From b3baf8c91a2149a609f87ab76a5d5058e79f8def Mon Sep 17 00:00:00 2001 From: Charles Leclerc Date: Thu, 3 Dec 2015 21:38:42 -0500 Subject: [PATCH] Released version 1.0 --- README.md | 217 ++++++++++++++++++ .../etc/systemd/system/first-boot.service | 9 + .../first-boot.service | 1 + first-boot/first-boot | 0 first-boot/usr/local/sbin/first-boot.sh | 21 ++ 5 files changed, 248 insertions(+) create mode 100644 first-boot/etc/systemd/system/first-boot.service create mode 120000 first-boot/etc/systemd/system/multi-user.target.wants/first-boot.service create mode 100644 first-boot/first-boot create mode 100755 first-boot/usr/local/sbin/first-boot.sh diff --git a/README.md b/README.md index 31ce0af..e73d989 100644 --- a/README.md +++ b/README.md @@ -1 +1,218 @@ # jessie-image + +## Description + +In this repository you will find all the steps and extra files used to create the jessie images for both the Bubba|2 and the B3 platforms. + +Given the fact that image creation is not done every day there is no scripted/automated method to create it ; instead all the steps needed (and taken) to create the released image will be described in this README. It will be updated with each release. + +The current version for the excito jessie image is **1.0** + +## Contents + +- This README.md file, the "image create manual" +- `first-boot` which contains first-boot scripts run ... on the first boot; Currently these scripts: + - Generate new ssh host keys + - Remove themselves + +## Image creation + +### Pre-requisites + +In order to create an image you need a Bubba|2 or a B3 running whatever standard Linux OS you wish, ~1GiB free space and an internet connection; The only software needed on the host is the debootstrap package. + +The released image are created from the [install/rescue system](https://github.com/Excito/buildroot) which provides all the necessary tools. + +Everything must be run as `root`. + +### Boostraping and chroot into the system + +- Create a directory that will host the image (it doesn't have to be a mounted partition): +``` +mkdir /mnt/target +``` +- Debootstrap jessie choosing the right architecture: +``` +# Bubba|2: +debootstrap --arch=powerpc jessie /mnt/target http://httpredir.debian.org/debian + +# B3: +debootstrap --arch=armel jessie /mnt/target http://debian.bhs.mirrors.ovh.net/debian +``` +- Mount the kernel filesystems: +``` +mount -t proc none /mnt/target/proc +mount -t sysfs none /mnt/target/sys +mount -o bind /dev /mnt/target/dev +mount -t devpts none /mnt/target/dev/pts +mount -t tmpfs none /mnt/target/dev/shm +``` +- Create the `policy-rc.d` file which will prevent the daemons to be run inside the chroot: +``` +cat > /mnt/target/usr/sbin/policy-rc.d << EOF +#!/bin/sh +exit 101 +EOF +chmod 755 /mnt/target/usr/sbin/policy-rc.d +``` +- Chroot into the system and setup the environment: +``` +chroot /mnt/target /bin/bash +source /etc/profile +cd /root +export PS1="(chroot) $PS1" +``` + +### APT configuration and standard package install + +- Create the `/etc/mtab` link: +``` +ln -s /proc/mounts /etc/mtab +``` +- Create a basic `sources.list`: +``` +cat > /etc/apt/sources.list << EOF +deb http://httpredir.debian.org/debian jessie main +#deb-src http://httpredir.debian.org/debian jessie main + +deb http://security.debian.org/ jessie/updates main +#deb-src http://security.debian.org/ jessie/updates main +EOF +``` +- Download and install the `excito-release-jessie` package: +``` +wget -q http://repo.excito.org/excito-release-jessie.deb +dpkg -i excito-release-jessie.deb +rm excito-release-jessie.deb +``` +- Update apt cache and ugprade the system: +``` +apt-get update +apt-get -y dist-upgrade +``` +- Install locales and standard system tools: +``` +apt-get -y install locales +tasksel install standard ssh-server +``` + +### [Optional] Install u-boot-tools to access u-boot configuration + +Released images provide `fw_setenv` and `fw_printenv` which allows access and modification of the platform bootloader. These tools are only 'nice to have'. Beware that misuse can prevent the system from booting. + +- Create the `fw_env.config` file: +``` +# Bubba|2: +cat > /etc/fw_env.config << EOF +# MTD definition for Bubba|2 +# MTD device name Device offset Env. size Flash sector size Number of sectors +/dev/mtd0 0x50000 0x002000 0x10000 +/dev/mtd0 0x60000 0x002000 0x10000 +EOF + +# B3: +cat > /etc/fw_env.config << EOF +# MTD definition for Bubba|3 +# MTD device name Device offset Env. size Flash sector size Number of sectors +/dev/mtd1 0x000000 0x010000 0x010000 +EOF +``` +- Install the `u-boot-tools` and the `mtd-utils` package: +``` +apt-get -y install u-boot-tools mtd-utils +``` + +### User and password creation + +- Set the root password ('excito' without quotes on the released images): +``` +passwd +``` +- Create the `excito` user and set its password ('excito' without quotes on the released images): +``` +useradd -m -U -s /bin/bash excito +passwd +``` + +### System configuration + +- Reconfigure the exim4 mail server with the following answers: +`dpkg-reconfigure exim4-config` + - General type of mail configuration: `local delivery only; not on a network` + - System mail name: `b3` for the B3, `bubbatwo` for the Bubba|2 + - IP-addresses to listen: `127.0.0.1 ; ::1` + - Other destinations: *empty* + - Keep number of DNS-queries minimal: `No` + - Delivery method for local mail: `mbox format in /var/mail` + - Split configuration into small files: `No` + - Root and postmaster mail recipient: `excito` +- Configure the network: +``` +cat > /etc/network/interfaces << EOF +allow-hotplug eth0 +iface eth0 inet dhcp + +allow-hotplug eth1 +iface eth1 inet dhcp +EOF +``` +- Create `/etc/fstab`: +``` +cat > /etc/fstab << EOF +/dev/sda1 / ext3 noatime 0 1 +EOF +``` +- Set the hostname: +``` +# Bubba|2: +echo "bubbatwo" > /etc/hostname + +# B3: +echo "b3" > /etc/hostname +``` +### Cleanup +- Remove unnecessary packages: +``` +# Bubba|2: +apt-get purge -y nfs-common rpcbind yaboot + +# B3: +apt-get purge -y nfs-common rpcbind +``` +- Cleanup packages and empty apt cache: +``` +apt-get -y autoremove --purge +apt-get clean +``` +- Remove previously created ssh keys (they will be recreated by the `first-boot` files): +``` +rm /etc/ssh/*key* +``` +- Exit the chroot: +``` +exit +``` +- Remove the shell history file and the previously created `policy-rc.d` file: +``` +rm /mnt/target/usr/sbin/policy-rc.d /mnt/target/root/.bash_history +``` +- Unmount kernel filesystem: +``` +umount /mnt/target/dev/shm +umount /mnt/target/dev/pts +umount /mnt/target/dev +umount /mnt/target/sys +umount /mnt/target/proc +``` + +### `first-boot` files and tarball creation ### +- Download and extract the first-boot release tarball into target: +``` +wget -O/mnt/target/first-boot.tgz https://github.com/Excito/jessie-image/releases/download/v1.0/first-boot.tgz +( cd /mnt/target; tar -xvf first-boot.tgz ) +rm /mnt/target/first-boot.tgz +``` +- Now that the image files are ready, go ahead and create the final tarball: +``` +( cd /mnt/target; tar -czvf /root/jessie-image.tgz .) +``` diff --git a/first-boot/etc/systemd/system/first-boot.service b/first-boot/etc/systemd/system/first-boot.service new file mode 100644 index 0000000..9d84f2f --- /dev/null +++ b/first-boot/etc/systemd/system/first-boot.service @@ -0,0 +1,9 @@ +[Unit] +Description=Post imaging script + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/first-boot.sh + +[Install] +WantedBy=multi-user.target diff --git a/first-boot/etc/systemd/system/multi-user.target.wants/first-boot.service b/first-boot/etc/systemd/system/multi-user.target.wants/first-boot.service new file mode 120000 index 0000000..cbf91d3 --- /dev/null +++ b/first-boot/etc/systemd/system/multi-user.target.wants/first-boot.service @@ -0,0 +1 @@ +/etc/systemd/system/first-boot.service \ No newline at end of file diff --git a/first-boot/first-boot b/first-boot/first-boot new file mode 100644 index 0000000..e69de29 diff --git a/first-boot/usr/local/sbin/first-boot.sh b/first-boot/usr/local/sbin/first-boot.sh new file mode 100755 index 0000000..81c5a77 --- /dev/null +++ b/first-boot/usr/local/sbin/first-boot.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +exec 1<&- +exec 2<&- + +exec 1<>/var/log/first-boot.log +exec 2>&1 + +if [ ! -e /first-boot ] ; then + echo "/first-boot doesn't exist ; exiting" + exit 1 +fi + +echo "Reconfiguring openssh-server" +dpkg-reconfigure openssh-server + +echo "Cleaning up" +rm -f $0 +rm -f /first-boot +systemctl disable first-boot +rm -f /etc/systemd/system/first-boot.service