diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000000..c2392d50b0 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,9 @@ +# Contributing to BOSH Linux Stemcell Builder + +Please ensure that changes are made to any current branches. These are named +after the Ubuntu release they are based on, ex: `ubuntu-` + +At the time of writing (2025-05-29) there are two "stemcell lines": +- `ubuntu-jammy` +- `ubuntu-noble` + diff --git a/bosh-stemcell/image-metalinks/ubuntu-jammy/ubuntu-jammy.meta4 b/bosh-stemcell/image-metalinks/ubuntu-jammy/ubuntu-jammy.meta4 index 3a26456cef..3904508c7e 100644 --- a/bosh-stemcell/image-metalinks/ubuntu-jammy/ubuntu-jammy.meta4 +++ b/bosh-stemcell/image-metalinks/ubuntu-jammy/ubuntu-jammy.meta4 @@ -1,22 +1,22 @@ - 36b725904f5cdf2d2f192f042b486c25a3211a306d36fdefbcffa90ff3c693930ce1e5a3783f89c8f7874f966b65fdde8a1be819a722483b6836b90750b63f60 - e3b9740653c42bc4d5ec67cc91f8ac4d0523c743b605c006dc1858d705e2e050 - 9eb41c3e7bf3339dfe1a57ff2abd528d8b94919d - 68562cf523a90a2962a2cb7ab2f45392 - 430181586 + 5ba90a8dc6174da0301cb3550e1589b325f245b234cded1dfe2f65199097dbe4fc93c593d50c83358f141db392a5414aad993a090512cfe3c2b9a75027fb0cc8 + 889b9f74e77fb6a5cbc951d87c4ba079b6d0b6a04d5a1c6972ac6f1370b19197 + e62af26992a7002a42daaa6e975b7c7aef728681 + 68fcebf4b3dd9426b61162ee80389199 + 433038392 https://storage.googleapis.com/bosh-os-images/ubuntu-jammy/ubuntu-jammy.tgz - 692.0.0 + 898.0.0 - 3c2e169e4be3f55a8064a2a661bf2cbfa2b661b3971476a7b2fb9902fc139c1904cc95b2932c97d8215680bf3460b994a24eb7c39456f2808b83fec49504bbd0 - 37217838befd2d25284fe2101b2134297587f237df60d58b6038ee648b7062f0 - 67ba95e681fda46c1d2acbf449760bdf194b8c3d - 2dba86dbb6642275ccaaac109be96788 - 5333 + 5f7a377194063277317f60a42f208517ffde8d499298ba9b375092d74a018b1ff5b017f170c992852b3065be1a22f4e5f065ae309fedcfeb6628f85b265cd1ed + 6df9587b59ec8b69ab39599912d3001d49b2c4501831fd74a4878f83d8a47fca + b4130f6d81f30813f408125b34cb1a7e0c821750 + 1633ca69fc054acabeb666200268429c + 4870 https://storage.googleapis.com/bosh-os-images/ubuntu-jammy/usn-log.json - 692.0.0 + 898.0.0 metalink-repository-resource/0.0.0 - 2025-02-07T02:54:35.957019959Z + 2025-12-11T18:24:00.867026985Z diff --git a/bosh-stemcell/lib/bosh/stemcell/stage_collection.rb b/bosh-stemcell/lib/bosh/stemcell/stage_collection.rb index a8b743b948..f15ef17ecb 100644 --- a/bosh-stemcell/lib/bosh/stemcell/stage_collection.rb +++ b/bosh-stemcell/lib/bosh/stemcell/stage_collection.rb @@ -105,6 +105,7 @@ def openstack_stages bosh_harden bosh_openstack_agent_settings bosh_clean_ssh + restore_apt_sources image_create image_install_grub sbom_create @@ -123,6 +124,7 @@ def cloudstack_stages bosh_harden bosh_cloudstack_agent_settings bosh_clean_ssh + restore_apt_sources image_create image_install_grub sbom_create @@ -141,6 +143,7 @@ def vsphere_vcloud_stages :bosh_enable_password_authentication, :bosh_vsphere_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, # when adding a stage that changes files in the image, do so before # this line. Image create will make the image so any changes to the # filesystem after it won't apply. @@ -160,6 +163,7 @@ def aws_stages :bosh_aws_agent_settings, :bosh_clean_ssh, :udev_aws_rules, + :restore_apt_sources, # when adding a stage that changes files in the image, do so before # this line. Image create will make the image so any changes to the # filesystem after it won't apply. @@ -178,6 +182,7 @@ def alicloud_stages bosh_harden bosh_alicloud_agent_settings bosh_clean_ssh + restore_apt_sources image_create image_install_grub sbom_create @@ -194,6 +199,7 @@ def google_stages :bosh_harden, :bosh_google_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, # when adding a stage that changes files in the image, do so before # this line. Image create will make the image so any changes to the # filesystem after it won't apply. @@ -210,6 +216,7 @@ def warden_stages :bosh_clean, :bosh_harden, :bosh_clean_ssh, + :restore_apt_sources, # when adding a stage that changes files in the image, do so before # this line. Image create will make the image so any changes to the # filesystem after it won't apply. @@ -230,6 +237,7 @@ def azure_stages :bosh_harden, :bosh_azure_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, # when adding a stage that changes files in the image, do so before # this line. Image create will make the image so any changes to the # filesystem after it won't apply. @@ -252,6 +260,7 @@ def softlayer_stages :bosh_softlayer_agent_settings, :bosh_config_root_ssh_login, :bosh_clean_ssh, + :restore_apt_sources, # when adding a stage that changes files in the image, do so before # this line. Image create will make the image so any changes to the # filesystem after it won't apply. @@ -263,7 +272,6 @@ def softlayer_stages def finish_stemcell_stages [ :bosh_package_list, - :restore_apt_sources, ] end diff --git a/bosh-stemcell/spec/assets/dpkg-list-ubuntu-azure-additions.txt