From cbe030b7428abab805df34a36fef6e63e578c766 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Thu, 7 Aug 2025 15:23:49 +0200 Subject: [PATCH 01/10] docs(olss): :memo: update changelog Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 6 ++++++ oracle-linux-image-tools/bin/build-image.sh | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index fec5b57..ab9bd0e 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -1,5 +1,11 @@ # Release Notes +## August 2025 + +### Bug fixes + +- Fixed issue when `ISO_URL` is referring to a file (#196, contributed by @retekdk) + ## March 2025 Note: OL7 Premier Support ended on 31 December 2024, scripts will only be maintained for the OL8 and newer images. diff --git a/oracle-linux-image-tools/bin/build-image.sh b/oracle-linux-image-tools/bin/build-image.sh index a0fb431..cf6b46c 100755 --- a/oracle-linux-image-tools/bin/build-image.sh +++ b/oracle-linux-image-tools/bin/build-image.sh @@ -357,7 +357,7 @@ stage_kickstart() { # OL installed based on the generated kickstart file. # Globals: # BOOT_COMMAND, BOOT_COMMAND_SERIAL_CONSOLE, BOOT_LOCATION, BOOT_MODE -# CPU_NUM, DISK_SIZE_MB, ISO_CHECKSUM, ISO_PATH, KS_FILE +# CPU_NUM, DISK_SIZE_MB, ISO_CHECKSUM, ISO_LABEL, ISO_PATH, KS_FILE # MEM_SIZE, SERIAL_CONSOLE, VM_NAME, WORKSPACE # Arguments: # None From ed0699ab51c41692279eeef11a7b2d2e0da3c823 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Sat, 9 Aug 2025 20:25:23 +0200 Subject: [PATCH 02/10] feat(olss): :sparkles: ol9u6 uek8 update Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 4 ++ .../bin/provision-common.sh | 2 + .../distr/ol9-aarch64/env.properties | 5 +- .../distr/ol9-aarch64/image-scripts.sh | 2 + .../distr/ol9-aarch64/ol9-aarch64-ks.cfg | 67 ++++++++++------- .../distr/ol9-aarch64/provision.sh | 5 +- .../distr/ol9-slim/env.properties | 5 +- .../distr/ol9-slim/image-scripts.sh | 2 + .../distr/ol9-slim/ol9-ks.cfg | 72 +++++++++++-------- .../distr/ol9-slim/provision.sh | 12 ++-- 10 files changed, 109 insertions(+), 67 deletions(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index ab9bd0e..4b03dee 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -2,6 +2,10 @@ ## August 2025 +### New Features + +- Update for OL9U6, support for UEK8 + ### Bug fixes - Fixed issue when `ISO_URL` is referring to a file (#196, contributed by @retekdk) diff --git a/oracle-linux-image-tools/bin/provision-common.sh b/oracle-linux-image-tools/bin/provision-common.sh index 62bfc3b..0f1b366 100755 --- a/oracle-linux-image-tools/bin/provision-common.sh +++ b/oracle-linux-image-tools/bin/provision-common.sh @@ -44,6 +44,8 @@ common::ks_log() { cat /root/ks-post.log rm /root/ks-post.log common::echo_message "Kickstart post log - End" + else + common::echo_message "No Kickstart post log found" fi } diff --git a/oracle-linux-image-tools/distr/ol9-aarch64/env.properties b/oracle-linux-image-tools/distr/ol9-aarch64/env.properties index 90ff616..815308a 100644 --- a/oracle-linux-image-tools/distr/ol9-aarch64/env.properties +++ b/oracle-linux-image-tools/distr/ol9-aarch64/env.properties @@ -3,7 +3,7 @@ # env file. # Distribution name -DISTR_NAME="OL9U5_aarch64" +DISTR_NAME="OL9U6_aarch64" # Distribution release readonly ORACLE_RELEASE=9 @@ -41,6 +41,9 @@ BOOT_COMMAND_SERIAL_CONSOLE=( # Kernel: must be UEK! readonly KERNEL="uek" +# UEK release: 7, 8 +UEK_RELEASE=8 + # Keep rescue kernel: yes, no # Keeping rescue kernel will increase the image size and is most probably # not very useful in cloud environment. diff --git a/oracle-linux-image-tools/distr/ol9-aarch64/image-scripts.sh b/oracle-linux-image-tools/distr/ol9-aarch64/image-scripts.sh index 6fae06d..f85b751 100755 --- a/oracle-linux-image-tools/distr/ol9-aarch64/image-scripts.sh +++ b/oracle-linux-image-tools/distr/ol9-aarch64/image-scripts.sh @@ -27,6 +27,7 @@ distr::validate() { [[ "${ROOT_FS,,}" =~ ^((xfs)|(btrfs)|(lvm))$ ]] || common::error "ROOT_FS must be xfs, btrfs or lvm" [[ "${ROOT_FS,,}" = "btrfs" ]] && common::echo_message "Note that for btrfs root filesystem you need to use an UEK boot ISO" [[ "${TMP_IN_TMPFS,,}" =~ ^((yes)|(no))$ ]] || common::error "TMP_IN_TMPFS must be yes or no" + [[ "${UEK_RELEASE}" =~ ^(7|8)$ ]] || common::error "UEK_RELEASE must be 7 or 8" [[ "${RESCUE_KERNEL,,}" =~ ^((yes)|(no))$ ]] || common::error "RESCUE_KERNEL must be yes or no" [[ "${KERNEL_MODULES,,}" =~ ^((yes)|(no))$ ]] || common::error "KERNEL_MODULES must be yes or no" [[ "${EXCLUDE_DOCS,,}" =~ ^((yes)|(no)|(minimal))$ ]] || common::error "EXCLUDE_DOCS must be yes, no or minimal" @@ -52,6 +53,7 @@ distr::kickstart() { # Pass kernel and rescue kernel selections sed -i -e 's!^KERNEL=.*$!KERNEL='"${KERNEL}"'!' "${ks_file}" + sed -i -e 's!^UEK_RELEASE=.*$!UEK_RELEASE='"${UEK_RELEASE}"'!' "${ks_file}" sed -i -e 's!^RESCUE_KERNEL=.*$!RESCUE_KERNEL='"${RESCUE_KERNEL}"'!' "${ks_file}" # Override authselect if needed diff --git a/oracle-linux-image-tools/distr/ol9-aarch64/ol9-aarch64-ks.cfg b/oracle-linux-image-tools/distr/ol9-aarch64/ol9-aarch64-ks.cfg index ada92a0..76cfdbe 100644 --- a/oracle-linux-image-tools/distr/ol9-aarch64/ol9-aarch64-ks.cfg +++ b/oracle-linux-image-tools/distr/ol9-aarch64/ol9-aarch64-ks.cfg @@ -201,9 +201,15 @@ systemctl daemon-reload %end %post --interpreter /bin/bash --log=/root/ks-post.log - +echo_header() { + echo ">>> Kickstart: $* <<<" +} +echo_message() { + echo "... Kickstart: $* ..." +} + +echo_header "Network fixes" # ToDo: this might not be necessary -echo "Network fixes" cat > /etc/sysconfig/network << EOF NETWORKING=yes NOZEROCONF=yes @@ -219,59 +225,66 @@ EOF # make sure firstboot doesn't start echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot -echo "Kernel configuration" -# Remove the big rescue image if present -RESCUE_KERNEL=no -if [[ "${RESCUE_KERNEL,,}" = "no" ]]; then - dnf remove -y dracut-config-rescue - rm -f /boot/{initramfs,vmlinuz}-0-rescue-$(cat /etc/machine-id)* - rm -f /boot/loader/entries/$(cat /etc/machine-id)-0-rescue.conf -fi - EXCLUDE_DOCS="no" -echo "Exclude documentation: ${EXCLUDE_DOCS^^}" +echo_header "Exclude documentation: ${EXCLUDE_DOCS,,}" if [[ "${EXCLUDE_DOCS,,}" = "yes" ]]; then echo "tsflags=nodocs" >> /etc/dnf/dnf.conf fi -# Get latest release file +echo_header "Kernel configuration" +RESCUE_KERNEL=no +echo_message "Include Rescue Kernel: ${RESCUE_KERNEL,,}" +if [[ "${RESCUE_KERNEL,,}" = "no" ]]; then + dnf remove -y dracut-config-rescue + rm -f "/boot/{initramfs,vmlinuz}-0-rescue-$(cat /etc/machine-id)"* + rm -f "/boot/loader/entries/$(cat /etc/machine-id)-0-rescue.conf" +fi + +echo_message "Get latest release package" dnf upgrade -y oraclelinux-release-el9 # Install latest kernel, that way it will be available at first boot and # allow proper cleanup KERNEL=uek -echo "Kernel update (${KERNEL^^})" +UEK_RELEASE=8 +echo_message "Kernel selection: ${KERNEL,,}" -echo "Running kernel: $(uname -r)" -echo "Kernel(s) installed:" +echo_message "Running kernel: $(uname -r)" +echo_message "Kernel package(s) installed:" rpm -qa | grep '^kernel' | sort -dnf_options="--enablerepo ol9_UEKR7" +dnf_options+=("--disablerepo" "ol9_UEKR*" "--enablerepo" "ol9_UEKR${UEK_RELEASE}") kernel="kernel-uek-core" # Set default kernel sed -i -e 's/^DEFAULTKERNEL=.*/DEFAULTKERNEL='"${kernel}"'/' /etc/sysconfig/kernel if rpm --quiet -q "${kernel}"; then - echo "Kernel ${kernel} already installed" - dnf check-update ${dnf_options} ${kernel} - if [[ $? == "100" ]]; then - # Get latest version - dnf update -y ${dnf_options} ${kernel} + echo_message "Kernel ${kernel} already installed" + # dnf check-update doesn't work if the selected UEK release is not the + # latest one + installed_package=$(rpm -q "${kernel}") + installed_version="${installed_package#"${kernel}-"}" + latest_package=$(dnf repoquery "${dnf_options[@]}" --nvr --latest-limit 1 "${kernel}").$(uname -m) + echo_message " Installed: ${installed_package}" + echo_message " Wanted : ${latest_package}" + if [[ ${installed_package} != "${latest_package}" ]]; then + echo_message " Installing ${latest_package}" + dnf install -y "${dnf_options[@]}" "${latest_package}" else - # No update available; ensure it is the default boot kernel - version=$(rpm -q "${kernel}") - grubby --set-default="/boot/vmlinuz${version#${kernel}}" + echo_message " Ensure default kernel is ${kernel}-${installed_version}" + grubby --set-default="/boot/vmlinuz-${installed_version}" fi else - dnf install -y ${dnf_options} ${kernel} + echo_message "Installing ${kernel}" + dnf install -y "${dnf_options[@]}" ${kernel} fi # Ensure we have the correct boot options grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline -# use tmpfs for /tmp TMP_IN_TMPFS=no +echo_header "Use tmpfs for /tmp: ${TMP_IN_TMPFS,,}" if [[ "${TMP_IN_TMPFS,,}" == "yes" ]]; then systemctl enable tmp.mount fi diff --git a/oracle-linux-image-tools/distr/ol9-aarch64/provision.sh b/oracle-linux-image-tools/distr/ol9-aarch64/provision.sh index 4892085..1176bb2 100644 --- a/oracle-linux-image-tools/distr/ol9-aarch64/provision.sh +++ b/oracle-linux-image-tools/distr/ol9-aarch64/provision.sh @@ -53,9 +53,10 @@ distr::kernel_config() { # is installed # Configure repos and remove old kernels - target_kernel=$(common::latest_kernel kernel-uek) + target_kernel=$(common::default_kernel) common::echo_message "Target kernel: ${target_kernel}" - dnf config-manager --set-enabled ol9_UEKR7 + dnf config-manager --set-disabled ol9_UEKR\* || : + dnf config-manager --set-enabled "ol9_UEKR${UEK_RELEASE}" common::remove_kernels kernel-uek "${target_kernel}" # Clean dnf cache which contains odd dependencies and prevents removal diff --git a/oracle-linux-image-tools/distr/ol9-slim/env.properties b/oracle-linux-image-tools/distr/ol9-slim/env.properties index bdacf96..14d29f5 100644 --- a/oracle-linux-image-tools/distr/ol9-slim/env.properties +++ b/oracle-linux-image-tools/distr/ol9-slim/env.properties @@ -3,7 +3,7 @@ # env file. # Distribution name -DISTR_NAME="OL9U5_x86_64" +DISTR_NAME="OL9U6_x86_64" # Distribution release readonly ORACLE_RELEASE=9 @@ -41,6 +41,9 @@ BOOT_COMMAND_SERIAL_CONSOLE=( # Kernel: uek, rhck KERNEL="uek" +# UEK release: 7, 8 +UEK_RELEASE=8 + # Keep rescue kernel: yes, no # Keeping rescue kernel will increase the image size and is most probably # not very useful in cloud environment. diff --git a/oracle-linux-image-tools/distr/ol9-slim/image-scripts.sh b/oracle-linux-image-tools/distr/ol9-slim/image-scripts.sh index 1448dfe..e51cf38 100755 --- a/oracle-linux-image-tools/distr/ol9-slim/image-scripts.sh +++ b/oracle-linux-image-tools/distr/ol9-slim/image-scripts.sh @@ -27,6 +27,7 @@ distr::validate() { [[ "${ROOT_FS,,}" =~ ^((xfs)|(btrfs)|(lvm))$ ]] || common::error "ROOT_FS must be xfs, btrfs or lvm" [[ "${ROOT_FS,,}" = "btrfs" ]] && common::echo_message "Note that for btrfs root filesystem you need to use an UEK boot ISO" [[ "${TMP_IN_TMPFS,,}" =~ ^((yes)|(no))$ ]] || common::error "TMP_IN_TMPFS must be yes or no" + [[ "${UEK_RELEASE}" =~ ^(7|8)$ ]] || common::error "UEK_RELEASE must be 7 or 8" [[ "${RESCUE_KERNEL,,}" =~ ^((yes)|(no))$ ]] || common::error "RESCUE_KERNEL must be yes or no" [[ "${KERNEL_MODULES,,}" =~ ^((yes)|(no))$ ]] || common::error "KERNEL_MODULES must be yes or no" [[ "${EXCLUDE_DOCS,,}" =~ ^((yes)|(no)|(minimal))$ ]] || common::error "EXCLUDE_DOCS must be yes, no or minimal" @@ -53,6 +54,7 @@ distr::kickstart() { # Pass kernel and rescue kernel selections sed -i -e 's!