From fa94ed05a4c5769f2770f7c100b2031b8fc6d04a Mon Sep 17 00:00:00 2001 From: Amelia Crate <95060558+a-crate@users.noreply.github.com> Date: Wed, 18 Dec 2024 21:53:11 +0000 Subject: [PATCH] Add workflows for Rocky Linux 8 and 9 with Nvidia 550 (#2423) --- ...ux_8_optimized_gcp_nvidia_550.publish.json | 48 ++++ ...y_linux_8_optimized_gcp_nvidia_550.wf.json | 74 +++++ ...ux_9_optimized_gcp_nvidia_550.publish.json | 48 ++++ ...y_linux_9_optimized_gcp_nvidia_550.wf.json | 74 +++++ ..._linux_8_optimized_gcp_accelerator_550.cfg | 251 +++++++++++++++++ ..._linux_9_optimized_gcp_accelerator_550.cfg | 252 ++++++++++++++++++ ...y_linux_8_optimized_gcp_nvidia_550.wf.json | 47 ++++ ...y_linux_9_optimized_gcp_nvidia_550.wf.json | 47 ++++ 8 files changed, 841 insertions(+) create mode 100644 daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.publish.json create mode 100644 daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json create mode 100644 daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.publish.json create mode 100644 daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json create mode 100644 daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_8_optimized_gcp_accelerator_550.cfg create mode 100644 daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_9_optimized_gcp_accelerator_550.cfg create mode 100644 daisy_workflows/image_build/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json create mode 100644 daisy_workflows/image_build/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json diff --git a/daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.publish.json b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.publish.json new file mode 100644 index 000000000..5e6e7fb52 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.publish.json @@ -0,0 +1,48 @@ +{{/* + Template to publish Rocky 8 optimized for GCP/Nvidia images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 180 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rocky-linux-8-optimized-gcp-nvidia-550", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*4"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rocky-linux-accelerator-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else if eq .environment "autopush" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "artifact-releaser-autopush", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": "3h", + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Prefix": "rocky-linux-8-optimized-gcp-nvidia-550", + "Family": "rocky-linux-8-optimized-gcp-nvidia-550", + "Description": "Rocky Linux 8 optimized for GCP with Nvidia driver 550 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "https://www.googleapis.com/compute/v1/projects/rocky-linux-accelerator-cloud/global/licenses/nvidia-550", + "https://www.googleapis.com/compute/v1/projects/rocky-linux-accelerator-cloud/global/licenses/rocky-linux-8-accelerated", + "https://www.googleapis.com/compute/v1/projects/rocky-linux-cloud/global/licenses/rocky-linux-8-optimized-gcp" + ], + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "GVNIC", "SEV_CAPABLE", "SEV_SNP_CAPABLE", "SEV_LIVE_MIGRATABLE", "SEV_LIVE_MIGRATABLE_V2", "IDPF"] + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json new file mode 100644 index 000000000..479ed2e0c --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json @@ -0,0 +1,74 @@ +{ + "Name": "rocky-linux-8-optimized-gcp-nvidia-550", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "DEPRECATED", + "Description": "DEPRECATED. Included to ease transition of our pipelines, but not used." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The Rocky Linux 8 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + }, + "sha256_txt": { + "Value": "${OUTSPATH}/export-image-shasum.txt", + "Description": "The file where the sha256 sum is stored." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json", + "Vars": { + "build_date": "${build_date}", + "installer_iso": "${installer_iso}" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}", + "sha256_txt": "${sha256_txt}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rocky-linux-8-optimized-gcp-nvidia-550-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["export-image"] + } +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.publish.json b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.publish.json new file mode 100644 index 000000000..bfb8716ec --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.publish.json @@ -0,0 +1,48 @@ +{{/* + Template to publish Rocky 9 optimized for GCP/Nvidia images. + By default this template is setup to publish to the 'gce-image-builder' + project, the 'environment' variable can be used to publish to 'test', 'prod' + DeleteAfter is set to 190 days for all environments other than prod where no + time period is set. +*/}} +{ + "Name": "rocky-linux-9-optimized-gcp-nvidia-550", + {{$work_project := printf "%q" "gce-image-builder" -}} + {{$endpoint := `"https://www.googleapis.com/compute/alpha/projects/"` -}} + {{$delete_after := `"24h*30*4"` -}} + {{if eq .environment "test" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "bct-prod-images", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- else if eq .environment "prod" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "rocky-linux-accelerator-cloud", + "ComputeEndpoint": {{$endpoint}}, + {{- else if eq .environment "autopush" -}} + "WorkProject": {{$work_project}}, + "PublishProject": "artifact-releaser-autopush", + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": "3h", + {{- else -}} + "WorkProject": {{$work_project}}, + "PublishProject": {{$work_project}}, + "ComputeEndpoint": {{$endpoint}}, + "DeleteAfter": {{$delete_after}}, + {{- end}} + {{$time := trimPrefix .publish_version "v"}} + "Images": [ + { + "Prefix": "rocky-linux-9-optimized-gcp-nvidia-550", + "Family": "rocky-linux-9-optimized-gcp-nvidia-550", + "Description": "Rocky Linux 9 optimized for GCP with Nvidia driver 550 built on {{$time}}", + "Architecture": "X86_64", + "Licenses": [ + "https://www.googleapis.com/compute/v1/projects/rocky-linux-accelerator-cloud/global/licenses/nvidia-550", + "https://www.googleapis.com/compute/v1/projects/rocky-linux-accelerator-cloud/global/licenses/rocky-linux-9-accelerated", + "https://www.googleapis.com/compute/v1/projects/rocky-linux-cloud/global/licenses/rocky-linux-9-optimized-gcp" + ], + "GuestOsFeatures": ["UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", "GVNIC", "SEV_CAPABLE", "SEV_SNP_CAPABLE", "SEV_LIVE_MIGRATABLE", "SEV_LIVE_MIGRATABLE_V2", "IDPF", "TDX_CAPABLE"] + } + ] +} diff --git a/daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json new file mode 100644 index 000000000..e39137301 --- /dev/null +++ b/daisy_workflows/build-publish/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json @@ -0,0 +1,74 @@ +{ + "Name": "rocky-linux-9-optimized-gcp-nvidia-550", + "Project": "gce-image-builder", + "Zone": "us-central1-b", + "GCSPath": "gs://gce-image-build-bucket/daisy/${USERNAME}", + "Vars": { + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "google_cloud_repo": { + "Value": "DEPRECATED", + "Description": "DEPRECATED. Included to ease transition of our pipelines, but not used." + }, + "workflow_root": { + "Value": "/workflows", + "Description": "Root of github workflows, defaults to /workflows in the container." + }, + "gcs_url": { + "Required": true, + "Description": "The GCS path that image raw file exported to." + }, + "sbom_destination": { + "Value": "${OUTSPATH}/export-image.sbom.json", + "Description": "SBOM final export destination, copies in place by default" + }, + "installer_iso": { + "Required": true, + "Description": "The Rocky Linux 9 installer ISO to build from." + }, + "sbom_util_gcs_root": { + "Value": "", + "Description": "The root gcs bucket for sbomutil, if using sbomutil to generate the SBOM." + }, + "sha256_txt": { + "Value": "${OUTSPATH}/export-image-shasum.txt", + "Description": "The file where the sha256 sum is stored." + } + }, + "Steps": { + "build": { + "TimeOut": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/image_build/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json", + "Vars": { + "build_date": "${build_date}", + "installer_iso": "${installer_iso}" + } + } + }, + "export-image": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "${workflow_root}/export/disk_export.wf.json", + "Vars": { + "destination": "${gcs_url}", + "sbom_destination": "${sbom_destination}", + "source_disk": "el-install-disk", + "sbom_util_gcs_root": "${sbom_util_gcs_root}", + "sha256_txt": "${sha256_txt}" + } + } + }, + "cleanup-image": { + "DeleteResources": { + "Images": ["rocky-linux-9-optimized-gcp-nvidia-550-v${build_date}"] + } + } + }, + "Dependencies": { + "export-image": ["build"], + "cleanup-image": ["export-image"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_8_optimized_gcp_accelerator_550.