diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_2_sap_byos.publish.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_2_sap_byos.publish.json new file mode 100644 index 000000000..95a3c346f --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_2_sap_byos.publish.json @@ -0,0 +1,42 @@ +{{/* + Template to publish Red Hat Enterprise Linux for SAP images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rhel-8-2-sap-byos", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*6"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rhel-byos-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$guest_features := `["VIRTIO_SCSI_MULTIQUEUE", "UEFI_COMPATIBLE", "GVNIC"]` -}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Prefix": "rhel-8-2-sap-byos", + "Family": "rhel-8-2-sap-byos", + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 8.2, x86_64 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "GuestOsFeatures": {{$guest_features}} + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_2_sap_byos.wf.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_2_sap_byos.wf.json new file mode 100644 index 000000000..c5218ab23 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_2_sap_byos.wf.json @@ -0,0 +1,71 @@ +{ + "Name": "rhel-8-2-sap-byos", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rhel_8_2_sap_byos.wf.json", + "Vars": { + "build_date": "${build_date}", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_release": "rhel-8-2" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rhel-8-2-sap-byos-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["build"] + } +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_4_sap_byos.publish.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_4_sap_byos.publish.json new file mode 100644 index 000000000..6173cead7 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_4_sap_byos.publish.json @@ -0,0 +1,42 @@ +{{/* + Template to publish Red Hat Enterprise Linux for SAP images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rhel-8-4-sap-byos", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*6"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rhel-byos-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$guest_features := `["VIRTIO_SCSI_MULTIQUEUE", "UEFI_COMPATIBLE", "SEV_CAPABLE", "GVNIC"]` -}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Prefix": "rhel-8-4-sap-byos", + "Family": "rhel-8-4-sap-byos", + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 8.4, x86_64 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "GuestOsFeatures": {{$guest_features}} + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_4_sap_byos.wf.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_4_sap_byos.wf.json new file mode 100644 index 000000000..a79d936e0 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_4_sap_byos.wf.json @@ -0,0 +1,71 @@ +{ + "Name": "rhel-8-4-sap-byos", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rhel_8_4_sap_byos.wf.json", + "Vars": { + "build_date": "${build_date}", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_release": "rhel-8-4" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rhel-8-4-sap-byos-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["build"] + } +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_6_sap_byos.publish.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_6_sap_byos.publish.json new file mode 100644 index 000000000..7b02e872d --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_6_sap_byos.publish.json @@ -0,0 +1,42 @@ +{{/* + Template to publish Red Hat Enterprise Linux for SAP images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rhel-8-6-sap-byos", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*6"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rhel-byos-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$guest_features := `["VIRTIO_SCSI_MULTIQUEUE", "UEFI_COMPATIBLE", "SEV_CAPABLE", "GVNIC"]` -}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Prefix": "rhel-8-6-sap-byos", + "Family": "rhel-8-6-sap-byos", + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 8.6, x86_64 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "GuestOsFeatures": {{$guest_features}} + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_6_sap_byos.wf.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_6_sap_byos.wf.json new file mode 100644 index 000000000..dd865a8c4 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_6_sap_byos.wf.json @@ -0,0 +1,71 @@ +{ + "Name": "rhel-8-6-sap-byos", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rhel_8_6_sap_byos.wf.json", + "Vars": { + "build_date": "${build_date}", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_release": "rhel-8-6" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rhel-8-6-sap-byos-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["build"] + } +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_8_sap_byos.publish.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_8_sap_byos.publish.json new file mode 100644 index 000000000..a6174de6e --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_8_sap_byos.publish.json @@ -0,0 +1,42 @@ +{{/* + Template to publish Red Hat Enterprise Linux for SAP images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rhel-8-8-sap-byos", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*6"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rhel-byos-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$guest_features := `["VIRTIO_SCSI_MULTIQUEUE", "UEFI_COMPATIBLE", "SEV_CAPABLE", "GVNIC"]` -}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Prefix": "rhel-8-8-sap-byos", + "Family": "rhel-8-8-sap-byos", + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 8.8, x86_64 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "GuestOsFeatures": {{$guest_features}} + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_8_8_sap_byos.wf.json b/daisy_workflows/build-publish/enterprise_linux/rhel_8_8_sap_byos.wf.json