# See https://wiki.debian.org/RaspberryPi3 for known issues and more details. steps: - mkimg: "{{ output }}" size: 2000M - mklabel: msdos device: "{{ output }}" - mkpart: primary fs-type: 'fat32' device: "{{ output }}" start: 0% end: 20% tag: /boot - mkpart: primary device: "{{ output }}" start: 20% end: 100% tag: / - kpartx: "{{ output }}" - mkfs: vfat partition: /boot label: RASPIFIRM - mkfs: ext4 partition: / label: RASPIROOT - mount: / - mount: /boot mount-on: / dirname: '/boot/firmware' - unpack-rootfs: / - qemu-debootstrap: buster mirror: http://deb.debian.org/debian target: / arch: __ARCH__ components: - main - contrib - non-free unless: rootfs_unpacked - create-file: /etc/apt/sources.list trailing-newline: '1' contents: | deb http://deb.debian.org/debian buster main contrib non-free deb http://deb.debian.org/debian-security buster/updates main contrib non-free # Backports are _not_ enabled by default. # Enable them by uncommenting the following line: # deb http://deb.debian.org/debian buster-backports main contrib non-free __OTHER_APT_ENABLE__ unless: rootfs_unpacked - chroot: / shell: | apt-get update --allow-releaseinfo-change unless: rootfs_unpacked - apt: install packages: - ssh - parted - dosfstools - wireless-tools - wpasupplicant - raspi3-firmware - __LINUX_IMAGE__ __EXTRA_PKGS__ tag: / unless: rootfs_unpacked - cache-rootfs: / unless: rootfs_unpacked - shell: | echo "__HOST__-$(date +%Y%m%d)" > "${ROOT?}/etc/hostname" # Allow root logins locally with no password sed -i 's,root:[^:]*:,root::,' "${ROOT?}/etc/shadow" install -m 644 -o root -g root rootfs/etc/fstab "${ROOT?}/etc/fstab" #not needed for peach #install -m 644 -o root -g root rootfs/etc/network/interfaces.d/eth0 "${ROOT?}/etc/network/interfaces.d/eth0" #install -m 600 -o root -g root rootfs/etc/network/interfaces.d/wlan0 "${ROOT?}/etc/network/interfaces.d/wlan0" install -m 755 -o root -g root rootfs/usr/local/sbin/rpi-set-sysconf "${ROOT?}/usr/local/sbin/rpi-set-sysconf" install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-set-sysconf.service "${ROOT?}/etc/systemd/system/" install -m 644 -o root -g root rootfs/boot/firmware/sysconf.txt "${ROOT?}/boot/firmware/sysconf.txt" mkdir -p "${ROOT?}/etc/systemd/system/basic.target.requires/" ln -s /etc/systemd/system/rpi-set-sysconf.service "${ROOT?}/etc/systemd/system/basic.target.requires/rpi-set-sysconf.service" install -m 755 -o root -g root rootfs/usr/sbin/rpi-resizerootfs "${ROOT?}/usr/sbin/rpi-resizerootfs" install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-resizerootfs.service "${ROOT?}/etc/systemd/system/" mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/" ln -s /etc/systemd/system/rpi-resizerootfs.service "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/rpi-resizerootfs.service" install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/" mkdir -p "${ROOT?}/etc/systemd/system/multi-user.target.requires/" ln -s /etc/systemd/system/rpi-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/multi-user.target.requires/rpi-generate-ssh-host-keys.service" rm -f "${ROOT?}"/etc/ssh/ssh_host_*_key* root-fs: / # Copy the relevant device tree files to the boot partition - chroot: / shell: | install -m 644 -o root -g root __DTB__ /boot/firmware/ # Clean up archive cache (likely not useful) and lists (likely outdated) to # reduce image size by several hundred megabytes. - chroot: / shell: | apt-get clean rm -rf /var/lib/apt/lists # Modify the kernel commandline we take from the firmware to boot from # the partition labeled raspiroot instead of forcing it to mmcblk0p2 - chroot: / shell: | ls -aR /boot sed -i 's/.dev.mmcblk0p2/LABEL=RASPIROOT/' /boot/firmware/cmdline.txt # BEGINNING OF PEACH CONFIG - shell: | echo "This peach base image was configured on $(date +%Y%m%d) with peach-img-builder version 0.1.0" > "${ROOT?}/srv/peach-img-provenance.log" root-fs: / - apt: install packages: - git - python3 - python3-pip - wget - gnupg2 tag: / - shell: | # because the linux kernel updates its vesrion # we need to make sure that we keep config.txt_i2c in sync with this # e.g. kernel=vmlinuz-4.19.0-18-arm64 # this copy command helps us see what the linux kernel version is (TODO: better way to do this) cp "${ROOT?}/boot/firmware/config.txt" /srv/peachcloud/automation/peach-img-builder/peach-img-kernel-config.log root-fs: / - chroot: / shell: | pip3 install setuptools echo "deb http://apt.peachcloud.org/ buster main" > /etc/apt/sources.list.d/peach.list wget -O /tmp/pubkey.gpg http://apt.peachcloud.org/pubkey.gpg apt-key add /tmp/pubkey.gpg apt-get update --allow-releaseinfo-change apt-get install -y peach-config RUST_LOG=info /usr/bin/peach-config setup -i -n -d # set default password for peach-web to peachcloud RUST_LOG=info /usr/bin/peach-config change-password -p peachcloud # lastly log which versions of microservices were installed and copy the provenance to the host machine - chroot: / shell: | /usr/bin/peach-config manifest > /srv/peach-img-manifest.log - shell: | cp "${ROOT?}/srv/peach-img-manifest.log" /srv/peachcloud/automation/peach-img-builder/peach-img-manifest.log root-fs: / # END OF PEACH CONFIG # TODO(https://github.com/larswirzenius/vmdb2/issues/24): remove once vmdb # clears /etc/resolv.conf on its own. - shell: | rm "${ROOT?}/etc/resolv.conf" root-fs: /