Cleanup and update Ubuntu and Debian scripts
Some checks reported errors
continuous-integration/drone/push Build was killed

This commit is contained in:
Tyler 2023-06-04 03:20:35 -04:00
parent 8e70eabfb3
commit 64a5f39b75
10 changed files with 251 additions and 119 deletions

View File

@ -1,6 +1,7 @@
{
"builders": [
{
"accelerator": "kvm",
"boot_command": [
"<esc><wait>",
"install <wait>",
@ -87,9 +88,10 @@
"mirror_directory": "11.7.0/amd64/iso-cd",
"name": "debian-11",
"no_proxy": "{{env `no_proxy`}}",
"preseed_path": "debian-9/preseed.cfg",
"preseed_path": "preseed.cfg",
"qemu_display": "none",
"template": "debian-11-amd64",
"version": "TIMESTAMP"
"version": "TIMESTAMP",
"vnc_bind_address": "{{ env `vnc_address` }}"
}
}

View File

@ -1,47 +0,0 @@
choose-mirror-bin mirror/http/proxy string
d-i apt-setup/use_mirror boolean true
d-i base-installer/kernel/override-image string linux-server
d-i clock-setup/utc boolean true
d-i clock-setup/utc-auto boolean true
d-i finish-install/reboot_in_progress note
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i keymap select us
d-i mirror/country string manual
d-i mirror/http/directory string /debian
d-i mirror/http/hostname string httpredir.debian.org
d-i mirror/http/proxy string
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman-auto/method string lvm
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-lvm/device_remove_lvm boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm_write_new_label boolean true
d-i passwd/root-login boolean false
d-i passwd/root-password-again password debian
d-i passwd/root-password password debian
d-i passwd/user-fullname string debian
d-i passwd/user-uid string 1000
d-i passwd/user-password password debian
d-i passwd/user-password-again password debian
d-i passwd/username string debian
d-i pkgsel/include string sudo bzip2 acpid cryptsetup zlib1g-dev wget curl dkms fuse make nfs-common net-tools cifs-utils rsync
d-i pkgsel/install-language-support boolean false
d-i pkgsel/update-policy select none
d-i pkgsel/upgrade select full-upgrade
# Prevent packaged version of VirtualBox Guest Additions being installed:
d-i preseed/early_command string sed -i \
'/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \
/usr/lib/pre-pkgsel.d/20install-hwpackages
d-i time/zone string UTC
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
d-i preseed/late_command string sed -i '/^deb cdrom:/s/^/#/' /target/etc/apt/sources.list
apt-cdrom-setup apt-setup/cdrom/set-first boolean false
apt-mirror-setup apt-setup/use_mirror boolean true
popularity-contest popularity-contest/participate boolean false
tasksel tasksel/first multiselect standard, ssh-server

104
debian/http/preseed.cfg vendored Normal file
View File

@ -0,0 +1,104 @@
#_preseed_V1
# Automatic installation
d-i auto-install/enable boolean true
# Preseeding only locale sets language, country and locale.
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i debconf/frontend select noninteractive
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
d-i keymap select us
choose-mirror-bin mirror/http/proxy string
d-i apt-setup/use_mirror boolean true
d-i base-installer/kernel/override-image string linux-server
### Clock and time zone setup
d-i clock-setup/utc boolean true
d-i clock-setup/utc-auto boolean true
d-i time/zone string UTC
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true
# Set dev for grub boot
d-i grub-installer/bootdev string /dev/sda
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
d-i mirror/country string manual
d-i mirror/http/directory string /debian/
d-i mirror/http/hostname string httpredir.debian.org
d-i mirror/http/proxy string
# This makes partman automatically partition without confirmation.
d-i partman-efi/non_efi_system boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman-auto/method string lvm
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-lvm/device_remove_lvm boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm_write_new_label boolean true
### Account setup
d-i passwd/root-login boolean false
d-i passwd/user-fullname string vagrant
d-i passwd/user-uid string 1000
d-i passwd/user-password password vagrant
d-i passwd/user-password-again password vagrant
d-i passwd/username string vagrant
# The installer will warn about weak passwords. If you are sure you know
# what you're doing and want to override it, uncomment this.
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
### Package selection
tasksel tasksel/first multiselect standard, ssh-server
d-i pkgsel/include string openssh-server sudo bzip2 acpid cryptsetup zlib1g-dev wget curl dkms fuse make nfs-common net-tools cifs-utils rsync
d-i pkgsel/install-language-support boolean false
# Prevent packaged version of VirtualBox Guest Additions being installed:
d-i preseed/early_command string sed -i \
'/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \
/usr/lib/pre-pkgsel.d/20install-hwpackages
# Do not scan additional CDs
apt-cdrom-setup apt-setup/cdrom/set-first boolean false
# Use network mirror
apt-mirror-setup apt-setup/use_mirror boolean true
# disable automatic package updates
d-i pkgsel/update-policy select none
d-i pkgsel/upgrade select full-upgrade
# Disable polularity contest
popularity-contest popularity-contest/participate boolean false
# Select base install
tasksel tasksel/first multiselect standard, ssh-server
# Setup passwordless sudo for packer user
d-i preseed/late_command string \
echo "vagrant ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/vagrant && chmod 0440 /target/etc/sudoers.d/vagrant
# remove cdrom from apt sources
d-i preseed/late_command string sed -i '/^deb cdrom:/s/^/#/' /target/etc/apt/sources.list