new file mode 100644 index 000000000..2c4a7bd87 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_8_8_sap_byos.wf.json @@ -0,0 +1,71 @@ +{ + "Name": "rhel-8-8-sap-byos", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rhel_8_8_sap_byos.wf.json", + "Vars": { + "build_date": "${build_date}", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_release": "rhel-8-8" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rhel-8-8-sap-byos-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["build"] + } +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_9_0_sap_byos.publish.json b/daisy_workflows/build-publish/enterprise_linux/rhel_9_0_sap_byos.publish.json new file mode 100644 index 000000000..195e019a3 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_9_0_sap_byos.publish.json @@ -0,0 +1,42 @@ +{{/* + Template to publish UEFI-enabled Red Hat Enterprise Linux images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rhel-9-0-sap-byos", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*6"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rhel-byos-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$guest_features := `["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE", "GVNIC"]` -}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Family": "rhel-9-0-sap-byos", + "Prefix": "rhel-9-0-sap-byos", + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 9.0, x86_64 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-9-sap-byos" + ], + "GuestOsFeatures": {{$guest_features}} + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_9_0_sap_byos.wf.json b/daisy_workflows/build-publish/enterprise_linux/rhel_9_0_sap_byos.wf.json new file mode 100644 index 000000000..320bcc8fd --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_9_0_sap_byos.wf.json @@ -0,0 +1,70 @@ +{ + "Name": "rhel-9-0-sap-byos", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 9 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rhel_9_0_sap_byos.wf.json", + "Vars": { + "build_date": "${build_date}", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rhel-9-0-sap-byos-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["build"] + } +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_9_2_sap_byos.publish.json b/daisy_workflows/build-publish/enterprise_linux/rhel_9_2_sap_byos.publish.json new file mode 100644 index 000000000..cd84b790d --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_9_2_sap_byos.publish.json @@ -0,0 +1,42 @@ +{{/* + Template to publish UEFI-enabled Red Hat Enterprise Linux images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rhel-9-2-sap-byos", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*6"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rhel-byos-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$guest_features := `["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE", "GVNIC"]` -}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Family": "rhel-9-2-sap-byos", + "Prefix": "rhel-9-2-sap-byos", + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 9.2, x86_64 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-9-sap-byos" + ], + "GuestOsFeatures": {{$guest_features}} + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_9_2_sap_byos.wf.json b/daisy_workflows/build-publish/enterprise_linux/rhel_9_2_sap_byos.wf.json new file mode 100644 index 000000000..a8e79a2e4 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_9_2_sap_byos.wf.json @@ -0,0 +1,70 @@ +{ + "Name": "rhel-9-2-sap-byos", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 9 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rhel_9_2_sap_byos.wf.json", + "Vars": { + "build_date": "${build_date}", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rhel-9-2-sap-byos-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["build"] + } +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_9_byos_arm64.publish.json b/daisy_workflows/build-publish/enterprise_linux/rhel_9_byos_arm64.publish.json new file mode 100644 index 000000000..6961d3d91 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_9_byos_arm64.publish.json @@ -0,0 +1,47 @@ +{{/* + Template to publish UEFI-enabled Red Hat Enterprise Linux images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rhel-9-byos-arm64", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*6"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rhel-byos-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else if eq .environment "autopush" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "artifact-releaser-autopush", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": "3h", + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$guest_features := `["UEFI_COMPATIBLE", "GVNIC"]` -}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Family": "rhel-9-byos-arm64", + "Prefix": "rhel-9-byos-arm64", + "Description": "Red Hat, Red Hat Enterprise Linux BYOS, 9, aarch64 built on {{$time}}", + "Architecture": "ARM64", + "Licenses": [ + "projects/rhel-cloud/global/licenses/rhel-9-byos" + ], + "GuestOsFeatures": {{$guest_features}} + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rhel_9_byos_arm64.wf.json b/daisy_workflows/build-publish/enterprise_linux/rhel_9_byos_arm64.wf.json new file mode 100644 index 000000000..56fa87fae --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rhel_9_byos_arm64.wf.json @@ -0,0 +1,69 @@ +{ + "Name": "rhel-9-byos-arm64", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 9 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rhel_9_byos_arm64.wf.json", + "Vars": { + "build_date": "${build_date}", + "installer_iso": "${installer_iso}" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rhel-9-byos-arm64-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["build"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_2_sap_byos.