grml2usb <=0.14.14 works when building with ISO grml64-small_2018.04.11-efi.
Newer grml2usb versions provide SecureBoot support (which was introduced in
grml2usb v0.16.0). This is failing with our grml64-small_2018.04.11-efi ISO
though, because its provided EFI image doesn't contain a valid/mountable FAT
file system:
| % file /tmp/grml2iso.tmp/grml2usb55ey_q68/boot/efi.img
| /tmp/grml2iso.tmp/grml2usb55ey_q68/boot/efi.img: PE32+ executable (EFI application) x86-64 (stripped to external PDB), for MS Windows
Whereas the efi file from more recent Grml(-Sipwise) ISOs like
https://deb.sipwise.com/deployment-iso/grml/grml-sipwise-buster-20191022_addons.iso
looks like this:
| % file /mnt/test1/boot/efi.img
| /mnt/test1/boot/efi.img: DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "mkfs.fat", sectors/cluster 4, root entries 512, sectors 8192 (volumes <=32 MB) , Media descriptor 0xf8, sectors/FAT 6, sectors/track 32, heads 64, serial number 0xef681600, label: "GRML ", FAT (12 bit)
and can be properly mounted for further adjusting by grml2usb/grml2iso.
So use grml2usb version v0.17.0 except when handling ISO
grml64-small_2018.04.11-efi ISO, then we use the version we had available on
our Debian/stretch environments back then, AKA grml2usb v0.14.14.
Change-Id: I452d7cbac138d59dc11fb1773ca3d6f6c307a6df
From the packages' deps and content POV Pro and Carrier packages are
equal to each other so get rid of this separation.
Change-Id: I587dba3147bdc9b3c0f10da820ba4cdc8a0a0f08
Newer gcc versions have become more picky on their argument order, due
to the --as-needed default, and require the libraries to be linked to,
to be passed after the code/objects that use them, otherwise they will
get dropped as unused.
Change-Id: I8ace79186b0c8709ccb9cb93f51a9890ce6e1043
* Addon fixes:
* Provide custom addon template according to our needs, instead of
relying on the default one being present in grml-live.git/templates
* Install memtest86+ as addon for BIOS usage
* Install netboot.xyz.lkrn for BIOS usage and netboot.xyz.efi for EFI usage
* Install ipxe.lkrn for BIOS usage and ipxe.efi for EFI usage
* Stick grml-live version to v0.34.3, instead of relying on some random
git master version
* Stick grml2usb version to v0.17.0, instead of relying on the grml2usb
version available on the host system (being 0.14.14 on Debian/stretch as
present on our current build hosts). For arbitrary addon file names we
need grml2iso (which uses grml2usb underneath) from grml2usb >=0.17.0.
FTR, grml2iso and grml2usb can be executed from within the git repository,
assuming all relevant tools are present
* No longer invoke isohybrid on the resulting ISO, instead rely on
grml2iso behaviour (which also checks for EFI support and enables
according switches as needed)
* Fix usage instructions in t/Dockerfile:
* it's "deployment-iso-buster" and not "lua-ngcp-kamailio-buster"
* refer to working directory instead of "deployment-iso.git",
which very probably isn't named as such on any of our systems,
while the $(pwd) approach works for c/p
* Fix docker build usage in grml_build/Dockerfile (for building we need
to provide a PATH (being current working directory for us)
* Provide testing tools in grml-build-buster docker environment
* Provide new testing script t/iso-tester to compare generated ISO
against pre-defined screenshot (only testing memtest feature using
./t/screenshots/01-memtest.jpg for now)
Change-Id: I67e3f85bbe86bd1b3ee709161504b5250ca5d7fe
This reverts commit ee2398b6f8.
We've removed mcollective from our infrastructure and ready to update
puppet to the latest available version.
Change-Id: I7a860be9e051ed09bd69c165aaafc2acd1f17cd8
In the past we were associating them by MAC address and only in some cases, like
Pro/Carrier and in Virtual Machine environments.
However, it's beneficial to have this in other scenarios, so we will create udev
rules to pin them down during deployment.
Change-Id: Ic1b397e81af673b974961158a0e9a05ce5b80a69
In mr7.5+ bootstrap gpg keyring is named sipwise-keyring-bootstrap.gpg
so add appropriate directory.
Change-Id: I633deac1ffb203e7d566e5262e0dff35354aa2e5
This file contains the following public keys:
68A702B1FD8E422AAAA1ADA3773236EFF411A836 - jessie, stretch, buster
debian repos, mr3.8-mr8.4 public repos.
F7B8A739CE638D719A078C9859104633EE5E097D - autobuild repos.
8A61E3C73B6987020226079D69D9C21F6D9B587E - new key for mr7.5+.
This very file will be used only for bootstrap purposes and will be
dropped in the end of installer.
Change-Id: I60a903b4b05ab8a0d1a6498773802f756f8e4202
Initially dirmngr package was installed to allow running apt-key inside
deployment.sh to install puppetlabs key. Then after moving puppetlabs
key to local file package installation was removed. But we still need it
for successful first puppet run that also uses apt-key. Otherwise there
is the error: 'Could not find a suitable provider for apt_key'. Puppet
also installs dirmngr package but in such case only the second puppet run
will be successful so we need to install the package before the very
first puppet run.
Change-Id: I28edbd8c91c841074ac1b3f1eb6df16e14daa084
In deployment.sh line 2109:
local puppet_gpg='/root/puppet.gpg'
^-- SC2168: 'local' is only valid in functions.
Change-Id: I628cbac844db6aa1913ab1747906656d7d6d739b
The puppet.gpg is located in Grml-sipwise so no need to download the
hard-coded key but use the local one.
Change-Id: Id57180de96efef4a5a13086e7807c615bd65b886
In the event of network blips, HA switchovers or failure of the servers, there
might be a problem downloading some of the hundreds or thousands of packages
needed for installation.
Set the option to retry 3 times in the case of such failures, to try to minimise
their impact.
This has to be done in several places because mmdebstrap (which uses apt) and
apt-get are invoked at different points.
Change-Id: I5acbd9895fa37452026e582c241ced945fbba3d7
This script copies puppet.gpg file to '/root' dir of Grml-sipwise
image in building process.
Create 'scripts/PUPPETLABS' so '10-gpgkey' is copied there in runtime.
Change-Id: I836fa35e3f64f40cb4ee4a298fc18676f7689b54
The boot parameter 'ngcpstatus' is used to wait the number of seconds
before ending process so the external system can retrieve the final
status from 4242 port.
Add the value of this parameter as STATUS_WAIT_SECONDS option to
ngcp-initial-configuration config so external system can track the
configuration stage also.
Change-Id: I68d9c65a1cc96bf581305e92d8b9b6bfc34e7ed2
mmdebstrap and debootstrap install any "important" packages in the
standard installation variants, pulling in e.g. libgdbm5 (which was of
priority `important` until #890832 was fixed and it was downgraded to
priority `optional` with libgdbm6).
Same for libusb-1.0-0 vs libusb-0.1-4:amd64:
% apt-cache show libusb-1.0-0 | grep Priority
Priority: optional
% apt-cache show libusb-0.1-4:amd64 | grep Priority
Priority: important
Resulting in having libusb-0.1-4 *and* libusb-1.0-0 installed on
our NGCP systems, while libusb-0.1-4 is completely unneeded and irrelevant.
So this is unnecessary, and all the other packages that are automatically
pulled in via the standard installation should be handled via according
and explicit dependencies elsewhere, JFTR - currently being in
Debian/buster:
| apt-utils bsdmainutils cpio cron debconf-i18n dmidecode dmsetup
| e2fsprogs gdbm-l10n ifupdown init iproute2 iptables iputils-ping
| isc-dhcp-client isc-dhcp-common kmod less libapparmor1 libapt-inst2.0
| libargon2-1 libbsd0 libcap2 libcap2-bin libcom-err2 libcryptsetup12
| libdevmapper1.02.1 libdns-export1104 libelf1 libestr0 libext2fs2
| libfastjson4 libidn11 libip4tc0 libip6tc0 libiptc0 libisc-export1100
| libjson-c3 libkmod2 liblocale-gettext-perl liblognorm5 libmnl0
| libncurses6 libnetfilter-conntrack3 libnewt0.52 libnfnetlink0 libnftnl11
| libpopt0 libprocps7 libslang2 libss2 libtext-charwidth-perl
| libtext-iconv-perl libtext-wrapi18n-perl libxtables12 logrotate lsb-base
| mount nano netbase procps readline-common rsyslog sensible-utils systemd
| systemd-sysv tasksel tasksel-data tzdata udev vim-common vim-tiny
| whiptail xxd
The essential variant lacks apt(-get), while the minbase variant provides
the same base as essential, *plus* apt so we can actually install
further packages, so that's what we're using.
We pull in systemd + systemd-sysv + init explicitly to force its usage,
ngcp-installer is complaining and prompting otherwise.
We pull in isc-dhcp-client + ifupdown to have a working networking/DHCP
setup after reboot, since we don't use systemd-networkd or alike (yet).
Applying this change will result in lacking the following packages in
our Debian/stretch based trunk builds:
* apt-utils
* blends-tasks
* debconf-i18n
* iputils-ping
* isc-dhcp-common
* libapt-inst2.0
* liblocale-gettext-perl
* libtext-charwidth-perl
* libtext-iconv-perl
* libtext-wrapi18n-perl
* libusb-0.1-4
* logrotate
* tasksel
* tasksel-data
* vim-tiny
The ones we want to have available will be handled via explicit
dependencies in NGCP (meta)packages.
Change-Id: I14dac92d99172cf792a0334601a930ce6698dc83
Sipwise DNS servers in LDC will be turned off soonish,
also new DNS servers in GCloud will NOT be available for public usage.
We have to use some public DNS servers.
Change-Id: I1c5cb78b90da18e893658417a6886b7b4f81fa0d
This variable tells ngcp-installer that it is run from
deployment.sh.
In this case we need it to skip CE warning in ngcp-installer:
===================
This installation script is not intended to run in a shared system,
as it can add/delete/update existing configurations.
Please run this script only in a base install of 64 bit Debian 9 (stretch)
on a dedicated server.
Do you want to continue with the installation process? (y/N):
===================
Change-Id: I9a33ccbe07332a09a64c98a2bef844fa95498c05
By default we should not skip any confirmation messages. In automation
setup we need just change it to 'yes' before
ngcp-initial-configuration.
Change-Id: I1ca69aaa1e19f8e34b82434d99b50e41add74f6f
apt > 1.6 started creating this directory, but older apt versions do not
know how to clean it up. When using a newer host apt than the one that
will be used in the chroot, the chroot apt will be unable to remove it
properly, and will emit a warning.
mmdebstrap was supposedly fixed in version 0.4.0-1, but the code was
inserted before further «apt-get update» calls, so the directory gets
regenerated. We workaround this here for now, after having run
grml-debootstrap which might be calling mmdebstrap depending on the
release.
Change-Id: I13ad1b7ecc9f60414ab7e9222bada10d09baa2ab
This package contains Sipwise gpg keys so we don't need to download them
on fly during deployment.sh.
Change-Id: I629c7e43d9f62e033a0e869a307bf5b3b0490ce0
Sipwise Jenkins Builder
Michael Prokop
Mykola Malkov
Guillem Jover
Sergii Kipot
Manuel Montecelo
Alexander Lutay