Merge pull request #1441 from flatcar/tormath1/gcp-oem

oem: port GCE to sysext image

build_library/vm_image_util.sh

@@ -256,8 +256,9 @@ IMG_iso_MEM=2048
 ## gce, image tarball
 IMG_gce_DISK_LAYOUT=vm
 IMG_gce_CONF_FORMAT=gce
-IMG_gce_OEM_PACKAGE=oem-gce
-IMG_gce_OEM_ACI=gce
+IMG_gce_OEM_PACKAGE=common-oem-files
+IMG_gce_OEM_USE=gce
+IMG_gce_OEM_SYSEXT=oem-gce
 
 ## rackspace
 IMG_rackspace_OEM_PACKAGE=oem-rackspace

changelog/changes/2023-11-29-sysext-for-gce-oem.md

@@ -0,0 +1 @@
+- GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr` and being part of the OEM A/B updates ([flatcar#1146](https://github.com/flatcar/Flatcar/issues/1146))

sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r5.ebuild

@@ -31,6 +31,7 @@ fi
 COMMON_OEMIDS=(
     ami
     azure
+    gce
     openstack
     packet
     qemu

sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/gce/grub.cfg.frag

@@ -1,7 +1,3 @@
-# Flatcar GRUB settings
-
-set oem_id="gce"
-
 # GCE only has a serial console.
 set linux_console="console=ttyS0,115200n8"
 serial com0 --speed=115200 --word=8 --parity=no

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r6.ebuild

@@ -1 +0,0 @@
-coreos-oem-gce-0.0.1.ebuild

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild

@@ -1,20 +0,0 @@
-# Copyright (c) 2016 CoreOS, Inc.. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DESCRIPTION="CoreOS OEM suite for Google Compute Engine (meta package)"
-HOMEPAGE=""
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64"
-IUSE=""
-
-RDEPEND="
-	app-emulation/google-compute-engine
-	app-shells/bash
-	sys-apps/gentoo-functions
-	sys-libs/glibc
-	sys-libs/nss-usrfiles
-"

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manifest.in

@@ -1,33 +0,0 @@
-{
-  "acKind": "ImageManifest",
-  "acVersion": "0.8.6",
-  "name": "@ACI_NAME@",
-  "labels": [
-    {"name": "arch", "value": "@ACI_ARCH@"},
-    {"name": "os", "value": "linux"},
-    {"name": "version", "value": "@ACI_VERSION@"}
-  ],
-  "app": {
-    "exec": [ "/init.sh" ],
-    "user": "0",
-    "group": "0",
-
-    "mountPoints": [
-      {
-        "name": "etc",
-        "path": "/etc",
-        "readOnly": false
-      },
-      {
-        "name": "home",
-        "path": "/home",
-        "readOnly": false
-      },
-      {
-        "name": "runsystemd",
-        "path": "/run/systemd",
-        "readOnly": false
-      }
-    ]
-  }
-}

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/metadata.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-</pkgmetadata>

sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/oems/gce

@@ -0,0 +1,13 @@
+/etc/systemd/system/multi-user.target.wants/oem-cloudinit.service
+/etc/systemd/system/multi-user.target.wants/oem-gce.service
+/etc/systemd/system/oem-cloudinit.service
+/etc/systemd/system/oem-gce-enable-oslogin.service
+/etc/systemd/system/oem-gce.service
+/etc/systemd/system/sysinit.target.wants/oem-gce-enable-oslogin.service
+/oem/base/
+/oem/bin/
+/oem/files/
+/oem/flatcar-oem-gce.aci
+/oem/units/
+/var/lib/flatcar-oem-gce
+/var/lib/flatcar-oem-gce.img

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/README

@@ -1,4 +0,0 @@
-These Ignition configs are part of the OEM configuration. Do not modify
-them. If you want to write an Ignition config directly to disk, put it in
-../config.ign and it will be applied at first boot instead of a config
-in userdata.

