diff --git a/release/Makefile.vm b/release/Makefile.vm index 2ab5b4e373e3..81f46a23b2ac 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -20,6 +20,7 @@ RAW_DESC= Unformatted raw disk image CLOUDWARE?= BASIC-CI \ EC2 \ GCE \ + OCI \ VAGRANT-VIRTUALBOX \ VAGRANT-VMWARE AZURE_FORMAT= vhdf @@ -34,6 +35,9 @@ EC2_DISK= ${OSRELEASE}.${EC2_FORMAT} GCE_FORMAT= raw GCE_DESC= Google Compute Engine image GCE_DISK= disk.${GCE_FORMAT} +OCI_FORMAT= qcow2 +OCI_DESC= Oracle Cloud Infrastructure image +OCI_DISK= ${OSRELEASE}.${OCI_FORMAT} OPENSTACK_FORMAT=qcow2 OPENSTACK_DESC= OpenStack platform image OPENSTACK_DISK= ${OSRELEASE}.${OPENSTACK_FORMAT} diff --git a/release/release.conf.sample b/release/release.conf.sample index bd7be15b0227..40f8457e8f89 100644 --- a/release/release.conf.sample +++ b/release/release.conf.sample @@ -113,4 +113,4 @@ PORTBRANCH="main" ## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers ## to create disk images. -#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE" +#CLOUDWARE="EC2 GCE OCI VAGRANT-VIRTUALBOX VAGRANT-VMWARE" diff --git a/release/tools/oci.conf b/release/tools/oci.conf new file mode 100644 index 000000000000..7260cd24defd --- /dev/null +++ b/release/tools/oci.conf @@ -0,0 +1,94 @@ +#!/bin/sh +# Set to a list of packages to install. +export VM_EXTRA_PACKAGES=" + comms/py-pyserial + converters/base64 + devel/oci-cli + devel/py-babel + devel/py-iso8601 + devel/py-pbr + devel/py-six + ftp/curl + lang/python + lang/python3 + net/cloud-init + net/py-eventlet + net/py-netaddr + net/py-netifaces + net/py-oauth + net/rsync + panicmail + security/ca_root_nss + security/sudo + sysutils/firstboot-freebsd-update + sysutils/firstboot-pkgs + sysutils/panicmail + textproc/jq + " + +# Should be enough for base image, image can be resized in needed +export VMSIZE=5g + +# Set to a list of third-party software to enable in rc.conf(5). +export VM_RC_LIST=" + cloudinit + firstboot_pkgs + firstboot_freebsd_update + growfs + ntpd + ntpd_sync_on_start + sshd + zfs" + +vm_extra_pre_umount() { + cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf + dumpdev=AUTO + sendmail_enable=NONE +EOF + + cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf + autoboot_delay="5" + beastie_disable="YES" + boot_serial="YES" + loader_logo="none" + cryptodev_load="YES" + opensolaris_load="YES" + xz_load="YES" + zfs_load="YES" +EOF + + cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config + # S11 Configure the SSH service to prevent password-based login + PermitRootLogin prohibit-password + PasswordAuthentication no + KbdInteractiveAuthentication no + PermitEmptyPasswords no + UseDNS no +EOF + + # S14 Root user login must be disabled on serial-over-ssh console + pw -R ${DESTDIR} usermod root -w no + # OCI requirements override the default FreeBSD cloud-init settings + cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oci.cfg + disable_root: true + system_info: + distro: freebsd + default_user: + name: freebsd + lock_passwd: True + gecos: "OCI Default User" + groups: [wheel] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/sh + network: + renderers: ['freebsd'] +EOF + + # Use Oracle Cloud Infrastructure NTP server + sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \ + ${DESTDIR}/etc/ntp.conf + + touch ${DESTDIR}/firstboot + + return 0 +}