From aedcc9d9bc651ab0ed2ca484466692cfd95d616f Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Fri, 1 Nov 2019 16:28:18 +0000 Subject: [PATCH 1/8] Minimise docker layers --- .gitlab-ci.yml | 16 +++++------ Makefile | 23 ++++++++------- builder/Dockerfile | 3 -- builder/entrypoint.sh | 66 ------------------------------------------- scripts/packer.sh | 10 +++++++ scripts/torrent.sh | 33 ++++++++++++++++++++++ 6 files changed, 61 insertions(+), 90 deletions(-) delete mode 100755 builder/entrypoint.sh create mode 100755 scripts/packer.sh create mode 100755 scripts/torrent.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8dde7bb..c2c4102 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -15,7 +15,6 @@ stages: - check - build - dockerimage_builder: stage: prepare before_script: @@ -34,7 +33,6 @@ dockerimage_builder: refs: - schedules - dockerimage_security_scanner: stage: prepare before_script: @@ -71,18 +69,18 @@ security_scanner: - dedicated .squashfs_template: &squashfs_template + image: $DOCKER_IMAGE_BUILDER stage: build - before_script: - - apk add --no-cache make services: - - docker:dind + - docker:dind script: - - make images/debian-buster.squashfs - - find images -type f > images.txt + - scripts/packer.sh debian-buster + - scripts/torrent.sh debian-buster.squashfs + - find images -type f > images.txt artifacts: paths: - - images - - images.txt + - images + - images.txt tags: - fablab - ssd diff --git a/Makefile b/Makefile index 918a31c..7e60e3b 100644 --- a/Makefile +++ b/Makefile @@ -58,29 +58,28 @@ images/debian-buster.squashfs: images docker run \ --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ - -v "${PWD}/packer:/workdir" \ - -v "${PWD}/aria2c:/workdir/aria2c" \ - -v "${PWD}/images:/images" \ - -e "user=`id -u`" \ - -e "group=`id -g`" \ + -v "${PWD}:${PWD}" \ + -w "${PWD}" \ + -u `id -u`:`id -g` \ -e "IMAGES=${PWD}/images" \ -e "ANNOUNCE=$(ANNOUNCE)" \ -e "WEBSEED=$(WEBSEED)" \ -e "COMPRESSION_LEVEL=$(COMPRESSION_LEVEL)" \ $(ci_environment) \ "$(DOCKER_IMAGE_BUILDER)" \ + scripts/packer.sh \ debian-buster images/debian-buster.torrent: images docker run \ --rm \ - -v "${PWD}/images:/images" \ - -e "user=`id -u`" \ - -e "group=`id -g`" \ + -v "${PWD}:${PWD}" \ + -w "${PWD}" \ + -u `id -u`:`id -g` \ -e "ANNOUNCE=$(ANNOUNCE)" \ -e "WEBSEED=$(WEBSEED)" \ - -e "TASK=torrent" \ "$(DOCKER_IMAGE_BUILDER)" \ + scripts/torrent.sh \ debian-buster .PHONY: ansible @@ -88,14 +87,14 @@ ansible: docker run \ --rm \ -v "${PWD}/packer/ansible:/ansible" \ - -e "user=`id -u`" \ - -e "group=`id -g`" \ + -u `id -u`:`id -g` \ -e "ANNOUNCE=$(ANNOUNCE)" \ -e "WEBSEED=$(WEBSEED)" \ - -e "TASK=ansible" \ -v "${SSH_AUTH_SOCK}:/var/run/ssh_auth_sock" \ -e "SSH_AUTH_SOCK=/var/run/ssh_auth_sock" \ + -w /ansible \ "$(DOCKER_IMAGE_BUILDER)" \ + /usr/bin/ansible-playbook \ -i inventories \ $(if $(ANSIBLE_TAGS),-t $(ANSIBLE_TAGS),) \ -l $(ANSIBLE_LIMIT) \ diff --git a/builder/Dockerfile b/builder/Dockerfile index 6568fee..cb81957 100644 --- a/builder/Dockerfile +++ b/builder/Dockerfile @@ -46,7 +46,4 @@ RUN gpg --import /usr/local/share/hashicorp.asc \ WORKDIR /workdir -COPY entrypoint.sh /usr/local/bin/entrypoint.sh - -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] # vim: ts=4 sw=4 sts=4 noet: diff --git a/builder/entrypoint.sh b/builder/entrypoint.sh deleted file mode 100755 index f187041..0000000 --- a/builder/entrypoint.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -set -e - -make_torrent() { - (cd /images - if [ "$NAME" = "" ]; then - # remove file extension - NAME="$(echo "$1" | sed 's/\.[^.]*//')" - fi - - if [ "$WEBSEED" = "" ]; then - echo '$WEBSEED not provided' >&2 - exit 1 - fi - if [ "$ANNOUNCE" = "" ]; then - echo '$ANNOUNCE not provided' >&2 - exit 1 - fi - - TORRENT_FILE="$NAME.torrent" - WEBSEED_URL="$WEBSEED/$1" - - if [ -e "$TORRENT_FILE" ]; then rm "$TORRENT_FILE"; fi - - mktorrent \ - -n "$NAME" \ - -a "$ANNOUNCE" \ - -o "$TORRENT_FILE" \ - -l 22 \ - -w "$WEBSEED_URL" \ - "$1" - - if [ "$user" != "" ] && [ "$group" != "" ]; then - chown "$user:$group" "$TORRENT_FILE" - fi - ) -} - -run_packer() { - packer build "$NAME.json" - - if [ "$user" != "" ] && [ "$group" != "" ]; then - chown $user:$group "/images/${NAME}."* - fi -} - -NAME="$1" - -if [ "$NAME" = "" ]; then - echo 'no name supplied, stopping.' >&2 - exit 1 -fi - -export NAME - -if [ -z "$TASK" ] || [ "$TASK" == "packer" ]; then - run_packer -fi -if [ -z "$TASK" ] || [ "$TASK" == "torrent" ]; then - make_torrent "$NAME.squashfs" -fi -if [ "$TASK" == "ansible" ]; then - cd /ansible - /usr/bin/ansible-playbook "$@" -fi - diff --git a/scripts/packer.sh b/scripts/packer.sh new file mode 100755 index 0000000..8b51ce6 --- /dev/null +++ b/scripts/packer.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -o nounset + +export NAME="$1" +mkdir -p images +export IMAGES="$(realpath images)" + +cd packer + +packer build "$NAME.json" diff --git a/scripts/torrent.sh b/scripts/torrent.sh new file mode 100755 index 0000000..fdab0fc --- /dev/null +++ b/scripts/torrent.sh @@ -0,0 +1,33 @@ +#!/bin/sh +set -o nounset + +cd images + +NAME="$1" + +if [ "$NAME" = "" ]; then + # remove file extension + NAME="$(echo "$1" | sed 's/\.[^.]*//')" +fi + +if [ "$WEBSEED" = "" ]; then + echo '$WEBSEED not provided' >&2 + exit 1 +fi +if [ "$ANNOUNCE" = "" ]; then + echo '$ANNOUNCE not provided' >&2 + exit 1 +fi + +TORRENT_FILE="$NAME.torrent" +WEBSEED_URL="$WEBSEED/$1" + +if [ -e "$TORRENT_FILE" ]; then rm "$TORRENT_FILE"; fi + +mktorrent \ + -n "$NAME" \ + -a "$ANNOUNCE" \ + -o "$TORRENT_FILE" \ + -l 22 \ + -w "$WEBSEED_URL" \ + "$1" From 564a2c48d243ac3f7dda2aea01519c707fc1fe66 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 7 Jan 2020 20:19:56 +0100 Subject: [PATCH 2/8] Update packer and ansible version --- Makefile | 11 +++++++++-- builder/Dockerfile | 4 +++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 7e60e3b..451f522 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ -PACKER_VERSION ?= 1.4.3 +PACKER_VERSION ?= 1.5.1 +ANSIBLE_VERSION ?= 2.9.2 ANNOUNCE ?= http://10.2.2.1:6969/announce WEBSEED ?= http://10.2.2.1 @@ -44,7 +45,13 @@ clean: .PHONY: builderimg builderimg: - docker build --pull -t "$(DOCKER_IMAGE_BUILDER)" --cache-from "$(DOCKER_IMAGE_BUILDER)" --build-arg "PACKER_VERSION=$(PACKER_VERSION)" builder + docker build \ + --pull \ + -t "$(DOCKER_IMAGE_BUILDER)" \ + --cache-from "$(DOCKER_IMAGE_BUILDER)" \ + --build-arg "PACKER_VERSION=$(PACKER_VERSION)" \ + --build-arg "ANSIBLE_VERSION=$(ANSIBLE_VERSION)" \ + builder .PHONY: secscanimg secscanimg: diff --git a/builder/Dockerfile b/builder/Dockerfile index cb81957..f8bbf02 100644 --- a/builder/Dockerfile +++ b/builder/Dockerfile @@ -1,5 +1,7 @@ FROM docker +ARG ANSIBLE_VERSION + RUN apk add --no-cache \ ca-certificates \ coreutils \ @@ -19,7 +21,7 @@ RUN apk add --no-cache \ openssl-dev \ python3-dev \ && pip3 install --upgrade pip \ - && pip3 install ansible==2.8.0 \ + && pip3 install ansible=="$ANSIBLE_VERSION" \ && apk del .build-deps ARG PACKER_VERSION From 33ccd59f2cfb2d8db77d2df41b8a59c02f64d2e8 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 7 Jan 2020 20:24:24 +0100 Subject: [PATCH 3/8] Fix missing permissions on docker socket --- Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Makefile b/Makefile index 451f522..c6dd417 100644 --- a/Makefile +++ b/Makefile @@ -67,7 +67,6 @@ images/debian-buster.squashfs: images -v /var/run/docker.sock:/var/run/docker.sock \ -v "${PWD}:${PWD}" \ -w "${PWD}" \ - -u `id -u`:`id -g` \ -e "IMAGES=${PWD}/images" \ -e "ANNOUNCE=$(ANNOUNCE)" \ -e "WEBSEED=$(WEBSEED)" \ @@ -82,7 +81,6 @@ images/debian-buster.torrent: images --rm \ -v "${PWD}:${PWD}" \ -w "${PWD}" \ - -u `id -u`:`id -g` \ -e "ANNOUNCE=$(ANNOUNCE)" \ -e "WEBSEED=$(WEBSEED)" \ "$(DOCKER_IMAGE_BUILDER)" \ From e43f34991d2bf8e1038fa7c5d9352e1a01563c80 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 7 Jan 2020 20:23:37 +0100 Subject: [PATCH 4/8] Use yaml for packer job description --- .gitignore | 1 + .gitlab-ci.yml | 1 - packer/debian-buster.json | 124 -------------------------------------- packer/debian-buster.yaml | 106 ++++++++++++++++++++++++++++++++ scripts/packer.sh | 2 + scripts/torrent.sh | 33 ---------- 6 files changed, 109 insertions(+), 158 deletions(-) delete mode 100644 packer/debian-buster.json create mode 100644 packer/debian-buster.yaml delete mode 100755 scripts/torrent.sh diff --git a/.gitignore b/.gitignore index 8236110..c842193 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /bin /images /tmp +packer/*.json diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c2c4102..1ff4e29 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -75,7 +75,6 @@ security_scanner: - docker:dind script: - scripts/packer.sh debian-buster - - scripts/torrent.sh debian-buster.squashfs - find images -type f > images.txt artifacts: paths: diff --git a/packer/debian-buster.json b/packer/debian-buster.json deleted file mode 100644 index 7e60f8c..0000000 --- a/packer/debian-buster.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "variables": { - "name": "{{env `NAME`}}", - "squashfs_file": "{{env `NAME`}}.squashfs", - "initramfs_file": "{{env `NAME`}}.initramfs", - "linux_file": "{{env `NAME`}}.linux", - "dpkg_list_file": "{{env `NAME`}}.dpkg-list", - "compression_level": "{{env `COMPRESSION_LEVEL`}}", - "images": "{{env `IMAGES`}}", - "ci_job_id": "{{env `CI_JOB_ID`}}", - "ci_commit_sha": "{{env `CI_COMMIT_SHA`}}", - "ci_commit_tag": "{{env `CI_COMMIT_TAG`}}", - "ci_commit_ref_name": "{{env `CI_COMMIT_REF_NAME`}}", - "ci_commit_ref_slug": "{{env `CI_COMMIT_REF_SLUG`}}", - "ci_job_name": "{{env `CI_JOB_NAME`}}", - "ci_job_stage": "{{env `CI_JOB_STAGE`}}", - "ci_project_url": "{{env `CI_PROJECT_URL`}}", - "ci_pipeline_triggered": "{{env `PIPELINE_TRIGGERED`}}", - "ci_job_manual": "{{env `CI_JOB_MANUAL`}}" - }, - "builders": - [ - { - "type": "docker", - "image": "debian:buster", - "discard": true, - "run_command": [ - "-d", - "-i", - "-t", - "-v", "{{user `images`}}:/tmp/images", - "{{.Image}}", - "/bin/bash" - ] - } - ], - "provisioners": [ - { - "type": "shell", - "inline": [ "mkdir -p /etc/initramfs-tools/scripts/local-premount/" ] - }, - { - "type": "file", - "source": "initramfs/labsync", - "destination": "/etc/initramfs-tools/scripts/" - }, - { - "type": "shell", - "inline": [ - "echo \"LABSYNC_JOB_ID='{{user `ci_job_id`}}'\" >> /etc/environment", - "echo \"LABSYNC_COMMIT_SHA='{{user `ci_commit_sha`}}'\" >> /etc/environment", - "echo \"LABSYNC_COMMIT_TAG='{{user `ci_commit_tag`}}'\" >> /etc/environment", - "echo \"LABSYNC_COMMIT_REF_NAME='{{user `ci_commit_ref_name`}}'\" >> /etc/environment", - "echo \"LABSYNC_COMMIT_REF_SLUG='{{user `ci_commit_ref_slug`}}'\" >> /etc/environment", - "echo \"LABSYNC_PROJECT_URL='{{user `ci_project_url`}}'\" >> /etc/environment", - "sed -i 's#@@PROJECT_URL@@#{{user `ci_project_url`}}#' /etc/initramfs-tools/scripts/labsync" - ] - }, - { - "type": "file", - "source": "initramfs/labsync-prereqs", - "destination": "/etc/initramfs-tools/scripts/local-premount/" - }, - { - "type": "shell", - "inline": [ - "set -x", - "apt-get update", - "apt-get -y dist-upgrade", - "rmdir /boot && ln -s /usr/local/boot /boot", - "apt-get -y install initramfs-tools || true", - "echo squashfs >> /etc/initramfs-tools/modules", - "echo overlay >> /etc/initramfs-tools/modules", - "echo 'RESUME=none' > /etc/initramfs-tools/conf.d/resume", - "mkdir /usr/local/boot", - "apt-get -f -y install aria2 linux-image-amd64 lvm2 haveged", - "cp $(find /boot/ -name 'initrd.img-*' | sort -V | tail -n 1) '/tmp/images/{{user `initramfs_file`}}'", - "cp $(find /boot/ -name 'vmlinuz-*' | sort -V | tail -n 1) '/tmp/images/{{user `linux_file`}}'" - ] - }, - { - "type": "shell", - "inline": [ "apt-get -y install openssh-server python lsb-release" ] - }, - { - "type": "ansible", - "playbook_file": "ansible/playbook.yml", - "user": "root" - }, - { - "type": "shell", - "inline": [ "rm /boot && mkdir /boot" ] - }, - { - "type": "shell", - "inline": [ - "set -x", - "apt-get -y install squashfs-tools", - "dpkg -L squashfs-tools liblzo2-2 | while read f; do [ -f \"$f\" ] && echo \"$f\"; done > /tmp/ignore_files", - "dpkg -l > /tmp/images/{{ user `dpkg_list_file` }}", - "echo '/etc/resolv.conf' >> /tmp/ignore_files", - "echo '/etc/hostname' >> /tmp/ignore_files", - "echo '/etc/hosts' >> /tmp/ignore_files", - "echo '/var/lib/docker' >> /tmp/ignore_files", - "echo '/var/cache/apt/archives' >> /tmp/ignore_files", - "echo '/var/lib/apt' >> /tmp/ignore_files", - "mkdir -p /tmp/extra/tmp /tmp/extra/proc /tmp/extra/sys" - ] - }, - { - "type": "file", - "source": "hosts", - "destination": "/etc/hosts.template" - }, - { - "type": "shell", - "inline": [ - "if [ -e '/tmp/images/{{user `squashfs_file`}}' ]; then rm '/tmp/images/{{user `squashfs_file`}}'; fi", - "squashfs_content=\"$(find / -mindepth 1 -maxdepth 1 | grep -vE '^/(proc|sys|tmp|[.]dockerenv|packer-files)$')\"", - "mksquashfs $squashfs_content /tmp/extra/* '/tmp/images/{{user `squashfs_file`}}' -comp lzo -Xcompression-level {{user `compression_level`}} -ef /tmp/ignore_files" - ] - } - ] -} diff --git a/packer/debian-buster.yaml b/packer/debian-buster.yaml new file mode 100644 index 0000000..0b0d1f8 --- /dev/null +++ b/packer/debian-buster.yaml @@ -0,0 +1,106 @@ +variables: + ci_commit_ref_name: '{{env `CI_COMMIT_REF_NAME`}}' + ci_commit_ref_slug: '{{env `CI_COMMIT_REF_SLUG`}}' + ci_commit_sha: '{{env `CI_COMMIT_SHA`}}' + ci_commit_tag: '{{env `CI_COMMIT_TAG`}}' + ci_job_id: '{{env `CI_JOB_ID`}}' + ci_job_manual: '{{env `CI_JOB_MANUAL`}}' + ci_job_name: '{{env `CI_JOB_NAME`}}' + ci_job_stage: '{{env `CI_JOB_STAGE`}}' + ci_pipeline_triggered: '{{env `PIPELINE_TRIGGERED`}}' + ci_project_url: '{{env `CI_PROJECT_URL`}}' + compression_level: '{{env `COMPRESSION_LEVEL`}}' + dpkg_list_file: '{{env `NAME`}}.dpkg-list' + images: '{{env `IMAGES`}}' + initramfs_file: '{{env `NAME`}}.initramfs' + linux_file: '{{env `NAME`}}.linux' + name: '{{env `NAME`}}' + squashfs_file: '{{env `NAME`}}.squashfs' + torrent_file: '{{env `NAME`}}.torrent' + +builders: +- discard: true + image: debian:buster + type: docker + volumes: + '{{user `images`}}': /tmp/images + +provisioners: +- inline: + - mkdir -p /etc/initramfs-tools/scripts/local-premount/ + type: shell +- destination: /etc/initramfs-tools/scripts/ + source: initramfs/labsync + type: file +- inline: + - echo "LABSYNC_JOB_ID='{{user `ci_job_id`}}'" >> /etc/environment + - echo "LABSYNC_COMMIT_SHA='{{user `ci_commit_sha`}}'" >> /etc/environment + - echo "LABSYNC_COMMIT_TAG='{{user `ci_commit_tag`}}'" >> /etc/environment + - echo "LABSYNC_COMMIT_REF_NAME='{{user `ci_commit_ref_name`}}'" >> /etc/environment + - echo "LABSYNC_COMMIT_REF_SLUG='{{user `ci_commit_ref_slug`}}'" >> /etc/environment + - echo "LABSYNC_PROJECT_URL='{{user `ci_project_url`}}'" >> /etc/environment + - sed -i 's#@@PROJECT_URL@@#{{user `ci_project_url`}}#' /etc/initramfs-tools/scripts/labsync + type: shell +- destination: /etc/initramfs-tools/scripts/local-premount/ + source: initramfs/labsync-prereqs + type: file +- inline: + - set -x + - apt-get update + - apt-get -y dist-upgrade + - rmdir /boot && ln -s /usr/local/boot /boot + - apt-get -y install initramfs-tools || true + - echo squashfs >> /etc/initramfs-tools/modules + - echo overlay >> /etc/initramfs-tools/modules + - echo 'RESUME=none' > /etc/initramfs-tools/conf.d/resume + - mkdir /usr/local/boot + - apt-get -f -y install aria2 linux-image-amd64 lvm2 haveged + - mkdir -p /tmp/images + - cp $(find /boot/ -name 'initrd.img-*' | sort -V | tail -n 1) '/tmp/images/{{user `initramfs_file`}}' + - cp $(find /boot/ -name 'vmlinuz-*' | sort -V | tail -n 1) '/tmp/images/{{user `linux_file`}}' + type: shell +- inline: + - apt-get -y install openssh-server python lsb-release + type: shell +- playbook_file: ansible/playbook.yml + type: ansible + user: root +- inline: + - rm /boot && mkdir /boot + type: shell +- inline: + - set -x + - apt-get -y install squashfs-tools + - dpkg -L squashfs-tools liblzo2-2 | while read f; do [ -f "$f" ] && echo "$f"; + done > /tmp/ignore_files + - dpkg -l > /tmp/images/{{ user `dpkg_list_file` }} + - echo '/etc/resolv.conf' >> /tmp/ignore_files + - echo '/etc/hostname' >> /tmp/ignore_files + - echo '/etc/hosts' >> /tmp/ignore_files + - echo '/var/lib/docker' >> /tmp/ignore_files + - echo '/var/cache/apt/archives' >> /tmp/ignore_files + - echo '/var/lib/apt' >> /tmp/ignore_files + - mkdir -p /tmp/extra/tmp /tmp/extra/proc /tmp/extra/sys + type: shell +- destination: /etc/hosts.template + source: hosts + type: file +- inline: + - if [ -e '/tmp/images/{{user `squashfs_file`}}' ]; then rm '/tmp/images/{{user `squashfs_file`}}'; fi + - squashfs_content="$(find / -mindepth 1 -maxdepth 1 | grep -vE '^/(proc|sys|tmp|[.]dockerenv|packer-files)$')" + - > + mksquashfs $squashfs_content /tmp/extra/* '/tmp/images/{{user `squashfs_file`}}' + -comp lzo + -Xcompression-level {{user `compression_level`}} + -ef /tmp/ignore_files + type: shell + +post-processors: +- inline: + - > + mktorrent + -n '{{user `name`}}' + -o '{{user `images`}}/{{user `torrent_file`}}' + -l 22 + '{{user `images`}}/{{user `squashfs_file`}}' + type: shell-local diff --git a/scripts/packer.sh b/scripts/packer.sh index 8b51ce6..432633d 100755 --- a/scripts/packer.sh +++ b/scripts/packer.sh @@ -7,4 +7,6 @@ export IMAGES="$(realpath images)" cd packer +python3 -c 'import sys, yaml, json; json.dump(yaml.safe_load(sys.stdin), sys.stdout, indent=4)' < "$NAME.yaml" > "$NAME.json" + packer build "$NAME.json" diff --git a/scripts/torrent.sh b/scripts/torrent.sh deleted file mode 100755 index fdab0fc..0000000 --- a/scripts/torrent.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -set -o nounset - -cd images - -NAME="$1" - -if [ "$NAME" = "" ]; then - # remove file extension - NAME="$(echo "$1" | sed 's/\.[^.]*//')" -fi - -if [ "$WEBSEED" = "" ]; then - echo '$WEBSEED not provided' >&2 - exit 1 -fi -if [ "$ANNOUNCE" = "" ]; then - echo '$ANNOUNCE not provided' >&2 - exit 1 -fi - -TORRENT_FILE="$NAME.torrent" -WEBSEED_URL="$WEBSEED/$1" - -if [ -e "$TORRENT_FILE" ]; then rm "$TORRENT_FILE"; fi - -mktorrent \ - -n "$NAME" \ - -a "$ANNOUNCE" \ - -o "$TORRENT_FILE" \ - -l 22 \ - -w "$WEBSEED_URL" \ - "$1" From e45191e3c29a80e63428d838c5add742021f8720 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 7 Jan 2020 22:01:11 +0100 Subject: [PATCH 5/8] Add s3 upload --- .gitlab-ci.yml | 10 +++++++--- builder/Dockerfile | 1 + 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1ff4e29..28e62d6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -75,11 +75,15 @@ security_scanner: - docker:dind script: - scripts/packer.sh debian-buster - - find images -type f > images.txt + - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_JOB_ID/" --recursive artifacts: paths: - - images - - images.txt + - images/*.initramfs + - images/*.dpkg-list + - images/*.initramfs + - images/*.linux + #- images/*.squashfs + - images/*.torrent tags: - fablab - ssd diff --git a/builder/Dockerfile b/builder/Dockerfile index f8bbf02..99370c0 100644 --- a/builder/Dockerfile +++ b/builder/Dockerfile @@ -22,6 +22,7 @@ RUN apk add --no-cache \ python3-dev \ && pip3 install --upgrade pip \ && pip3 install ansible=="$ANSIBLE_VERSION" \ + && pip3 install awscli \ && apk del .build-deps ARG PACKER_VERSION From 7ec88bfe39d99e17cbfe3229e96a32be54eb8921 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sat, 11 Jan 2020 00:24:35 +0100 Subject: [PATCH 6/8] Add CI_COMMIT_REF_SLUG as s3 path component --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 28e62d6..ef82037 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -75,7 +75,7 @@ security_scanner: - docker:dind script: - scripts/packer.sh debian-buster - - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_JOB_ID/" --recursive + - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive artifacts: paths: - images/*.initramfs From 762869b77c95017e4b4a3268c5050607e935fff1 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Fri, 24 Jan 2020 00:10:23 +0100 Subject: [PATCH 7/8] Write image names to image.txt --- .gitignore | 1 + .gitlab-ci.yml | 4 ++-- scripts/packer.sh | 11 ++++++++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index c842193..3584969 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,6 @@ /**/ansible/inventories/test/ /bin /images +/images.txt /tmp packer/*.json diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ef82037..f45b116 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -75,10 +75,10 @@ security_scanner: - docker:dind script: - scripts/packer.sh debian-buster - - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive + - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive --no-progress artifacts: paths: - - images/*.initramfs + - images.txt - images/*.dpkg-list - images/*.initramfs - images/*.linux diff --git a/scripts/packer.sh b/scripts/packer.sh index 432633d..a8a5975 100755 --- a/scripts/packer.sh +++ b/scripts/packer.sh @@ -1,12 +1,17 @@ #!/bin/sh +set -e set -o nounset export NAME="$1" mkdir -p images export IMAGES="$(realpath images)" -cd packer +( + cd packer -python3 -c 'import sys, yaml, json; json.dump(yaml.safe_load(sys.stdin), sys.stdout, indent=4)' < "$NAME.yaml" > "$NAME.json" + python3 -c 'import sys, yaml, json; json.dump(yaml.safe_load(sys.stdin), sys.stdout, indent=4)' < "$NAME.yaml" > "$NAME.json" -packer build "$NAME.json" + packer build "$NAME.json" +) + +echo "$NAME" >> images.txt From 77ba548a735192bd610455ec12b38714b25e9998 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Fri, 24 Jan 2020 21:37:57 +0100 Subject: [PATCH 8/8] squashfs: Use zstd instead of lzo --- .gitlab-ci.yml | 4 ++-- packer/debian-buster.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f45b116..6645dda 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -91,7 +91,7 @@ security_scanner: squashfs_featurebranch: <<: *squashfs_template variables: - COMPRESSION_LEVEL: 5 + COMPRESSION_LEVEL: 4 except: variables: - $task == "security-scanner" @@ -101,7 +101,7 @@ squashfs_featurebranch: squashfs_master: <<: *squashfs_template variables: - COMPRESSION_LEVEL: 7 + COMPRESSION_LEVEL: 15 only: refs: - master diff --git a/packer/debian-buster.yaml b/packer/debian-buster.yaml index 0b0d1f8..9a765d7 100644 --- a/packer/debian-buster.yaml +++ b/packer/debian-buster.yaml @@ -90,7 +90,7 @@ provisioners: - squashfs_content="$(find / -mindepth 1 -maxdepth 1 | grep -vE '^/(proc|sys|tmp|[.]dockerenv|packer-files)$')" - > mksquashfs $squashfs_content /tmp/extra/* '/tmp/images/{{user `squashfs_file`}}' - -comp lzo + -comp zstd -Xcompression-level {{user `compression_level`}} -ef /tmp/ignore_files type: shell