From 64a5f39b75952287da8d7882a78ff2153b898369 Mon Sep 17 00:00:00 2001 From: Tyler Date: Sun, 4 Jun 2023 03:20:35 -0400 Subject: [PATCH] Cleanup and update Ubuntu and Debian scripts --- debian/debian-11-amd64.json | 6 +- debian/http/debian-9/preseed.cfg | 47 -------------- debian/http/preseed.cfg | 104 +++++++++++++++++++++++++++++++ ubuntu/http/preseed.cfg | 75 +++++++++++++++++++--- ubuntu/http/user-data | 31 +++++++-- ubuntu/scripts/cleanup.sh | 22 ++++--- ubuntu/scripts/networking.sh | 23 ------- ubuntu/scripts/update.sh | 2 +- ubuntu/ubuntu-20.04-amd64.json | 50 +++++++++------ ubuntu/ubuntu-22.04-amd64.json | 10 +-- 10 files changed, 251 insertions(+), 119 deletions(-) delete mode 100644 debian/http/debian-9/preseed.cfg create mode 100644 debian/http/preseed.cfg delete mode 100644 ubuntu/scripts/networking.sh diff --git a/debian/debian-11-amd64.json b/debian/debian-11-amd64.json index 580f126..09f2972 100644 --- a/debian/debian-11-amd64.json +++ b/debian/debian-11-amd64.json @@ -1,6 +1,7 @@ { "builders": [ { + "accelerator": "kvm", "boot_command": [ "", "install ", @@ -87,9 +88,10 @@ "mirror_directory": "11.7.0/amd64/iso-cd", "name": "debian-11", "no_proxy": "{{env `no_proxy`}}", - "preseed_path": "debian-9/preseed.cfg", + "preseed_path": "preseed.cfg", "qemu_display": "none", "template": "debian-11-amd64", - "version": "TIMESTAMP" + "version": "TIMESTAMP", + "vnc_bind_address": "{{ env `vnc_address` }}" } } diff --git a/debian/http/debian-9/preseed.cfg b/debian/http/debian-9/preseed.cfg deleted file mode 100644 index 34eb977..0000000 --- a/debian/http/debian-9/preseed.cfg +++ /dev/null @@ -1,47 +0,0 @@ -choose-mirror-bin mirror/http/proxy string -d-i apt-setup/use_mirror boolean true -d-i base-installer/kernel/override-image string linux-server -d-i clock-setup/utc boolean true -d-i clock-setup/utc-auto boolean true -d-i finish-install/reboot_in_progress note -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean true -d-i keymap select us -d-i mirror/country string manual -d-i mirror/http/directory string /debian -d-i mirror/http/hostname string httpredir.debian.org -d-i mirror/http/proxy string -d-i partman-auto-lvm/guided_size string max -d-i partman-auto/choose_recipe select atomic -d-i partman-auto/method string lvm -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true -d-i partman-lvm/device_remove_lvm boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true -d-i partman/confirm_write_new_label boolean true -d-i passwd/root-login boolean false -d-i passwd/root-password-again password debian -d-i passwd/root-password password debian -d-i passwd/user-fullname string debian -d-i passwd/user-uid string 1000 -d-i passwd/user-password password debian -d-i passwd/user-password-again password debian -d-i passwd/username string debian -d-i pkgsel/include string sudo bzip2 acpid cryptsetup zlib1g-dev wget curl dkms fuse make nfs-common net-tools cifs-utils rsync -d-i pkgsel/install-language-support boolean false -d-i pkgsel/update-policy select none -d-i pkgsel/upgrade select full-upgrade -# Prevent packaged version of VirtualBox Guest Additions being installed: -d-i preseed/early_command string sed -i \ - '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \ - /usr/lib/pre-pkgsel.d/20install-hwpackages -d-i time/zone string UTC -d-i user-setup/allow-password-weak boolean true -d-i user-setup/encrypt-home boolean false -d-i preseed/late_command string sed -i '/^deb cdrom:/s/^/#/' /target/etc/apt/sources.list -apt-cdrom-setup apt-setup/cdrom/set-first boolean false -apt-mirror-setup apt-setup/use_mirror boolean true -popularity-contest popularity-contest/participate boolean false -tasksel tasksel/first multiselect standard, ssh-server diff --git a/debian/http/preseed.cfg b/debian/http/preseed.cfg new file mode 100644 index 0000000..aa211f7 --- /dev/null +++ b/debian/http/preseed.cfg @@ -0,0 +1,104 @@ +#_preseed_V1 +# Automatic installation +d-i auto-install/enable boolean true + +# Preseeding only locale sets language, country and locale. +d-i