View File

@ -1,15 +1,51 @@
#_preseed_V1
# Automatic installation
d-i auto-install/enable boolean true
# Preseeding only locale sets language, country and locale.
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i debconf/frontend select noninteractive
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
d-i keymap select us
choose-mirror-bin mirror/http/proxy string
d-i pkgsel/install-language-support boolean false
d-i apt-setup/use_mirror boolean true
d-i base-installer/kernel/override-image string linux-server
### Clock and time zone setup
d-i clock-setup/utc boolean true
d-i clock-setup/utc-auto boolean true
d-i time/zone string UTC
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true
# Set dev for grub boot
d-i grub-installer/bootdev string /dev/sda
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
d-i mirror/country string manual
d-i mirror/http/directory string /ubuntu/
d-i mirror/http/hostname string archive.ubuntu.com
d-i mirror/http/proxy string
# This makes partman automatically partition without confirmation.
d-i partman-efi/non_efi_system boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman-auto/method string lvm
@ -20,16 +56,35 @@ d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm_write_new_label boolean true
d-i passwd/user-fullname string vagrant
### Account setup
d-i passwd/root-login boolean false
d-i passwd/user-fullname string ubuntu
d-i passwd/user-uid string 1000
d-i passwd/user-password password vagrant
d-i passwd/user-password-again password vagrant
d-i passwd/username string vagrant
d-i pkgsel/include string openssh-server cryptsetup libssl-dev libreadline-dev zlib1g-dev linux-source dkms nfs-common linux-headers-$(uname -r) perl cifs-utils software-properties-common rsync ifupdown
d-i pkgsel/install-language-support boolean false
d-i pkgsel/update-policy select none
d-i pkgsel/upgrade select full-upgrade
d-i time/zone string UTC
d-i passwd/user-password password ubuntu
d-i passwd/user-password-again password ubuntu
d-i passwd/username string ubuntu
# The installer will warn about weak passwords. If you are sure you know
# what you're doing and want to override it, uncomment this.
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
### Package selection
tasksel tasksel/first multiselect standard, server
d-i pkgsel/include string openssh-server sudo cryptsetup libssl-dev libreadline-dev zlib1g-dev linux-source dkms nfs-common linux-headers-$(uname -r) perl cifs-utils software-properties-common rsync ifupdown
d-i pkgsel/install-language-support boolean false
# disable automatic package updates
d-i pkgsel/update-policy select none
d-i pkgsel/upgrade select full-upgrade
# Disable polularity contest
popularity-contest popularity-contest/participate boolean false
# Select base install
tasksel tasksel/first multiselect standard, ssh-server
# Setup passwordless sudo for packer user
d-i preseed/late_command string \
echo "ubuntu ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/ubuntu && chmod 0440 /target/etc/sudoers.d/ubuntu