b/bosh-stemcell/spec/assets/dpkg-list-ubuntu-azure-additions.txt index 2c5ee35d64..84d58dbeef 100644 --- a/bosh-stemcell/spec/assets/dpkg-list-ubuntu-azure-additions.txt +++ b/bosh-stemcell/spec/assets/dpkg-list-ubuntu-azure-additions.txt @@ -3,6 +3,10 @@ python3-lib2to3 python3-pyasn1 python3-setuptools cloud-init +linux-cloud-tools-5.15 +linux-cloud-tools-5.15-generic +linux-cloud-tools-common +linux-cloud-tools-generic netplan.io python-babel-localedata python3-attr diff --git a/bosh-stemcell/spec/bosh/stemcell/stage_collection_spec.rb b/bosh-stemcell/spec/bosh/stemcell/stage_collection_spec.rb index 87e6b84e9e..570ae19a2f 100644 --- a/bosh-stemcell/spec/bosh/stemcell/stage_collection_spec.rb +++ b/bosh-stemcell/spec/bosh/stemcell/stage_collection_spec.rb @@ -92,11 +92,11 @@ module Bosh::Stemcell :bosh_aws_agent_settings, :bosh_clean_ssh, :udev_aws_rules, + :restore_apt_sources, :image_create, :image_install_grub, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] } let(:aws_package_stemcell_stages) { @@ -124,11 +124,11 @@ module Bosh::Stemcell :bosh_harden, :bosh_alicloud_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, :image_create, :image_install_grub, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] } @@ -158,11 +158,11 @@ module Bosh::Stemcell :bosh_harden, :bosh_google_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, :image_create, :image_install_grub, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] } @@ -195,11 +195,11 @@ module Bosh::Stemcell :bosh_harden, :bosh_openstack_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, :image_create, :image_install_grub, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] ) expect(stage_collection.package_stemcell_stages('qcow2')).to eq( @@ -227,11 +227,11 @@ module Bosh::Stemcell :bosh_harden, :bosh_cloudstack_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, :image_create, :image_install_grub, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] ) expect(stage_collection.package_stemcell_stages('qcow2')).to eq( @@ -258,11 +258,11 @@ module Bosh::Stemcell :bosh_enable_password_authentication, :bosh_vsphere_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, :image_create_efi, :image_install_grub_efi, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] ) expect(stage_collection.package_stemcell_stages('ovf')).to eq(vmware_package_stemcell_steps) @@ -287,11 +287,11 @@ module Bosh::Stemcell :bosh_enable_password_authentication, :bosh_vsphere_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, :image_create_efi, :image_install_grub_efi, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] ) expect(stage_collection.package_stemcell_stages('ovf')).to eq(vmware_package_stemcell_steps) @@ -313,11 +313,11 @@ module Bosh::Stemcell :bosh_harden, :bosh_azure_agent_settings, :bosh_clean_ssh, + :restore_apt_sources, :image_create, :image_install_grub, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] } @@ -354,10 +354,10 @@ module Bosh::Stemcell :bosh_softlayer_agent_settings, :bosh_config_root_ssh_login, :bosh_clean_ssh, + :restore_apt_sources, :image_create_softlayer_two_partitions, :image_install_grub_softlayer_two_partitions, :bosh_package_list, - :restore_apt_sources, ] ) expect(stage_collection.package_stemcell_stages('ovf')).to eq(vmware_package_stemcell_steps) @@ -374,11 +374,11 @@ module Bosh::Stemcell :bosh_clean, :bosh_harden, :bosh_clean_ssh, + :restore_apt_sources, :image_create, :image_install_grub, :sbom_create, :bosh_package_list, - :restore_apt_sources, ] } let(:package_stemcell_stages) { diff --git a/bosh-stemcell/spec/stemcells/azure_spec.rb b/bosh-stemcell/spec/stemcells/azure_spec.rb index 06db39459f..73c05ede67 100755 --- a/bosh-stemcell/spec/stemcells/azure_spec.rb +++ b/bosh-stemcell/spec/stemcells/azure_spec.rb @@ -42,4 +42,89 @@ its(:content) { should include('"PartitionerType": "parted"') } end end + + context 'cloud-init Azure APT mirror configuration' do + describe file('/etc/cloud/cloud.cfg.d/90-azure-apt-sources.cfg') do + it { should be_file } + its(:content) { should include('http://azure.archive.ubuntu.com/ubuntu/') } + end + + describe file('/etc/cloud/cloud.cfg') do + it { should be_file } + its(:content) { should include('apt-configure') } + end + end + + context 'installed by system_azure_network', { + exclude_on_alicloud: true, + exclude_on_aws: true, + exclude_on_google: true, + exclude_on_vcloud: true, + exclude_on_vsphere: true, + exclude_on_warden: true, + exclude_on_openstack: true, + exclude_on_softlayer: true, + } do + describe 'SR-IOV VF udev rules' do + subject { file('/etc/udev/rules.d/10-azure-sriov-unmanaged.rules') } + + it { should be_mode(0644) } + it { should be_owned_by('root') } + + its(:content) { should match /SUBSYSTEM=="net"/ } + its(:content) { should match /ATTR\{flags\}=="0x\?