2021-05-08 16:58:45 +08:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
#
|
|
|
|
|
# Create a base CentOS Docker image.
|
|
|
|
|
#
|
|
|
|
|
# This script is useful on systems with yum installed (e.g., building
|
|
|
|
|
# a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way
|
|
|
|
|
# to build CentOS images on other systems.
|
|
|
|
|
|
|
|
|
|
yum_config=$1
|
|
|
|
|
target=$2
|
2021-05-12 02:58:25 -04:00
|
|
|
projectdir=$3
|
2022-03-14 11:39:17 +08:00
|
|
|
profile_id=$4
|
2022-06-09 18:19:03 +08:00
|
|
|
|
|
|
|
|
setopt="group_package_types=mandatory,default,optional"
|
|
|
|
|
|
2022-06-27 23:06:23 -04:00
|
|
|
case $profile_id in
|
2023-12-11 11:54:56 +08:00
|
|
|
"x86_64_COTS" )
|
2022-06-27 23:06:23 -04:00
|
|
|
kernel_version="5.17.15-1.el8.x86_64"
|
2022-06-09 18:19:03 +08:00
|
|
|
append_package_to_install="$projectdir/package/kernel-ml-core-$kernel_version.rpm
|
|
|
|
|
$projectdir/package/kernel-ml-modules-$kernel_version.rpm
|
|
|
|
|
$projectdir/package/kernel-ml-$kernel_version.rpm
|
|
|
|
|
$projectdir/package/kernel-ml-devel-$kernel_version.rpm"
|
2022-06-27 23:06:23 -04:00
|
|
|
;;
|
2023-12-11 11:54:56 +08:00
|
|
|
"7400-MCN0-P01R01" | "7400-MCN123-P01R01")
|
2022-06-27 23:06:23 -04:00
|
|
|
kernel_version="5.4.159-1.el7.elrepo.x86_64"
|
2022-06-09 18:19:03 +08:00
|
|
|
append_package_to_install="$projectdir/package/kernel-lt-$kernel_version.rpm
|
|
|
|
|
$projectdir/package/kernel-lt-devel-$kernel_version.rpm"
|
2022-06-27 23:06:23 -04:00
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
kernel_version="error_profile_id"
|
2022-06-09 18:19:03 +08:00
|
|
|
echo "Set kernel_version failed, error profile_id: $profile_id"
|
2022-06-27 23:06:23 -04:00
|
|
|
exit 1
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2021-05-08 16:58:45 +08:00
|
|
|
|
2022-06-27 23:06:23 -04:00
|
|
|
case $profile_id in
|
2023-12-11 11:54:56 +08:00
|
|
|
"x86_64_COTS" )
|
2022-06-09 18:19:03 +08:00
|
|
|
base_package_to_install="@base @core @debugging @anaconda-tools @additional-devel @guest-agents @system-tools
|
|
|
|
|
@hardware-monitoring @network-file-system-client @performance @remote-system-management adcli certmonger
|
|
|
|
|
ipa-client clevis-dracut clevis-udisks2 krb5-pkinit krb5-workstation sssd-polkit-rules krb5-pkinit luksmeta
|
2023-05-22 11:59:39 +08:00
|
|
|
nscd nss-pam-ldapd grub2 epel-release efibootmgr yum-utils ipmitool OpenIPMI docker-ce docker-ce-cli
|
2022-06-09 18:19:03 +08:00
|
|
|
containerd.io lrzsz python3 watchdog pcm git tmux fish kernel kernel-devel kernel-tools-libs kernel-modules
|
|
|
|
|
kernel-tools kernel-core rpm-build libtool kernel-rpm-macros python36-devel tcsh kernel-modules-extra gcc-gfortran
|
|
|
|
|
libdb-devel fuse-devel python3-Cython cmake perl-generators libstdc++-devel libmnl-devel bison flex gcc-c++
|
2024-04-12 15:12:14 +08:00
|
|
|
python3-docutils libnsl liburing hwloc-gui perl-open perl python2 js-d3-flame-graph xmlstarlet conntrack-tools crudini"
|
2022-06-09 18:19:03 +08:00
|
|
|
|
2022-06-27 23:06:23 -04:00
|
|
|
;;
|
2023-12-11 11:54:56 +08:00
|
|
|
"7400-MCN0-P01R01" | "7400-MCN123-P01R01")
|
2022-06-09 18:19:03 +08:00
|
|
|