^KERNEL=.*$!KERNEL='"${KERNEL}"'!' "${ks_file}" + sed -i -e 's!^UEK_RELEASE=.*$!UEK_RELEASE='"${UEK_RELEASE}"'!' "${ks_file}" sed -i -e 's!^RESCUE_KERNEL=.*$!RESCUE_KERNEL='"${RESCUE_KERNEL}"'!' "${ks_file}" # Override authselect if needed diff --git a/oracle-linux-image-tools/distr/ol9-slim/ol9-ks.cfg b/oracle-linux-image-tools/distr/ol9-slim/ol9-ks.cfg index 1da74f5..a0138b1 100644 --- a/oracle-linux-image-tools/distr/ol9-slim/ol9-ks.cfg +++ b/oracle-linux-image-tools/distr/ol9-slim/ol9-ks.cfg @@ -198,9 +198,15 @@ zstd %end %post --interpreter /bin/bash --log=/root/ks-post.log - +echo_header() { + echo ">>> Kickstart: $* <<<" +} +echo_message() { + echo "... Kickstart: $* ..." +} + +echo_header "Network fixes" # ToDo: this might not be necessary -echo "Network fixes" cat > /etc/sysconfig/network << EOF NETWORKING=yes NOZEROCONF=yes @@ -216,23 +222,30 @@ EOF # make sure firstboot doesn't start echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot -echo "Kernel configuration" -# Remove the big rescue image if present +EXCLUDE_DOCS="no" +echo_header "Exclude documentation: ${EXCLUDE_DOCS,,}" +if [[ "${EXCLUDE_DOCS,,}" = "yes" ]]; then + echo "tsflags=nodocs" >> /etc/dnf/dnf.conf +fi + +echo_header "Kernel configuration" RESCUE_KERNEL=no +echo_message "Include Rescue Kernel: ${RESCUE_KERNEL,,}" if [[ "${RESCUE_KERNEL,,}" = "no" ]]; then dnf remove -y dracut-config-rescue - rm -f /boot/{initramfs,vmlinuz}-0-rescue-$(cat /etc/machine-id)* - rm -f /boot/loader/entries/$(cat /etc/machine-id)-0-rescue.conf + rm -f "/boot/{initramfs,vmlinuz}-0-rescue-$(cat /etc/machine-id)"* + rm -f "/boot/loader/entries/$(cat /etc/machine-id)-0-rescue.conf" fi BOOT_MODE=bios +echo_message "Boot Mode: ${BOOT_MODE,,}" if [[ ${BOOT_MODE,,} = "hybrid" ]]; then # In hybrid mode, configure grub for bios boot dnf install -y grub2-pc grub2-pc-modules grub2-install --target=i386-pc /dev/sda fi -# Ensure we don't reboot with the serial console enabled +echo_message "Ensure we don't reboot with the serial console enabled" sed -i \ -e 's/ console=ttyS0//' \ -e 's/^GRUB_TERMINAL.*/GRUB_TERMINAL_OUTPUT="console"'/ \ @@ -240,28 +253,23 @@ sed -i \ /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline -EXCLUDE_DOCS="no" -echo "Exclude documentation: ${EXCLUDE_DOCS^^}" -if [[ "${EXCLUDE_DOCS,,}" = "yes" ]]; then - echo "tsflags=nodocs" >> /etc/dnf/dnf.conf -fi - -# Get latest release file (Needed for UEK) +echo_message "Get latest release package (Needed for UEK)" dnf upgrade -y oraclelinux-release-el9 # Install latest kernel, that way it will be available at first boot and # allow proper cleanup KERNEL=uek -echo "Kernel update (${KERNEL^^})" +UEK_RELEASE=8 +echo_message "Kernel selection: ${KERNEL,,}" -echo "Running kernel: $(uname -r)" -echo "Kernel(s) installed:" +echo_message "Running kernel: $(uname -r)" +echo_message "Kernel package(s) installed:" rpm -qa | grep '^kernel' | sort kernel="kernel-core" -dnf_options="" +dnf_options=() if [[ "${KERNEL,,}" = "uek" ]]; then - dnf_options="${dnf_options} --enablerepo ol9_UEKR7" + dnf_options+=("--disablerepo" "ol9_UEKR*" "--enablerepo" "ol9_UEKR${UEK_RELEASE}") kernel="kernel-uek-core" fi @@ -269,25 +277,31 @@ fi sed -i -e 's/^DEFAULTKERNEL=.*/DEFAULTKERNEL='"${kernel}"'/' /etc/sysconfig/kernel if rpm --quiet -q "${kernel}"; then - echo "Kernel ${kernel} already installed" - dnf check-update ${dnf_options} ${kernel} - if [[ $? == "100" ]]; then - # Get latest version - dnf update -y ${dnf_options} ${kernel} + echo_message "Kernel ${kernel} already installed" + # dnf check-update doesn't work if the selected UEK release is not the + # latest one + installed_package=$(rpm -q "${kernel}") + installed_version="${installed_package#"${kernel}-"}" + latest_package=$(dnf repoquery "${dnf_options[@]}" --nvr --latest-limit 1 "${kernel}").$(uname -m) + echo_message " Installed: ${installed_package}" + echo_message " Wanted : ${latest_package}" + if [[ ${installed_package} != "${latest_package}" ]]; then + echo_message " Installing ${latest_package}" + dnf install -y "${dnf_options[@]}" "${latest_package}" else - # No update available; ensure it is the default boot kernel - version=$(rpm -q "${kernel}") - grubby --set-default="/boot/vmlinuz${version#${kernel}}" + echo_message " Ensure default kernel is ${kernel}-${installed_version}" + grubby --set-default="/boot/vmlinuz-${installed_version}" fi else - dnf install -y ${dnf_options} ${kernel} + echo_message "Installing ${kernel}" + dnf install -y "${dnf_options[@]}" ${kernel} fi # Ensure we have the correct boot options grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline -# use tmpfs for /tmp TMP_IN_TMPFS=no +echo_header "Use tmpfs for /tmp: ${TMP_IN_TMPFS,,}" if [[ "${TMP_IN_TMPFS,,}" == "yes" ]]; then systemctl enable tmp.mount fi diff --git a/oracle-linux-image-tools/distr/ol9-slim/provision.sh b/oracle-linux-image-tools/distr/ol9-slim/provision.sh index df309e6..1cf06a9 100644 --- a/oracle-linux-image-tools/distr/ol9-slim/provision.sh +++ b/oracle-linux-image-tools/distr/ol9-slim/provision.sh @@ -43,7 +43,7 @@ distr::remove_rpms() { # None ####################################### distr::kernel_config() { - local target_kernel + local kernel target_kernel # shellcheck disable=SC2153 common::echo_message "Configure kernel: ${KERNEL^^}" @@ -52,18 +52,16 @@ distr::kernel_config() { # is installed # Configure repos and remove old kernels - local kernel + target_kernel=$(common::default_kernel) + common::echo_message "Target kernel: ${target_kernel}" if [[ "${KERNEL,,}" = "uek" ]]; then kernel="kernel-uek" - target_kernel=$(common::latest_kernel kernel-uek) - common::echo_message "Target kernel: ${target_kernel}" - dnf config-manager --set-enabled ol9_UEKR7 + dnf config-manager --set-disabled ol9_UEKR\* || : + dnf config-manager --set-enabled "ol9_UEKR${UEK_RELEASE}" common::remove_kernels kernel common::remove_kernels kernel-uek "${target_kernel}" else kernel="kernel" - target_kernel=$(common::latest_kernel kernel) - common::echo_message "Target kernel: ${target_kernel}" common::remove_kernels kernel-uek common::remove_kernels kernel "${target_kernel}" fi From dd447f1ef41b44eea50dcda0f9e7529141b33694 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Sat, 9 Aug 2025 20:36:02 +0200 Subject: [PATCH 03/10] fix(olss): :bug: vagrant: set target kernel in motd, refactor installation of VirtualBox guest additions Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 2 + .../files/vagrant-common.sh | 2 +- .../cloud/vagrant-virtualbox/provision.sh | 42 +++++++++---------- 3 files changed, 22 insertions(+), 24 deletions(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index 4b03dee..cc38c36 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -9,6 +9,8 @@ ### Bug fixes - Fixed issue when `ISO_URL` is referring to a file (#196, contributed by @retekdk) +- Vagrant: correctly set target kernel in motd, refactor installation of the + VirtualBox guest additions ## March 2025 diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh index a769add..6166f16 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh @@ -144,7 +144,7 @@ EOF # Add login banner echo " -Welcome to Oracle Linux Server release $(grep ^VERSION= /etc/os-release | grep -o "[0-9].[0-9]\+") (GNU/Linux $(uname -r)) +Welcome to Oracle Linux Server release $(grep ^VERSION= /etc/os-release | grep -o "[0-9].[0-9]\+") (GNU/Linux $(common::default_kernel)) The Oracle Linux End-User License Agreement can be viewed here: diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh index b328345..85d9935 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh @@ -58,12 +58,6 @@ cloud::install_agent() yum install -y "${YUM_VERBOSE}" kernel-devel fi - # Orabug 34811820 for OL8 UEK7 -- for the current install - case $(common::default_kernel) in - 5.15.0-*.el8uek*) - export PATH="/opt/rh/gcc-toolset-11/root/usr/bin:$PATH" - esac - # Search for guest additions ISO -- it is typically labeled VBox_... # Note: use "blkid -s" as "--match-tag" is not supported on OL7 local label @@ -83,26 +77,28 @@ cloud::install_agent() [[ -f ${additions} ]] || common::error "Guest additions not found" - # Installation will fail when running in libguestfs environment + # Fake uname to build the kernel modules + local default_kernel + default_kernel=$(common::default_kernel) + mv /usr/bin/uname /usr/bin/uname.orig + cat > /usr/bin/uname <<-EOF + #!