debian-installer/language string en +d-i debian-installer/country string US +d-i debian-installer/locale string en_US.UTF-8 + +d-i console-setup/ask_detect boolean false +d-i debconf/frontend select noninteractive + +# Keyboard selection. +d-i keyboard-configuration/xkb-keymap select us +d-i keymap select us + +choose-mirror-bin mirror/http/proxy string +d-i apt-setup/use_mirror boolean true +d-i base-installer/kernel/override-image string linux-server + +### Clock and time zone setup +d-i clock-setup/utc boolean true +d-i clock-setup/utc-auto boolean true +d-i time/zone string UTC + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR if it also finds some other +# OS, which is less safe as it might not be able to boot that other OS. +d-i grub-installer/with_other_os boolean true + +# Set dev for grub boot +d-i grub-installer/bootdev string /dev/sda + +### Mirror settings +# If you select ftp, the mirror/country string does not need to be set. +d-i mirror/country string manual +d-i mirror/http/directory string /debian/ +d-i mirror/http/hostname string httpredir.debian.org +d-i mirror/http/proxy string + +# This makes partman automatically partition without confirmation. +d-i partman-efi/non_efi_system boolean true +d-i partman-auto-lvm/guided_size string max +d-i partman-auto/choose_recipe select atomic +d-i partman-auto/method string lvm +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman-lvm/device_remove_lvm boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman/confirm_write_new_label boolean true + +### Account setup +d-i passwd/root-login boolean false +d-i passwd/user-fullname string vagrant +d-i passwd/user-uid string 1000 +d-i passwd/user-password password vagrant +d-i passwd/user-password-again password vagrant +d-i passwd/username string vagrant + +# The installer will warn about weak passwords. If you are sure you know +# what you're doing and want to override it, uncomment this. +d-i user-setup/allow-password-weak boolean true +d-i user-setup/encrypt-home boolean false + +### Package selection +tasksel tasksel/first multiselect standard, ssh-server +d-i pkgsel/include string openssh-server sudo bzip2 acpid cryptsetup zlib1g-dev wget curl dkms fuse make nfs-common net-tools cifs-utils rsync +d-i pkgsel/install-language-support boolean false + +# Prevent packaged version of VirtualBox Guest Additions being installed: +d-i preseed/early_command string sed -i \ +'/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \ +/usr/lib/pre-pkgsel.d/20install-hwpackages + +# Do not scan additional CDs +apt-cdrom-setup apt-setup/cdrom/set-first boolean false + +# Use network mirror +apt-mirror-setup apt-setup/use_mirror boolean true + +# disable automatic package updates +d-i pkgsel/update-policy select none +d-i pkgsel/upgrade select full-upgrade + +# Disable polularity contest +popularity-contest popularity-contest/participate boolean false + +# Select base install +tasksel tasksel/first multiselect standard, ssh-server + +# Setup passwordless sudo for packer user +d-i preseed/late_command string \ +echo "vagrant ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/vagrant && chmod 0440 /target/etc/sudoers.d/vagrant + +# remove cdrom from apt sources +d-i preseed/late_command string sed -i '/^deb cdrom:/s/^/#/' /target/etc/apt/sources.list \ No newline at end of file diff --git a/ubuntu/http/preseed.cfg b/ubuntu/http/preseed.cfg index 1868c6f..1a39a38 100644 --- a/ubuntu/http/preseed.cfg +++ b/ubuntu/http/preseed.cfg @@ -1,15 +1,51 @@ +#_preseed_V1 +# Automatic installation +d-i auto-install/enable boolean true + +# Preseeding only locale sets language, country and locale. +d-i debian-installer/language string en +d-i debian-installer/country string US +d-i debian-installer/locale string en_US.UTF-8 + +d-i console-setup/ask_detect boolean false +d-i debconf/frontend select noninteractive + +# Keyboard selection. +d-i keyboard-configuration/xkb-keymap select us +d-i keymap select us + choose-mirror-bin mirror/http/proxy string -d-i pkgsel/install-language-support