From 1a417edb689f5740fa7e0a7932b494198113b2de Mon Sep 17 00:00:00 2001 From: Amelia Crate <95060558+a-crate@users.noreply.github.com> Date: Thu, 11 Jan 2024 10:14:12 -0800 Subject: [PATCH] Delete centos-7-predictable-nic workflows (#2262) --- .../centos_7_predictable_nic.publish.json | 31 --- .../centos_7_predictable_nic.wf.json | 70 ----- .../centos_7_predictable_nic.wf.json | 55 ---- .../kickstart/centos_7_predictable_nic.cfg | 241 ------------------ 4 files changed, 397 deletions(-) delete mode 100644 daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.publish.json delete mode 100644 daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.wf.json delete mode 100644 daisy_workflows/image_build/enterprise_linux/centos_7_predictable_nic.wf.json delete mode 100644 daisy_workflows/image_build/enterprise_linux/kickstart/centos_7_predictable_nic.cfg diff --git a/daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.publish.json b/daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.publish.json deleted file mode 100644 index ba0fdacd5..000000000 --- a/daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.publish.json +++ /dev/null @@ -1,31 +0,0 @@ -{{/* - Template to publish UEFI-enabled CentOS images. - By default this template is setup to publish to the 'gce-image-builder' - project, the 'environment' variable can be used to publish to 'test', 'prod' - DeleteAfter is set to 180 days for all environments other than prod where no - time period is set. -*/}} -{ - "Name": "centos-7-predictable-nic", - {{$work_project := printf "%q" "gce-image-builder" -}} - {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} - {{$delete_after := `"24h*30*6"` -}} - "WorkProject": {{$work_project}}, - "PublishProject": "bct-prod-images", - "ComputeEndpoint": {{$endpoint}}, - "DeleteAfter": {{$delete_after}}, - {{$guest_features := `["UEFI_COMPATIBLE", "GVNIC"]` -}} - {{$time := trimPrefix .publish_version "v"}} - "Images": [ - { - "Family": "centos-7-predictable-nic", - "Prefix": "centos-7-predictable-nic", - "Description": "CentOS, CentOS, 7, x86_64 built on {{$time}}", - "Architecture": "X86_64", - "Licenses": [ - "projects/centos-cloud/global/licenses/centos-7" - ], - "GuestOsFeatures": {{$guest_features}} - } - ] -} diff --git a/daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.wf.json b/daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.wf.json deleted file mode 100644 index 5f2f06e16..000000000 --- a/daisy_workflows/build-publish/enterprise_linux/centos_7_predictable_nic.wf.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "Name": "centos-7-predictable-nic", - "Project": "gce-image-builder", - "Zone": "us-central1-b", - "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", - "Vars": { - "build_date": { - "Value": "${TIMESTAMP}", - "Description": "Build datestamp used to version the image." - }, - "google_cloud_repo": { - "Value": "stable", - "Description": "The Google Cloud Repo branch to use." - }, - "workflow_root": { - "Value": "/workflows", - "Description": "Root of github workflows, defaults to /workflows in the container." - }, - "gcs_url": { - "Required": true, - "Description": "The GCS path that image raw file exported to." - }, - "sbom_destination": { - "Value": "${OUTSPATH}/export-image.sbom.json", - "Description": "SBOM final export destination, copies in place by default" - }, - "installer_iso": { - "Required": true, - "Description": "The CentOS 7 installer ISO to build from." - }, - "sbom_util_gcs_root": { - "Value": "", - "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." - } - }, - "Steps": { - "build": { - "TimeOut": "60m", - "IncludeWorkflow": { - "Path": "${workflow_root}/image_build/enterprise_linux/centos_7_predictable_nic.wf.json", - "Vars": { - "build_date": "${build_date}", - "google_cloud_repo": "${google_cloud_repo}", - "installer_iso": "${installer_iso}" - } - } - }, - "export-image": { - "Timeout": "60m", - "IncludeWorkflow": { - "Path": "${workflow_root}/export/disk_export.wf.json", - "Vars": { - "destination": "${gcs_url}", - "sbom_destination": "${sbom_destination}", - "source_disk": "el-install-disk", - "sbom_util_gcs_root": "${sbom_util_gcs_root}" - } - } - }, - "cleanup-image": { - "DeleteResources": { - "Images": ["centos-7-predictable-nic-v${build_date}"] - } - } - }, - "Dependencies": { - "export-image": ["build"], - "cleanup-image": ["export-image"] - } -} diff --git a/daisy_workflows/image_build/enterprise_linux/centos_7_predictable_nic.wf.json b/daisy_workflows/image_build/enterprise_linux/centos_7_predictable_nic.wf.json deleted file mode 100644 index 563038f30..000000000 --- a/daisy_workflows/image_build/enterprise_linux/centos_7_predictable_nic.wf.