/usr/bin/bash + if [[ \$1 == "-r" ]]; then + echo "${default_kernel}" + else + /usr/bin/uname.orig "\$@" + fi + EOF + chmod 0755 /usr/bin/uname + chcon --reference=/usr/bin/uname.orig /usr/bin/uname + + # Installation might fail when running in libguestfs environment sh "${additions}" || : umount /mnt - # Orabug 34811820 for OL8 UEK7 -- for subsequent rebuilds - case $(common::default_kernel) in - 5.15.0-*.el8uek*) - # shellcheck disable=SC2016 - sed -i '/PATH=$PATH/a PATH="/opt/rh/gcc-toolset-11/root/usr/bin:$PATH"' /usr/sbin/rcvboxadd - for ga in /opt/VBoxGuestAdditions*; do - cp /usr/sbin/rcvboxadd "${ga}/init/vboxadd" - done - esac - - # Ensure modules are built for the target kernel - if [[ $(uname -r) != $(common::default_kernel) ]]; then - common::echo_message "Building Guest Additions for $(common::default_kernel)" - /sbin/rcvboxadd quicksetup "$(common::default_kernel)" - fi - + # Restore uname + rm /usr/bin/uname + mv /usr/bin/uname.orig /usr/bin/uname } ####################################### From 69817175fa96a19925f3b4d505cf6c66b90c6d46 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Wed, 13 Aug 2025 12:28:56 +0200 Subject: [PATCH 04/10] refactor(olss): :recycle: virt-install: use vcpus Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 4 ++++ oracle-linux-image-tools/bin/build-image.sh | 2 +- oracle-linux-image-tools/cloud/olvm/image-scripts.sh | 2 +- .../cloud/vagrant-libvirt/image-scripts.sh | 2 +- .../cloud/vagrant-virtualbox/image-scripts.sh | 4 ++-- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index cc38c36..66d4d41 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -6,6 +6,10 @@ - Update for OL9U6, support for UEK8 +### Changes + +- `CPU_NUM` now accepts topology information using the `virt-install` syntax: `VCPUS[,maxvcpus=MAX][,sockets=#][,cores=#][,threads=#]` + ### Bug fixes - Fixed issue when `ISO_URL` is referring to a file (#196, contributed by @retekdk) diff --git a/oracle-linux-image-tools/bin/build-image.sh b/oracle-linux-image-tools/bin/build-image.sh index cf6b46c..86520cd 100755 --- a/oracle-linux-image-tools/bin/build-image.sh +++ b/oracle-linux-image-tools/bin/build-image.sh @@ -394,7 +394,7 @@ image_create() { # shellcheck disable=SC2294 virt-install --os-type linux --os-variant "${OS_VARIANT}" --name "${VM_NAME}" \ - --cpus "${CPU_NUM}" --memory "${MEM_SIZE}" \ + --vcpus "${CPU_NUM}" --memory "${MEM_SIZE}" \ --controller "scsi,model=virtio-scsi" \ --disk "path=${WORKSPACE}/${VM_NAME}/${VM_NAME}.qcow2,size=${DISK_SIZE_GB},bus=scsi,cache=unsafe" \ --network default \ diff --git a/oracle-linux-image-tools/cloud/olvm/image-scripts.sh b/oracle-linux-image-tools/cloud/olvm/image-scripts.sh index 39bf46e..c73696d 100755 --- a/oracle-linux-image-tools/cloud/olvm/image-scripts.sh +++ b/oracle-linux-image-tools/cloud/olvm/image-scripts.sh @@ -69,7 +69,7 @@ cloud::image_package() { -v "${BUILD_NUMBER}" \ -s "${DISK_SIZE_GB}" \ -i "${VM_NAME}.qcow2" \ - -c "${CPU_NUM}" \ + -c "${CPU_NUM%%,*}" \ -m "${MEM_SIZE}" \ >"${package_filename}.ovf" diff --git a/oracle-linux-image-tools/cloud/vagrant-libvirt/image-scripts.sh b/oracle-linux-image-tools/cloud/vagrant-libvirt/image-scripts.sh index 2b804e1..be68843 100755 --- a/oracle-linux-image-tools/cloud/vagrant-libvirt/image-scripts.sh +++ b/oracle-linux-image-tools/cloud/vagrant-libvirt/image-scripts.sh @@ -60,7 +60,7 @@ cloud::sysprep_args() { # None ####################################### cloud::image_package() { - local cpus="${VAGRANT_LIBVIRT_CPU_NUM:-$CPU_NUM}" + local cpus="${VAGRANT_LIBVIRT_CPU_NUM:-${CPU_NUM%%,*}}" local memory="${VAGRANT_LIBVIRT_MEM_SIZE:-$MEM_SIZE}" pushd "${WORKSPACE}/${VM_NAME}" || common::error "can't cd to image directory" diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh index 39dbdfc..9f625d8 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh @@ -95,7 +95,7 @@ cloud::sysprep_args() { ####################################### cloud::image_package() { local mk_envelope="${CLOUD_DIR}/${CLOUD}/mk-envelope.py" - local cpu="${VAGRANT_VIRTUALBOX_CPU_NUM:-$CPU_NUM}" + local cpu="${VAGRANT_VIRTUALBOX_CPU_NUM:-${CPU_NUM%%,*}}" local memory="${VAGRANT_VIRTUALBOX_MEM_SIZE:-$MEM_SIZE}" local -a extra_disk=() local -a mk_envelope_params=() @@ -144,7 +144,7 @@ cloud::image_package() { load include_vagrantfile if File.exist?(include_vagrantfile) EOF - if [[ "${ORACLE_RELEASE}" =~ ^[89]$ ]]; then + if [[ "${ORACLE_RELEASE}" =~ ^(8|9|(10))$ ]]; then # For the latest uek kernels (UEK7) we install kernel-uek-core which only has virtio drivers... mkdir "${WORKSPACE}/${VM_NAME}/include" cat > "${WORKSPACE}/${VM_NAME}/include/_Vagrantfile" <<-EOF From eaf4f6b43417e6a2c1a7469eb863b2f79b927b68 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Wed, 27 Aug 2025 16:53:30 +0200 Subject: [PATCH 05/10] style(olss): :lipstick: indentation / consistency Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/bin/build-image.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/oracle-linux-image-tools/bin/build-image.sh b/oracle-linux-image-tools/bin/build-image.sh index 86520cd..1e5a486 100755 --- a/oracle-linux-image-tools/bin/build-image.sh +++ b/oracle-linux-image-tools/bin/build-image.sh @@ -393,15 +393,15 @@ image_create() { fi # shellcheck disable=SC2294 - virt-install --os-type linux --os-variant "${OS_VARIANT}" --name "${VM_NAME}" \ + virt-install --os-type linux --os-variant "${OS_VARIANT}" --name "${VM_NAME}" \ --vcpus "${CPU_NUM}" --memory "${MEM_SIZE}" \ --controller "scsi,model=virtio-scsi" \ --disk "path=${WORKSPACE}/${VM_NAME}/${VM_NAME}.qcow2,size=${DISK_SIZE_GB},bus=scsi,cache=unsafe" \ --network default \ --graphics none \ --location "${iso_path}${location}" \ - --initrd-inject="${WORKSPACE}/${VM_NAME}/${KS_FILE}" \ - --extra-args="$(eval echo "${BOOT_COMMAND[@]}")" \ + --initrd-inject "${WORKSPACE}/${VM_NAME}/${KS_FILE}" \ + --extra-args "$(eval echo "${BOOT_COMMAND[@]}")" \ --transient \ "${virt_install_args[@]}" } From 75e6b5041359062644928c08683364039500e7e9 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Wed, 27 Aug 2025 17:06:22 +0200 Subject: [PATCH 06/10] feat(olss): :sparkles: vagrant - make guest additions optional When VAGRANT_GUEST_ADDITIONS_KERNEL is set to yes, do not install VirtualBox Guest Additions if the kernel already has these (UEK). For backwards compatibility, default is no; that is: we always install the Guest Additions Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 2 ++ .../cloud/vagrant-virtualbox/env.properties | 4 ++++ .../cloud/vagrant-virtualbox/image-scripts.sh | 3 ++- .../cloud/vagrant-virtualbox/provision.sh | 9 +++++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index 66d4d41..7f32bdb 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -5,6 +5,8 @@ ### New Features - Update for OL9U6, support for UEK8 +- Vagrant VirtualBox: if `VAGRANT_GUEST_ADDITIONS_KERNEL` is set to `yes`, do not install the VirtualBox Guest Additions + if the kernel already support these (UEK kernel). Default is `no` for backwards compatibility ### Changes diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/env.properties b/oracle-linux-image-tools/cloud/vagrant-virtualbox/env.properties index 1624ccc..fcd6805 100644 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/env.properties +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/env.properties @@ -18,3 +18,7 @@ VAGRANT_DEVELOPER_REPOS="no" # URL can be a local file (file:// URI) # VAGRANT_GUEST_ADDITIONS_URL="" # VAGRANT_GUEST_ADDITIONS_SHA256="" +# If "yes", do not install the Guest Additions if the VirtualBox kernel +# modules are already provided by the kernel +# Set to no by default for backward compatibility +VAGRANT_GUEST_ADDITIONS_KERNEL="no" diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh index 9f625d8..fe246f5 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/image-scripts.sh @@ -37,7 +37,8 @@ cloud::validate() { [[ ${VAGRANT_GUEST_ADDITIONS_URL%%:*} =~ ^((https?)|(file))$ ]] || common::error "invalid VirtualBox GA ISO URL: ${VAGRANT_GUEST_ADDITIONS_URL}" [[ -z "${VAGRANT_GUEST_ADDITIONS_SHA256}" ]] && common::error "missing VirtualBox GA ISO checksum" [[ ${#VAGRANT_GUEST_ADDITIONS_SHA256} -eq 64 ]] || common::error "VAGRANT_GUEST_ADDITIONS_SHA256 must be SHA256" - readonly VAGRANT_GUEST_ADDITIONS_URL VAGRANT_GUEST_ADDITIONS_SHA256 + [[ ${VAGRANT_GUEST_ADDITIONS_KERNEL,,} =~ ^((yes)|(no))$ ]] || common::error "VAGRANT_GUEST_ADDITIONS_KERNEL must be Yes or No" + readonly VAGRANT_GUEST_ADDITIONS_URL VAGRANT_GUEST_ADDITIONS_SHA256 VAGRANT_GUEST_ADDITIONS_KERNEL # Retrieve GA during validation to "fail fast" declare -g VAGRANT_GUEST_ADDITIONS_PATH common::retrieve_iso "${VAGRANT_GUEST_ADDITIONS_URL}" "${VAGRANT_GUEST_ADDITIONS_SHA256}" VAGRANT_GUEST_ADDITIONS_PATH diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh index 85d9935..d116444 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh @@ -44,6 +44,15 @@ cloud::config() cloud::install_agent() { common::echo_message "Install Guest Additions" + if [[ ${VAGRANT_GUEST_ADDITIONS_KERNEL,,} == "yes" ]]; then + common::echo_message "Checking for existing kernel modules" + local target_kernel + target_kernel=$(common::default_kernel) + if [[ $(find "/lib/modules/${target_kernel}/" -name "vboxguest.ko*" -print -quit) ]]; then + common::echo_message "Found guest additions, skipping install" + return + fi + fi local additions if [[ $(uname -i) == "aarch64" ]]; then additions="/mnt/VBoxLinuxAdditions-arm64.run" From 39ba0260b00bbe13cee544a715c1d73720db2eda Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Wed, 27 Aug 2025 17:21:17 +0200 Subject: [PATCH 07/10] refactor(olss): :recycle: vagrant-vb - use VMSVGA controller Default VBoxVGA controller is deprecated Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 1 + .../cloud/vagrant-virtualbox/mk-envelope.py | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index 7f32bdb..f8f592a 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -11,6 +11,7 @@ ### Changes - `CPU_NUM` now accepts topology information using the `virt-install` syntax: `VCPUS[,maxvcpus=MAX][,sockets=#][,cores=#][,threads=#]` +- Vagrant VirtualBox: set display controller to `VMSVGA` (`VBoxVGA` being deprecated) ### Bug fixes diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/mk-envelope.py b/oracle-linux-image-tools/cloud/vagrant-virtualbox/mk-envelope.py index 98a2811..d507974 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/mk-envelope.py +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/mk-envelope.py @@ -504,7 +504,11 @@ def generate_ovf(args): attr={"controller": "QemuRamFB", "VRAMSize": "20"}, ) else: - document.createOvfElement("Display", parent=ms_hardware, attr={"VRAMSize": "4"}) + document.createOvfElement( + "Display", + parent=ms_hardware, + attr={"controller": "VMSVGA", "VRAMSize": "8"}, + ) if not args.aarch64: ms_hardware_rd = document.createOvfElement( From 32d60deaa7c326ddd58154c23c2fe3e9927eec3b Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Wed, 27 Aug 2025 17:25:36 +0200 Subject: [PATCH 08/10] fix(olss): :bug: use uname -m uname -i is deprecated Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 1 + oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index f8f592a..c324da8 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -18,6 +18,7 @@ - Fixed issue when `ISO_URL` is referring to a file (#196, contributed by @retekdk) - Vagrant: correctly set target kernel in motd, refactor installation of the VirtualBox guest additions +- use `uname -m` instead of `uname -i` which is deprecated ## March 2025 diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh index d116444..82ff842 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/provision.sh @@ -54,7 +54,7 @@ cloud::install_agent() fi fi local additions - if [[ $(uname -i) == "aarch64" ]]; then + if [[ $(uname -m) == "aarch64" ]]; then additions="/mnt/VBoxLinuxAdditions-arm64.run" else additions="/mnt/VBoxLinuxAdditions.run" From 194fe314b7139a595180209b90486566056458a9 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Wed, 27 Aug 2025 17:34:39 +0200 Subject: [PATCH 09/10] refactor(olss): :recycle: vagrant - cleanup old dependencies Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 1 + .../vagrant-virtualbox/files/vagrant-common.sh | 13 ++++--------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index c324da8..066074c 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -12,6 +12,7 @@ - `CPU_NUM` now accepts topology information using the `virt-install` syntax: `VCPUS[,maxvcpus=MAX][,sockets=#][,cores=#][,threads=#]` - Vagrant VirtualBox: set display controller to `VMSVGA` (`VBoxVGA` being deprecated) +- Vagrant: remove/cleanup old dependencies ### Bug fixes diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh index 6166f16..0510850 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh @@ -44,12 +44,6 @@ vagrant::config() EOF fi - # For OL9 re-enable SHA1 as the vagrant embedded ssh client insists to use - # SHA1 for RSA keys -- See hashicorp/vagrant#12344 - if [[ "${ORACLE_RELEASE}" = "9" ]]; then - /bin/update-crypto-policies --set DEFAULT:SHA1 - fi - cat >>/etc/sysconfig/sshd < /etc/dracut.conf.d/vmware-fusion-drivers.conf restorecon /etc/dracut.conf.d/vmware-fusion-drivers.conf fi @@ -101,8 +98,6 @@ EOF echo 'omit_drivers+=" floppy "' > /etc/dracut.conf.d/nofloppy.conf restorecon /etc/dracut.conf.d/nofloppy.conf # Regenerate initrd - local default_kernel - default_kernel=$(common::default_kernel) ${DRACUT_CMD} -f "/boot/initramfs-${default_kernel}.img" "${default_kernel}" # Disabling firewalld on vagrant boxes From e8e35b752a9db681dd7b5feae3cf72f5639a3530 Mon Sep 17 00:00:00 2001 From: Philippe Vanhaesendonck Date: Wed, 27 Aug 2025 17:36:36 +0200 Subject: [PATCH 10/10] feat(olss): :sparkles: update for ol10 Signed-off-by: Philippe Vanhaesendonck --- oracle-linux-image-tools/CHANGELOG.md | 1 + oracle-linux-image-tools/bin/build-image.sh | 4 +- .../cloud/oci/ol10-aarch54 | 1 + oracle-linux-image-tools/cloud/oci/ol10-slim | 1 + .../cloud/oci/provision.sh | 28 +- .../cloud/olvm/mk-envelope.py | 3 +- .../cloud/olvm/provision.sh | 22 +- .../files/vagrant-common.sh | 10 +- .../distr/ol10-aarch64/env.properties | 78 +++++ .../distr/ol10-aarch64/image-scripts.sh | 72 +++++ .../distr/ol10-aarch64/ol10-aarch64-ks.cfg | 270 +++++++++++++++++ .../distr/ol10-aarch64/provision.sh | 191 ++++++++++++ .../distr/ol10-slim/env.properties | 78 +++++ .../distr/ol10-slim/image-scripts.sh | 73 +++++ .../distr/ol10-slim/ol10-ks.cfg | 281 ++++++++++++++++++ .../distr/ol10-slim/provision.sh | 221 ++++++++++++++ 16 files changed, 1302 insertions(+), 32 deletions(-) create mode 120000 oracle-linux-image-tools/cloud/oci/ol10-aarch54 create mode 120000 oracle-linux-image-tools/cloud/oci/ol10-slim create mode 100644 oracle-linux-image-tools/distr/ol10-aarch64/env.properties create mode 100755 oracle-linux-image-tools/distr/ol10-aarch64/image-scripts.sh create mode 100644 oracle-linux-image-tools/distr/ol10-aarch64/ol10-aarch64-ks.cfg create mode 100644 oracle-linux-image-tools/distr/ol10-aarch64/provision.sh create mode 100644 oracle-linux-image-tools/distr/ol10-slim/env.properties create mode 100755 oracle-linux-image-tools/distr/ol10-slim/image-scripts.sh create mode 100644 oracle-linux-image-tools/distr/ol10-slim/ol10-ks.cfg create mode 100644 oracle-linux-image-tools/distr/ol10-slim/provision.sh diff --git a/oracle-linux-image-tools/CHANGELOG.md b/oracle-linux-image-tools/CHANGELOG.md index 066074c..3300d06 100644 --- a/oracle-linux-image-tools/CHANGELOG.md +++ b/oracle-linux-image-tools/CHANGELOG.md @@ -5,6 +5,7 @@ ### New Features - Update for OL9U6, support for UEK8 +- Update for OL10U0 - Vagrant VirtualBox: if `VAGRANT_GUEST_ADDITIONS_KERNEL` is set to `yes`, do not install the VirtualBox Guest Additions if the kernel already support these (UEK kernel). Default is `no` for backwards compatibility diff --git a/oracle-linux-image-tools/bin/build-image.sh b/oracle-linux-image-tools/bin/build-image.sh index 1e5a486..fde413a 100755 --- a/oracle-linux-image-tools/bin/build-image.sh +++ b/oracle-linux-image-tools/bin/build-image.sh @@ -159,8 +159,8 @@ load_env() { local distr_name # Note: OL7 media have space in the label which needs to be escaped # shellcheck disable=SC2001 - distr_name=$(sed -e 's/^.*OracleLinux-R\([[:digit:]]\)-U\([[:digit:]]\+\)\(-Server\)\?-\([^-]\+\)\(-dvd\)\?\(-[[:digit:]]\+\)\?\.iso$/OL\1U\2_\4/' <<< "${ISO_URL}") - if [[ $distr_name =~ ^OL[6789]U ]]; then + distr_name=$(sed -e 's/^.*OracleLinux-R\([[:digit:]]\+\)-U\([[:digit:]]\+\)\(-Server\)\?-\([^-]\+\)\(-dvd\)\?\(-[[:digit:]]\+\)\?\.iso$/OL\1U\2_\4/' <<< "${ISO_URL}") + if [[ $distr_name =~ ^OL(6|7|8|9|(10))U ]]; then DISTR_NAME="${distr_name}" fi diff --git a/oracle-linux-image-tools/cloud/oci/ol10-aarch54 b/oracle-linux-image-tools/cloud/oci/ol10-aarch54 new file mode 120000 index 0000000..f21660c --- /dev/null +++ b/oracle-linux-image-tools/cloud/oci/ol10-aarch54 @@ -0,0 +1 @@ +ol10-slim \ No newline at end of file diff --git a/oracle-linux-image-tools/cloud/oci/ol10-slim b/oracle-linux-image-tools/cloud/oci/ol10-slim new file mode 120000 index 0000000..c0de194 --- /dev/null +++ b/oracle-linux-image-tools/cloud/oci/ol10-slim @@ -0,0 +1 @@ +ol9-slim \ No newline at end of file diff --git a/oracle-linux-image-tools/cloud/oci/provision.sh b/oracle-linux-image-tools/cloud/oci/provision.sh index c6e9d52..d244712 100755 --- a/oracle-linux-image-tools/cloud/oci/provision.sh +++ b/oracle-linux-image-tools/cloud/oci/provision.sh @@ -2,7 +2,7 @@ # # Provisioning script for OCI # -# Copyright (c) 2020, 2024 Oracle and/or its affiliates. +# Copyright (c) 2020, 2025 Oracle and/or its affiliates. # Licensed under the Universal Permissive License v 1.0 as shown at # https://oss.oracle.com/licenses/upl # @@ -26,18 +26,20 @@ cloud::config() { common::echo_message "Setup network" - # simple eth0 configuration - cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<-EOF - DEVICE="eth0" - BOOTPROTO="dhcp" - ONBOOT="yes" - TYPE="Ethernet" - USERCTL="yes" - PEERDNS="yes" - IPV6INIT="no" - PERSISTENT_DHCLIENT="1" - EOF - + if [[ -d /etc/sysconfig/network-scripts ]]; then + # simple eth0 configuration + cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<-EOF + DEVICE="eth0" + BOOTPROTO="dhcp" + ONBOOT="yes" + TYPE="Ethernet" + USERCTL="yes" + PEERDNS="yes" + IPV6INIT="no" + PERSISTENT_DHCLIENT="1" + EOF + fi + if [[ "${OCI_REPO_MAPPER,,}" =~ "yes" ]]; then common::echo_message "Install repo mapper scripts" yum install -y "${YUM_VERBOSE}" jq diff --git a/oracle-linux-image-tools/cloud/olvm/mk-envelope.py b/oracle-linux-image-tools/cloud/olvm/mk-envelope.py index 626bfcf..4c8a6b6 100755 --- a/oracle-linux-image-tools/cloud/olvm/mk-envelope.py +++ b/oracle-linux-image-tools/cloud/olvm/mk-envelope.py @@ -3,7 +3,7 @@ """ Generate OLVM compatible OVF file. -Copyright (c) 2020, 2022 Oracle and/or its affiliates. +Copyright (c) 2020, 2025 Oracle and/or its affiliates. Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl @@ -27,6 +27,7 @@ 'OL7': 5003, 'OL8': 5006, 'OL9': 5007, + 'OL10': 5007, } diff --git a/oracle-linux-image-tools/cloud/olvm/provision.sh b/oracle-linux-image-tools/cloud/olvm/provision.sh index 4e4552a..7a48fe8 100755 --- a/oracle-linux-image-tools/cloud/olvm/provision.sh +++ b/oracle-linux-image-tools/cloud/olvm/provision.sh @@ -27,16 +27,18 @@ cloud::config() { common::echo_message "Setup network" # simple eth0 configuration - cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<-EOF - DEVICE="eth0" - BOOTPROTO="dhcp" - ONBOOT="yes" - TYPE="Ethernet" - USERCTL="yes" - PEERDNS="yes" - IPV6INIT="no" - PERSISTENT_DHCLIENT="1" - EOF + if [[ -d /etc/sysconfig/network-scripts ]]; then + cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<-EOF + DEVICE="eth0" + BOOTPROTO="dhcp" + ONBOOT="yes" + TYPE="Ethernet" + USERCTL="yes" + PEERDNS="yes" + IPV6INIT="no" + PERSISTENT_DHCLIENT="1" + EOF + fi } ####################################### diff --git a/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh b/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh index 0510850..00a6a80 100755 --- a/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh +++ b/oracle-linux-image-tools/cloud/vagrant-virtualbox/files/vagrant-common.sh @@ -30,7 +30,7 @@ vagrant::config() sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers # sshd: disable password authentication and DNS checks - if [[ "${ORACLE_RELEASE}" = "9" ]]; then + if [[ "${ORACLE_RELEASE}" =~ ^(9|10)$ ]]; then cat > /etc/ssh/sshd_config.d/90-vagrant.conf <<-EOF PasswordAuthentication no UseDNS no @@ -130,16 +130,14 @@ EOF yum-config-manager --enable ol7_developer_EPEL >/dev/null elif [[ "${ORACLE_RELEASE}" = "6" ]]; then yum install -y "${YUM_VERBOSE}" oraclelinux-developer-release-el6 - elif [[ "${ORACLE_RELEASE}" = "8" ]]; then - dnf install -y oracle-epel-release-el8 - elif [[ "${ORACLE_RELEASE}" = "9" ]]; then - dnf install -y oracle-epel-release-el9 + elif [[ "${ORACLE_RELEASE}" =~ ^(8|9|10)$ ]]; then + dnf install -y "oracle-epel-release-el${ORACLE_RELEASE}" fi fi # Add login banner echo " -Welcome to Oracle Linux Server release $(grep ^VERSION= /etc/os-release | grep -o "[0-9].[0-9]\+") (GNU/Linux $(common::default_kernel)) +Welcome to Oracle Linux Server release $(grep ^VERSION= /etc/os-release | grep -o "[0-9]\+.[0-9]\+") (GNU/Linux $(common::default_kernel)) The Oracle Linux End-User License Agreement can be viewed here: diff --git a/oracle-linux-image-tools/distr/ol10-aarch64/env.properties b/oracle-linux-image-tools/distr/ol10-aarch64/env.properties new file mode 100644 index 0000000..9269808 --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-aarch64/env.properties @@ -0,0 +1,78 @@ +# Default parameter for the distribution. +# Do NOT change anything in this file, customisation must be done in separate +# env file. + +# Distribution name +DISTR_NAME="OL10U0_aarch64" + +# Distribution release +readonly ORACLE_RELEASE=10 + +# Setup swap? +SETUP_SWAP="yes" + +# Root filesystem: xfs, lvm or btrfs +ROOT_FS="xfs" + +# Location of the kernel and initrd on the distribution image. +BOOT_LOCATION="images/pxeboot" + +# Boot mode +readonly BOOT_MODE="uefi" +# Boot command +# Variables MUST be escaped as they are evaluated at build time. +# Following variables are available: +# KS_FILE: name of the kickstart file which will be in the root directory +# ISO_LABEL: label of the ISO image +BOOT_COMMAND=( + 'inst.text' + 'inst.ks=file:/${KS_FILE}' + 'inst.geoloc=0' + 'inst.stage2=hd:LABEL=${ISO_LABEL}' + 'ro', + 'biosdevname=0', + 'net.ifnames=0' +) +# Additional parameters to enable serial console +BOOT_COMMAND_SERIAL_CONSOLE=( + 'inst.notmux' +) + +# Kernel: must be UEK! +readonly KERNEL="uek" + +# UEK release: 8 +UEK_RELEASE=8 + +# Keep rescue kernel: yes, no +# Keeping rescue kernel will increase the image size and is most probably +# not very useful in cloud environment. +# Note that if you enable rescue kernel and due the way BLS config works, you +# will have a second rescue kernel the first time kernel is upgrade as the +# machine-id differs between image build and deployed VM. +RESCUE_KERNEL="no" + +# Authselect: default is set to "minimal" which should cover most use cases. +# If an alternative auth profile is needed it can be specified with the +# AUTHSELECT parameter, e.g.: +# AUTHSELECT="select sssd" +AUTHSELECT="" + +# Update: yes, security, no +UPDATE_TO_LATEST="yes" + +# Keep kernel-modules packages: yes, no +# Core kernel should suffice for all cloud images +KERNEL_MODULES="no" + +# Exclude documentation (man pages, info files, doc files)? yes, no, minimal +# When "yes" is selected, dnf wil be configured to exclude all documentation +# ("tsflags=nodocs" parameter). +# If you plan to re-distribute the image, you might need to keep the +# "/usr/share/doc" directory which contains the packages license terms. +# The "minimal" option will remove man pages and info files, but will keep the +# "/usr/share/doc" directory. +EXCLUDE_DOCS="no" + +# Directory used to save build information +readonly BUILD_INFO="/.build-info" diff --git a/oracle-linux-image-tools/distr/ol10-aarch64/image-scripts.sh b/oracle-linux-image-tools/distr/ol10-aarch64/image-scripts.sh new file mode 100755 index 0000000..580c209 --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-aarch64/image-scripts.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# +# image scripts for OL10 - aarch64 +# +# Copyright (c) 2025 Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# Description: this module provides the following function: +# distr::validate: basic parameter validation +# distr::kickstart: hook for kickstart file updates +# All functions are optional +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. +# + +####################################### +# Validate distribution parameters +# Globals: +# KERNEL_MODULES, ROOT_FS, RESCUE_KERNEL, TMP_IN_TMPFS, EXCLUDE_DOCS +# Arguments: +# None +# Returns: +# None +####################################### +distr::validate() { + [[ "${ROOT_FS,,}" =~ ^((xfs)|(btrfs)|(lvm))$ ]] || common::error "ROOT_FS must be xfs, btrfs or lvm" + [[ "${ROOT_FS,,}" = "btrfs" ]] && common::echo_message "Note that for btrfs root filesystem you need to use an UEK boot ISO" + [[ "${TMP_IN_TMPFS,,}" =~ ^((yes)|(no))$ ]] || common::error "TMP_IN_TMPFS must be yes or no" + [[ "${UEK_RELEASE}" =~ ^(7|8)$ ]] || common::error "UEK_RELEASE must be 7 or 8" + [[ "${RESCUE_KERNEL,,}" =~ ^((yes)|(no))$ ]] || common::error "RESCUE_KERNEL must be yes or no" + [[ "${KERNEL_MODULES,,}" =~ ^((yes)|(no))$ ]] || common::error "KERNEL_MODULES must be yes or no" + [[ "${EXCLUDE_DOCS,,}" =~ ^((yes)|(no)|(minimal))$ ]] || common::error "EXCLUDE_DOCS must be yes, no or minimal" + readonly ROOT_FS TMP_IN_TMPFS RESCUE_KERNEL KERNEL_MODULES EXCLUDE_DOCS +} + +####################################### +# Kickstart fixup +# Globals: +# AUTHSELECT, KERNEL, RESCUE_KERNEL, ROOT_FS +# EXCLUDE_DOCS, TMP_IN_TMPFS +# Arguments: +# kickstart file name +# Returns: +# None +####################################### +distr::kickstart() { + local ks_file="$1" + + # Pass partitioning variables + sed -i -e 's!^ROOT_FS=.*$!ROOT_FS='"${ROOT_FS}"'!' "${ks_file}" + sed -i -e 's!^SETUP_SWAP=.*$!SETUP_SWAP='"${SETUP_SWAP}"'!' "${ks_file}" + + # Pass kernel and rescue kernel selections + sed -i -e 's!^KERNEL=.*$!KERNEL='"${KERNEL}"'!' "${ks_file}" + sed -i -e 's!^UEK_RELEASE=.*$!UEK_RELEASE='"${UEK_RELEASE}"'!' "${ks_file}" + sed -i -e 's!^RESCUE_KERNEL=.*$!RESCUE_KERNEL='"${RESCUE_KERNEL}"'!' "${ks_file}" + + # Override authselect if needed + if [[ -n ${AUTHSELECT} ]]; then + sed -i -e 's!^authselect .*$!authselect '"${AUTHSELECT}"'!' "${ks_file}" + fi + + # Docs + sed -i -e 's!^EXCLUDE_DOCS=.*$!EXCLUDE_DOCS='"${EXCLUDE_DOCS}"'!' "${ks_file}" + if [[ "${EXCLUDE_DOCS,,}" = "yes" ]]; then + sed -i -e 's!^%packages!%packages --excludedocs!' "${ks_file}" + fi + + # /tmp in tmpfs + sed -i -e "s!^TMP_IN_TMPFS=no!TMP_IN_TMPFS=${TMP_IN_TMPFS}!" "${ks_file}" +} diff --git a/oracle-linux-image-tools/distr/ol10-aarch64/ol10-aarch64-ks.cfg b/oracle-linux-image-tools/distr/ol10-aarch64/ol10-aarch64-ks.cfg new file mode 100644 index 0000000..802a7e5 --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-aarch64/ol10-aarch64-ks.cfg @@ -0,0 +1,270 @@ +# OL10 aarch64 kickstart file +# System authorization information +authselect select minimal with-faillock with-silent-lastlog with-pamaccess + +# Command line install +cmdline +text + +# Run the Setup Agent on first boot +eula --agreed +firstboot --disable + +# Only use the "system disk" +ignoredisk --only-use=sda + +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' + +# System language +lang en_US.UTF-8 + +# reboot at the end +reboot + +# System timezone +timezone UTC --utc + +# Network information +network --bootproto=dhcp --device=eth0 --onboot=yes --ipv6=auto --hostname=localhost.localdomain + +# URL to an installation tree on a remote server + +# Additional yum repositories that may be used as sources for package installation. + +# Root password -- will be overridden by the builder +rootpw --lock + +# System services +services --disabled="kdump,rhsmcertd" --enabled="firewalld,sshd,rsyslog,chronyd" +selinux --enforcing +firewall --service=ssh + +# System bootloader configuration +bootloader --append="no_timer_check net.ifnames=0 biosdevname=0 crashkernel=auto" --location=mbr --timeout=1 --boot-drive=sda + +%pre --erroronfail --interpreter /bin/bash +# Partitioning +# Use parted to create partitions and generate the ks "part" commands +DISK=sda +ROOT_FS=xfs +SETUP_SWAP=yes + +# Clear MBR and create a new GPT +dd if=/dev/zero of=/dev/${DISK} bs=512 count=1 +parted -s /dev/${DISK} mklabel gpt + +start=1 +part=0 +parts=() + +# EFI partition 200MiB +end=$(( start + 200 )) +(( part += 1 )) +parted -s -a optimal /dev/${DISK} mkpart '"EFI System Partition"' fat32 ${start}MiB ${end}MiB set ${part} esp on +start=$end +parts+=( "part /boot/efi --fstype=efi --onpart=${DISK}${part} --label efi" ) + +# Boot partition 1GiB +end=$(( start + 1024 )) +(( part += 1 )) +parted -s -a optimal /dev/${DISK} mkpart boot xfs ${start}MiB ${end}MiB +start=$end +parts+=( "part /boot --fstype=xfs --onpart=${DISK}${part} --label boot --mkfsoptions \"-i nrext64=0\"" ) + +if [[ ${ROOT_FS,,} != "lvm" && ${SETUP_SWAP,,} == "yes" ]]; then + # Swap partition 4GiB + end=$(( start + 4096 )) + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart swap linux-swap ${start}MiB ${end}MiB + start=$end + parts+=( "part swap --fstype=swap --onpart=${DISK}${part} --label swap" ) +fi + +if [[ ${ROOT_FS,,} == "xfs" ]]; then + # XFS Root partition 100% + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart root xfs ${start}MiB 100% + parts+=( "part / --fstype=xfs --onpart=${DISK}${part} --label root --mkfsoptions \"-i nrext64=0\"" ) +elif [[ ${ROOT_FS,,} == "btrfs" ]]; then + # BTRFS partition 100% + # root & home sub-volumes + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart btrfs_vol btrfs ${start}MiB 100% + parts+=( "part btrfs.01 --fstype=btrfs --onpart=${DISK}${part}" ) + parts+=( "btrfs none --label=btrfs_vol --data=single btrfs.01" ) + parts+=( "btrfs / --subvol --name=root LABEL=btrfs_vol" ) + parts+=( "btrfs /home --subvol --name=home LABEL=btrfs_vol" ) +elif [[ ${ROOT_FS,,} == "lvm" ]]; then + # LVM partition 100% + # root & swap logical volumes + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart pv_vol ${start}MiB 100% + parts+=( "part pv.01 --onpart=${DISK}${part}" ) + parts+=( "volgroup vg_main pv.01" ) + if [[ ${SETUP_SWAP,,} == "yes" ]]; then + parts+=( "logvol swap --fstype=swap --vgname=vg_main --size=4096 --name=lv_swap" ) + fi + parts+=( "logvol / --fstype=xfs --vgname=vg_main --size=4096 --name=lv_root --grow --mkfsoptions \"-i nrext64=0\"" ) +else + echo "Unsupported partitioning scheme" + exit 1 +fi + +for p in "${parts[@]}"; do + echo "$p" +done > /tmp/partitions-ks.cfg +%end + +# Disk partitioning +%include /tmp/partitions-ks.cfg + +# '--nocore' adds @core to the exclusion list, which generates issues when it +# is added in the package list... +%packages +# Removed from the "Mandatory" Core group packages: +-dnf-plugin-spacewalk +-iproute-tc +-irqbalance +-rhn-client-tools +-rhn-setup +-rhnlib +-rhnsd +-sssd-common +-sssd-kcm + +# Removed from the "Default" Core group packages: +-NetworkManager-tui +-lshw +-lsscsi +-microcode_ctl +-prefixdevname +-sg3_utils +-sg3_utils-libs + +# hwdata blacklists several modules, a.o. the fb (frame buffer) ones +hwdata + +# Create a generic image +dracut-config-generic +cloud-utils-growpart + +# Guest agent is missing when build in emulated tcg mode +qemu-guest-agent + +# Additional tweaks +-flashrom +-gawk-all-langpacks +grub2-tools-extra +-libcap-ng-python3 +zstd +%end + +# dracut-shutdown services can take a bit longer than the default 90 seconds +# If it doesn't finish, the system won't be able to reboot after install... +%pre --interpreter /bin/bash +mkdir -p /run/systemd/system/dracut-shutdown.service.d +cat > /run/systemd/system/dracut-shutdown.service.d/override.conf <<-EOF +[Service] +TimeoutStopSec=900 +EOF +systemctl daemon-reload +%end + +%post --interpreter /bin/bash --log=/root/ks-post.log +echo_header() { + echo ">>> Kickstart: $* <<<" +} +echo_message() { + echo "... Kickstart: $* ..." +} + +echo_header "Network fixes" +# ToDo: this might not be necessary +cat > /etc/sysconfig/network << EOF +NETWORKING=yes +NOZEROCONF=yes +EOF + +# generic localhost names +cat > /etc/hosts << EOF +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +EOF + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +EXCLUDE_DOCS="no" +echo_header "Exclude documentation: ${EXCLUDE_DOCS,,}" +if [[ "${EXCLUDE_DOCS,,}" = "yes" ]]; then + echo "tsflags=nodocs" >> /etc/dnf/dnf.conf +fi + +echo_header "Kernel configuration" +RESCUE_KERNEL=no +echo_message "Include Rescue Kernel: ${RESCUE_KERNEL,,}" +if [[ "${RESCUE_KERNEL,,}" = "no" ]]; then + dnf remove -y dracut-config-rescue + rm -f "/boot/{initramfs,vmlinuz}-0-rescue-$(cat /etc/machine-id)"* + rm -f "/boot/loader/entries/$(cat /etc/machine-id)-0-rescue.conf" +fi + +echo_message "Get latest release package (Needed for UEK)" +dnf upgrade -y oraclelinux-release-el10 + +# Install latest kernel, that way it will be available at first boot and +# allow proper cleanup +KERNEL=uek +UEK_RELEASE=8 +echo_message "Kernel selection: ${KERNEL,,}" + +echo_message "Running kernel: $(uname -r)" +echo_message "Kernel package(s) installed:" +rpm -qa | grep '^kernel' | sort + +kernel="kernel-core" +dnf_options=() +if [[ "${KERNEL,,}" = "uek" ]]; then + dnf_options+=("--disablerepo" "ol10_UEKR*" "--enablerepo" "ol10_UEKR${UEK_RELEASE}") + kernel="kernel-uek-core" +fi + +# Set default kernel +sed -i -e 's/^DEFAULTKERNEL=.*/DEFAULTKERNEL='"${kernel}"'/' /etc/sysconfig/kernel + +if rpm --quiet -q "${kernel}"; then + echo_message "Kernel ${kernel} already installed" + # dnf check-update doesn't work if the selected UEK release is not the + # latest one + installed_package=$(rpm -q "${kernel}") + installed_version="${installed_package#"${kernel}-"}" + latest_package=$(dnf repoquery "${dnf_options[@]}" --nvr --latest-limit 1 "${kernel}").$(uname -m) + echo_message " Installed: ${installed_package}" + echo_message " Wanted : ${latest_package}" + if [[ ${installed_package} != "${latest_package}" ]]; then + echo_message " Installing ${latest_package}" + dnf install -y "${dnf_options[@]}" "${latest_package}" + else + echo_message " Ensure default kernel is ${kernel}-${installed_version}" + grubby --set-default="/boot/vmlinuz-${installed_version}" + fi +else + echo_message "Installing ${kernel}" + dnf install -y "${dnf_options[@]}" ${kernel} +fi + +# Ensure we have the correct boot options +grub2-mkconfig -o /etc/grub2-efi.cfg --update-bls-cmdline + + +TMP_IN_TMPFS=no +echo_header "Use tmpfs for /tmp: ${TMP_IN_TMPFS,,}" +if [[ "${TMP_IN_TMPFS,,}" == "yes" ]]; then + systemctl enable tmp.mount +fi +%end + +%addon com_redhat_kdump --disable +%end diff --git a/oracle-linux-image-tools/distr/ol10-aarch64/provision.sh b/oracle-linux-image-tools/distr/ol10-aarch64/provision.sh new file mode 100644 index 0000000..e62921e --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-aarch64/provision.sh @@ -0,0 +1,191 @@ +#!/usr/bin/env bash +# +# Provisioning script for OL10 - aarch64 +# +# Copyright (c) 2025 Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# Description: provision an OL9 image. This module provides 3 functions, +# both are optional. +# distr::provision: provision the instance +# distr::cleanup: instance cleanup before shutdown +# distr::seal: final instance sealing +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. +# + +# Constants +readonly DRACUT_CMD="dracut --no-early-microcode --force" + +####################################### +# Invoke dnf to remove packages +# Globals: +# None +# Arguments: +# List of packages to be removed +# Returns: +# None +####################################### +distr::remove_rpms() { + # clean_requirements_on_remove is default with dnf + dnf -C -y remove "$@" +} + +####################################### +# Kernel configuration +# Assume that we already run the latest selected kernel +# (Asserted in the kickstart file) +# Globals: +# DRACUT_CMD, KERNEL +# Arguments: +# None +# Returns: +# None +####################################### +distr::kernel_config() { + local target_kernel + + # shellcheck disable=SC2153 + common::echo_message "Configure kernel: ${KERNEL^^}" + + # Note: there is no need to force drivers in intrd as dracut-config-generic + # is installed + + # Configure repos and remove old kernels + target_kernel=$(common::default_kernel) + common::echo_message "Target kernel: ${target_kernel}" + dnf config-manager --set-disabled ol10_UEKR\* || : + dnf config-manager --set-enabled "ol10_UEKR${UEK_RELEASE}" + common::remove_kernels kernel + common::remove_kernels kernel-uek "${target_kernel}" + + # Clean dnf cache which contains odd dependencies and prevents removal + # of kernel modules + rm -rf /var/cache/dnf/* + rm -rf /var/lib/dnf/* + if [[ ${KERNEL_MODULES,,} == "no" ]]; then + common::echo_message "Removing kernel modules and linux firmware" + dnf mark install kernel-uek-core + echo "exclude=kernel-uek-core" >> /etc/dnf/dnf.conf + distr::remove_rpms kernel-uek-modules linux-firmware + sed -i '/^exclude=/d' /etc/dnf/dnf.conf + else + common::echo_message "Ensure kernel modules are installed" + dnf install -y kernel-uek linux-firmware + fi + + # Regenerate initrd + ${DRACUT_CMD} -f "/boot/initramfs-${target_kernel}.img" "${target_kernel}" + + # Ensure grub is properly setup + grub2-mkconfig -o /etc/grub2-efi.cfg --update-bls-cmdline + grubby --set-default="/boot/vmlinuz-${target_kernel}" +} + +####################################### +# Common configuration +# Globals: +# BUILD_INFO, PERMIT_ROOT_LOGIN, SELINUX, UPDATE_TO_LATEST +# Arguments: +# None +# Returns: +# None +####################################### +distr::configure() { + local service + + # Directory to save build information + mkdir -p "${BUILD_INFO}" + + # Run dnf update if flag is set to yes in image build page + common::echo_message "Update image: ${UPDATE_TO_LATEST^^}" + if [[ "${UPDATE_TO_LATEST,,}" = "yes" ]]; then + dnf update -y + elif [[ "${UPDATE_TO_LATEST,,}" = "security" ]]; then + dnf update --security -y + fi + + common::echo_message "sshd root login policy: ${PERMIT_ROOT_LOGIN}" + cat > /etc/ssh/sshd_config.d/01-permitrootlogin.conf <<-EOF + # root login policy when using ssh. Remove this file to revert to default. + PermitRootLogin ${PERMIT_ROOT_LOGIN,,} + EOF + + # SSSD profile needs clients + if authselect current -r | grep -q '^sssd'; then + common::echo_message "Installing SSSD client" + dnf install -y sssd-client + fi + + # If you want to remove rsyslog and just use journald, remove this! + common::echo_message "Disabling persistent journal" + rm -rf /var/log/journal/ + + # setup systemd to boot to the right runlevel + common::echo_message "Setting default runlevel to multi-user text mode" + rm -f /etc/systemd/system/default.target + ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + + common::echo_message "Disable services" + # shellcheck disable=SC2043 + for service in \ + kdump.service + do + # Most of these aren't enabled, errors are expected... + common::echo_message " ${service}" + systemctl disable ${service} 2>&1 || true + done + + common::echo_message "Set rp_filter to loose mode" + echo "net.ipv4.conf.default.rp_filter = 2" >> /etc/sysctl.conf + + common::echo_message "Set SELinux to ${SELINUX^^}" + sed -i -e "s/^SELINUX[ ]*=.*/SELINUX=${SELINUX,,}/" /etc/selinux/config + if [[ ${SELINUX,,} != "enforcing" ]]; then + # Relax SELinux for the provisioning as well + setenforce Permissive + fi + + common::echo_message "Clear network persistent data" + rm -f /etc/udev/rules.d/70-persistent-net.rules + + common::echo_message "Configure dnf" + # bypass update kernel-uek-headers + echo "exclude=kernel-uek-headers" >> /etc/dnf/dnf.conf + # fix "Metadata file does not match checksum" for public-yum + # https://forums.oracle.com/thread/2550364 + echo "http_caching=none" >> /etc/dnf/dnf.conf + + common::echo_message "Remove unneeded RPMs" + distr::remove_rpms \ + polkit \ + polkit-pkla-compat +} + +####################################### +# Provisioning +# Globals: +# Arguments: +# None +# Returns: +# None +####################################### +distr::provision() { + common::ks_log + distr::kernel_config + distr::configure +} + +####################################### +# Cleanup +# Globals: +# None +# Arguments: +# None +# Returns: +# None +####################################### +distr::cleanup() { + common::distr_cleanup +} diff --git a/oracle-linux-image-tools/distr/ol10-slim/env.properties b/oracle-linux-image-tools/distr/ol10-slim/env.properties new file mode 100644 index 0000000..de33594 --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-slim/env.properties @@ -0,0 +1,78 @@ +# Default parameter for the distribution. +# Do NOT change anything in this file, customisation must be done in separate +# env file. + +# Distribution name +DISTR_NAME="OL10U0_x86_64" + +# Distribution release +readonly ORACLE_RELEASE=10 + +# Setup swap? +SETUP_SWAP="yes" + +# Root filesystem: xfs, lvm or btrfs +ROOT_FS="xfs" + +# Location of the kernel and initrd on the distribution image. +BOOT_LOCATION="images/pxeboot" + +# Boot mode +BOOT_MODE="bios" +# Boot command +# Variables MUST be escaped as they are evaluated at build time. +# Following variables are available: +# KS_FILE: name of the kickstart file which will be in the root directory +# ISO_LABEL: label of the ISO image +BOOT_COMMAND=( + 'inst.text' + 'inst.ks=file:/${KS_FILE}' + 'inst.geoloc=0' + 'inst.stage2=hd:LABEL=${ISO_LABEL}' + 'net.ifnames=0' +) +# Additional parameters to enable serial console +BOOT_COMMAND_SERIAL_CONSOLE=( + 'console=tty0' + 'console=ttyS0' + 'inst.notmux' +) + +# Kernel: uek, rhck +KERNEL="uek" + +# UEK release: 8 +UEK_RELEASE=8 + +# Keep rescue kernel: yes, no +# Keeping rescue kernel will increase the image size and is most probably +# not very useful in cloud environment. +# Note that if you enable rescue kernel and due the way BLS config works, you +# will have a second rescue kernel the first time kernel is upgrade as the +# machine-id differs between image build and deployed VM. +RESCUE_KERNEL="no" + +# Authselect: default is set to "minimal" which should cover most use cases. +# If an alternative auth profile is needed it can be specified with the +# AUTHSELECT parameter, e.g.: +# AUTHSELECT="select sssd" +AUTHSELECT="" + +# Update: yes, security, no +UPDATE_TO_LATEST="yes" + +# Keep kernel-modules packages: yes, no +# Core kernel should suffice for all cloud images +KERNEL_MODULES="no" + +# Exclude documentation (man pages, info files, doc files)? yes, no, minimal +# When "yes" is selected, dnf wil be configured to exclude all documentation +# ("tsflags=nodocs" parameter). +# If you plan to re-distribute the image, you might need to keep the +# "/usr/share/doc" directory which contains the packages license terms. +# The "minimal" option will remove man pages and info files, but will keep the +# "/usr/share/doc" directory. +EXCLUDE_DOCS="no" + +# Directory used to save build information +readonly BUILD_INFO="/.build-info" diff --git a/oracle-linux-image-tools/distr/ol10-slim/image-scripts.sh b/oracle-linux-image-tools/distr/ol10-slim/image-scripts.sh new file mode 100755 index 0000000..252f6a7 --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-slim/image-scripts.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash +# +# image scripts for OL10 +# +# Copyright (c) 2025 Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# Description: this module provides the following function: +# distr::validate: basic parameter validation +# distr::kickstart: hook for kickstart file updates +# All functions are optional +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. +# + +####################################### +# Validate distribution parameters +# Globals: +# KERNEL_MODULES, ROOT_FS, RESCUE_KERNEL, TMP_IN_TMPFS, EXCLUDE_DOCS +# Arguments: +# None +# Returns: +# None +####################################### +distr::validate() { + [[ "${ROOT_FS,,}" =~ ^((xfs)|(btrfs)|(lvm))$ ]] || common::error "ROOT_FS must be xfs, btrfs or lvm" + [[ "${ROOT_FS,,}" = "btrfs" ]] && common::echo_message "Note that for btrfs root filesystem you need to use an UEK boot ISO" + [[ "${TMP_IN_TMPFS,,}" =~ ^((yes)|(no))$ ]] || common::error "TMP_IN_TMPFS must be yes or no" + [[ "${UEK_RELEASE}" =~ ^(7|8)$ ]] || common::error "UEK_RELEASE must be 7 or 8" + [[ "${RESCUE_KERNEL,,}" =~ ^((yes)|(no))$ ]] || common::error "RESCUE_KERNEL must be yes or no" + [[ "${KERNEL_MODULES,,}" =~ ^((yes)|(no))$ ]] || common::error "KERNEL_MODULES must be yes or no" + [[ "${EXCLUDE_DOCS,,}" =~ ^((yes)|(no)|(minimal))$ ]] || common::error "EXCLUDE_DOCS must be yes, no or minimal" + readonly ROOT_FS TMP_IN_TMPFS RESCUE_KERNEL KERNEL_MODULES EXCLUDE_DOCS +} + +####################################### +# Kickstart fixup +# Globals: +# AUTHSELECT, KERNEL, RESCUE_KERNEL, ROOT_FS +# EXCLUDE_DOCS, TMP_IN_TMPFS +# Arguments: +# kickstart file name +# Returns: +# None +####################################### +distr::kickstart() { + local ks_file="$1" + + # Pass partitioning variables + sed -i -e 's!^BOOT_MODE=.*$!BOOT_MODE='"${BOOT_MODE}"'!' "${ks_file}" + sed -i -e 's!^ROOT_FS=.*$!ROOT_FS='"${ROOT_FS}"'!' "${ks_file}" + sed -i -e 's!^SETUP_SWAP=.*$!SETUP_SWAP='"${SETUP_SWAP}"'!' "${ks_file}" + + # Pass kernel and rescue kernel selections + sed -i -e 's!^KERNEL=.*$!KERNEL='"${KERNEL}"'!' "${ks_file}" + sed -i -e 's!^UEK_RELEASE=.*$!UEK_RELEASE='"${UEK_RELEASE}"'!' "${ks_file}" + sed -i -e 's!^RESCUE_KERNEL=.*$!RESCUE_KERNEL='"${RESCUE_KERNEL}"'!' "${ks_file}" + + # Override authselect if needed + if [[ -n ${AUTHSELECT} ]]; then + sed -i -e 's!^authselect .*$!authselect '"${AUTHSELECT}"'!' "${ks_file}" + fi + + # Docs + sed -i -e 's!^EXCLUDE_DOCS=.*$!EXCLUDE_DOCS='"${EXCLUDE_DOCS}"'!' "${ks_file}" + if [[ "${EXCLUDE_DOCS,,}" = "yes" ]]; then + sed -i -e 's!^%packages!%packages --excludedocs!' "${ks_file}" + fi + + # /tmp in tmpfs + sed -i -e "s!^TMP_IN_TMPFS=no!TMP_IN_TMPFS=${TMP_IN_TMPFS}!" "${ks_file}" +} diff --git a/oracle-linux-image-tools/distr/ol10-slim/ol10-ks.cfg b/oracle-linux-image-tools/distr/ol10-slim/ol10-ks.cfg new file mode 100644 index 0000000..29b55f8 --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-slim/ol10-ks.cfg @@ -0,0 +1,281 @@ +# OL10 kickstart file +# System authorization information +authselect select minimal with-faillock with-silent-lastlog with-pamaccess + +# Command line install +cmdline +text + +# Run the Setup Agent on first boot +eula --agreed +firstboot --disable + +# Only use the "system disk" +ignoredisk --only-use=sda + +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' + +# System language +lang en_US.UTF-8 + +# reboot at the end +reboot + +# System timezone +timezone UTC --utc + +# Network information +network --bootproto=dhcp --device=eth0 --onboot=yes --ipv6=auto --hostname=localhost.localdomain + +# URL to an installation tree on a remote server + +# Additional yum repositories that may be used as sources for package installation. + +# Root password -- will be overridden by the builder +rootpw --lock + +# System services +services --disabled="kdump,rhsmcertd" --enabled="firewalld,sshd,rsyslog,chronyd" +selinux --enforcing +firewall --service=ssh + +# System bootloader configuration +bootloader --append="console=tty0 no_timer_check net.ifnames=0 biosdevname=0 crashkernel=auto" --location=mbr --timeout=1 --boot-drive=sda + +%pre --erroronfail --interpreter /bin/bash +# Partitioning +# Use parted to create partitions and generate the ks "part" commands +DISK=sda +BOOT_MODE=bios +ROOT_FS=xfs +SETUP_SWAP=yes + +# Clear MBR and create a new GPT +dd if=/dev/zero of=/dev/${DISK} bs=512 count=1 +parted -s /dev/${DISK} mklabel gpt + +start=1 +part=0 +parts=() +if [[ ${BOOT_MODE,,} != "uefi" ]]; then + # Bios boot partition + end=$(( start + 1 )) + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart biosboot ${start}MiB ${end}MiB set ${part} bios_grub on + start=$end + parts+=( "part biosboot --fstype=biosboot --onpart=${DISK}${part}" ) +fi + +if [[ ${BOOT_MODE,,} != "bios" ]]; then + # EFI partition 200MiB + end=$(( start + 200 )) + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart '"EFI System Partition"' fat32 ${start}MiB ${end}MiB set ${part} esp on + start=$end + parts+=( "part /boot/efi --fstype=efi --onpart=${DISK}${part} --label efi" ) +fi + +# Boot partition 1GiB +end=$(( start + 1024 )) +(( part += 1 )) +parted -s -a optimal /dev/${DISK} mkpart boot xfs ${start}MiB ${end}MiB +start=$end +parts+=( "part /boot --fstype=xfs --onpart=${DISK}${part} --label boot --mkfsoptions \"-i nrext64=0\"" ) + +if [[ ${ROOT_FS,,} != "lvm" && ${SETUP_SWAP,,} == "yes" ]]; then + # Swap partition 4GiB + end=$(( start + 4096 )) + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart swap linux-swap ${start}MiB ${end}MiB + start=$end + parts+=( "part swap --fstype=swap --onpart=${DISK}${part} --label swap" ) +fi + +if [[ ${ROOT_FS,,} == "xfs" ]]; then + # XFS Root partition 100% + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart root xfs ${start}MiB 100% + parts+=( "part / --fstype=xfs --onpart=${DISK}${part} --label root --mkfsoptions \"-i nrext64=0\"" ) +elif [[ ${ROOT_FS,,} == "btrfs" ]]; then + # BTRFS partition 100% + # root & home sub-volumes + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart btrfs_vol btrfs ${start}MiB 100% + parts+=( "part btrfs.01 --fstype=btrfs --onpart=${DISK}${part}" ) + parts+=( "btrfs none --label=btrfs_vol --data=single btrfs.01" ) + parts+=( "btrfs / --subvol --name=root LABEL=btrfs_vol" ) + parts+=( "btrfs /home --subvol --name=home LABEL=btrfs_vol" ) +elif [[ ${ROOT_FS,,} == "lvm" ]]; then + # LVM partition 100% + # root & swap logical volumes + (( part += 1 )) + parted -s -a optimal /dev/${DISK} mkpart pv_vol ${start}MiB 100% + parts+=( "part pv.01 --onpart=${DISK}${part}" ) + parts+=( "volgroup vg_main pv.01" ) + if [[ ${SETUP_SWAP,,} == "yes" ]]; then + parts+=( "logvol swap --fstype=swap --vgname=vg_main --size=4096 --name=lv_swap" ) + fi + parts+=( "logvol / --fstype=xfs --vgname=vg_main --size=4096 --name=lv_root --grow --mkfsoptions \"-i nrext64=0\"" ) +else + echo "Unsupported partitioning scheme" + exit 1 +fi + +for p in "${parts[@]}"; do + echo "$p" +done > /tmp/partitions-ks.cfg +%end + +# Disk partitioning +%include /tmp/partitions-ks.cfg + +# '--nocore' adds @core to the exclusion list, which generates issues when it +# is added in the package list... +%packages +# Removed from the "Mandatory" Core group packages: +-dnf-plugin-spacewalk +-iproute-tc +-irqbalance +-rhn-client-tools +-rhn-setup +-rhnlib +-rhnsd +-sssd-common +-sssd-kcm + +# Removed from the "Default" Core group packages: +-NetworkManager-tui +-lshw +-lsscsi +-microcode_ctl +-prefixdevname +-sg3_utils +-sg3_utils-libs + +# hwdata blacklists several modules, a.o. the fb (frame buffer) ones +hwdata + +# Create a generic image +dracut-config-generic + +# Additional tweaks +-gawk-all-langpacks +grub2-tools-efi +grub2-tools-extra +-libcap-ng-python3 +zstd +%end + +%post --interpreter /bin/bash --log=/root/ks-post.log +echo_header() { + echo ">>> Kickstart: $* <<<" +} +echo_message() { + echo "... Kickstart: $* ..." +} + +echo_header "Network fixes" +# ToDo: this might not be necessary +cat > /etc/sysconfig/network << EOF +NETWORKING=yes +NOZEROCONF=yes +EOF + +# generic localhost names +cat > /etc/hosts << EOF +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +EOF + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +EXCLUDE_DOCS="no" +echo_header "Exclude documentation: ${EXCLUDE_DOCS,,}" +if [[ "${EXCLUDE_DOCS,,}" = "yes" ]]; then + echo "tsflags=nodocs" >> /etc/dnf/dnf.conf +fi + +echo_header "Kernel configuration" +RESCUE_KERNEL=no +echo_message "Include Rescue Kernel: ${RESCUE_KERNEL,,}" +if [[ "${RESCUE_KERNEL,,}" = "no" ]]; then + dnf remove -y dracut-config-rescue + rm -f "/boot/{initramfs,vmlinuz}-0-rescue-$(cat /etc/machine-id)"* + rm -f "/boot/loader/entries/$(cat /etc/machine-id)-0-rescue.conf" +fi + +BOOT_MODE=bios +echo_message "Boot Mode: ${BOOT_MODE,,}" +if [[ ${BOOT_MODE,,} = "hybrid" ]]; then + # In hybrid mode, configure grub for bios boot + dnf install -y grub2-pc grub2-pc-modules + grub2-install --target=i386-pc /dev/sda +fi + +echo_message "Ensure we don't reboot with the serial console enabled" +sed -i \ + -e 's/ console=ttyS0//' \ + -e 's/^GRUB_TERMINAL.*/GRUB_TERMINAL_OUTPUT="console"'/ \ + -e '/^GRUB_SERIAL_COMMAND/d' \ + /etc/default/grub +grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline + +echo_message "Get latest release package (Needed for UEK)" +dnf upgrade -y oraclelinux-release-el10 + +# Install latest kernel, that way it will be available at first boot and +# allow proper cleanup +KERNEL=uek +UEK_RELEASE=8 +echo_message "Kernel selection: ${KERNEL,,}" + +echo_message "Running kernel: $(uname -r)" +echo_message "Kernel package(s) installed:" +rpm -qa | grep '^kernel' | sort + +kernel="kernel-core" +dnf_options=() +if [[ "${KERNEL,,}" = "uek" ]]; then + dnf_options+=("--disablerepo" "ol10_UEKR*" "--enablerepo" "ol10_UEKR${UEK_RELEASE}") + kernel="kernel-uek-core" +fi + +# Set default kernel +sed -i -e 's/^DEFAULTKERNEL=.*/DEFAULTKERNEL='"${kernel}"'/' /etc/sysconfig/kernel + +if rpm --quiet -q "${kernel}"; then + echo_message "Kernel ${kernel} already installed" + # dnf check-update doesn't work if the selected UEK release is not the + # latest one + installed_package=$(rpm -q "${kernel}") + installed_version="${installed_package#"${kernel}-"}" + latest_package=$(dnf repoquery "${dnf_options[@]}" --nvr --latest-limit 1 "${kernel}").$(uname -m) + echo_message " Installed: ${installed_package}" + echo_message " Wanted : ${latest_package}" + if [[ ${installed_package} != "${latest_package}" ]]; then + echo_message " Installing ${latest_package}" + dnf install -y "${dnf_options[@]}" "${latest_package}" + else + echo_message " Ensure default kernel is ${kernel}-${installed_version}" + grubby --set-default="/boot/vmlinuz-${installed_version}" + fi +else + echo_message "Installing ${kernel}" + dnf install -y "${dnf_options[@]}" ${kernel} +fi + +# Ensure we have the correct boot options +grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline + +TMP_IN_TMPFS=no +echo_header "Use tmpfs for /tmp: ${TMP_IN_TMPFS,,}" +if [[ "${TMP_IN_TMPFS,,}" == "yes" ]]; then + systemctl enable tmp.mount +fi +%end + +%addon com_redhat_kdump --disable +%end diff --git a/oracle-linux-image-tools/distr/ol10-slim/provision.sh b/oracle-linux-image-tools/distr/ol10-slim/provision.sh new file mode 100644 index 0000000..fa10430 --- /dev/null +++ b/oracle-linux-image-tools/distr/ol10-slim/provision.sh @@ -0,0 +1,221 @@ +#!/usr/bin/env bash +# +# Provisioning script for OL10 +# +# Copyright (c) 2025 Oracle and/or its affiliates. +# Licensed under the Universal Permissive License v 1.0 as shown at +# https://oss.oracle.com/licenses/upl +# +# Description: provision an OL9 image. This module provides 3 functions, +# both are optional. +# distr::provision: provision the instance +# distr::cleanup: instance cleanup before shutdown +# +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. +# + +# Constants +readonly DRACUT_CMD="dracut --no-early-microcode --force" + +####################################### +# Invoke dnf to remove packages +# Globals: +# None +# Arguments: +# List of packages to be removed +# Returns: +# None +####################################### +distr::remove_rpms() { + # clean_requirements_on_remove is default with dnf + dnf -C -y remove "$@" +} + +####################################### +# Kernel configuration +# Assume that we already run the latest selected kernel +# (Asserted in the kickstart file) +# Globals: +# DRACUT_CMD, KERNEL +# Arguments: +# None +# Returns: +# None +####################################### +distr::kernel_config() { + local kernel target_kernel + + # shellcheck disable=SC2153 + common::echo_message "Configure kernel: ${KERNEL^^}" + + # Note: there is no need to force drivers in intrd as dracut-config-generic + # is installed + + # Configure repos and remove old kernels + target_kernel=$(common::default_kernel) + common::echo_message "Target kernel: ${target_kernel}" + if [[ "${KERNEL,,}" = "uek" ]]; then + kernel="kernel-uek" + dnf config-manager --set-disabled ol10_UEKR\* || : + dnf config-manager --set-enabled "ol10_UEKR${UEK_RELEASE}" + common::remove_kernels kernel + common::remove_kernels kernel-uek "${target_kernel}" + else + kernel="kernel" + common::remove_kernels kernel-uek + common::remove_kernels kernel "${target_kernel}" + fi + + # Clean dnf cache which contains odd dependencies and prevents removal + # of kernel modules + rm -rf /var/cache/dnf/* + rm -rf /var/lib/dnf/* + if [[ ${KERNEL_MODULES,,} == "no" ]]; then + common::echo_message "Removing kernel modules and linux firmware" + dnf mark install "${kernel}-core" + echo "exclude=${kernel}-core" >> /etc/dnf/dnf.conf + distr::remove_rpms "${kernel}-modules" linux-firmware + sed -i '/^exclude=/d' /etc/dnf/dnf.conf + else + common::echo_message "Ensure kernel modules are installed" + dnf install -y ${kernel} linux-firmware + fi + + # Regenerate initrd + ${DRACUT_CMD} -f "/boot/initramfs-${target_kernel}.img" "${target_kernel}" + + # Ensure grub is properly setup + grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline + grubby --set-default="/boot/vmlinuz-${target_kernel}" +} + +####################################### +# Common configuration +# Globals: +# BUILD_INFO, PERMIT_ROOT_LOGIN, SELINUX, UPDATE_TO_LATEST +# Arguments: +# None +# Returns: +# None +####################################### +distr::configure() { + local service tty + + # Directory to save build information + mkdir -p "${BUILD_INFO}" + + # Run dnf update if flag is set to yes in image build page + common::echo_message "Update image: ${UPDATE_TO_LATEST^^}" + if [[ "${UPDATE_TO_LATEST,,}" = "yes" ]]; then + dnf update -y + elif [[ "${UPDATE_TO_LATEST,,}" = "security" ]]; then + dnf update --security -y + fi + + common::echo_message "sshd root login policy: ${PERMIT_ROOT_LOGIN}" + cat > /etc/ssh/sshd_config.d/01-permitrootlogin.conf <<-EOF + # root login policy when using ssh. Remove this file to revert to default. + PermitRootLogin ${PERMIT_ROOT_LOGIN,,} + EOF + + # SSSD profile needs clients + if authselect current -r | grep -q '^sssd'; then + common::echo_message "Installing SSSD client" + dnf install -y sssd-client + fi + + # If you want to remove rsyslog and just use journald, remove this! + common::echo_message "Disabling persistent journal" + rm -rf /var/log/journal/ + + # setup systemd to boot to the right runlevel + common::echo_message "Setting default runlevel to multi-user text mode" + rm -f /etc/systemd/system/default.target + ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + + common::echo_message "Disable services" + # shellcheck disable=SC2043 + for service in \ + kdump.service + do + # Most of these aren't enabled, errors are expected... + common::echo_message " ${service}" + systemctl disable ${service} 2>&1 || true + done + + common::echo_message "Set rp_filter to loose mode" + echo "net.ipv4.conf.default.rp_filter = 2" >> /etc/sysctl.conf + + common::echo_message "Set SELinux to ${SELINUX^^}" + sed -i -e "s/^SELINUX[ ]*=.*/SELINUX=${SELINUX,,}/" /etc/selinux/config + if [[ ${SELINUX,,} != "enforcing" ]]; then + # Relax SELinux for the provisioning as well + setenforce Permissive + fi + + common::echo_message "Clear network persistent data" + rm -f /etc/udev/rules.d/70-persistent-net.rules + + common::echo_message "Configure dnf" + # bypass update kernel-uek-headers + echo "exclude=kernel-uek-headers" >> /etc/dnf/dnf.conf + # fix "Metadata file does not match checksum" for public-yum + # https://forums.oracle.com/thread/2550364 + echo "http_caching=none" >> /etc/dnf/dnf.conf + + common::echo_message "Enable login on serial console ports" + for tty in "hvc0" "ttyS0" "ttyS0" + do + grep -q "${tty}" /etc/securetty || echo "${tty}" >>/etc/securetty + done + + common::echo_message "Enable serial console: ${SERIAL_CONSOLE_RUNTIME^^}" + if [[ "${SERIAL_CONSOLE_RUNTIME,,}" = "yes" ]]; then + if ! grep "^GRUB_CMDLINE_LINUX.*console=ttyS0" /etc/default/grub; then + # Only update if not already configured + sed -i \ + -e 's/^\(GRUB_CMDLINE_LINUX=.*console=tty0\)/\1 console=ttyS0,115200n8/' \ + -e '/^GRUB_TERMINAL/d' \ + -e '/^GRUB_SERIAL_COMMAND/d' \ + /etc/default/grub + cat >> /etc/default/grub <<-EOF + GRUB_TERMINAL="serial console" + GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" + EOF + grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline + fi + systemctl enable serial-getty@ttyS0.service + fi + + common::echo_message "Remove unneeded RPMs" + distr::remove_rpms \ + polkit \ + polkit-pkla-compat +} + +####################################### +# Provisioning +# Globals: +# Arguments: +# None +# Returns: +# None +####################################### +distr::provision() { + common::ks_log + distr::kernel_config + distr::configure +} + +####################################### +# Cleanup +# Globals: +# None +# Arguments: +# None +# Returns: +# None +####################################### +distr::cleanup() { + common::distr_cleanup +}