boolean false +d-i apt-setup/use_mirror boolean true d-i base-installer/kernel/override-image string linux-server + +### Clock and time zone setup d-i clock-setup/utc boolean true d-i clock-setup/utc-auto boolean true +d-i time/zone string UTC + +# Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note + +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR if it also finds some other +# OS, which is less safe as it might not be able to boot that other OS. d-i grub-installer/with_other_os boolean true + +# Set dev for grub boot +d-i grub-installer/bootdev string /dev/sda + +### Mirror settings +# If you select ftp, the mirror/country string does not need to be set. d-i mirror/country string manual d-i mirror/http/directory string /ubuntu/ d-i mirror/http/hostname string archive.ubuntu.com d-i mirror/http/proxy string + +# This makes partman automatically partition without confirmation. +d-i partman-efi/non_efi_system boolean true d-i partman-auto-lvm/guided_size string max d-i partman-auto/choose_recipe select atomic d-i partman-auto/method string lvm @@ -20,16 +56,35 @@ d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true d-i partman/confirm_write_new_label boolean true -d-i passwd/user-fullname string vagrant + +### Account setup +d-i passwd/root-login boolean false +d-i passwd/user-fullname string ubuntu d-i passwd/user-uid string 1000 -d-i passwd/user-password password vagrant -d-i passwd/user-password-again password vagrant -d-i passwd/username string vagrant -d-i pkgsel/include string openssh-server cryptsetup libssl-dev libreadline-dev zlib1g-dev linux-source dkms nfs-common linux-headers-$(uname -r) perl cifs-utils software-properties-common rsync ifupdown -d-i pkgsel/install-language-support boolean false -d-i pkgsel/update-policy select none -d-i pkgsel/upgrade select full-upgrade -d-i time/zone string UTC +d-i passwd/user-password password ubuntu +d-i passwd/user-password-again password ubuntu +d-i passwd/username string ubuntu + +# The installer will warn about weak passwords. If you are sure you know +# what you're doing and want to override it, uncomment this. d-i user-setup/allow-password-weak boolean true d-i user-setup/encrypt-home boolean false + +### Package selection tasksel tasksel/first multiselect standard, server +d-i pkgsel/include string openssh-server sudo cryptsetup libssl-dev libreadline-dev zlib1g-dev linux-source dkms nfs-common linux-headers-$(uname -r) perl cifs-utils software-properties-common rsync ifupdown +d-i pkgsel/install-language-support boolean false + +# disable automatic package updates +d-i pkgsel/update-policy select none +d-i pkgsel/upgrade select full-upgrade + +# Disable polularity contest +popularity-contest popularity-contest/participate boolean false + +# Select base install +tasksel tasksel/first multiselect standard, ssh-server + +# Setup passwordless sudo for packer user +d-i preseed/late_command string \ +echo "ubuntu ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/ubuntu && chmod 0440 /target/etc/sudoers.d/ubuntu \ No newline at end of file diff --git a/ubuntu/http/user-data b/ubuntu/http/user-data index a4cad36..6ff37a4 100644 --- a/ubuntu/http/user-data +++ b/ubuntu/http/user-data @@ -5,13 +5,39 @@ autoinstall: hostname: ubuntu-server password: '$6$wdAcoXrU039hKYPd$508Qvbe7ObUnxoj15DRCkzC3qO7edjH0VV7BPNRDYK4QR8ofJaEEF2heacn0QgD.f8pO8SNp83XNdWG6tocBM1' username: ubuntu + network: + network: + version: 2 + ethernets: + eth0: + dhcp4: yes early-commands: # otherwise packer tries to connect and exceed max attempts: - systemctl stop ssh + packages: + - ca-certificates + - cloud-guest-utils + - cloud-init ssh: install-server: true allow-pw: yes + storage: + swap: + size: 0 + config: + - { type: disk, id: disk-0, ptable: gpt, wipe: superblock-recursive, grub_device: true } + - { type: partition, id: partition-0, number: 1, device: disk-0, size: 1M, wipe: superblock, flag: bios_grub } + - { type: partition, id: partition-1, number: 2, device: disk-0, size: 4096M, wipe: superblock, flag: boot } + - { type: partition, id: partition-2, number: 3, device: disk-0, size: 8192M, wipe: superblock, flag: swap } + - { type: partition, id: partition-3, number: 4, device: disk-0, size: -1, wipe: superblock } + - { type: format, id: format-0, volume: partition-1, fstype: ext4 } + - { type: format, id: format-1, volume: partition-2, fstype: swap } + - { type: format, id: format-2, volume: partition-3, fstype: ext4 } + - { type: mount, id: mount-0, device: format-0, path: /boot } + - { type: mount, id: mount-1, device: format-1, path: none } + - { type: mount, id: mount-2, device: format-2, path: / } late-commands: + - echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/ubuntu - | curtin in-target --target=/target -- /bin/bash -c ' \ sed -ie "s/^[#\s]*UseDNS.*$/UseDNS no/g" /etc/ssh/sshd_config; \ @@ -22,10 +48,5 @@ autoinstall: sed -ie "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0\"/g" /etc/default/grub; \ update-grub; \ update-initramfs -c -k all; \ - apt-get -y purge snapd; \ - systemctl disable apt-daily.service; \ - systemctl disable apt-daily.timer; \ - systemctl disable apt-daily-upgrade.service; \ - systemctl disable apt-daily-upgrade.timer; \ exit 0 \ ' \ No newline at end of file diff --git a/ubuntu/scripts/cleanup.sh b/ubuntu/scripts/cleanup.sh index 7c656e6..6a2cb15 100644 --- a/ubuntu/scripts/cleanup.sh +++ b/ubuntu/scripts/cleanup.sh @@ -10,14 +10,14 @@ echo "remove specific Linux kernels, such as linux-image-3.11.0-15-generic but k dpkg --list \ | awk '{ print $2 }' \ | grep 'linux-image-.*-generic' \ - | grep -v `uname -r` \ + | grep -v "$(uname -r)" \ | xargs apt-get -y purge; echo "remove old kernel modules packages" dpkg --list \ | awk '{ print $2 }' \ | grep 'linux-modules-.*-generic' \ - | grep -v `uname -r` \ + | grep -v "$(uname -r)" \ | xargs apt-get -y purge; echo "remove linux-source package" @@ -42,22 +42,26 @@ echo "remove X11 libraries" apt-get -y purge libx11-data xauth libxmuu1 libxcb1 libx11-6 libxext6; echo "remove obsolete networking packages" -apt-get -y purge ppp pppconfig pppoeconf; +apt-get -y purge ppp pppconfig pppoeconf || true; echo "remove packages we don't need" apt-get -y purge popularity-contest command-not-found friendly-recovery bash-completion laptop-detect motd-news-config usbutils grub-legacy-ec2 +# 22.04+ don't have this +echo "remove the fonts-ubuntu-font-family-console" +apt-get -y purge fonts-ubuntu-font-family-console || true; + # 21.04+ don't have this echo "remove the installation-report" apt-get -y purge popularity-contest installation-report || true; +echo "remove the console font" +apt-get -y purge fonts-ubuntu-console || true; + echo "removing command-not-found-data" # 19.10+ don't have this package so fail gracefully apt-get -y purge command-not-found-data || true; -echo "remove unnecessary packages via snap/apt" -snap remove lxd || true; - # Exclude the files we don't need w/o uninstalling linux-firmware echo "Setup dpkg excludes for linux-firmware" cat <<_EOF_ | cat >> /etc/dpkg/dpkg.cfg.d/excludes @@ -86,6 +90,10 @@ find /var/log -type f -exec truncate --size=0 {} \; echo "blank netplan machine-id (DUID) so machines get unique ID generated on boot" truncate -s 0 /etc/machine-id +if test -f /var/lib/dbus/machine-id +then + truncate -s 0 /var/lib/dbus/machine-id # if not symlinked to "/etc/machine-id" +fi echo "remove the contents of /tmp and /var/tmp" rm -rf /tmp/* /var/tmp/* @@ -95,4 +103,4 @@ rm -f /var/lib/systemd/random-seed echo "clear the history so our install isn't there" rm -f /root/.wget-hsts -export HISTSIZE=0 +export HISTSIZE=0 \ No newline at end of file diff --git a/ubuntu/scripts/networking.sh b/ubuntu/scripts/networking.sh deleted file mode 100644 index f852d67..0000000 --- a/ubuntu/scripts/networking.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -eux - -ubuntu_version="`lsb_release -r | awk '{print $2}'`"; -major_version="`echo $ubuntu_version | awk -F. '{print $1}'`"; - -if [ "$major_version" -ge "18" ]; then -echo "Create netplan config for eth0" -cat </etc/netplan/01-netcfg.yaml; -network: - version: 2 - ethernets: - eth0: - dhcp4: true -EOF -else - # Adding a 2 sec delay to the interface up, to make the dhclient happy - echo "pre-up sleep 2" >> /etc/network/interfaces; -fi - -# Disable Predictable Network Interface names and use eth0 -[ -e /etc/network/interfaces ] && sed -i 's/en[[:alnum:]]*/eth0/g' /etc/network/interfaces; -sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 \1"/g' /etc/default/grub; -update-grub; diff --git a/ubuntu/scripts/update.sh b/ubuntu/scripts/update.sh index 79ca01b..e8bc47b 100644 --- a/ubuntu/scripts/update.sh +++ b/ubuntu/scripts/update.sh @@ -32,4 +32,4 @@ apt-get -y update; echo "upgrade all installed packages incl. kernel and kernel headers" apt-get -y dist-upgrade -o Dpkg::Options::="--force-confnew"; -reboot +reboot \ No newline at end of file diff --git a/ubuntu/ubuntu-20.04-amd64.json b/ubuntu/ubuntu-20.04-amd64.json index 97e04bc..053cec8 100644 --- a/ubuntu/ubuntu-20.04-amd64.json +++ b/ubuntu/ubuntu-20.04-amd64.json @@ -1,26 +1,40 @@ { "builders": [ { + "accelerator": "kvm", "boot_command": [ - " ", - " ", - " ", - " ", - " ", - "", - "", - "", - "", - " autoinstall", - " ds=nocloud-net", - ";s=http://{{.HTTPIP}}:{{.HTTPPort}}/", - " --- ", - "" + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "", + "/casper/vmlinuz ", + "initrd=/casper/initrd ", + "autoinstall quiet fsck.mode=skip ", + "net.ifnames=0 biosdevname=0 systemd.unified_cgroup_hierarchy=0 ", + "ds=nocloud-net;s=http://{{.HTTPIP}}:{{.HTTPPort}}/ ", + "---" ], "boot_wait": "1s", "cpus": "{{ user `cpus` }}", "disk_size": "{{user `disk_size`}}", - "headless": "{{ user `headless` }}", + "headless": true, "http_directory": "{{user `http_directory`}}", "iso_checksum": "{{user `iso_checksum`}}", "iso_url": "{{user `mirror`}}/{{user `mirror_directory`}}/{{user `iso_name`}}", @@ -58,9 +72,8 @@ "execute_command": "echo 'ubuntu' | {{.Vars}} sudo -S -E sh -eux '{{.Path}}'", "expect_disconnect": true, "scripts": [ - "{{template_dir}}/scripts/update.sh", - "{{template_dir}}/scripts/networking.sh", "{{template_dir}}/scripts/cleanup.sh", + "{{template_dir}}/scripts/update.sh", "{{template_dir}}/../common/minimize.sh" ], "type": "shell" @@ -73,7 +86,6 @@ "cpus": "2", "disk_size": "65536", "guest_additions_url": "", - "headless": "", "http_directory": "{{template_dir}}/http", "http_proxy": "{{env `http_proxy`}}", "https_proxy": "{{env `https_proxy`}}", @@ -88,6 +100,6 @@ "qemu_display": "none", "template": "ubuntu-20.04-amd64.img", "version": "TIMESTAMP", - "vnc_bind_address": "127.0.0.1" + "vnc_bind_address": "{{ env `vnc_address` }}" } } diff --git a/ubuntu/ubuntu-22.04-amd64.json b/ubuntu/ubuntu-22.04-amd64.json index bb5cd68..5ee0c84 100644 --- a/ubuntu/ubuntu-22.04-amd64.json +++ b/ubuntu/ubuntu-22.04-amd64.json @@ -1,6 +1,7 @@ { "builders": [ { + "accelerator": "kvm", "boot_command": [ "", "", @@ -25,7 +26,7 @@ "boot_wait": "1s", "cpus": "{{ user `cpus` }}", "disk_size": "{{user `disk_size`}}", - "headless": "{{ user `headless` }}", + "headless": true, "http_directory": "{{user `http_directory`}}", "iso_checksum": "{{user `iso_checksum`}}", "iso_url": "{{user `mirror`}}/{{user `mirror_directory`}}/{{user `iso_name`}}", @@ -47,6 +48,7 @@ ] } ], + ], "post-processors": [ { "type": "compress", @@ -64,9 +66,8 @@ "execute_command": "echo 'ubuntu' | {{.Vars}} sudo -S -E sh -eux '{{.Path}}'", "expect_disconnect": true, "scripts": [ - "{{template_dir}}/scripts/update.sh", - "{{template_dir}}/scripts/networking.sh", "{{template_dir}}/scripts/cleanup.sh", + "{{template_dir}}/scripts/update.sh", "{{template_dir}}/../common/minimize.sh" ], "type": "shell" @@ -79,7 +80,6 @@ "cpus": "2", "disk_size": "65536", "guest_additions_url": "", - "headless": "", "http_directory": "{{template_dir}}/http", "http_proxy": "{{env `http_proxy`}}", "https_proxy": "{{env `https_proxy`}}", @@ -94,6 +94,6 @@ "qemu_display": "none", "template": "ubuntu-22.04-amd64.img", "version": "TIMESTAMP", - "vnc_bind_address": "127.0.0.1" + "vnc_bind_address": "{{ env `vnc_address` }}" } }