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_8_optimized_gcp_accelerator_550.cfg new file mode 100644 index 000000000..790ab8c0e --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_8_optimized_gcp_accelerator_550.cfg @@ -0,0 +1,251 @@ +# rocky-linux-8-optimized-gcp-options.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +url --url="https://dl.rockylinux.org/pub/sig/8/cloud/x86_64/cloud-kernel" +repo --name=BaseOS --baseurl="https://dl.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os" --excludepkgs="kernel,kernel-core" +repo --name=AppStream --baseurl="https://dl.rockylinux.org/pub/rocky/8/AppStream/x86_64/os" +repo --name=PowerTools --baseurl="https://dl.rockylinux.org/pub/rocky/8/PowerTools/x86_64/os" +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM + +# Rocky Linux Cloud Kernel repo. +tee -a /etc/yum.repos.d/Rocky-CloudKernel.repo << EOM +[cloud-kernel] +name=Rocky Linux 8 - Cloud Kernel +baseurl=https://dl.rockylinux.org/pub/sig/8/cloud/x86_64/cloud-kernel +enabled=1 +gpgcheck=1 +gpgkey=https://dl.rockylinux.org/pub/sig/8/cloud/x86_64/cloud-kernel/RPM-GPG-KEY-Rocky-SIG-Cloud +priority=-1 +EOM +tee -a /etc/yum.repos.d/Rocky-CloudKernel.repo << EOM +[cloud-kernel-source] +name=Rocky Linux 8 - Cloud Kernel Source +baseurl=https://dl.rockylinux.org/pub/sig/8/cloud/source/cloud-kernel +enabled=0 +gpgcheck=1 +gpgkey=https://dl.rockylinux.org/pub/sig/8/cloud/x86_64/cloud-kernel/RPM-GPG-KEY-Rocky-SIG-Cloud +priority=-1 +EOM +# Be sure we don't get kernels from the BaseOS repo +tee -a /etc/yum.repos.d/Rocky-BaseOS.repo << EOM +exclude=kernel* +EOM +%end +# Google Compute Engine kickstart config for Enterprise Linux 8. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-SIG-Cloud https://dl.rockylinux.org/pub/sig/8/cloud/x86_64/cloud-kernel/RPM-GPG-KEY-Rocky-SIG-Cloud +rpm --import /etc/pki/rpm-gpg/* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand + +# Install the Cloud SDK package. +dnf install -y google-cloud-cli + +# Install Accelerator components: nvidia and mellanox drivers +dnf install -y https://depot.ciq.com/public/files/gce-accelerator/open-gpu-kernel-modules-el8-x86_64/nvidia-open-gpu-repos.noarch.rpm https://depot.ciq.com/public/files/gce-accelerator/open-gpu-kernel-modules-el8-x86_64/nvidia-mellanox-ofed-repos.noarch.rpm +dnf config-manager --add-repo https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/cuda-rhel8.repo + +dnf install -y nvidia-open-gpu-kernel-modules nvidia-accelerated-graphics-driver mlnx-ofed-guest kmod-open-gpu550 + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end diff --git a/daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_9_optimized_gcp_accelerator_550.cfg b/daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_9_optimized_gcp_accelerator_550.cfg new file mode 100644 index 000000000..325aec94e --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/kickstart/rocky_linux_9_optimized_gcp_accelerator_550.cfg @@ -0,0 +1,252 @@ +# rocky-linux-9-optimized-gcp.cfg + +### Anaconda installer configuration. +# Install in text mode. +text --non-interactive +url --url="https://dl.rockylinux.org/pub/sig/9/cloud/x86_64/cloud-kernel" +repo --name=BaseOS --baseurl="https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os" --excludepkgs="kernel,kernel-core" +repo --name=AppStream --baseurl="https://dl.rockylinux.org/pub/rocky/9/AppStream/x86_64/os" +repo --name=CRB --baseurl="https://dl.rockylinux.org/pub/rocky/9/CRB/x86_64/os" +poweroff + +# Network configuration +network --bootproto=dhcp --device=link + +### Installed system configuration. +firewall --enabled +services --enabled=sshd,rngd --disabled=sshd-keygen@ +skipx +timezone --utc UTC --ntpservers=metadata.google.internal +rootpw --iscrypted --lock * +firstboot --disabled +user --name=gce --lock + +### Disk configuration. +# Disk configuration is done by including a separate file with disk configuration, otherwise anaconda will try to validate that the disk exists before we configure udev rules. +%pre --interpreter=/usr/bin/bash +cp /run/install/isodir/65-gce-disk-naming.rules /etc/udev/rules.d/ +cp /run/install/isodir/google_nvme_id /usr/lib/udev/ +chmod +x /usr/lib/udev/google_nvme_id +# Wait for coldplug events from boot to settle, or we won't generate new events for the reload/trigger +udevadm settle +udevadm control --reload +udevadm trigger --settle +tee -a /tmp/disk-config << EOM +# build_installer.py will replace with the id of the install disk to avoid race conditions +bootloader --boot-drive=/dev/disk/by-id/google-el-install-disk --timeout=0 --append="scsi_mod.use_blk_mq=Y" +# EFI partitioning, creates a GPT partitioned disk. +clearpart --drives=/dev/disk/by-id/google-el-install-disk --all +part /boot/efi --size=200 --fstype=efi --ondrive=/dev/disk/by-id/google-el-install-disk +part / --size=100 --grow --ondrive=/dev/disk/by-id/google-el-install-disk --label=root --fstype=xfs +EOM +%end +%include /tmp/disk-config + +# packages.cfg +# Contains a list of packages to be installed, or not, on all flavors. +# The %package command begins the package selection section of kickstart. +# Packages can be specified by group, or package name. @Base and @Core are +# always selected by default so they do not need to be specified. + +%packages +acpid +dhcp-client +dnf-automatic +net-tools +openssh-server +python3 +rng-tools +tar +vim +-subscription-manager +-alsa-utils +-b43-fwcutter +-dmraid +-eject +-gpm +-irqbalance +-microcode_ctl +-smartmontools +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kernel-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-compute-engine] +name=Google Compute Engine +baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el9-x86_64-stable +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM +tee -a /etc/yum.repos.d/google-cloud.repo << EOM +[google-cloud-sdk] +name=Google Cloud SDK +baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el9-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM + +# Rocky Linux Cloud Kernel repo. +tee -a /etc/yum.repos.d/Rocky-CloudKernel.repo << EOM +[cloud-kernel] +name=Rocky Linux 9 - Cloud Kernel +baseurl=https://dl.rockylinux.org/pub/sig/9/cloud/x86_64/cloud-kernel +enabled=1 +gpgcheck=1 +gpgkey=https://dl.rockylinux.org/pub/sig/9/cloud/x86_64/cloud-kernel/RPM-GPG-KEY-Rocky-SIG-Cloud +priority=-1 +EOM +tee -a /etc/yum.repos.d/Rocky-CloudKernel.repo << EOM +[cloud-kernel-source] +name=Rocky Linux 9 - Cloud Kernel Source +baseurl=https://dl.rockylinux.org/pub/sig/9/cloud/source/cloud-kernel +enabled=0 +gpgcheck=1 +gpgkey=https://dl.rockylinux.org/pub/sig/9/cloud/x86_64/cloud-kernel/RPM-GPG-KEY-Rocky-SIG-Cloud +priority=-1 +EOM +# Be sure we don't get kernels from the BaseOS repo +sed -i '/\[baseos\]/a exclude=kernel*' /etc/yum.repos.d/rocky.repo +%end +# Google Compute Engine kickstart config for Enterprise Linux 9. +%onerror +echo "Build Failed!" > /dev/ttyS0 +shutdown -h now +%end + +%post --erroronfail +set -x +exec &> /dev/ttyS0 +# Delete the dummy user account. +userdel -r gce + +# Import all RPM GPG keys. +curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg +curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-SIG-Cloud https://dl.rockylinux.org/pub/sig/8/cloud/x86_64/cloud-kernel/RPM-GPG-KEY-Rocky-SIG-Cloud +rpm --import /etc/pki/rpm-gpg/* + +# Configure the network for GCE. +# Given that GCE users typically control the firewall at the network API level, +# we want to leave the standard Linux firewall setup enabled but all-open. +firewall-offline-cmd --set-default-zone=trusted + +cat >>/etc/dhcp/dhclient.conf <>/etc/default/instance_configs.cfg.distro << EOL +# Disable boto plugin setup. +[InstanceSetup] +set_boto_config = false +EOL + +# Install GCE guest packages. +dnf install -y google-compute-engine google-osconfig-agent gce-disk-expand +rpm -q google-compute-engine google-osconfig-agent gce-disk-expand || { echo "Build Failed!" > /dev/ttyS0; exit 1; } + +# Install the Cloud SDK package. +dnf install -y google-cloud-cli + +# Install Accelerator components: nvidia and mellanox drivers +dnf install -y https://depot.ciq.com/public/files/gce-accelerator/open-gpu-kernel-modules-el9-x86_64/nvidia-open-gpu-repos.noarch.rpm https://depot.ciq.com/public/files/gce-accelerator/open-gpu-kernel-modules-el9-x86_64/nvidia-mellanox-ofed-repos.noarch.rpm +dnf config-manager --add-repo https://developer.download.nvidia.com/compute/cuda/repos/rhel9/x86_64/cuda-rhel9.repo + +dnf install -y nvidia-open-gpu-kernel-modules nvidia-accelerated-graphics-driver mlnx-ofed-guest kmod-nvidia-open-gpu550 + + +# Send /root/anaconda-ks.cfg to our logs. +cp /run/install/ks.cfg /tmp/anaconda-ks.cfg + +# Remove files which shouldn't make it into the image. Its possible these files +# will not exist. +rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules + +# Remove ens4 config from installer. +rm -f /etc/sysconfig/network-scripts/ifcfg-ens4 + +# Disable password authentication by default. +sed -i -e '/#PasswordAuthentication/s/.