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_2_sap_byos.cfg new file mode 100644 index 000000000..b3cdede8e --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_2_sap_byos.cfg @@ -0,0 +1,277 @@ +# rhel8-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sap] +name=Google Cloud SAP +baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-sap-agent-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +%end +%post --log=/dev/ttyS0 +# Peg to RHEL 8.2 +echo "8.2" > /etc/dnf/vars/releasever +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install google-rhui-client-rhel8-sap +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Configure SAP HANA packages. +SAP_PKGS=" +compat-sap-c++-9 +fence-agents-gce +google-cloud-sap-agent +libatomic +libtool-ltdl +lvm2 +numactl +numactl-libs +nfs-utils +pacemaker +pcs +resource-agents +resource-agents-gcp +resource-agents-sap +resource-agents-sap-hana +rhel-system-roles-sap +tuned-profiles-sap +tuned-profiles-sap-hana +" + +dnf install -y ${SAP_PKGS} +%end + +# Google Compute Engine kickstart config for Enterprise Linux 8. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +rpm --import /etc/pki/rpm-gpg/* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <> /etc/dnf/dnf.conf + +# Set google-compute-engine config for EL8. +cat >>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand + +# Install the Cloud SDK package. +dnf install -y google-cloud-cli + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# RHEL BYOS +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install subscription-manager +dnf -y remove google-rhui-client-* +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end + diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_4_sap_byos.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_4_sap_byos.cfg new file mode 100644 index 000000000..32f7218f8 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_4_sap_byos.cfg @@ -0,0 +1,277 @@ +# rhel8-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sap] +name=Google Cloud SAP +baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-sap-agent-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +%end +%post --log=/dev/ttyS0 +# Peg to RHEL 8.4 +echo "8.4" > /etc/dnf/vars/releasever +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install google-rhui-client-rhel8-sap +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Configure SAP HANA packages. +SAP_PKGS=" +compat-sap-c++-9 +fence-agents-gce +google-cloud-sap-agent +libatomic +libtool-ltdl +lvm2 +numactl +numactl-libs +nfs-utils +pacemaker +pcs +resource-agents +resource-agents-gcp +resource-agents-sap +resource-agents-sap-hana +rhel-system-roles-sap +tuned-profiles-sap +tuned-profiles-sap-hana +" + +dnf install -y ${SAP_PKGS} +%end + +# Google Compute Engine kickstart config for Enterprise Linux 8. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +rpm --import /etc/pki/rpm-gpg/* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <> /etc/dnf/dnf.conf + +# Set google-compute-engine config for EL8. +cat >>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand + +# Install the Cloud SDK package. +dnf install -y google-cloud-cli + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# RHEL BYOS +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install subscription-manager +dnf -y remove google-rhui-client-* +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end + diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_6_sap_byos.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_6_sap_byos.cfg new file mode 100644 index 000000000..6832375ee --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_6_sap_byos.cfg @@ -0,0 +1,277 @@ +# rhel8-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sap] +name=Google Cloud SAP +baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-sap-agent-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +%end +%post --log=/dev/ttyS0 +# Peg to RHEL 8.6 +echo "8.6" > /etc/dnf/vars/releasever +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install google-rhui-client-rhel8-sap +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Configure SAP HANA packages. +SAP_PKGS=" +compat-sap-c++-9 +fence-agents-gce +google-cloud-sap-agent +libatomic +libtool-ltdl +lvm2 +numactl +numactl-libs +nfs-utils +pacemaker +pcs +resource-agents +resource-agents-gcp +resource-agents-sap +resource-agents-sap-hana +rhel-system-roles-sap +tuned-profiles-sap +tuned-profiles-sap-hana +" + +dnf install -y ${SAP_PKGS} +%end + +# Google Compute Engine kickstart config for Enterprise Linux 8. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +rpm --import /etc/pki/rpm-gpg/* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <> /etc/dnf/dnf.conf + +# Set google-compute-engine config for EL8. +cat >>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand + +# Install the Cloud SDK package. +dnf install -y google-cloud-cli + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# RHEL BYOS +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install subscription-manager +dnf -y remove google-rhui-client-* +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end + diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_8_sap_byos.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_8_sap_byos.cfg new file mode 100644 index 000000000..11f4400bb --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_8_8_sap_byos.cfg @@ -0,0 +1,277 @@ +# rhel8-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sap] +name=Google Cloud SAP +baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-sap-agent-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +%end +%post --log=/dev/ttyS0 +# Peg to RHEL 8.8 +echo "8.8" > /etc/dnf/vars/releasever +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install google-rhui-client-rhel8-sap +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Configure SAP HANA packages. +SAP_PKGS=" +compat-sap-c++-9 +fence-agents-gce +google-cloud-sap-agent +libatomic +libtool-ltdl +lvm2 +numactl +numactl-libs +nfs-utils +pacemaker +pcs +resource-agents +resource-agents-gcp +resource-agents-sap +resource-agents-sap-hana +rhel-system-roles-sap +tuned-profiles-sap +tuned-profiles-sap-hana +" + +dnf install -y ${SAP_PKGS} +%end + +# Google Compute Engine kickstart config for Enterprise Linux 8. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +rpm --import /etc/pki/rpm-gpg/* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <> /etc/dnf/dnf.conf + +# Set google-compute-engine config for EL8. +cat >>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand + +# Install the Cloud SDK package. +dnf install -y google-cloud-cli + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# RHEL BYOS +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install subscription-manager +dnf -y remove google-rhui-client-* +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end + diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_0_sap_byos.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_0_sap_byos.cfg new file mode 100644 index 000000000..a64fde856 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_0_sap_byos.cfg @@ -0,0 +1,286 @@ +# rhel-9-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el9-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sap] +name=Google Cloud SAP +baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-sap-agent-el9-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +%end + +%post --log=/dev/ttyS0 +# Peg to RHEL 9.0 +echo "9.0" > /etc/dnf/vars/releasever +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install google-rhui-client-rhel9-sap +%end + +# Google Compute Engine kickstart config for Enterprise Linux 9. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Configure SAP HANA packages. +SAP_PKGS=" +chkconfig +compat-openssl11 +fence-agents-gce +google-cloud-sap-agent +libatomic +libtool-ltdl +lvm2 +numactl +numactl-libs +nfs-utils +pacemaker +pcs +resource-agents +resource-agents-gcp +resource-agents-sap +resource-agents-sap-hana +rhel-system-roles-sap +tuned-profiles-sap +tuned-profiles-sap-hana +" + +dnf install -y ${SAP_PKGS} +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +rpm --import /etc/pki/rpm-gpg/google* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <> /etc/dnf/dnf.conf + +# Set google-compute-engine config for EL9. +cat >>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand +rpm -q google-compute-engine google-osconfig-agent gce-disk-expand + +# Install the Cloud SDK package. +dnf install -y google-cloud-sdk +rpm -q google-cloud-sdk + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i'' -e '/PasswordAuthentication yes/s/^.*/PasswordAuthentication no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i'' -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i'' -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i'' -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i'' -e '/PermitRootLogin prohibit-password/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# If package update above involved a kernel package, it might not have properly set kernel command line +# options, instead pulling from /proc/cmdline on the installer VM. Recreate boot loader options here. +grub2-mkconfig + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i'' 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i'' 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# RHEL BYOS +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install subscription-manager +dnf -y remove google-rhui-client-* +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end + diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_2_sap_byos.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_2_sap_byos.cfg new file mode 100644 index 000000000..957e7446b --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_2_sap_byos.cfg @@ -0,0 +1,286 @@ +# rhel-9-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el9-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sap] +name=Google Cloud SAP +baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-sap-agent-el9-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg + +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +%end + +%post --log=/dev/ttyS0 +# Peg to RHEL 9.2 +echo "9.2" > /etc/dnf/vars/releasever +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install google-rhui-client-rhel9-sap +%end + +# Google Compute Engine kickstart config for Enterprise Linux 9. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Configure SAP HANA packages. +SAP_PKGS=" +chkconfig +compat-openssl11 +fence-agents-gce +google-cloud-sap-agent +libatomic +libtool-ltdl +lvm2 +numactl +numactl-libs +nfs-utils +pacemaker +pcs +resource-agents +resource-agents-gcp +resource-agents-sap +resource-agents-sap-hana +rhel-system-roles-sap +tuned-profiles-sap +tuned-profiles-sap-hana +" + +dnf install -y ${SAP_PKGS} +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 + +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +rpm --import /etc/pki/rpm-gpg/google* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <> /etc/dnf/dnf.conf + +# Set google-compute-engine config for EL9. +cat >>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand +rpm -q google-compute-engine google-osconfig-agent gce-disk-expand + +# Install the Cloud SDK package. +dnf install -y google-cloud-sdk +rpm -q google-cloud-sdk + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i'' -e '/PasswordAuthentication yes/s/^.*/PasswordAuthentication no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i'' -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i'' -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i'' -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i'' -e '/PermitRootLogin prohibit-password/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# If package update above involved a kernel package, it might not have properly set kernel command line +# options, instead pulling from /proc/cmdline on the installer VM. Recreate boot loader options here. +grub2-mkconfig + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i'' 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i'' 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# RHEL BYOS +%post --erroronfail +set -x +exec &> /dev/ttyS0 +dnf -y install subscription-manager +dnf -y remove google-rhui-client-* +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end + diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_arm64.