2021-05-08 16:58:45 +08:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
#
|
|
|
|
|
# Create a base CentOS Docker image.
|
|
|
|
|
#
|
|
|
|
|
# This script is useful on systems with yum installed (e.g., building
|
|
|
|
|
# a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way
|
|
|
|
|
# to build CentOS images on other systems.
|
|
|
|
|
|
|
|
|
|
yum_config=$1
|
|
|
|
|
target=$2
|
2021-05-12 02:58:25 -04:00
|
|
|
projectdir=$3
|
2022-03-14 11:39:17 +08:00
|
|
|
profile_id=$4
|
|
|
|
|
if [ $profile_id == "TSG-X-NXR620G40-R01-P1403" ];then
|
|
|
|
|
kernel_version="3.10.0-1160.59.1.el7.x86_64"
|
|
|
|
|
else
|
|
|
|
|
kernel_version="5.4.159-1.el7.elrepo.x86_64"
|
|
|
|
|
fi
|
2021-05-08 16:58:45 +08:00
|
|
|
|
|
|
|
|
set -ex
|
|
|
|
|
|
|
|
|
|
package_to_install="@base @core @debugging @directory-client @guest-agents
|
|
|
|
|
@hardware-monitoring @network-file-system-client @performance @remote-system-management
|
2021-07-23 09:57:38 +08:00
|
|
|
grub2 epel-release efibootmgr ansible yum-utils ipmitool docker-ce docker-ce-cli containerd.io lrzsz python3 vconfig watchdog pcm git tmux fish"
|
2021-05-27 02:16:40 -04:00
|
|
|
|
2021-05-12 02:58:25 -04:00
|
|
|
locak_package_to_install="$projectdir/package/kernel-lt-$kernel_version.rpm
|
|
|
|
|
$projectdir/package/kernel-lt-devel-$kernel_version.rpm"
|
2021-05-08 16:58:45 +08:00
|
|
|
|
2022-04-08 21:57:19 +08:00
|
|
|
kernel_package_to_install="kernel-3.10.0-1160.59.1.el7.x86_64 kernel-devel-3.10.0-1160.59.1.el7.x86_64"
|
|
|
|
|
|
2021-05-08 16:58:45 +08:00
|
|
|
setopt="group_package_types=mandatory,default,optional"
|
2021-07-16 09:58:59 +08:00
|
|
|
|
|
|
|
|
yum -c "$yum_config" --installroot="$target" -y makecache
|
2021-05-08 16:58:45 +08:00
|
|
|
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $package_to_install
|
2022-03-14 11:39:17 +08:00
|
|
|
if [ $profile_id != "TSG-X-NXR620G40-R01-P1403" ];then
|
|
|
|
|
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt localinstall $locak_package_to_install
|
2022-04-08 21:57:19 +08:00
|
|
|
else
|
|
|
|
|
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt install $kernel_package_to_install
|
2022-03-14 11:39:17 +08:00
|
|
|
fi
|
2021-07-19 11:02:13 +08:00
|
|
|
#git clone --depth 1 https://github.com/brendangregg/FlameGraph.git /opt/tools/FlameGraph/
|
|
|
|
|
#git clone --depth 1 https://github.com/brendangregg/perf-tools.git /opt/tools/perf-tools/
|
|
|
|
|
test -d "$target"/opt/tools/ || mkdir -p "$target"/opt/tools/
|
|
|
|
|
tar -zxf $projectdir/tools/FlameGraph.tar.gz -C "$target"/opt/tools/
|
|
|
|
|
tar -zxf $projectdir/tools/perf-tools.tar.gz -C "$target"/opt/tools/
|
2021-07-21 16:05:44 +08:00
|
|
|
cp $projectdir/tools/run_flamegrah.sh "$target"/opt/tools/
|
2021-07-19 11:02:13 +08:00
|
|
|
|
2021-05-08 16:58:45 +08:00
|
|
|
cat > "$target"/etc/sysconfig/network <<EOF
|
|
|
|
|
NETWORKING=yes
|
|
|
|
|
HOSTNAME=localhost.localdomain
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb
|
|
|
|
|
# --keep-services "$target". Stolen from mkimage-rinse.sh
|