*/PasswordAuthentication no/' /etc/ssh/sshd_config + +# Set ServerAliveInterval and ClientAliveInterval to prevent SSH +# disconnections. The pattern match is tuned to each source config file. +# The $'...' quoting syntax tells the shell to expand escape characters. +sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config +sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config +sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config + +# Disable root login via SSH by default. +sed -i -e '/#PermitRootLogin/s/.*/PermitRootLogin no/' /etc/ssh/sshd_config + +# Update all packages. +dnf -y update + +# Make changes to dnf automatic.conf +# Apply updates for security (RHEL) by default. NOTE this will not work in CentOS. +sed -i 's/upgrade_type =.*/upgrade_type = security/' /etc/dnf/automatic.conf +sed -i 's/apply_updates =.*/apply_updates = yes/' /etc/dnf/automatic.conf +# Enable the DNF automatic timer service. +systemctl enable dnf-automatic.timer + +# Cleanup this repo- we don't want to continue updating with it. +# Depending which repos are used in build, one or more of these files will not +# exist. +rm -f /etc/yum.repos.d/google-cloud-unstable.repo \ + /etc/yum.repos.d/google-cloud-staging.repo + +# Clean up the cache for smaller images. +dnf clean all +rm -fr /var/cache/dnf/* + +# Blacklist the floppy module. +echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf +restorecon /etc/modprobe.d/blacklist-floppy.conf + +# Generate initramfs from latest kernel instead of the running kernel. +kver="$(ls -t /lib/modules | head -n1)" +dracut -f --kver="${kver}" + +# Fix selinux contexts on /etc/resolv.conf. +restorecon /etc/resolv.conf +%end + +# Cleanup. +%post --nochroot --log=/dev/ttyS0 +set -x +rm -Rf /mnt/sysimage/tmp/* +%end + diff --git a/daisy_workflows/image_build/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json b/daisy_workflows/image_build/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json new file mode 100644 index 000000000..d3cf32605 --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rocky_linux_8_optimized_gcp_nvidia_550.wf.json @@ -0,0 +1,47 @@ +{ + "Name": "build-rocky-8-optimized-gcp-nvidia-550", + "Vars": { + "installer_iso": { + "Required": true, + "Description": "The Rocky Linux 8 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rocky": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rocky-linux-8-optimized-gcp", + "kickstart_config": "./kickstart/rocky_linux_8_optimized_gcp_accelerator_550.cfg", + "installer_iso": "${installer_iso}" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rocky-linux-8-optimized-gcp-nvidia-550-v${build_date}", + "SourceDisk": "el-install-disk", + "Description": "Rocky Linux 8 optimized for gcp with Nvidia driver 550 built on ${build_date}", + "Family": "rocky-linux-8-optimized-gcp-nvidia-550", + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true, + "GuestOsFeatures": [] + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rocky"] + } +} diff --git a/daisy_workflows/image_build/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json b/daisy_workflows/image_build/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json new file mode 100644 index 000000000..750558a8d --- /dev/null +++ b/daisy_workflows/image_build/enterprise_linux/rocky_linux_9_optimized_gcp_nvidia_550.wf.json @@ -0,0 +1,47 @@ +{ + "Name": "build-rocky-9-optimized-gcp-nvidia-550", + "Vars": { + "installer_iso": { + "Required": true, + "Description": "The Rocky Linux 9 installer ISO to build from." + }, + "build_date": { + "Value": "${TIMESTAMP}", + "Description": "Build datestamp used to version the image." + }, + "publish_project": { + "Value": "${PROJECT}", + "Description": "A project to publish the resulting image to." + } + }, + "Steps": { + "build-rocky": { + "Timeout": "60m", + "IncludeWorkflow": { + "Path": "./enterprise_linux.wf.json", + "Vars": { + "el_release": "rocky-linux-9-optimized-gcp", + "kickstart_config": "./kickstart/rocky_linux_9_optimized_gcp_accelerator_550.cfg", + "installer_iso": "${installer_iso}" + } + } + }, + "create-image": { + "CreateImages": [ + { + "Name": "rocky-linux-9-optimized-gcp-nvidia-550-v${build_date}", + "SourceDisk": "el-install-disk", + "Description": "Rocky Linux 9 optimized for gcp with Nvidia driver 550 built on ${build_date}", + "Family": "rocky-linux-9-optimized-gcp-nvidia-550", + "Project": "${publish_project}", + "NoCleanup": true, + "ExactName": true, + "GuestOsFeatures": [] + } + ] + } + }, + "Dependencies": { + "create-image": ["build-rocky"] + } +}