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "Name": "build-centos-7-predictable-nic", - "Vars": { - "google_cloud_repo": { - "Value": "stable", - "Description": "The Google Cloud Repo branch to use." - }, - "installer_iso": { - "Required": true, - "Description": "The CentOS 7 installer ISO to build from." - }, - "build_date": { - "Value": "${TIMESTAMP}", - "Description": "Build datestamp used to version the image." - }, - "publish_project": { - "Value": "${PROJECT}", - "Description": "A project to publish the resulting image to." - } - }, - "Steps": { - "build-centos": { - "Timeout": "60m", - "IncludeWorkflow": { - "Path": "./enterprise_linux.wf.json", - "Vars": { - "el_release": "centos-7-predictable-nic", - "kickstart_config": "./kickstart/centos_7_predictable_nic.cfg", - "google_cloud_repo": "${google_cloud_repo}", - "installer_iso": "${installer_iso}" - } - } - }, - "create-image": { - "CreateImages": [ - { - "Name": "centos-7-predictable-nic-v${build_date}", - "SourceDisk": "el-install-disk", - "Licenses": [ - "projects/centos-cloud/global/licenses/centos-7" - ], - "Description": "CentOS, CentOS, 7, x86_64 built on ${build_date}", - "Family": "centos-7-predictable-nic", - "Project": "${publish_project}", - "NoCleanup": true, - "ExactName": true, - "GuestOsFeatures": ["UEFI_COMPATIBLE"] - } - ] - } - }, - "Dependencies": { - "create-image": ["build-centos"] - } -} diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/centos_7_predictable_nic.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/centos_7_predictable_nic.cfg deleted file mode 100644 index 8414d8efc..000000000 --- a/daisy_workflows/image_build/enterprise_linux/kickstart/centos_7_predictable_nic.cfg +++ /dev/null @@ -1,241 +0,0 @@ -# centos-7-options.cfg - -### Anaconda installer configuration. -# Install in cmdline mode. -cmdline -url --mirrorlist="http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os" -repo --name=updates --mirrorlist="http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates" -poweroff - -# Network configuration -network --bootproto=dhcp --device=link - -### Installed system configuration. -firewall --enabled -services --enabled=sshd --disabled=sshd-keygen@ -skipx -timezone --utc UTC --ntpservers=metadata.google.internal -rootpw --iscrypted --lock * -firstboot --disabled -user --name=gce --lock - -### Disk configuration. -# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. -%pre --interpreter=/usr/bin/bash -cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ -cp /run/install/isodir/google_nvme_id /usr/lib/udev/ -chmod +x /usr/lib/udev/google_nvme_id -# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger -udevadm settle -udevadm control --reload -udevadm trigger --settle -tee -a /tmp/disk-config << EOM -# build_installer.py will replace with the id of the install disk to avoid race conditions -bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="scsi_mod.use_blk_mq=Y" -# EFI partitioning, creates a GPT partitioned disk. -clearpart --drives=/dev/disk/by-id/google-el-install-disk --all -part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk -part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs -EOM -%end -%include /tmp/disk-config - -# el7-packages.cfg -# Contains a list of packages to be installed, or not, on all flavors. -# The %package command begins the package selection section of kickstart. -# Packages can be specified by group, or package name. @Base and @Core are -# always selected by default so they do not need to be specified. - -%packages -acpid -net-tools -openssh-server -vim -# Make sure that subscription-manager and rhn packages are not installed as -# they conflict with GCE packages. --subscription-manager --*rhn* --alsa-utils --b43-fwcutter --dmraid --eject --gpm --kexec-tools --irqbalance --microcode_ctl --smartmontools --aic94xx-firmware --atmel-firmware --b43-openfwwf --bfa-firmware --ipw2100-firmware --ipw2200-firmware --ivtv-firmware --iwl100-firmware --iwl1000-firmware --iwl3945-firmware --iwl4965-firmware --iwl5000-firmware --iwl5150-firmware --iwl6000-firmware --iwl6000g2a-firmware --iwl6050-firmware --kernel-firmware --libertas-usb8388-firmware --ql2100-firmware --ql2200-firmware --ql23xx-firmware --ql2400-firmware --ql2500-firmware --rt61pci-firmware --rt73usb-firmware --xorg-x11-drv-ati-firmware --zd1211-firmware -%end - -%post -tee -a /etc/yum.repos.d/google-cloud.repo << EOM -[google-compute-engine] -name=Google