base_package_to_install="@base @core @debugging @directory-client @guest-agents
|
|
|
|
|
@hardware-monitoring @network-file-system-client @performance @remote-system-management
|
2022-11-16 22:19:01 -05:00
|
|
|
grub2 epel-release efibootmgr ansible yum-utils ipmitool docker-ce docker-ce-cli
|
2023-05-10 10:27:33 +08:00
|
|
|
containerd.io lrzsz python3 vconfig watchdog pcm git tmux fish rpm-build hwloc-gui"
|
2022-06-27 23:06:23 -04:00
|
|
|
;;
|
|
|
|
|
*)
|
2022-06-09 18:19:03 +08:00
|
|
|
base_package_to_install="error_profile_id"
|
|
|
|
|
echo "Set base_package_to_install failed, error profile_id: $profile_id"
|
2022-06-27 23:06:23 -04:00
|
|
|
exit 1
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2022-04-07 15:41:39 +08:00
|
|
|
|
2022-06-09 18:19:03 +08:00
|
|
|
set -ex
|
|
|
|
|
|
|
|
|
|
yum -c "$yum_config" --installroot="$target" -y makecache
|
|
|
|
|
|
2023-06-25 04:56:04 -04:00
|
|
|
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $base_package_to_install --disablerepo='ofed'
|
2022-06-09 18:19:03 +08:00
|
|
|
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $append_package_to_install
|
|
|
|
|
|
2021-07-19 11:02:13 +08:00
|
|
|
#git clone --depth 1 https://github.com/brendangregg/FlameGraph.git /opt/tools/FlameGraph/
|
|
|
|
|
#git clone --depth 1 https://github.com/brendangregg/perf-tools.git /opt/tools/perf-tools/
|
2023-05-31 14:37:02 +08:00
|
|
|
test -d "$target"/opt/tsg/tools/ || mkdir -p "$target"/opt/tsg/tools/
|
|
|
|
|
tar -zxf $projectdir/tools/FlameGraph.tar.gz -C "$target"/opt/tsg/tools/
|
|
|
|
|
tar -zxf $projectdir/tools/perf-tools.tar.gz -C "$target"/opt/tsg/tools/
|
|
|
|
|
cp $projectdir/tools/run_flamegrah.sh "$target"/opt/tsg/tools/
|
2021-07-19 11:02:13 +08:00
|
|
|
|
2021-05-08 16:58:45 +08:00
|
|
|
cat > "$target"/etc/sysconfig/network <<EOF
|
|
|
|
|
NETWORKING=yes
|
|
|
|
|
HOSTNAME=localhost.localdomain
|
|
|
|
|
EOF
|
|
|
|
|
|
2024-03-25 14:34:09 +08:00
|
|
|
mkdir -p $target/etc/profile.d
|
|
|
|
|
|
|
|
|
|
cat > $target/etc/profile.d/prompt_command.sh << EOF
|
|
|
|
|
oobc_enable_file_path="/var/lib/.tsg-os-oobc-enable"
|
|
|
|
|
|
|
|
|
|
read_oobc_value()
|
|
|
|
|
{
|
|
|
|
|
if [ -e "\$oobc_enable_file_path" ]; then
|
|
|
|
|
echo "(OOBC) "
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "\${USER}" "\${HOSTNAME%%.*}" "\${PWD/#\$HOME/\~}"; PS1="[\\\u@\\\h \$(read_oobc_value)\\\W]\\\\$ "'
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
chmod 0755 $target/etc/profile.d/prompt_command.sh
|
|
|
|
|
|
2021-05-08 16:58:45 +08:00
|
|
|
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb
|
|
|
|
|
# --keep-services "$target". Stolen from mkimage-rinse.sh
|
|
|
|
|
# locales
|
|
|
|
|
# rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
|
|
|
|
|
# docs
|
|
|
|
|
# rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
|
|
|
|
|
# cracklib
|
|
|
|
|
# rm -rf "$target"/usr/share/cracklib
|
|
|
|
|
# i18n
|
|
|
|
|
# rm -rf "$target"/usr/share/i18n
|
|
|
|
|
# sln
|
|
|
|
|
# rm -rf "$target"/sbin/sln
|
|
|
|
|
|
|
|
|
|
# ldconfig
|
|
|
|
|
rm -rf "$target"/etc/ld.so.cache
|
|
|
|
|
rm -rf "$target"/var/cache/ldconfig/*
|
|
|
|
|
|
|
|
|
|
cd $target/boot
|
2021-05-12 02:58:25 -04:00
|
|
|