\[89ABCDEF\]\*"/ } + its(:content) { should match /ENV\{AZURE_UNMANAGED_SRIOV\}="1"/ } + its(:content) { should match /ENV\{ID_NET_MANAGED_BY\}="unmanaged"/ } + its(:content) { should match /ENV\{NM_UNMANAGED\}="1"/ } + its(:content) { should match /ATTR\{ifalias\}="sriov-vf"/ } + end + + describe 'systemd network configuration for unmanaged SR-IOV devices' do + subject { file('/etc/systemd/network/01-azure-sriov-unmanaged.network') } + + it { should be_mode(0644) } + it { should be_owned_by('root') } + + its(:content) { should match /\[Match\]/ } + its(:content) { should match /Property=AZURE_UNMANAGED_SRIOV=1/ } + its(:content) { should match /\[Link\]/ } + its(:content) { should match /Unmanaged=yes/ } + end + end + + context 'installed by system_azure_init', { + exclude_on_alicloud: true, + exclude_on_aws: true, + exclude_on_google: true, + exclude_on_vcloud: true, + exclude_on_vsphere: true, + exclude_on_warden: true, + exclude_on_openstack: true, + exclude_on_softlayer: true, + } do + describe 'Hyper-V KVP daemon' do + describe command('which hv_kvp_daemon') do + its(:exit_status) { should eq 0 } + end + + describe service('hv-kvp-daemon') do + it { should be_enabled } + end + end + + describe 'WALinuxAgent configuration' do + describe file('/etc/waagent.conf') do + it { should be_owned_by('root') } + end + + describe file('/lib/systemd/system/walinuxagent.service') do + it { should be_mode(0644) } + it { should be_owned_by('root') } + end + + describe service('walinuxagent') do + it { should be_enabled } + end + end + end end diff --git a/bosh-stemcell/spec/stemcells/stig_spec.rb b/bosh-stemcell/spec/stemcells/stig_spec.rb index 8b718de807..6104150781 100644 --- a/bosh-stemcell/spec/stemcells/stig_spec.rb +++ b/bosh-stemcell/spec/stemcells/stig_spec.rb @@ -137,6 +137,8 @@ V-75779 V-75865 V-75851 + V-260477 + V-260520 ] expected_stig_test_cases = expected_base_stig_test_cases diff --git a/bosh-stemcell/spec/support/os_image_chrony_shared_examples.rb b/bosh-stemcell/spec/support/os_image_chrony_shared_examples.rb index 40551e43ff..ececcae20e 100644 --- a/bosh-stemcell/spec/support/os_image_chrony_shared_examples.rb +++ b/bosh-stemcell/spec/support/os_image_chrony_shared_examples.rb @@ -1,5 +1,5 @@ shared_examples_for 'an os with chrony' do - describe '(stig: V-38620 V-38621)' do + describe '(stig: V-38620 V-38621 V-260520)' do describe file('/var/vcap/bosh/bin/sync-time') do it { should be_file } its(:content) { should match(/chronyc reload sources/) } @@ -8,7 +8,7 @@ describe file('/etc/chrony/chrony.conf') do it { should be_file } - its(:content) { should match(/makestep 1 3/) } + its(:content) { should match(/makestep 1 -1/) } end end end diff --git a/bosh-stemcell/spec/support/os_image_linux_kernel_modules_shared_examples.rb b/bosh-stemcell/spec/support/os_image_linux_kernel_modules_shared_examples.rb index 1080920475..5fe5fdb2a6 100644 --- a/bosh-stemcell/spec/support/os_image_linux_kernel_modules_shared_examples.rb +++ b/bosh-stemcell/spec/support/os_image_linux_kernel_modules_shared_examples.rb @@ -83,4 +83,10 @@ its(:content) { should match 'install rds /bin/true' } end end + + context 'prevent floppy module from being loaded' do + describe file('/etc/modprobe.d/blacklist.conf') do + its(:content) { should match 'install floppy /bin/true' } + end + end end diff --git a/bosh-stemcell/spec/support/os_image_shared_examples.rb b/bosh-stemcell/spec/support/os_image_shared_examples.rb index 9d72681a63..bdc54ca1b1 100644 --- a/bosh-stemcell/spec/support/os_image_shared_examples.rb +++ b/bosh-stemcell/spec/support/os_image_shared_examples.rb @@ -799,4 +799,14 @@ its (:content) { should match /^cron\.\*\s+\/var\/log\/cron\.log$/ } end end + + describe 'apt removes all software components after updated versions have been installed (stig: V-260477)' do + describe file('/etc/apt/apt.conf.d/50unattended-upgrades') do + expected = <<-EXPECTED +Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; +Unattended-Upgrade::Remove-Unused-Dependencies "true"; +EXPECTED + its(:content) { should eq expected.chomp } + end + end end diff --git a/ci/docker/os-image-stemcell-builder/Dockerfile b/ci/docker/os-image-stemcell-builder/Dockerfile index 6a11ef17d8..91c9eb8317 100644 --- a/ci/docker/os-image-stemcell-builder/Dockerfile +++ b/ci/docker/os-image-stemcell-builder/Dockerfile @@ -7,6 +7,7 @@ LABEL maintainer="cf-bosh@lists.cloudfoundry.org" ARG USER_ID=1000 ARG GROUP_ID=1000 ARG DEBIAN_FRONTEND=noninteractive # prevents s3cmd dpkg install asking TZ info +ARG SYFT_VERSION RUN \ apt-get update \ @@ -53,15 +54,19 @@ RUN \ xvfb \ && apt-get clean +# Install syft +RUN curl -sL https://github.com/anchore/syft/releases/download/${SYFT_VERSION}/syft_${SYFT_VERSION#v}_linux_amd64.tar.gz \ + | tar -xz -C /usr/local/bin/ syft \ + && chmod +x /usr/local/bin/syft + +# Install yq +RUN wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 \ + && chmod +x /usr/local/bin/yq + RUN groupadd -o -g ${GROUP_ID} ubuntu \ && useradd -u ${USER_ID} -g ${GROUP_ID} -m ubuntu \ && echo 'ubuntu ALL=NOPASSWD:ALL' >> /etc/sudoers -# install syft for sbom generation -RUN \ - wget -qO- https://github.com/anchore/syft/releases/download/v1.1.0/syft_1.1.0_linux_amd64.tar.gz | tar xz -C /usr/local/bin syft && \ - echo "df8c3f2858f04ab95da85e9b7e8e8d6a167f0289e5ced0db534343886482459d /usr/local/bin/syft" | shasum -a 256 -c - # we install a local ruby (3.x) because Jammy is lagging at 2.7 ENV RUBY_SHA256="d2f4577306e6dd932259693233141e5c3ec13622c95b75996541b8d5b68b28b4" ENV RUBY_VERSION="3.2.0" diff --git a/stemcell_builder/stages/base_apt/apply.sh b/stemcell_builder/stages/base_apt/apply.sh index 276a84b67e..91804111f9 100755 --- a/stemcell_builder/stages/base_apt/apply.sh +++ b/stemcell_builder/stages/base_apt/apply.sh @@ -23,6 +23,8 @@ else EOS fi +cp $assets_dir/etc/apt/apt.conf.d/50unattended-upgrades $chroot/etc/apt/apt.conf.d/50unattended-upgrades + # Upgrade systemd/upstart first, to prevent it from messing up our stubs and starting daemons anyway pkg_mgr install systemd diff --git a/stemcell_builder/stages/base_apt/assets/etc/apt/apt.conf.d/50unattended-upgrades b/stemcell_builder/stages/base_apt/assets/etc/apt/apt.conf.d/50unattended-upgrades new file mode 100644 index 0000000000..5bb71f712a --- /dev/null +++ b/stemcell_builder/stages/base_apt/assets/etc/apt/apt.conf.d/50unattended-upgrades @@ -0,0 +1,2 @@ +Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; +Unattended-Upgrade::Remove-Unused-Dependencies "true"; \ No newline at end of file diff --git a/stemcell_builder/stages/base_ubuntu_firstboot/apply.sh b/stemcell_builder/stages/base_ubuntu_firstboot/apply.sh index 37e0378211..4d379948ca 100755 --- a/stemcell_builder/stages/base_ubuntu_firstboot/apply.sh +++ b/stemcell_builder/stages/base_ubuntu_firstboot/apply.sh @@ -5,7 +5,8 @@ set -e base_dir=$(readlink -nf $(dirname $0)/../..) source $base_dir/lib/prelude_apply.bash -cp $assets_dir/etc/rc.local $chroot/etc/rc.local -cp $assets_dir/root/firstboot.sh $chroot/root/firstboot.sh -chmod u+x "${chroot}/etc/rc.local" -chmod 0755 $chroot/root/firstboot.sh +install -D -m 0644 \ + $assets_dir/etc/systemd/system/firstboot.service \ + $chroot/etc/systemd/system/firstboot.service + +run_in_chroot $chroot "systemctl enable firstboot.service" diff --git a/stemcell_builder/stages/base_ubuntu_firstboot/assets/etc/rc.local b/stemcell_builder/stages/base_ubuntu_firstboot/assets/etc/rc.local deleted file mode 100644 index d98dc57cb7..0000000000 --- a/stemcell_builder/stages/base_ubuntu_firstboot/assets/etc/rc.local +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -e -#execute firstboot.sh only once -if [ ! -e /root/firstboot_done ]; then - if [ -e /root/firstboot.sh ]; then - /root/firstboot.sh - fi - touch /root/firstboot_done -fi -exit 0 \ No newline at end of file diff --git a/stemcell_builder/stages/base_ubuntu_firstboot/assets/etc/systemd/system/firstboot.service b/stemcell_builder/stages/base_ubuntu_firstboot/assets/etc/systemd/system/firstboot.service new file mode 100644 index 0000000000..6c5daf1835 --- /dev/null +++ b/stemcell_builder/stages/base_ubuntu_firstboot/assets/etc/systemd/system/firstboot.service @@ -0,0 +1,15 @@ +[Unit] +Description=Run first boot tasks +ConditionPathExists=!/root/firstboot_done +Before=ssh.service + +[Service] +Type=oneshot +ExecStartPre=/bin/sh -c '/bin/rm -f /etc/ssh/ssh_host*key*' +ExecStart=/usr/bin/ssh-keygen -A -v +ExecStartPost=/usr/sbin/dpkg-reconfigure -fnoninteractive sysstat +ExecStartPost=/usr/bin/touch /root/firstboot_done +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/stemcell_builder/stages/base_ubuntu_firstboot/assets/root/firstboot.sh b/stemcell_builder/stages/base_ubuntu_firstboot/assets/root/firstboot.sh deleted file mode 100755 index ef85602b9c..0000000000 --- a/stemcell_builder/stages/base_ubuntu_firstboot/assets/root/firstboot.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -rm -f /etc/ssh/ssh_host*key* - -dpkg-reconfigure -fnoninteractive -pcritical openssh-server -dpkg-reconfigure -fnoninteractive sysstat diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.sha256sum b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.sha256sum index 2a6d48698f..e277fbd39d 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.sha256sum +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.sha256sum @@ -1 +1 @@ -382d1d8c0578a37e653448c731dab3dde8f42217d9a40be13a1b3075b07cfd6c +d3ea330177ff7ccc98a6c538ff76fc173d58133e27365c45a70afabf526df526 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.url b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.url index 68af02f861..05a74fe872 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.url +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.url @@ -1 +1 @@ -https://s3.amazonaws.com/bosh-azure-storage-cli-artifacts/azure-storage-cli-0.0.143-linux-amd64 +https://bosh-azure-storage-cli-artifacts.s3.us-east-1.amazonaws.com/azure-storage-cli-0.0.202-linux-amd64 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.version b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.version index bbb8b6ed7a..e113713082 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.version +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-azure-storage.version @@ -1 +1 @@ -0.0.143 +0.0.202 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.sha256sum b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.sha256sum index c6e8a287fa..2664385a59 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.sha256sum +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.sha256sum @@ -1 +1 @@ -11f2fd367cde6a4de2a8e272fa81900c73fbe57f5a4104dbdbc84f73ac67c816 +da829bfa89b70ca7146813a5f702a315dff17bcf81d1f19efb39883ec1811bdc diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.url b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.url index b6453e03b3..4c71bc61b7 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.url +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.url @@ -1 +1 @@ -https://s3.amazonaws.com/bosh-davcli-artifacts/davcli-0.0.396-linux-amd64 +https://bosh-davcli-artifacts.s3.us-east-1.amazonaws.com/davcli-0.0.448-linux-amd64 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.version b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.version index 28a3da4571..1ce985d68c 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.version +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-dav.version @@ -1 +1 @@ -0.0.396 +0.0.448 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.sha256sum b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.sha256sum index 131eaa8750..fbeaa83771 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.sha256sum +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.sha256sum @@ -1 +1 @@ -839bc9b015a7cfe8fc5ebff3cdd36de90f8e39d184238cf0d9972e7426482f74 +98aedfccb12cff0a621e8d2feedd8431d124611b22719adbd0a7f225d0f19499 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.url b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.url index 710d094379..2bd0accb36 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.url +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.url @@ -1 +1 @@ -https://s3.amazonaws.com/bosh-gcscli-artifacts/bosh-gcscli-0.0.277-linux-amd64 +https://bosh-gcscli-artifacts.s3.us-east-1.amazonaws.com/bosh-gcscli-0.0.349-linux-amd64 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.version b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.version index 0d3cc30e58..eaa055cfda 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.version +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-gcs.version @@ -1 +1 @@ -0.0.277 +0.0.349 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.sha256sum b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.sha256sum index dc97033ea1..6f7ebae404 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.sha256sum +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.sha256sum @@ -1 +1 @@ -0a1d857bd134c1bba19393fc7dd4093a43b52e749305486237e66364d69daf7a +6fdcdf596ee83c5d87f61793fa80beb9a14e180e69a1c96745591df869092264 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.url b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.url index 0d630f7e04..d68e9fdf48 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.url +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.url @@ -1 +1 @@ -https://s3.amazonaws.com/bosh-s3cli-artifacts/s3cli-0.0.349-linux-amd64 +https://bosh-s3cli-artifacts.s3.us-east-1.amazonaws.com/s3cli-0.0.382-linux-amd64 diff --git a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.version b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.version index eaa055cfda..660b73c812 100644 --- a/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.version +++ b/stemcell_builder/stages/blobstore_clis/assets/bosh-blobstore-s3.version @@ -1 +1 @@ -0.0.349 +0.0.382 diff --git a/stemcell_builder/stages/bosh_azure_chrony/apply.sh b/stemcell_builder/stages/bosh_azure_chrony/apply.sh index ccecfa630b..f233772a1a 100755 --- a/stemcell_builder/stages/bosh_azure_chrony/apply.sh +++ b/stemcell_builder/stages/bosh_azure_chrony/apply.sh @@ -6,8 +6,24 @@ base_dir=$(readlink -nf $(dirname $0)/../..) source $base_dir/lib/prelude_apply.bash source $base_dir/lib/prelude_bosh.bash +mkdir -p $chroot/etc/systemd/system/chrony.service.d + +cat > $chroot/etc/systemd/system/chrony.service.d/chrony-systemd-override.conf < $chroot/etc/chrony/conf.d/azure_ptp.conf < - - 0b8ee1eb7683845da093955894c6facb7a6e3431de335db0b4a4e9e627bd74f0a4ef969a134082c47dce5b4ebe661241c080ebeacbd95de4b3a20b32380e1d58 - 3bd923abd388c8a7833e750cc7223e15dd65ca0a964db68882639ddafba78cac - 49c0bb32126562671c111d58d4002a082078733b - 2db96bf07dce28b2164d7cdbb78ae1d4 - 22049115 - https://s3-external-1.amazonaws.com/bosh-agent-binaries/bosh-agent-2.728.0-linux-amd64 - 2.728.0 + + 048dfc275820d971f381f1cfb77b83eaeb60014cfed2c86d8ced8bfb71bd71e71b11fd1c75d9ea7ba981670e28d3fde37e9fa1d49f3d704b630e52bd8b631124 + f3c236950c6d272d89afb482d5c90f9efdef8bc1c2e7db4f92e41341248121e1 + a375103d76ab1875224999491bfc0abb38182f4b + 9f0b8a1c5262c8da73e1e7b5119785f7 + 24238334 + https://s3-external-1.amazonaws.com/bosh-agent-binaries/bosh-agent-2.791.0-linux-amd64 + 2.791.0 - - fcbb99d756b7abf90efd50c258e6369272aa363bc42e2faaaa064e1c99202c1c989b46940cdb10fb906ad5b47cf2817b624e5e1f6e30627f3cb0e5dad463871e - 0e2d13dd8fb9579e4a9110c837e3524ed79f321528bbdd6461ef08ac93560b80 - f318e3c4e3bc95c506bfe501ba000fdc69359079 - 75ba52969d2cadfe5dc34dca3b8b9f49 - 20458496 - https://s3-external-1.amazonaws.com/bosh-agent-binaries/bosh-agent-2.728.0-windows-amd64.exe - 2.728.0 + + edb9b60611ba4e75bd0f2fcc20752ceb80e4c12c72782948525b7d684864776846f47d3e5f7e660defd3e758bd6618f1f80571ca2b277439db75d36c35af0c96 + 0a87206d2926f5660a751555f0182c5d01f823ae66961e7d8dff71ec047541c8 + e8ab5574443455b036c8206bef7d44bfb5e4873d + 3667e1f35f0a659b19afe340fe1e7e18 + 21664768 + https://s3-external-1.amazonaws.com/bosh-agent-binaries/bosh-agent-2.791.0-windows-amd64.exe + 2.791.0 - - 83bff172d60d7fef6ee9de0d012c8ef61bf0ce6398380ae898b18ff6aa4758a5fcc9ceb4e6f68e81fb795e536e233e3790870e509fbffdbe0fb7819d34c5ae4b - c94034600f3b1853848e8a8640c6f4a116d636ab833b8b4cc75723452868b2f1 - f0b4df898558138a6d44fd1489d5ad94d0f467ab - 0012d37daf24e0d65a5ed8ae860dc0fe - 8107008 - https://s3-external-1.amazonaws.com/bosh-agent-binaries/bosh-agent-pipe-2.728.0-windows-amd64.exe - 2.728.0 + + 814dfcdd3b52d8337d222be90737826bff591014ca516edd3a77ca8d821328173727fb5781f391d5c47316691f9eae0082e9b721b4258092c339162d510559e6 + e848fe5e83542f898eaf336d497bbdfc20a68aad67339acd2bcdeb1d718c2736 + f7795a356c5001aa39b3a0d9f2278d0736ab6cdc + 0786d17b5f7d698559b4fba0e73443ac + 8809984 + https://s3-external-1.amazonaws.com/bosh-agent-binaries/bosh-agent-pipe-2.791.0-windows-amd64.exe + 2.791.0 - - 14408208f186f74a04074c973995c091c0e2d2689aa7e3dc90a80c63563e2224b230a50abe91eb80d7b68a6a7cb3c20186f666dbbc02f0298a1135a28c0a875f - 7711ebb4d5b22baa36feaee64ad2be046dc9b7b90c550679d4805cdf9cd8bcc1 - 533b748d24ce5a969e1ef7f67f09eb1dae0df0fc - 229c25a9927373682fce95a037b9a8a0 + + 65e18595027633ddc43a5a99c327b1d3874e593bdb57c149422f0b7e8f5504bfbcd9ec95f21ac295c4a887304409f10d31d4abe4d2e9302be2b4d43e7b8c357a + 0a79a56720eef792b5611cf5f5e51d7c04933eda246178c3135233bbaa040731 + 42271dd058348bdee86db9e4d24a9ba4ca9a9c04 + 1c218a5f6316f357de73f1b1cf60affe 9 - https://s3-external-1.amazonaws.com/bosh-agent-binaries/git-sha - 2.728.0 + https://s3-external-1.amazonaws.com/bosh-agent-binaries/git-sha-2.791.0 + 2.791.0 - + fe22cd6fd90ded459b08385497032f2de4022f712dc753dc026ffbc024d3cdd5007f68886f0d4dd8a7832ece138455c3320ce65b72eec054ed3717f6212a7567 a1f4729600504b0cc026ff5e826bb403b43a564780e091d01e0ab7bacb15906a a5a1e59f6bfaa23bffb85a6647bfbc3df1dbf594 c0e9e8c1a9510c750742534ba431530b 708 - https://s3-external-1.amazonaws.com/bosh-agent-binaries/service_wrapper.xml - 2.728.0 + https://s3-external-1.amazonaws.com/bosh-agent-binaries/service_wrapper-2.791.0.xml + 2.791.0 metalink-repository-resource/0.0.0 - 2025-02-07T02:34:57.245470997Z + 2025-12-11T17:58:26.839734409Z diff --git a/stemcell_builder/stages/bosh_monit/assets/monit-access-helper.sh b/stemcell_builder/stages/bosh_monit/assets/monit-access-helper.sh index 659c2c7386..3f66ca3a2d 100644 --- a/stemcell_builder/stages/bosh_monit/assets/monit-access-helper.sh +++ b/stemcell_builder/stages/bosh_monit/assets/monit-access-helper.sh @@ -14,7 +14,8 @@ monit_isolation_classid=2958295041 permit_monit_access() { net_cls_location="$(cat /proc/self/mounts | grep ^cgroup | grep net_cls | awk '{ print $2 }' )" - monit_access_cgroup="${net_cls_location}/monit-api-access" + net_cls_subproc="$(grep net_cls /proc/self/cgroup | awk -F ":" '{ print $3 }' )" + monit_access_cgroup="${net_cls_location}/${net_cls_subproc}/monit-api-access" mkdir -p "${monit_access_cgroup}" echo "${monit_isolation_classid}" > "${monit_access_cgroup}/net_cls.classid" diff --git a/stemcell_builder/stages/bosh_ntp/apply.sh b/stemcell_builder/stages/bosh_ntp/apply.sh index 7c51e4951f..b8da2c4295 100755 --- a/stemcell_builder/stages/bosh_ntp/apply.sh +++ b/stemcell_builder/stages/bosh_ntp/apply.sh @@ -7,6 +7,7 @@ source $base_dir/lib/prelude_apply.bash source $base_dir/lib/prelude_bosh.bash sed -i "/^pool /d" $chroot/etc/chrony/chrony.conf +sed -i "s/^makestep .