Compute Engine -baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el7-x86_64-stable -enabled=1 -gpgcheck=1 -repo_gpgcheck=0 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -EOM -tee -a /etc/yum.repos.d/google-cloud.repo << EOM -[google-cloud-sdk] -name=Google Cloud SDK -baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64 -enabled=1 -gpgcheck=1 -repo_gpgcheck=0 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -EOM -%end -# Google Compute Engine kickstart config for Enterprise Linux 7. -%onerror -echo "Build Failed!" > /dev/ttyS0 -shutdown -h now -%end - -%post --erroronfail -set -x -exec &> /dev/ttyS0 -# Install EPEL. -yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -# that's a symlink. we don't know the actual name of the package, so we can't -# validate with rpm -q. Try rpm -qa|grep instead. -rpm -qa | grep epel-release - -# Import all RPM GPG keys. -curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg -rpm --import /etc/pki/rpm-gpg/* - -# Delete the dummy user account. -userdel -r gce - -# Configure the network for GCE. -# Given that GCE users typically control the firewall at the network API level, -# we want to leave the standard Linux firewall setup enabled but all-open. -firewall-offline-cmd --set-default-zone=trusted - -cat >>/etc/dhclient.conf <> /etc/sysconfig/network-scripts/ifcfg-eth0 - -# Disable IPv6 for Yum. -echo "ip_resolve=4" >> /etc/yum.conf - -# Install GCE guest packages and CloudSDK. -yum install -y google-compute-engine google-osconfig-agent gce-disk-expand -yum install -y google-cloud-cli -rpm -q google-cloud-cli google-compute-engine google-osconfig-agent gce-disk-expand - -# Send /root/anaconda-ks.cfg to our logs. -cp /run/install/ks.cfg /tmp/anaconda-ks.cfg - -# Remove files which shouldn't make it into the image. These files may not -# exist. -rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules - -# Ensure no attempt will be made to persist network MAC addresses. -ln -s /dev/null /etc/udev/rules.d/75-persistent-net-generator.rules -sed -i '/^\(HWADDR\)=/d' /etc/sysconfig/network-scripts/ifcfg-* - -# Disable password authentication by default. -sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config - -# Set ServerAliveInterval and ClientAliveInterval to prevent SSH -# disconnections. The pattern match is tuned to each source config file. -# The $'...' quoting syntax tells the shell to expand escape characters. -sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config -sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config -sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config - -# Disable root login via SSH by default. -sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config - -# Update all packages. -yum -y update - -# Install yum-cron. -yum -y install yum-cron -rpm -q yum-cron - -# Make changes to yum-cron.conf on el7/centos7 -grep apply_updates /etc/yum/yum-cron.conf -cp /etc/yum/yum-cron.conf /tmp/yum-cron.conf -# Apply updates for security only. Note on CentOS, repositories do not have security context. -sed -i 's/update_cmd =.*/update_cmd = security/' /tmp/yum-cron.conf -sed -i 's/apply_updates =.*/apply_updates = yes/' /tmp/yum-cron.conf -cat /tmp/yum-cron.conf > /etc/yum/yum-cron.conf -grep apply_updates /etc/yum/yum-cron.conf -chkconfig yum-cron on - -# Cleanup this repo- we don't want to continue updating with it. -# Depending which repos are used in build, one or more of these files will not -# exist. -rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ - /etc/yum.repos.d/google-cloud-staging.repo - -# Clean up the cache for smaller images. -yum clean all - -# Blacklist the floppy module. -echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf -restorecon /etc/modprobe.d/blacklist-floppy.conf - -# Set the default timeout to 0 and update grub2. -sed -i"" 's:GRUB_TIMEOUT=.*:GRUB_TIMEOUT=0:' /etc/default/grub -sed -i"" '/GRUB_CMDLINE_LINUX/s:"$: elevator=noop":' /etc/default/grub -restorecon /etc/default/grub -grub2-mkconfig -o /boot/grub2/grub.cfg -# Update EFI grub configs. -if [ -d /boot/efi/EFI/centos ]; then - grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg -elif [ -d /boot/efi/EFI/redhat ]; then - grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg -fi - -# Generate initramfs from latest kernel instead of the running kernel. -kver="$(ls -t /lib/modules | head -n1)" -dracut -f --kver="${kver}" - -# Fix selinux contexts on /etc/resolv.conf. -restorecon /etc/resolv.conf -%end - -# Cleanup. -%post --nochroot --log=/dev/ttyS0 -set -x -rm -Rf /mnt/sysimage/tmp/* -%end -