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_arm64.cfg index 5b113c9b0..62f9e7d97 100644 --- a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_arm64.cfg +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_arm64.cfg @@ -3,7 +3,7 @@ ### Anaconda installer configuration. # Install in text mode. text --non-interactive -harddrive --partition=nvme0n1p2 --dir=/ +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ poweroff # Network configuration diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_byos_arm64.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_byos_arm64.cfg new file mode 100644 index 000000000..41475811d --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rhel_9_byos_arm64.cfg @@ -0,0 +1,241 @@ +# rhel-9-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +harddrive --partition=/dev/disk/by-id/google-disk-installer-part2 --dir=/ +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el9-aarch64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM + +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-aarch64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +%end +%post --erroronfail +set -x +exec &> /dev/ttyAMA0 +dnf -y install google-rhui-client-rhel9 +%end + +# Google Compute Engine kickstart config for Enterprise Linux 9. +%onerror +echo "Build Failed!" > /dev/ttyAMA0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyAMA0 +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +rpm --import /etc/pki/rpm-gpg/google* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <> /etc/dnf/dnf.conf + +# Set google-compute-engine config for EL9. +cat >>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand +rpm -q google-compute-engine google-osconfig-agent gce-disk-expand || { echo "Build Failed!" > /dev/ttyAMA0; exit 1; } + +# Install the Cloud SDK package. +dnf install -y google-cloud-sdk +rpm -q google-cloud-sdk + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i'' -e '/PasswordAuthentication yes/s/^.*/PasswordAuthentication no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i'' -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i'' -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i'' -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i'' -e '/PermitRootLogin prohibit-password/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# If package update above involved a kernel package, it might not have properly set kernel command line +# options, instead pulling from /proc/cmdline on the installer VM. Recreate boot loader options here. +grub2-mkconfig + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i'' 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i'' 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# RHEL BYOS +%post --erroronfail +set -x +exec &> /dev/ttyAMA0 +dnf -y install subscription-manager +dnf -y remove google-rhui-client-* +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyAMA0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_8_2_sap_byos.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_8_2_sap_byos.wf.json new file mode 100644 index 000000000..9bb4ebba4 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rhel_8_2_sap_byos.wf.json @@ -0,0 +1,57 @@ +{ + "Name": "build-rhel-8-sap-byos", + "Vars": { + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rhel": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rhel-8", + "kickstart_config": "./kickstart/rhel_8_2_sap_byos.cfg", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_sap": "true", + "rhel_byos": "true" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rhel-8-2-sap-byos-v${build_date}", + "SourceDisk": "el-install-disk", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "Description": "Red Hat, Red Hat Enterprise Linux for SAP, 8.2, BYOS x86_64 built on ${build_date}", + "Family": "rhel-8-2-sap-byos", + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true, + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE"] + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rhel"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_8_4_sap_byos.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_8_4_sap_byos.wf.json new file mode 100644 index 000000000..8bcff70ee --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rhel_8_4_sap_byos.wf.json @@ -0,0 +1,57 @@ +{ + "Name": "build-rhel-8-sap-byos", + "Vars": { + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rhel": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rhel-8", + "kickstart_config": "./kickstart/rhel_8_4_sap_byos.cfg", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_sap": "true", + "rhel_byos": "true" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rhel-8-4-sap-byos-v${build_date}", + "SourceDisk": "el-install-disk", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "Description": "Red Hat, Red Hat Enterprise Linux for SAP, 8.4, BYOS x86_64 built on ${build_date}", + "Family": "rhel-8-4-sap-byos", + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true, + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE"] + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rhel"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_8_6_sap_byos.