*/makestep 1 -1/" $chroot/etc/chrony/chrony.conf cp $dir/assets/chrony-updater $chroot/$bosh_dir/bin/sync-time chmod 0755 $chroot/$bosh_dir/bin/sync-time diff --git a/stemcell_builder/stages/image_install_grub/apply.sh b/stemcell_builder/stages/image_install_grub/apply.sh index cb555dd069..470122f7d1 100755 --- a/stemcell_builder/stages/image_install_grub/apply.sh +++ b/stemcell_builder/stages/image_install_grub/apply.sh @@ -90,6 +90,7 @@ CGROUP_FIX="systemd.unified_cgroup_hierarchy=false" cat >${image_mount_point}/etc/default/grub <${image_mount_point}/etc/default/grub < $ovf/$vm_hostname.vmx < -OnCalendar=*-*-* *:00/15:00 -RandomizedDelaySec=2min -Persistent=true +OnCalendar=*-*-* *:*:00/5 +RandomizedDelaySec=1min [Install] WantedBy=timers.target diff --git a/stemcell_builder/stages/system_azure_init/apply.sh b/stemcell_builder/stages/system_azure_init/apply.sh index 53c518bdfd..15aedc5e11 100755 --- a/stemcell_builder/stages/system_azure_init/apply.sh +++ b/stemcell_builder/stages/system_azure_init/apply.sh @@ -5,11 +5,12 @@ set -e base_dir=$(readlink -nf $(dirname $0)/../..) source $base_dir/lib/prelude_apply.bash -packages="python3 python3-pyasn1 python3-setuptools python3-distro python-is-python3 cloud-init" +packages="python3 python3-pyasn1 python3-setuptools python3-distro python-is-python3 \ +cloud-init linux-cloud-tools-common linux-cloud-tools-generic" pkg_mgr install $packages -wala_release=2.9.1.1 -wala_expected_sha1=b61bd57f3b2f7b048d6bab2739690bbf1d9c213b +wala_release=2.15.0.1 +wala_expected_sha1=155fd6f326a2bf2ff97b4ea2e2c83dc16a9c1768 curl -L https://github.com/Azure/WALinuxAgent/archive/v${wala_release}.tar.gz > /tmp/wala.tar.gz sha1=$(cat /tmp/wala.tar.gz | openssl dgst -sha1 | awk 'BEGIN {FS="="}; {gsub(/ /,"",$2); print $2}') @@ -32,6 +33,7 @@ run_in_chroot $chroot " sudo rm -fr WALinuxAgent-${wala_release} rm wala.tar.gz " +mkdir -p $chroot/var/log/azure cp -f $dir/assets/etc/waagent/waagent.conf $chroot/etc/waagent.conf cp -f $dir/assets/etc/waagent/walinuxagent.service $chroot/lib/systemd/system/walinuxagent.service chmod 0644 $chroot/lib/systemd/system/walinuxagent.service @@ -46,12 +48,16 @@ cat > $chroot/etc/logrotate.d/waagent <> $chroot/etc/rsyslog.d/50-default. rm $chroot/etc/rsyslog.d/21-cloudinit.conf + +# Enable Hyper-V KVP daemon (installed via linux-cloud-tools) +run_in_chroot "$chroot" "systemctl enable hv-kvp-daemon.service" diff --git a/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/05-logging.cfg b/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/05-logging.cfg index b6d39ad6fc..b5a95e8078 100644 --- a/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/05-logging.cfg +++ b/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/05-logging.cfg @@ -1,7 +1,7 @@ -=## This yaml formated config file handles setting +## This yaml formatted config file handles setting ## logger information. The values that are necessary to be set ## are seen at the bottom. The top '_log' are only used to remove -## redundency in a syslog and fallback-to-file case. +## redundancy in a syslog and fallback-to-file case. ## ## The 'log_cfgs' entry defines a list of logger configs ## Each entry in the list is tried, and the first one that @@ -68,5 +68,4 @@ log_cfgs: # This tells cloud-init to redirect its stdout and stderr to # 'tee -a /var/log/cloud-init-output.log' so the user can see output # there without needing to look on the console. -output: {all: '| tee -a /var/log/cloud-init-output.log'} - +output: {all: '| tee -a /var/log/cloud-init-output.log'} \ No newline at end of file diff --git a/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/cloud.cfg b/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/cloud.cfg index bd12396ec1..8454de72ad 100644 --- a/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/cloud.cfg +++ b/stemcell_builder/stages/system_azure_init/assets/etc/cloud-init/cloud.cfg @@ -10,6 +10,7 @@ cloud_init_modules: - update_etc_hosts - users-groups - ssh + - apt-configure cloud_config_modules: - ssh-import-id - set-passwords diff --git a/stemcell_builder/stages/system_azure_init/assets/etc/systemd/system/cloud-config.service.d/firstboot-blocker.conf b/stemcell_builder/stages/system_azure_init/assets/etc/systemd/system/cloud-config.service.d/firstboot-blocker.conf new file mode 100644 index 0000000000..9c1b09bd0e --- /dev/null +++ b/stemcell_builder/stages/system_azure_init/assets/etc/systemd/system/cloud-config.service.d/firstboot-blocker.conf @@ -0,0 +1,3 @@ +[Unit] +Wants=firstboot.service +After=firstboot.service diff --git a/stemcell_builder/stages/system_azure_init/assets/etc/waagent/walinuxagent.service b/stemcell_builder/stages/system_azure_init/assets/etc/waagent/walinuxagent.service index f4ed6b0957..bb070f1110 100755 --- a/stemcell_builder/stages/system_azure_init/assets/etc/waagent/walinuxagent.service +++ b/stemcell_builder/stages/system_azure_init/assets/etc/waagent/walinuxagent.service @@ -7,7 +7,8 @@ [Unit] Description=Azure Linux Agent -After=network-online.target +# NON-DEFAULT: Must run after the firstboot.service, which regenerates the ssh keys +After=firstboot.service network-online.target cloud-init.service Wants=network-online.target sshd.service