View File

@ -5,13 +5,39 @@ autoinstall:
hostname: ubuntu-server
password: '$6$wdAcoXrU039hKYPd$508Qvbe7ObUnxoj15DRCkzC3qO7edjH0VV7BPNRDYK4QR8ofJaEEF2heacn0QgD.f8pO8SNp83XNdWG6tocBM1'
username: ubuntu
network:
network:
version: 2
ethernets:
eth0:
dhcp4: yes
early-commands:
# otherwise packer tries to connect and exceed max attempts:
- systemctl stop ssh
packages:
- ca-certificates
- cloud-guest-utils
- cloud-init
ssh:
install-server: true
allow-pw: yes
storage:
swap:
size: 0
config:
- { type: disk, id: disk-0, ptable: gpt, wipe: superblock-recursive, grub_device: true }
- { type: partition, id: partition-0, number: 1, device: disk-0, size: 1M, wipe: superblock, flag: bios_grub }
- { type: partition, id: partition-1, number: 2, device: disk-0, size: 4096M, wipe: superblock, flag: boot }
- { type: partition, id: partition-2, number: 3, device: disk-0, size: 8192M, wipe: superblock, flag: swap }
- { type: partition, id: partition-3, number: 4, device: disk-0, size: -1, wipe: superblock }
- { type: format, id: format-0, volume: partition-1, fstype: ext4 }
- { type: format, id: format-1, volume: partition-2, fstype: swap }
- { type: format, id: format-2, volume: partition-3, fstype: ext4 }
- { type: mount, id: mount-0, device: format-0, path: /boot }
- { type: mount, id: mount-1, device: format-1, path: none }
- { type: mount, id: mount-2, device: format-2, path: / }
late-commands:
- echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/ubuntu
- |
curtin in-target --target=/target -- /bin/bash -c ' \
sed -ie "s/^[#\s]*UseDNS.*$/UseDNS no/g" /etc/ssh/sshd_config; \
@ -22,10 +48,5 @@ autoinstall:
sed -ie "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0\"/g" /etc/default/grub; \
update-grub; \
update-initramfs -c -k all; \
apt-get -y purge snapd; \
systemctl disable apt-daily.service; \
systemctl disable apt-daily.timer; \
systemctl disable apt-daily-upgrade.service; \
systemctl disable apt-daily-upgrade.timer; \
exit 0 \
'

View File

@ -10,14 +10,14 @@ echo "remove specific Linux kernels, such as linux-image-3.11.0-15-generic but k
dpkg --list \
| awk '{ print $2 }' \
| grep 'linux-image-.*-generic' \
| grep -v `uname -r` \
| grep -v "$(uname -r)" \
| xargs apt-get -y purge;
echo "remove old kernel modules packages"
dpkg --list \
| awk '{ print $2 }' \
| grep 'linux-modules-.*-generic' \
| grep -v `uname -r` \
| grep -v "$(uname -r)" \
| xargs apt-get -y purge;
echo "remove linux-source package"
@ -42,22 +42,26 @@ echo "remove X11 libraries"
apt-get -y purge libx11-data xauth libxmuu1 libxcb1 libx11-6 libxext6;
echo "remove obsolete networking packages"
apt-get -y purge ppp pppconfig pppoeconf;
apt-get -y purge ppp pppconfig pppoeconf || true;
echo "remove packages we don't need"
apt-get -y purge popularity-contest command-not-found friendly-recovery bash-completion laptop-detect motd-news-config usbutils grub-legacy-ec2
# 22.04+ don't have this
echo "remove the fonts-ubuntu-font-family-console"
apt-get -y purge fonts-ubuntu-font-family-console || true;
# 21.04+ don't have this
echo "remove the installation-report"
apt-get -y purge popularity-contest installation-report || true;
echo "remove the console font"
apt-get -y purge fonts-ubuntu-console || true;
echo "removing command-not-found-data"
# 19.10+ don't have this package so fail gracefully
apt-get -y purge command-not-found-data || true;
echo "remove unnecessary packages via snap/apt"
snap remove lxd || true;
# Exclude the files we don't need w/o uninstalling linux-firmware
echo "Setup dpkg excludes for linux-firmware"
cat <<_EOF_ | cat >> /etc/dpkg/dpkg.cfg.d/excludes
@ -86,6 +90,10 @@ find /var/log -type f -exec truncate --size=0 {} \;
echo "blank netplan machine-id (DUID) so machines get unique ID generated on boot"
truncate -s 0 /etc/machine-id
if test -f /var/lib/dbus/machine-id
then
truncate -s 0 /var/lib/dbus/machine-id # if not symlinked to "/etc/machine-id"
fi
echo "remove the contents of /tmp and /var/tmp"
rm -rf /tmp/* /var/tmp/*
@ -95,4 +103,4 @@ rm -f /var/lib/systemd/random-seed
echo "clear the history so our install isn't there"
rm -f /root/.wget-hsts
export HISTSIZE=0
export HISTSIZE=0

View File

@ -1,23 +0,0 @@
#!/bin/sh -eux
ubuntu_version="`lsb_release -r | awk '{print $2}'`";
major_version="`echo $ubuntu_version | awk -F. '{print $1}'`";
if [ "$major_version" -ge "18" ]; then
echo "Create netplan config for eth0"
cat <<EOF >/etc/netplan/01-netcfg.yaml;
network:
version: 2
ethernets:
eth0:
dhcp4: true
EOF
else
# Adding a 2 sec delay to the interface up, to make the dhclient happy
echo "pre-up sleep 2" >> /etc/network/interfaces;
fi
# Disable Predictable Network Interface names and use eth0
[ -e /etc/network/interfaces ] && sed -i 's/en[[:alnum:]]*/eth0/g' /etc/network/interfaces;
sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 \1"/g' /etc/default/grub;
update-grub;

