Pre-F35 and U2110 updates #98
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Searching for and obtaining the latest GCP maintained Ubuntu image name is an unnecessary maintenance burden. Since the latest is always available under a common/known family name, switch to using that. Signed-off-by: Chris Evich <[email protected]>
Since images are duplicated when starting up a new VM, any pre-existing keys present on the system represent a security vulnerability. Attempt to clear keys deposited by packer during build. Also use stronger key-type to access Ubuntu VMs during build. This change has long-since been made in Fedora-land. Newer Ubuntu images provided by GCP now require this. Signed-off-by: Chris Evich <[email protected]>
There's no need for every task to have access to the `$GAC_JSON` variable contents. Move/duplicate the value to only the tasks which call `set_gac_filepath`. Signed-off-by: Chris Evich <[email protected]>
The default service unit file is modified at build time to ensure the Cirrus-CI Agent (runs as a startup script) isn't needlessly restricted by SELinux policy. The addition of a comment in a recent version of the google package broke this build-time modification. Fix this by correcting an overly broad regex. Signed-off-by: Chris Evich <[email protected]>
Signed-off-by: Chris Evich <[email protected]>
Also, when building the Fedora cache image, only prune systemd services for VMs, not containers. This limitation is already in place for Ubuntu. Signed-off-by: Chris Evich <[email protected]>
This was originally needed for testing containers/conmon but has long since been dropped. Remove it from the image build process along with the kube version lookup function. Signed-off-by: Chris Evich <[email protected]>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2009047 Signed-off-by: Chris Evich <[email protected]>
Several tests requre additional packages be installed at runtime. None of them make use of container images. Remove this support to help reduce their size. Also, when finalizing container images, remove any remaining golang and package metadata cache. Signed-off-by: Chris Evich <[email protected]>
Signed-off-by: Chris Evich <[email protected]>
For a two-stage image (base + cache) workflow, it makes sense to do as little as possible in the first stage. However, when it comes to cloud-init, somethings are more difficult to undo later. For example, default user creation. For Ubuntu, doing this in the second-stage (cache) was causing the resulting VM's cloud-init to fail in creating an 'ubuntu' user. Since this is undesirable behavior anyway, disable it universally and relocate the custom override file copy to the first stage (base). Also (minor) remove redundant package update command that lists names - not supported. Signed-off-by: Chris Evich <[email protected]>
After spending days debugging, it was determined that upgrading cloud-init results in a failure to add/update OSLogin users (and ssh keys) upon reboot (after resetting the system). The exact cause is unknown and further/deeper debugging isn't worth the effort. Workaround the problem by blocking the update for now
Merged
|
Cirrus CI build successful. Image ID |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This set of changes prepares the repo. and scripts for both F35 and Ubuntu 21.10 images. It's being done separately from #93 to allow for isolation of the version-change update influence on testing results.