sshd-keygen.service ConditionFileIsExecutable=/usr/sbin/waagent @@ -15,13 +16,11 @@ ConditionPathExists=/etc/waagent.conf [Service] Type=simple -# stemcells on Azure re-generate the SSH Hostkey upon first reboot -# waagent has to wait until the file was recreated -ExecStartPre=/bin/bash -c "while [ ! -f /root/firstboot_done ]; do sleep 1; done" ExecStart=/usr/bin/python3 -u /usr/sbin/waagent -daemon Restart=always Slice=azure.slice CPUAccounting=yes +MemoryAccounting=yes [Install] WantedBy=multi-user.target diff --git a/stemcell_builder/stages/system_azure_network/apply.sh b/stemcell_builder/stages/system_azure_network/apply.sh index f3fb331d17..41e5941d41 100755 --- a/stemcell_builder/stages/system_azure_network/apply.sh +++ b/stemcell_builder/stages/system_azure_network/apply.sh @@ -20,3 +20,11 @@ EOS # The port 65330 is unusable on Azure cp $dir/assets/90-azure-sysctl.conf $chroot/etc/sysctl.d chmod 0644 $chroot/etc/sysctl.d/90-azure-sysctl.conf + +# Install SR-IOV VF udev rule to mark network interfaces as unmanaged and set ifalias +cp $dir/assets/10-azure-sriov-unmanaged.rules $chroot/etc/udev/rules.d +chmod 0644 $chroot/etc/udev/rules.d/10-azure-sriov-unmanaged.rules + +# Apply the systemd.network configuration, to ignore unmanaged devices +cp $dir/assets/01-azure-sriov-unmanaged.network $chroot/etc/systemd/network +chmod 0644 $chroot/etc/systemd/network/01-azure-sriov-unmanaged.network diff --git a/stemcell_builder/stages/system_azure_network/assets/01-azure-sriov-unmanaged.network b/stemcell_builder/stages/system_azure_network/assets/01-azure-sriov-unmanaged.network new file mode 100644 index 0000000000..aaa7aecdf6 --- /dev/null +++ b/stemcell_builder/stages/system_azure_network/assets/01-azure-sriov-unmanaged.network @@ -0,0 +1,11 @@ +# Azure VMs with accelerated networking may have MANA, mlx4, or mlx5 SR-IOV +# devices which are transparently bonded to a synthetic hv_netvsc device. +# +# 10-azure-unmanaged-sriov.rules will mark these devices with +# AZURE_UNMANAGED_SRIOV=1, allowing this configuration to set them as unmanaged. + +[Match] +Property=AZURE_UNMANAGED_SRIOV=1 + +[Link] +Unmanaged=yes \ No newline at end of file diff --git a/stemcell_builder/stages/system_azure_network/assets/10-azure-sriov-unmanaged.rules b/stemcell_builder/stages/system_azure_network/assets/10-azure-sriov-unmanaged.rules new file mode 100644 index 0000000000..af04593c69 --- /dev/null +++ b/stemcell_builder/stages/system_azure_network/assets/10-azure-sriov-unmanaged.rules @@ -0,0 +1,19 @@ +# Azure VMs with accelerated networking may have MANA, mlx4, or mlx5 SR-IOV devices +# which are transparently bonded to a synthetic hv_netvsc device. +# +# Mark devices with the IFF_SLAVE bit set as unmanaged devices: +# AZURE_UNMANAGED_SRIOV=1: Custom tag to mark the interface as unmanaged in systemd-networkd (01-azure-sriov-unmanaged.network). +# ID_NET_MANAGED_BY=unmanaged: Standard tag for systemd-networkd (v255+). +# NM_UNMANAGED=1: Tells NetworkManager to ignore the interface. +# +# Additionally, set an ifalias to allow the bosh-agent to ignore the device, as both +# interfaces, the synthetic and the VF interface, share the same MAC address and only +# the synthetic interface should be used by the application. + +SUBSYSTEM=="net", ACTION!="remove", KERNEL!="lo", \ + DRIVERS=="mana|mlx4_core|mlx5_core", \ + ATTR{flags}=="0x?[89ABCDEF]*", \ + ENV{AZURE_UNMANAGED_SRIOV}="1", \ + ENV{ID_NET_MANAGED_BY}="unmanaged", \ + ENV{NM_UNMANAGED}="1", \ + ATTR{ifalias}="sriov-vf" diff --git a/stemcell_builder/stages/system_google_packages/assets/instance_configs.cfg.template b/stemcell_builder/stages/system_google_packages/assets/instance_configs.cfg.template index 94dddf130f..4bd766dcdf 100644 --- a/stemcell_builder/stages/system_google_packages/assets/instance_configs.cfg.template +++ b/stemcell_builder/stages/system_google_packages/assets/instance_configs.cfg.template @@ -8,5 +8,3 @@ optimize_local_ssd = true set_host_keys = false shutdown = false startup = false -[Core] -cloud_logging_enabled = false diff --git a/stemcell_builder/stages/system_kernel_modules/apply.sh b/stemcell_builder/stages/system_kernel_modules/apply.sh index 826d644fb1..d56ba5cec4 100755 --- a/stemcell_builder/stages/system_kernel_modules/apply.sh +++ b/stemcell_builder/stages/system_kernel_modules/apply.sh @@ -19,6 +19,7 @@ install hfsplus /bin/true install squashfs /bin/true install udf /bin/true install rds /bin/true +install floppy /bin/true options ipv6 disable=1' >> $chroot/etc/modprobe.d/blacklist.conf echo '# prevent nouveau from loading @@ -29,3 +30,7 @@ alias nouveau off alias lbm-nouveau off' >> $chroot/etc/modprobe.d/blacklist-nouveau.conf rm -rf $chroot/lib/modules/*/kernel/zfs $chroot/usr/src/linux-headers-*/zfs + +mount --bind /sys "$chroot/sys" +add_on_exit "umount $chroot/sys" +run_in_chroot $chroot "update-initramfs -u -k all" \ No newline at end of file