View File

@ -32,4 +32,4 @@ apt-get -y update;
echo "upgrade all installed packages incl. kernel and kernel headers"
apt-get -y dist-upgrade -o Dpkg::Options::="--force-confnew";
reboot
reboot

View File

@ -1,26 +1,40 @@
{
"builders": [
{
"accelerator": "kvm",
"boot_command": [
" <wait>",
" <wait>",
" <wait>",
" <wait>",
" <wait>",
"<esc><wait>",
"<f6><wait>",
"<esc><wait>",
"<bs><bs><bs><bs><wait>",
" autoinstall<wait5>",
" ds=nocloud-net<wait5>",
";s=http://<wait5>{{.HTTPIP}}<wait5>:{{.HTTPPort}}/<wait5>",
" --- <wait5>",
"<enter><wait5>"
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<esc><wait><f6><wait><esc><wait>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
"/casper/vmlinuz <wait5>",
"initrd=/casper/initrd <wait5>",
"autoinstall quiet fsck.mode=skip <wait5>",
"net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0 <wait5>",
"ds=nocloud-net;s=http://{{.HTTPIP}}:{{.HTTPPort}}/ <wait5>",
"---<enter>"
],
"boot_wait": "1s",
"cpus": "{{ user `cpus` }}",
"disk_size": "{{user `disk_size`}}",
"headless": "{{ user `headless` }}",
"headless": true,
"http_directory": "{{user `http_directory`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"iso_url": "{{user `mirror`}}/{{user `mirror_directory`}}/{{user `iso_name`}}",
@ -58,9 +72,8 @@
"execute_command": "echo 'ubuntu' | {{.Vars}} sudo -S -E sh -eux '{{.Path}}'",
"expect_disconnect": true,
"scripts": [
"{{template_dir}}/scripts/update.sh",
"{{template_dir}}/scripts/networking.sh",
"{{template_dir}}/scripts/cleanup.sh",
"{{template_dir}}/scripts/update.sh",
"{{template_dir}}/../common/minimize.sh"
],
"type": "shell"
@ -73,7 +86,6 @@
"cpus": "2",
"disk_size": "65536",
"guest_additions_url": "",
"headless": "",
"http_directory": "{{template_dir}}/http",
"http_proxy": "{{env `http_proxy`}}",
"https_proxy": "{{env `https_proxy`}}",
@ -88,6 +100,6 @@
"qemu_display": "none",
"template": "ubuntu-20.04-amd64.img",
"version": "TIMESTAMP",
"vnc_bind_address": "127.0.0.1"
"vnc_bind_address": "{{ env `vnc_address` }}"
}
}

View File

@ -1,6 +1,7 @@
{
"builders": [
{
"accelerator": "kvm",
"boot_command": [
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
"<tab><tab><tab><tab><tab><tab><tab><tab><tab><tab><wait>",
@ -25,7 +26,7 @@
"boot_wait": "1s",
"cpus": "{{ user `cpus` }}",
"disk_size": "{{user `disk_size`}}",
"headless": "{{ user `headless` }}",
"headless": true,
"http_directory": "{{user `http_directory`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"iso_url": "{{user `mirror`}}/{{user `mirror_directory`}}/{{user `iso_name`}}",
@ -47,6 +48,7 @@
]
}
],
],
"post-processors": [
{
"type": "compress",
@ -64,9 +66,8 @@
"execute_command": "echo 'ubuntu' | {{.Vars}} sudo -S -E sh -eux '{{.Path}}'",
"expect_disconnect": true,
"scripts": [
"{{template_dir}}/scripts/update.sh",
"{{template_dir}}/scripts/networking.sh",
"{{template_dir}}/scripts/cleanup.sh",
"{{template_dir}}/scripts/update.sh",
"{{template_dir}}/../common/minimize.sh"
],
"type": "shell"
@ -79,7 +80,6 @@
"cpus": "2",
"disk_size": "65536",
"guest_additions_url": "",
"headless": "",
"http_directory": "{{template_dir}}/http",
"http_proxy": "{{env `http_proxy`}}",
"https_proxy": "{{env `https_proxy`}}",
@ -94,6 +94,6 @@
"qemu_display": "none",
"template": "ubuntu-22.04-amd64.img",
"version": "TIMESTAMP",
"vnc_bind_address": "127.0.0.1"
"vnc_bind_address": "{{ env `vnc_address` }}"
}
}