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_8_6_sap_byos.wf.json new file mode 100644 index 000000000..4ce84f4be --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rhel_8_6_sap_byos.wf.json @@ -0,0 +1,57 @@ +{ + "Name": "build-rhel-8-sap-byos", + "Vars": { + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rhel": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rhel-8", + "kickstart_config": "./kickstart/rhel_8_6_sap_byos.cfg", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_sap": "true", + "rhel_byos": "true" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rhel-8-6-sap-byos-v${build_date}", + "SourceDisk": "el-install-disk", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "Description": "Red Hat, Red Hat Enterprise Linux for SAP, 8.6, BYOS x86_64 built on ${build_date}", + "Family": "rhel-8-6-sap-byos", + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true, + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE"] + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rhel"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_8_8_sap_byos.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_8_8_sap_byos.wf.json new file mode 100644 index 000000000..5950982f5 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rhel_8_8_sap_byos.wf.json @@ -0,0 +1,57 @@ +{ + "Name": "build-rhel-8-sap-byos", + "Vars": { + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 8 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rhel": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rhel-8", + "kickstart_config": "./kickstart/rhel_8_8_sap_byos.cfg", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_sap": "true", + "rhel_byos": "true" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rhel-8-8-sap-byos-v${build_date}", + "SourceDisk": "el-install-disk", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-8-sap-byos" + ], + "Description": "Red Hat, Red Hat Enterprise Linux for SAP, 8.8, BYOS x86_64 built on ${build_date}", + "Family": "rhel-8-8-sap-byos", + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true, + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE"] + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rhel"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_9_0_sap_byos.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_9_0_sap_byos.wf.json new file mode 100644 index 000000000..1088200f1 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rhel_9_0_sap_byos.wf.json @@ -0,0 +1,57 @@ +{ + "Name": "build-rhel-9-byos-sap", + "Vars": { + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 9 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rhel": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rhel-9-sap", + "kickstart_config": "./kickstart/rhel_9_0_sap_byos.cfg", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_sap": "true", + "rhel_byos": "true" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rhel-9-0-sap-byos-v${build_date}", + "SourceDisk": "el-install-disk", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-9-sap-byos" + ], + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 9.0, x86_64 built on ${build_date}", + "Family": "rhel-9-0-sap-byos", + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE", "GVNIC"], + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rhel"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_9_2_sap_byos.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_9_2_sap_byos.wf.json new file mode 100644 index 000000000..0113e8c15 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rhel_9_2_sap_byos.wf.json @@ -0,0 +1,57 @@ +{ + "Name": "build-rhel-9-byos-sap", + "Vars": { + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 9 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rhel": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rhel-9-sap", + "kickstart_config": "./kickstart/rhel_9_2_sap_byos.cfg", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_sap": "true", + "rhel_byos": "true" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rhel-9-2-sap-byos-v${build_date}", + "SourceDisk": "el-install-disk", + "Licenses": [ + "projects/rhel-sap-cloud/global/licenses/rhel-9-sap-byos" + ], + "Description": "Red Hat, Red Hat Enterprise Linux for SAP BYOS, 9.2, x86_64 built on ${build_date}", + "Family": "rhel-9-2-sap-byos", + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE", "GVNIC"], + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rhel"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_9_arm64.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_9_arm64.wf.json index 1731a9733..e176a7220 100644 --- a/daisy_workflows/image_build/enterprise_linux/rhel_9_arm64.wf.json +++ b/daisy_workflows/image_build/enterprise_linux/rhel_9_arm64.wf.json @@ -42,7 +42,7 @@ ], "Description": "Red Hat, Red Hat Enterprise Linux, 9, aarch64 built on ${build_date}", "Family": "rhel-9-arm64", - "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "SEV_CAPABLE"], + "GuestOsFeatures": ["UEFI_COMPATIBLE", "GVNIC"], "Project": "${publish_project}", "NoCleanup": true, "ExactName": true diff --git a/daisy_workflows/image_build/enterprise_linux/rhel_9_byos_arm64.wf.json b/daisy_workflows/image_build/enterprise_linux/rhel_9_byos_arm64.wf.json new file mode 100644 index 000000000..bda537bc7 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rhel_9_byos_arm64.wf.json @@ -0,0 +1,57 @@ +{ + "Name": "build-rhel-9-arm64", + "Vars": { + "google_cloud_repo": { + "Value": "stable", + "Description": "The Google Cloud Repo branch to use." + }, + "installer_iso": { + "Required": true, + "Description": "The RHEL 9 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rhel": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rhel-9", + "kickstart_config": "./kickstart/rhel_9_byos_arm64.cfg", + "machine_type": "t2a-standard-4", + "google_cloud_repo": "${google_cloud_repo}", + "installer_iso": "${installer_iso}", + "rhel_byos": "true" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rhel-9-byos-arm64-v${build_date}", + "SourceDisk": "el-install-disk", + "Licenses": [ + "projects/rhel-cloud/global/licenses/rhel-9-byos" + ], + "Description": "Red Hat, Red Hat Enterprise Linux BYOS, 9, aarch64 built on ${build_date}", + "Family": "rhel-9-byos-arm64", + "GuestOsFeatures": ["UEFI_COMPATIBLE", "GVNIC"], + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rhel"] + } +}