0064db95fe
The original image-builder approach had an entirely containerized approach for building target images. This approach was flawed because: 1. There are a number of debian packages which will not install without /sys, /proc, /dev, or /dev/pts mountpoints, and 2. Container build process does not support building with privileges needed to bind-mount these directories into the chroot build space 3. It is a requirement for all packages to be installed in the container image in order to avoid deployment risk of missing mirror resources This patchset addresses this problem by performing necessary privileged steps outside of a containerized build process. At the end of this process, the root filesystem is packaged into a docker container when elevated permissions are no longer required. Change-Id: I5f8dc972f67c5649bf5f9403a5a512d06c948720
121 lines
2.8 KiB
YAML
121 lines
2.8 KiB
YAML
rootfs_root: build
|
|
rootfs_arch: amd64
|
|
k8s_version: 1.18.6-00
|
|
kernel_base_pkg: linux-image-generic
|
|
kernel_headers_pkg: linux-headers-generic
|
|
ubuntu_packages:
|
|
- apparmor
|
|
- apt-file
|
|
- apt-utils
|
|
- apt-transport-https
|
|
- arptables
|
|
- bash-completion
|
|
- bc
|
|
- bridge-utils
|
|
- chrony
|
|
- cloud-init
|
|
- conntrack
|
|
- curl
|
|
- dbus
|
|
- dnsutils
|
|
- dosfstools
|
|
- e2fsprogs
|
|
- ebtables
|
|
- efivar
|
|
- ethtool
|
|
- file
|
|
- gawk
|
|
- gettext-base
|
|
- gnupg2
|
|
- grub2
|
|
- grub-efi-amd64-signed
|
|
- ifenslave
|
|
- isc-dhcp-client
|
|
- iproute2
|
|
- iptables
|
|
- iputils-arping
|
|
- iputils-ping
|
|
- iputils-tracepath
|
|
- ipvsadm
|
|
- kdump-tools
|
|
- "{{ kernel_base_pkg }}"
|
|
- "{{ kernel_headers_pkg }}"
|
|
- kmod
|
|
- less
|
|
- live-boot
|
|
- locales
|
|
- locales-all
|
|
- logrotate
|
|
- lsb-release
|
|
- lsof
|
|
- man-db
|
|
- mawk
|
|
- mbr
|
|
- netplan.io
|
|
- net-tools
|
|
- networkd-dispatcher # required for netplan post-up scripts
|
|
- openssh-server
|
|
- passwd
|
|
- python3
|
|
- python3-apt
|
|
- rsyslog
|
|
- socat
|
|
- systemd
|
|
- systemd-sysv
|
|
- strace
|
|
- sudo
|
|
- tcpdump
|
|
- traceroute
|
|
- vim
|
|
- vlan
|
|
- xfsprogs
|
|
- xz-utils
|
|
repos:
|
|
- register_repo_with_rootfs: true
|
|
name: Ubuntu
|
|
packages: "{{ ubuntu_packages }}"
|
|
source: http://archive.ubuntu.com/ubuntu/
|
|
keyring_pkg: ubuntu-keyring
|
|
suite: focal
|
|
components: main restricted universe
|
|
- register_repo_with_rootfs: true
|
|
name: Ubuntu-Updates
|
|
packages: []
|
|
source: http://archive.ubuntu.com/ubuntu/
|
|
# NOTE: We comment this out as the package comes from the "focal" suite
|
|
# keyring_pkg: ubuntu-keyring
|
|
suite: focal-updates
|
|
omitdebsrc: "true"
|
|
components: main restricted universe
|
|
- register_repo_with_rootfs: true
|
|
name: Ubuntu-Security
|
|
packages: []
|
|
source: http://archive.ubuntu.com/ubuntu/
|
|
# NOTE: We comment this out as the package comes from the "focal" suite
|
|
# keyring_pkg: ubuntu-keyring
|
|
suite: focal-security
|
|
omitdebsrc: "true"
|
|
components: main restricted universe
|
|
- register_repo_with_rootfs: true
|
|
name: Docker
|
|
packages:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
source: https://download.docker.com/linux/ubuntu
|
|
keyring_url: https://download.docker.com/linux/ubuntu/gpg
|
|
suite: focal
|
|
omitdebsrc: "true"
|
|
components: stable
|
|
- register_repo_with_rootfs: true
|
|
name: Kubernetes
|
|
packages:
|
|
- kubelet={{ k8s_version }}
|
|
- kubeadm={{ k8s_version }}
|
|
- kubectl={{ k8s_version }}
|
|
source: https://apt.kubernetes.io
|
|
keyring_url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
suite: kubernetes-xenial
|
|
omitdebsrc: "true"
|
|
components: main
|