Bug 1329282 - QEMU image for building QEMU images
This is the bottom turtle, the QEMU image that we'll
build manually and the upload the S3. All the other
QEMU images will be built using this image, thanks
to nested virtualization.
MozReview-Commit-ID: I3nrLKtgKxc
--- a/taskcluster/docker/recipes/run-task
+++ b/taskcluster/docker/recipes/run-task
@@ -273,17 +273,19 @@ def main(args):
return 1
# Find all groups to which this user is a member.
gids = [g.gr_gid for g in grp.getgrall() if args.group in g.gr_mem]
uid = user.pw_uid
gid = group.gr_gid
else:
- uid = gid = gids = None
+ uid = os.geteuid()
+ gid = os.getegid()
+ gids = os.getgroups()
# Validate caches.
#
# Taskgraph should pass in a list of paths that are caches via an
# environment variable (which we don't want to pass down to child
# processes). For each cache, we write out a special file denoting
# attributes and capabilities of run-task and the task being executed.
# These attributes are used by subsequent run-task invocations to
new file mode 100644
--- /dev/null
+++ b/taskcluster/qemu/qemu-image-builder/custom-data/config.yml
@@ -0,0 +1,19 @@
+entrypoint: ['bash', '-bash', '-c', 'exec "$@"', '--']
+user: worker
+env:
+ # Set variable normally configured at login, by the shells parent process, these
+ # are taken from GNU su manual
+ HOME: /home/worker
+ SHELL: /bin/bash
+ USER: worker
+ LOGNAME: worker
+ HOSTNAME: taskcluster-worker
+ LC_ALL: C
+ # Set terminal emulator
+ TERM: xterm
+ # Set HG_STORE_PATH for run-task
+ HG_STORE_PATH: /home/worker/checkouts/hg-store
+ # Set MOZ_AUTOMATION to make mach and other scripts stop complaining
+ MOZ_AUTOMATION: '1'
+shell: ['bash', '-bash', '-li']
+workdir: /home/worker
new file mode 100644
--- /dev/null
+++ b/taskcluster/qemu/qemu-image-builder/custom-data/install.sh
@@ -0,0 +1,49 @@
+#!/bin/bash -e
+
+echo ' - Removing password from "worker" user'
+passwd -d worker
+
+echo ' - Allow "worker" user to do sudo without password'
+echo 'worker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
+
+echo ' - Installing taskcluster-worker qemu-guest-tools'
+cp /tmp/custom-data/config.yml /etc/taskcluster-worker-qemu-guest-tools.yml
+cp /tmp/custom-data/taskcluster-worker /usr/local/bin/taskcluster-worker
+chmod +x /usr/local/bin/taskcluster-worker
+cp /tmp/custom-data/taskcluster-worker.service /etc/systemd/system/taskcluster-worker.service
+chmod 644 /etc/systemd/system/taskcluster-worker.service
+systemctl enable taskcluster-worker.service
+
+echo ' - Installing docker'
+apt-get install -y apt-transport-https ca-certificates
+apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
+echo 'deb https://apt.dockerproject.org/repo ubuntu-xenial main' > /etc/apt/sources.list.d/docker.list
+apt-get update -y
+apt-get install -y docker-engine=17.05.0~ce-0~ubuntu-xenial
+
+echo ' - Grant worker user access to docker'
+usermod -aG docker worker
+
+echo ' - Installing python'
+apt-get install -y python
+
+echo ' - Installing mercurial'
+mkdir -p /setup /build
+cp /tmp/custom-data/tooltool.py /setup/tooltool.py
+mkdir -p /usr/local/mercurial
+cp /tmp/custom-data/robustcheckout.py /usr/local/mercurial/robustcheckout.py
+. /tmp/custom-data/common.sh
+. /tmp/custom-data/install-mercurial.sh
+
+echo ' - Configuring mercurial to use uncompressed bundles'
+cat << EOF > /home/worker/.hgrc
+[ui]
+clonebundleprefers = VERSION=packed1
+EOF
+
+echo ' - Installing test script'
+cp /tmp/custom-data/run-task /usr/local/bin/run-task
+chmod +x /usr/local/bin/run-task
+
+echo ' - chown ~/'
+chown -R worker:worker /home/worker/
new file mode 100644
--- /dev/null
+++ b/taskcluster/qemu/qemu-image-builder/custom-data/taskcluster-worker.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=QEMU guest tools for taskcluster-worker
+After=docker.service
+Requires=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/taskcluster-worker qemu-guest-tools -c /etc/taskcluster-worker-qemu-guest-tools.yml
+
+[Install]
+WantedBy=multi-user.target
new file mode 100644
--- /dev/null
+++ b/taskcluster/qemu/qemu-image-builder/custom-data/worker.seed
@@ -0,0 +1,101 @@
+# Defaults from: https://github.com/netson/ubuntu-unattended/blob/master/netson.seed
+# More good docs at: https://www.debian.org/releases/jessie/amd64/apbs04.html.en
+
+# Always install the virtual kernel
+d-i base-installer/kernel/override-image string linux-virtual
+
+# Localization
+d-i debian-installer/language string en_US:en
+d-i debian-installer/country string US
+d-i debian-installer/locale string en_US
+d-i localechooser/supported-locales multiselect en_US.UTF-8
+d-i pkgsel/install-language-support boolean false
+
+# Keyboard selection
+d-i console-setup/ask_detect boolean false
+d-i keyboard-configuration/modelcode string pc105
+d-i keyboard-configuration/layoutcode string us
+d-i keyboard-configuration/variantcode string intl
+d-i keyboard-configuration/xkb-keymap select us(intl)
+d-i debconf/language string en_US:en
+
+# Network settings
+d-i netcfg/choose_interface select auto
+d-i netcfg/dhcp_timeout string 30
+d-i netcfg/get_hostname string worker-vm
+d-i netcfg/get_domain string worker-vm
+d-i hw-detect/load_firmware boolean true
+
+# Mirror settings
+d-i mirror/country string manual
+d-i mirror/http/hostname string archive.ubuntu.com
+d-i mirror/http/directory string /ubuntu
+d-i mirror/http/proxy string
+
+# Configure apt
+d-i apt-setup/restricted boolean true
+d-i apt-setup/universe boolean true
+d-i apt-setup/backports boolean true
+d-i apt-setup/services-select multiselect security
+d-i apt-setup/security_host string security.ubuntu.com
+d-i apt-setup/security_path string /ubuntu
+tasksel tasksel/first multiselect Basic Ubuntu server
+d-i pkgsel/upgrade select full-upgrade
+d-i pkgsel/update-policy select none
+d-i pkgsel/updatedb boolean true
+d-i debconf debconf/frontend select Noninteractive
+popularity-contest popularity-contest/participate boolean false
+
+# User configuration...
+d-i passwd/root-login boolean false
+d-i passwd/make-user boolean true
+d-i passwd/user-fullname string worker
+d-i passwd/username string worker
+d-i passwd/user-password password worker
+d-i passwd/user-password-again password worker
+d-i passwd/user-uid string
+d-i user-setup/allow-password-weak boolean true
+d-i user-setup/encrypt-home boolean false
+
+# Clock and time (use UTC, don't sync with NTP, timezone UTC)
+d-i clock-setup/utc boolean true
+d-i clock-setup/ntp boolean false
+d-i time/zone string UTC
+
+# Partitioning
+d-i partman/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm_nooverwrite boolean true
+d-i partman/confirm boolean true
+d-i partman-auto/purge_lvm_from_device boolean true
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-auto-lvm/no_boot boolean true
+d-i partman-md/device_remove_md boolean true
+d-i partman-md/confirm boolean true
+d-i partman-md/confirm_nooverwrite boolean true
+d-i partman-auto/method string lvm
+d-i partman-auto-lvm/guided_size string max
+d-i partman-partitioning/confirm_write_new_label boolean true
+
+# Package selection
+d-i pkgsel/include string curl
+
+# No verbose output and no boot splash screen.
+d-i debian-installer/quiet boolean true
+d-i debian-installer/splash boolean false
+
+# Bootloader
+d-i grub-installer/timeout string 0
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+
+# Command to run before finishing install
+d-i preseed/late_command string /cdrom/custom-data/wrap-install.sh
+
+# Poweroff the machine after install
+d-i finish-install/reboot_in_progress note
+d-i finish-install/keep-consoles boolean false
+d-i cdrom-detect/eject boolean false
+d-i debian-installer/exit/poweroff boolean true
new file mode 100644
--- /dev/null
+++ b/taskcluster/qemu/qemu-image-builder/custom-data/wrap-install.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+cp -r /cdrom/custom-data /target/tmp/custom-data
+chmod +x /target/tmp/custom-data/install.sh
+chroot /target /bin/bash --login /tmp/custom-data/install.sh | /cdrom/custom-data/taskcluster-worker qemu-guest-tools post-log -
+rm -rf /target/tmp/custom-data
new file mode 100644
--- /dev/null
+++ b/taskcluster/qemu/qemu-image-builder/image.yml
@@ -0,0 +1,86 @@
+symbol: 'I(qemu-image-builder)'
+private: false
+description: |
+ Manually built Ubuntu image for building other in-tree QEMU images.
+ This image contains
+ * python 2.7
+ * mercurial
+ * docker
+ * run-task (from taskcluster/docker/recipes/run-task)
+
+ Do not use this image for various one-off tasks that just needs docker, this
+ image is intended for building QEMU images, and won't be updated often, as
+ the process is manual.
+disksize: 40 # GB
+machine: # virtual machine definition
+ uuid: 52bab607-10f1-4049-a0f8-ee4725cb715b
+ chipset: pc-i440fx-2.8
+ usb: nec-usb-xhci
+ network: e1000
+ mac: aa:54:1a:30:5c:de
+ storage: virtio-blk-pci
+ graphics: qxl-vga
+ sound: none
+ keyboard: usb-kbd
+ keyboardLayout: en-us
+ mouse: usb-mouse
+ tablet: usb-tablet
+cdromA:
+ # Download an extract ubuntu 16.04 server install media
+ - extract:
+ url: http://releases.ubuntu.com/16.04.2/ubuntu-16.04.2-server-amd64.iso
+ sha256: 737ae7041212c628de5751d15c3016058b0e833fdc32e7420209b76ca3d0a535
+ format: iso
+ target: /
+
+ # Modify the grub boot menu to have a timeout of 1 second
+ - sed: 's/timeout\s\+[0-9]\+/timeout 1/g'
+ target: /isolinux/isolinux.cfg
+
+ # Modify boot options to specify preseed in kernel parameters
+ - sed: '/label install/ilabel autoinstall\nmenu label ^Autoinstall Ubuntu Worker\nkernel /install/vmlinuz\nappend file=/cdrom/custom-data/worker.seed initrd=/install/initrd.gz auto=true priority=high preseed/file=/cdrom/custom-data/worker.seed --'
+ target: /isolinux/txt.cfg
+
+ # Add custom-data which contains preseed, install scripts, etc
+ - copy: ./custom-data
+ target: /custom-data
+ - chmod: +x
+ target: /custom-data/wrap-install.sh
+
+ # Add run-task and install-mercurial.sh as needed by custom-data/install.sh
+ - copy: /taskcluster/docker/recipes/run-task
+ target: /custom-data/run-task
+ - copy: /python/mozbuild/mozbuild/action/tooltool.py
+ target: /custom-data/tooltool.py
+ - copy: /taskcluster/docker/recipes/common.sh
+ target: /custom-data/common.sh
+ - copy: /testing/mozharness/external_tools/robustcheckout.py
+ target: /custom-data/robustcheckout.py
+ - copy: /taskcluster/docker/recipes/install-mercurial.sh
+ target: /custom-data/install-mercurial.sh
+
+ # Download taskcluster-worker and add it to custom-data
+ - copy:
+ url: https://github.com/taskcluster/taskcluster-worker/releases/download/v0.1.9/taskcluster-worker-0.1.9-linux-amd64
+ sha256: dc184f3c741ed4098c05350c531739f176d6e2146d38314311e6b019b5f84727
+ target: /custom-data/taskcluster-worker
+
+ # Make taskcluster-worker binary executable
+ - chmod: +x
+ target: /custom-data/taskcluster-worker
+
+ # Package everything into an ISO
+ - genisoimage:
+ - '-JlDrV'
+ - 'UBUNTU_INSTALLER'
+ - '-input-charset'
+ - 'utf-8'
+ - '-cache-inodes'
+ - '-b'
+ - 'isolinux/isolinux.bin'
+ - '-c'
+ - 'isolinux/boot.cat'
+ - '-no-emul-boot'
+ - '-boot-load-size'
+ - '4'
+ - '-boot-info-table'
new file mode 100644
--- /dev/null
+++ b/taskcluster/qemu/qemu-image-builder/reference.yml
@@ -0,0 +1,4 @@
+# generated by |mach push qemu-image-builder|
+image-hash: 1e4569427c1e936f78ab41c8ea6d7bb7e7dfa84d807584261db33b9a701548fe
+sha256: 06704812548e837601a9ecd5b45478766d753fac248820041c3169a438ca737e
+url: https://s3-us-west-2.amazonaws.com/public-qemu-images/repository/hg.mozilla.org/mozilla-central/qemu-image-builder@sha256:1e4569427c1e936f78ab41c8ea6d7bb7e7dfa84d807584261db33b9a701548fe.tar.zstd