|
|
|
|
# locales
|
|
|
|
|
# rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
|
|
|
|
|
# docs
|
|
|
|
|
# rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
|
|
|
|
|
# cracklib
|
|
|
|
|
# rm -rf "$target"/usr/share/cracklib
|
|
|
|
|
# i18n
|
|
|
|
|
# rm -rf "$target"/usr/share/i18n
|
|
|
|
|
# sln
|
|
|
|
|
# rm -rf "$target"/sbin/sln
|
|
|
|
|
|
|
|
|
|
# ldconfig
|
|
|
|
|
rm -rf "$target"/etc/ld.so.cache
|
|
|
|
|
rm -rf "$target"/var/cache/ldconfig/*
|
|
|
|
|
|
|
|
|
|
cd $target/boot
|
2021-05-12 02:58:25 -04:00
|
|
|
ln -sf vmlinuz-$kernel_version vmlinuz
|
2021-05-08 16:58:45 +08:00
|
|
|
ln -sf $(ls -1 initramfs-* | tail -1) initrd.img
|
|
|
|
|
cd -
|
|
|
|
|
|
|
|
|
|
cp -a /dev/null $target/dev/
|
|
|
|
|
cp -a /dev/zero $target/dev/
|
|
|
|
|
cp -a /dev/urandom $target/dev/
|
|
|
|
|
cp -a /dev/random $target/dev/
|
|
|
|
|
|
2021-07-19 17:10:00 +08:00
|
|
|
|
2021-05-20 16:37:46 +08:00
|
|
|
# install ONIE helpers
|
2021-06-23 16:34:59 +08:00
|
|
|
chmod 0755 $projectdir/rootconf/sysroot-bin/*
|
|
|
|
|
chmod 0755 $projectdir/rootconf/sysroot-lib/*
|
2021-05-20 16:37:46 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-bin/* $target/bin/
|
|
|
|
|
cp -rf $projectdir/rootconf/sysroot-lib/* $target/lib/
|
2021-07-19 17:10:00 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-usr/service/* $target/usr/lib/systemd/system
|
2021-08-06 16:32:33 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-usr/sysctl/* $target/usr/lib/sysctl.d/
|
|
|
|
|
|
2021-07-19 17:10:00 +08:00
|
|
|
ln -vfs --relative $target/usr/lib/systemd/system/ldconfig.service $target/usr/lib/systemd/system/sysinit.target.wants/ldconfig.service
|
2021-05-20 16:37:46 +08:00
|
|
|
|
2021-07-27 17:10:18 +08:00
|
|
|
#tty audit using pam
|
|
|
|
|
mv $target/etc/pam.d/system-auth $target/etc/pam.d/system-auth-local
|
|
|
|
|
mv $target/etc/pam.d/password-auth $target/etc/pam.d/password-auth-local
|
|
|
|
|
echo "session required pam_tty_audit.so enable=*" >> $target/etc/pam.d/system-auth-local
|
|
|
|
|
echo "session required pam_tty_audit.so enable=*" >> $target/etc/pam.d/password-auth-local
|
|
|
|
|
ln -vfs --relative $target/etc/pam.d/system-auth-local $target/etc/pam.d/system-auth
|
|
|
|
|
ln -vfs --relative $target/etc/pam.d/password-auth-local $target/etc/pam.d/password-auth
|
|
|
|
|
|
2021-08-19 10:24:24 +08:00
|
|
|
cp -rf $projectdir/rootconf/sysroot-usr/target/* $target/usr/lib/systemd/system
|
|
|
|
|
mkdir -p $target/usr/lib/systemd/system/workload.target.wants
|
|
|
|
|
|
2021-05-08 16:58:45 +08:00
|
|
|
# ansible-playbook -i tsg-9140-scripts/install_config/tsg_9140_host tsg-9140-scripts/tsg_9140_deploy.yml
|
|
|
|
|
yum -c "$yum_config" --installroot="$target" -y --setopt=$setopt clean all
|
|
|
|
|
|
|
|
|
|
rm -rf $target/tmp/*
|
2021-05-31 14:42:48 +08:00
|
|
|
rm -rf $target/core.*
|
2021-05-08 16:58:45 +08:00
|
|
|
|
|
|
|
|
# tar --numeric-owner -c -C centos_mkroot/ . | pbzip2 -p9 > input/centos-7-chroot.tar.bz2
|
|
|
|
|
|
2021-07-08 11:54:37 +08:00
|
|
|
#rm -rf "$target"
|
