin/pacman -S --noconfirm netctl polkit
# setting automatic authentication for any action requiring admin rights via Polkit
cat <<EOF >"${MOUNT}/etc/polkit-1/rules.d/49-nopasswd_global.rules"
polkit.addRule(function(action, subject) {
if (subject.isInGroup("vagrant")) {
return polkit.Result.YES;
}
});
EOF
}
function vagrant_qemu_post() {
......@@ -205,8 +213,8 @@ EOF
}
function vagrant_virtualbox() {
arch-chroot "${MOUNT}" /bin/bash < <(cat "${ORIG_PWD}"/http/install-{chroot,common}.sh)
arch-chroot "${MOUNT}" /usr/bin/pacman -S --noconfirm netctl virtualbox-guest-utils-nox
vagrant_common
arch-chroot "${MOUNT}" /usr/bin/pacman -S --noconfirm virtualbox-guest-utils-nox
arch-chroot "${MOUNT}" /usr/bin/systemctl enable vboxservice
}
......@@ -260,7 +268,7 @@ function main() {
build_version="${1}"
fi
create_image "Arch-Linux-x86_64-cloudimg-${build_version}.qcow2" cloud_image cloud_image_post
create_image "Arch-Linux-x86_64-libvirt-${build_version}.box" vagrant_qemu vagrant_qemu_post
create_image "Arch-Linux-x86_64-libvirt-${build_version}.box" vagrant_common vagrant_qemu_post
create_image "Arch-Linux-x86_64-virtualbox-${build_version}.box" vagrant_virtualbox vagrant_virtualbox_post
}
main "$@"
......@@ -3,35 +3,6 @@
set -e
set -x
# setting the user credentials
useradd -m -U "${NEWUSER}"
echo -e "${NEWUSER}\n${NEWUSER}" | passwd "${NEWUSER}"
# setting automatic authentication for any action requiring admin rights via Polkit
cat <<EOF >/etc/polkit-1/rules.d/49-nopasswd_global.rules
polkit.addRule(function(action, subject) {
if (subject.isInGroup("${NEWUSER}")) {
return polkit.Result.YES;
}
});
EOF
# setting sudo for the user
cat <<EOF >"/etc/sudoers.d/${NEWUSER}"
Defaults:${NEWUSER} !requiretty
${NEWUSER} ALL=(ALL) NOPASSWD: ALL
EOF
chmod 440 "/etc/sudoers.d/${NEWUSER}"
# setup network
cat <<EOF >/etc/systemd/network/eth0.network
[Match]
Name=eth0
[Network]
DHCP=ipv4
EOF
# Setup pacman-init.service for clean pacman keyring initialization
cat <<EOF >/etc/systemd/system/pacman-init.service
[Unit]
......
......@@ -3,6 +3,26 @@
NEWUSER="vagrant"
post() {
# setting the user credentials
useradd -m -U "${NEWUSER}"
echo -e "${NEWUSER}\n${NEWUSER}" | passwd "${NEWUSER}"
# setting sudo for the user
cat <<EOF >"/etc/sudoers.d/${NEWUSER}"
Defaults:${NEWUSER} !requiretty
${NEWUSER} ALL=(ALL) NOPASSWD: ALL
EOF
chmod 440 "/etc/sudoers.d/${NEWUSER}"
# setup network
cat <<EOF >/etc/systemd/network/eth0.network
[Match]
Name=eth0
[Network]
DHCP=ipv4
EOF
# install vagrant ssh key
install --directory --owner=vagrant --group=vagrant --mode=0700 /home/vagrant/.ssh
curl --output /home/vagrant/.ssh/authorized_keys --location https://raw.github.com/mitchellh/vagrant/master/keys/vagrant.pub
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment