From 14a1d3f2ea7b17eb06a35d56b93d457d0a9e1013 Mon Sep 17 00:00:00 2001 From: Tyler Date: Sun, 6 Mar 2022 15:30:05 -0500 Subject: [PATCH] first commit --- common/minimize.sh | 36 +++++++++++++ ubuntu/http/meta-data | 0 ubuntu/http/preseed.cfg | 35 ++++++++++++ ubuntu/http/user-data | 13 +++++ ubuntu/scripts/cleanup.sh | 98 ++++++++++++++++++++++++++++++++++ ubuntu/scripts/hyperv.sh | 13 +++++ ubuntu/scripts/networking.sh | 23 ++++++++ ubuntu/scripts/update.sh | 35 ++++++++++++ ubuntu/scripts/vmware.sh | 11 ++++ ubuntu/ubuntu-20.04-amd64.json | 85 +++++++++++++++++++++++++++++ 10 files changed, 349 insertions(+) create mode 100644 common/minimize.sh create mode 100644 ubuntu/http/meta-data create mode 100644 ubuntu/http/preseed.cfg create mode 100644 ubuntu/http/user-data create mode 100644 ubuntu/scripts/cleanup.sh create mode 100644 ubuntu/scripts/hyperv.sh create mode 100644 ubuntu/scripts/networking.sh create mode 100644 ubuntu/scripts/update.sh create mode 100644 ubuntu/scripts/vmware.sh create mode 100644 ubuntu/ubuntu-20.04-amd64.json diff --git a/common/minimize.sh b/common/minimize.sh new file mode 100644 index 0000000..4fbe43c --- /dev/null +++ b/common/minimize.sh @@ -0,0 +1,36 @@ +#!/bin/sh -eux + +case "$PACKER_BUILDER_TYPE" in + qemu) exit 0 ;; +esac + +# Whiteout root +count=$(df --sync -kP / | tail -n1 | awk -F ' ' '{print $4}') +count=$(($count-1)) +dd if=/dev/zero of=/tmp/whitespace bs=1M count=$count || echo "dd exit code $? is suppressed"; +rm /tmp/whitespace + +# Whiteout /boot +count=$(df --sync -kP /boot | tail -n1 | awk -F ' ' '{print $4}') +count=$(($count-1)) +dd if=/dev/zero of=/boot/whitespace bs=1M count=$count || echo "dd exit code $? is suppressed"; +rm /boot/whitespace + +set +e +swapuuid="`/sbin/blkid -o value -l -s UUID -t TYPE=swap`"; +case "$?" in + 2|0) ;; + *) exit 1 ;; +esac +set -e + +if [ "x${swapuuid}" != "x" ]; then + # Whiteout the swap partition to reduce box size + # Swap is disabled till reboot + swappart="`readlink -f /dev/disk/by-uuid/$swapuuid`"; + /sbin/swapoff "$swappart" || true; + dd if=/dev/zero of="$swappart" bs=1M || echo "dd exit code $? is suppressed"; + /sbin/mkswap -U "$swapuuid" "$swappart"; +fi + +sync; diff --git a/ubuntu/http/meta-data b/ubuntu/http/meta-data new file mode 100644 index 0000000..e69de29 diff --git a/ubuntu/http/preseed.cfg b/ubuntu/http/preseed.cfg new file mode 100644 index 0000000..1868c6f --- /dev/null +++ b/ubuntu/http/preseed.cfg @@ -0,0 +1,35 @@ +choose-mirror-bin mirror/http/proxy string +d-i pkgsel/install-language-support boolean false +d-i base-installer/kernel/override-image string linux-server +d-i clock-setup/utc boolean true +d-i clock-setup/utc-auto boolean true +d-i finish-install/reboot_in_progress note +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i mirror/country string manual +d-i mirror/http/directory string /ubuntu/ +d-i mirror/http/hostname string archive.ubuntu.com +d-i mirror/http/proxy string +d-i partman-auto-lvm/guided_size string max +d-i partman-auto/choose_recipe select atomic +d-i partman-auto/method string lvm +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman-lvm/device_remove_lvm boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman/confirm_write_new_label boolean true +d-i passwd/user-fullname string vagrant +d-i passwd/user-uid string 1000 +d-i passwd/user-password password vagrant +d-i passwd/user-password-again password vagrant +d-i passwd/username string vagrant +d-i pkgsel/include string openssh-server cryptsetup libssl-dev libreadline-dev zlib1g-dev linux-source dkms nfs-common linux-headers-$(uname -r) perl cifs-utils software-properties-common rsync ifupdown +d-i pkgsel/install-language-support boolean false +d-i pkgsel/update-policy select none +d-i pkgsel/upgrade select full-upgrade +d-i time/zone string UTC +d-i user-setup/allow-password-weak boolean true +d-i user-setup/encrypt-home boolean false +tasksel tasksel/first multiselect standard, server diff --git a/ubuntu/http/user-data b/ubuntu/http/user-data new file mode 100644 index 0000000..10c81fb --- /dev/null +++ b/ubuntu/http/user-data @@ -0,0 +1,13 @@ +#cloud-config +autoinstall: + version: 1 + identity: + hostname: ubuntu-server + password: '$6$wdAcoXrU039hKYPd$508Qvbe7ObUnxoj15DRCkzC3qO7edjH0VV7BPNRDYK4QR8ofJaEEF2heacn0QgD.f8pO8SNp83XNdWG6tocBM1' + username: ubuntu + early-commands: + # otherwise packer tries to connect and exceed max attempts: + - systemctl stop ssh + ssh: + install-server: true + allow-pw: yes diff --git a/ubuntu/scripts/cleanup.sh b/ubuntu/scripts/cleanup.sh new file mode 100644 index 0000000..035619c --- /dev/null +++ b/ubuntu/scripts/cleanup.sh @@ -0,0 +1,98 @@ +#!/bin/sh -eux + +echo "remove linux-headers" +dpkg --list \ + | awk '{ print $2 }' \ + | grep 'linux-headers' \ + | xargs apt-get -y purge; + +echo "remove specific Linux kernels, such as linux-image-3.11.0-15-generic but keeps the current kernel and does not touch the virtual packages" +dpkg --list \ + | awk '{ print $2 }' \ + | grep 'linux-image-.*-generic' \ + | grep -v `uname -r` \ + | xargs apt-get -y purge; + +echo "remove old kernel modules packages" +dpkg --list \ + | awk '{ print $2 }' \ + | grep 'linux-modules-.*-generic' \ + | grep -v `uname -r` \ + | xargs apt-get -y purge; + +echo "remove linux-source package" +dpkg --list \ + | awk '{ print $2 }' \ + | grep linux-source \ + | xargs apt-get -y purge; + +echo "remove all development packages" +dpkg --list \ + | awk '{ print $2 }' \ + | grep -- '-dev\(:[a-z0-9]\+\)\?$' \ + | xargs apt-get -y purge; + +echo "remove docs packages" +dpkg --list \ + | awk '{ print $2 }' \ + | grep -- '-doc$' \ + | xargs apt-get -y purge; + +echo "remove X11 libraries" +apt-get -y purge libx11-data xauth libxmuu1 libxcb1 libx11-6 libxext6; + +echo "remove obsolete networking packages" +apt-get -y purge ppp pppconfig pppoeconf; + +echo "remove packages we don't need" +apt-get -y purge popularity-contest command-not-found friendly-recovery bash-completion fonts-ubuntu-font-family-console laptop-detect motd-news-config usbutils grub-legacy-ec2 + +# 21.04+ don't have this +echo "remove the installation-report" +apt-get -y purge popularity-contest installation-report || true; + +echo "remove the console font" +apt-get -y purge fonts-ubuntu-console || true; + +echo "removing command-not-found-data" +# 19.10+ don't have this package so fail gracefully +apt-get -y purge command-not-found-data || true; + +# Exclude the files we don't need w/o uninstalling linux-firmware +echo "Setup dpkg excludes for linux-firmware" +cat <<_EOF_ | cat >> /etc/dpkg/dpkg.cfg.d/excludes +#BENTO-BEGIN +path-exclude=/lib/firmware/* +path-exclude=/usr/share/doc/linux-firmware/* +#BENTO-END +_EOF_ + +echo "delete the massive firmware files" +rm -rf /lib/firmware/* +rm -rf /usr/share/doc/linux-firmware/* + +echo "autoremoving packages and cleaning apt data" +apt-get -y autoremove; +apt-get -y clean; + +echo "remove /usr/share/doc/" +rm -rf /usr/share/doc/* + +echo "remove /var/cache" +find /var/cache -type f -exec rm -rf {} \; + +echo "truncate any logs that have built up during the install" +find /var/log -type f -exec truncate --size=0 {} \; + +echo "blank netplan machine-id (DUID) so machines get unique ID generated on boot" +truncate -s 0 /etc/machine-id + +echo "remove the contents of /tmp and /var/tmp" +rm -rf /tmp/* /var/tmp/* + +echo "force a new random seed to be generated" +rm -f /var/lib/systemd/random-seed + +echo "clear the history so our install isn't there" +rm -f /root/.wget-hsts +export HISTSIZE=0 diff --git a/ubuntu/scripts/hyperv.sh b/ubuntu/scripts/hyperv.sh new file mode 100644 index 0000000..4543244 --- /dev/null +++ b/ubuntu/scripts/hyperv.sh @@ -0,0 +1,13 @@ +#!/bin/sh -eux +ubuntu_version="`lsb_release -r | awk '{print $2}'`"; +major_version="`echo $ubuntu_version | awk -F. '{print $1}'`"; + +case "$PACKER_BUILDER_TYPE" in +hyperv-iso) + echo "installing packaging for hyper-v" + if [ "$major_version" -eq "16" ]; then + apt-get install -y linux-tools-virtual-lts-xenial linux-cloud-tools-virtual-lts-xenial; + else + apt-get -y install linux-image-virtual linux-tools-virtual linux-cloud-tools-virtual; + fi +esac diff --git a/ubuntu/scripts/networking.sh b/ubuntu/scripts/networking.sh new file mode 100644 index 0000000..f852d67 --- /dev/null +++ b/ubuntu/scripts/networking.sh @@ -0,0 +1,23 @@ +#!/bin/sh -eux + +ubuntu_version="`lsb_release -r | awk '{print $2}'`"; +major_version="`echo $ubuntu_version | awk -F. '{print $1}'`"; + +if [ "$major_version" -ge "18" ]; then +echo "Create netplan config for eth0" +cat </etc/netplan/01-netcfg.yaml; +network: + version: 2 + ethernets: + eth0: + dhcp4: true +EOF +else + # Adding a 2 sec delay to the interface up, to make the dhclient happy + echo "pre-up sleep 2" >> /etc/network/interfaces; +fi + +# Disable Predictable Network Interface names and use eth0 +[ -e /etc/network/interfaces ] && sed -i 's/en[[:alnum:]]*/eth0/g' /etc/network/interfaces; +sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 \1"/g' /etc/default/grub; +update-grub; diff --git a/ubuntu/scripts/update.sh b/ubuntu/scripts/update.sh new file mode 100644 index 0000000..79ca01b --- /dev/null +++ b/ubuntu/scripts/update.sh @@ -0,0 +1,35 @@ +#!/bin/sh -eux +export DEBIAN_FRONTEND=noninteractive + +echo "disable release-upgrades" +sed -i.bak 's/^Prompt=.*$/Prompt=never/' /etc/update-manager/release-upgrades; + +echo "disable systemd apt timers/services" +systemctl stop apt-daily.timer; +systemctl stop apt-daily-upgrade.timer; +systemctl disable apt-daily.timer; +systemctl disable apt-daily-upgrade.timer; +systemctl mask apt-daily.service; +systemctl mask apt-daily-upgrade.service; +systemctl daemon-reload; + +# Disable periodic activities of apt to be safe +cat </etc/apt/apt.conf.d/10periodic; +APT::Periodic::Enable "0"; +APT::Periodic::Update-Package-Lists "0"; +APT::Periodic::Download-Upgradeable-Packages "0"; +APT::Periodic::AutocleanInterval "0"; +APT::Periodic::Unattended-Upgrade "0"; +EOF + +echo "remove the unattended-upgrades and ubuntu-release-upgrader-core packages" +rm -rf /var/log/unattended-upgrades; +apt-get -y purge unattended-upgrades ubuntu-release-upgrader-core; + +echo "update the package list" +apt-get -y update; + +echo "upgrade all installed packages incl. kernel and kernel headers" +apt-get -y dist-upgrade -o Dpkg::Options::="--force-confnew"; + +reboot diff --git a/ubuntu/scripts/vmware.sh b/ubuntu/scripts/vmware.sh new file mode 100644 index 0000000..1409a8b --- /dev/null +++ b/ubuntu/scripts/vmware.sh @@ -0,0 +1,11 @@ +#!/bin/sh -eux + +case "$PACKER_BUILDER_TYPE" in +vmware-iso|vmware-vmx) + echo "install open-vm-tools" + apt-get install -y open-vm-tools; + mkdir /mnt/hgfs; + systemctl enable open-vm-tools + systemctl start open-vm-tools + echo "platform specific vmware.sh executed"; +esac diff --git a/ubuntu/ubuntu-20.04-amd64.json b/ubuntu/ubuntu-20.04-amd64.json new file mode 100644 index 0000000..afbbe8f --- /dev/null +++ b/ubuntu/ubuntu-20.04-amd64.json @@ -0,0 +1,85 @@ +{ + "builders": [ + { + "boot_command": [ + " ", + " ", + " ", + " ", + " ", + "", + "", + "", + "", + " autoinstall", + " ds=nocloud-net", + ";s=http://{{.HTTPIP}}:{{.HTTPPort}}/", + " --- ", + "" + ], + "boot_wait": "1s", + "cpus": "{{ user `cpus` }}", + "disk_size": "{{user `disk_size`}}", + "headless": "{{ user `headless` }}", + "http_directory": "{{user `http_directory`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "iso_url": "{{user `mirror`}}/{{user `mirror_directory`}}/{{user `iso_name`}}", + "memory": "{{ user `memory` }}", + "output_directory": "{{ user `build_directory` }}/packer-{{user `template`}}-qemu", + "shutdown_command": "echo 'ubuntu' | sudo -S shutdown -P now", + "ssh_password": "ubuntu", + "ssh_port": 22, + "ssh_timeout": "10000s", + "ssh_username": "ubuntu", + "type": "qemu", + "vm_name": "{{ user `template` }}", + "vnc_bind_address": "0.0.0.0", + "qemuargs": [ + [ "-m", "{{ user `memory` }}" ], + [ "-display", "{{ user `qemu_display` }}" ] + ] + } + ], + "provisioners": [ + { + "environment_vars": [ + "HOME_DIR=/home/ubuntu", + "http_proxy={{user `http_proxy`}}", + "https_proxy={{user `https_proxy`}}", + "no_proxy={{user `no_proxy`}}" + ], + "execute_command": "echo 'ubuntu' | {{.Vars}} sudo -S -E sh -eux '{{.Path}}'", + "expect_disconnect": true, + "scripts": [ + "{{template_dir}}/scripts/update.sh", + "{{template_dir}}/scripts/networking.sh", + "{{template_dir}}/scripts/cleanup.sh", + "{{template_dir}}/../common/minimize.sh" + ], + "type": "shell" + } + ], + "variables": { + "box_basename": "ubuntu-20.04", + "build_directory": "../builds", + "build_timestamp": "{{isotime \"20060102150405\"}}", + "cpus": "2", + "disk_size": "65536", + "guest_additions_url": "", + "headless": "", + "http_directory": "{{template_dir}}/http", + "http_proxy": "{{env `http_proxy`}}", + "https_proxy": "{{env `https_proxy`}}", + "iso_checksum": "28ccdb56450e643bad03bb7bcf7507ce3d8d90e8bf09e38f6bd9ac298a98eaad", + "iso_name": "ubuntu-20.04.4-live-server-amd64.iso", + "memory": "1024", + "mirror": "http://releases.ubuntu.com", + "mirror_directory": "focal", + "name": "ubuntu-20.04-amd64", + "no_proxy": "{{env `no_proxy`}}", + "preseed_path": "preseed.cfg", + "qemu_display": "none", + "template": "ubuntu-20.04-amd64", + "version": "TIMESTAMP" + } +}