ln -sf vmlinuz-$kernel_version vmlinuz
|
2022-04-11 16:19:05 +08:00
|
|
|
ln -sf initramfs-$kernel_version.img initrd.img
|
2021-05-08 16:58:45 +08:00
|
|
|
cd -
|
|
|
|
|
|
|
|
|
|
cp -a /dev/null $target/dev/
|
|
|
|
|
cp -a /dev/zero $target/dev/
|
|
|
|
|
cp -a /dev/urandom $target/dev/
|
|
|
|
|
cp -a /dev/random $target/dev/
|
|
|
|
|
|
2021-07-19 17:10:00 +08:00
|
|
|
|
2021-05-20 16:37:46 +08:00
|
|
|
# install ONIE helpers
|
2021-06-23 16:34:59 +08:00
|
|
|
chmod 0755 $projectdir/rootconf/sysroot-bin/*
|
|
|
|
|
chmod 0755 $projectdir/rootconf/sysroot-lib/*
|
2021-05-20 16:37:46 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-bin/* $target/bin/
|
|
|
|
|
cp -rf $projectdir/rootconf/sysroot-lib/* $target/lib/
|
2021-07-19 17:10:00 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-usr/service/* $target/usr/lib/systemd/system
|
2021-08-06 16:32:33 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-usr/sysctl/* $target/usr/lib/sysctl.d/
|
|
|
|
|
|
2021-07-19 17:10:00 +08:00
|
|
|
ln -vfs --relative $target/usr/lib/systemd/system/ldconfig.service $target/usr/lib/systemd/system/sysinit.target.wants/ldconfig.service
|
2021-05-20 16:37:46 +08:00
|
|
|
|
2021-07-27 17:10:18 +08:00
|
|
|
#tty audit using pam
|
2022-05-19 04:58:29 -04:00
|
|
|
if [ ! -f "$target/etc/pam.d/system-auth-local" ]; then
|
|
|
|
|
mv $target/etc/pam.d/system-auth $target/etc/pam.d/system-auth-local
|
|
|
|
|
echo "session required pam_tty_audit.so enable=*" >> $target/etc/pam.d/system-auth-local
|
|
|
|
|
ln -vfs --relative $target/etc/pam.d/system-auth-local $target/etc/pam.d/system-auth
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -f "$target/etc/pam.d/password-auth-local" ]; then
|
|
|
|
|
mv $target/etc/pam.d/password-auth $target/etc/pam.d/password-auth-local
|
|
|
|
|
echo "session required pam_tty_audit.so enable=*" >> $target/etc/pam.d/password-auth-local
|
|
|
|
|
ln -vfs --relative $target/etc/pam.d/password-auth-local $target/etc/pam.d/password-auth
|
|
|
|
|
fi
|
2021-07-27 17:10:18 +08:00
|
|
|
|
2022-09-01 15:19:42 +08:00
|
|
|
case $profile_id in
|
2023-12-11 11:54:56 +08:00
|
|
|
"7400-MCN0-P01R01" | "7400-MCN123-P01R01")
|
2022-09-01 15:19:42 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-usr/target/* $target/usr/lib/systemd/system
|
|
|
|
|
mkdir -p $target/usr/lib/systemd/system/workload.target.wants
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo "Profile_id: $profile_id not need workload.target"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2021-05-08 16:58:45 +08:00
|
|
|
# ansible-playbook -i tsg-9140-scripts/install_config/tsg_9140_host tsg-9140-scripts/tsg_9140_deploy.yml
|
|
|
|
|
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt clean all
|
2023-06-25 18:57:29 +08:00
|
|
|
|
2021-05-08 16:58:45 +08:00
|
|
|
rm -rf $target/tmp/*
|
2021-05-31 14:42:48 +08:00
|
|
|
rm -rf $target/core.*
|
2023-01-10 19:47:28 +08:00
|
|
|
#rm -rf $target/etc/machine-id
|
|
|
|
|
#cat /dev/null > $target/etc/machine-id
|
2021-05-08 16:58:45 +08:00
|
|
|
|
|
|
|
|
# tar --numeric-owner -c -C centos_mkroot/ . | pbzip2 -p9 > input/centos-7-chroot.tar.bz2
|
|
|
|
|
|
2021-07-08 11:54:37 +08:00
|
|
|
#rm -rf "$target"
|