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/base.ign

@@ -1,57 +0,0 @@
-{
-  "ignition": {
-    "version": "2.2.0"
-  },
-  "storage": {
-    "files": [
-      {
-        "filesystem": "root",
-        "path": "/etc/systemd/system/oem-gce.service",
-        "contents": {
-          "source": "oem:///units/oem-gce.service"
-        },
-        "mode": 292
-      },
-      {
-        "filesystem": "root",
-        "path": "/etc/systemd/system/oem-gce-enable-oslogin.service",
-        "contents": {
-          "source": "oem:///units/oem-gce-enable-oslogin.service"
-        },
-        "mode": 292
-      },
-      {
-        "filesystem": "root",
-        "path": "/etc/hosts",
-        "contents": {
-          "source": "oem:///files/hosts"
-        },
-        "mode": 292
-      },
-      {
-        "filesystem": "root",
-        "path": "/etc/profile.d/google-cloud-sdk.sh",
-        "contents": {
-          "source": "oem:///files/google-cloud-sdk.sh"
-        },
-        "mode": 292
-      }
-    ]
-  },
-  "systemd": {
-    "units": [
-      {
-        "name": "coreos-metadata-sshkeys@.service",
-        "enabled": true
-      },
-      {
-        "name": "oem-gce.service",
-        "enabled": true
-      },
-      {
-        "name": "oem-gce-enable-oslogin.service",
-        "enabled": true
-      }
-    ]
-  }
-}

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/init.sh

@@ -1,11 +1,7 @@
-#!/bin/sh
-set -e
-
+#!/bin/bash -ex
 # GCE can work with our normal file system, but it needs an "init system".
 # Here is a better place to install this script so it doesn't get put in real
 # images built from the GCE Python package.
-cat << 'EOF' > init.sh && chmod 755 init.sh
-#!/bin/bash -ex
 
 # Write a configuration template if it does not exist.
 [ -e /etc/default/instance_configs.cfg.template ] ||
@@ -38,20 +34,3 @@ test -n "$stopping" || exit 1
 
 # Otherwise, run the shutdown script before quitting.
 exec /usr/bin/google_metadata_script_runner --script-type shutdown
-EOF
-
-# Disable PAM checks in the container.
-rm -f usr/lib/pam.d/*
-cat << 'EOF' > usr/lib/pam.d/other
-account optional pam_permit.so
-auth optional pam_permit.so
-password optional pam_permit.so
-session optional pam_permit.so
-EOF
-
-# Don't bundle these paths, since they are useless to us.
-mv usr/lib/systemd/lib*.so* usr/lib64/
-rm -fr boot etc/* usr/lib/systemd var/db/pkg
-
-# Remove test stuff from python - it's quite large.
-rm -rf usr/lib/python*/test

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/oem-release

@@ -1,5 +0,0 @@
-ID=gce
-VERSION_ID=@@OEM_VERSION_ID@@
-NAME="Google Compute Engine"
-HOME_URL="https://cloud.google.com/products/compute-engine/"
-BUG_REPORT_URL="https://issues.flatcar.org"

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/10-oem-gce.conf

@@ -0,0 +1,2 @@
+[Unit]
+Upholds=oem-gce-enable-oslogin.service setup-oem.service oem-gce.service

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce-enable-oslogin.service

@@ -10,7 +10,7 @@ Before=sshd.socket
 Type=oneshot
 RemainAfterExit=true
 
-ExecStart=/oem/bin/enable-oslogin
+ExecStart=/usr/bin/enable-oslogin
 
 [Install]
 WantedBy=sysinit.target

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service

@@ -12,20 +12,7 @@ RestartSec=5
 KillMode=process
 KillSignal=SIGTERM
 
-ExecStartPre=/usr/bin/rm -f /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/bin/truncate -s 1G /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/sbin/mkfs.ext4 /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/bin/rm -rf /var/lib/flatcar-oem-gce
-ExecStartPre=/usr/bin/mkdir -p /var/lib/flatcar-oem-gce
-ExecStartPre=-/usr/bin/umount /var/lib/flatcar-oem-gce.img
-ExecStartPre=/usr/bin/mount /var/lib/flatcar-oem-gce.img /var/lib/flatcar-oem-gce
-ExecStartPre=/usr/bin/tar --directory=/var/lib/flatcar-oem-gce --extract --file=/oem/flatcar-oem-gce.aci --strip-components=1 rootfs
-ExecStartPre=/usr/bin/umount /var/lib/flatcar-oem-gce.img
-# the container expects to be able to optmize irq settings in /proc/irq and /sys/
-Environment=SYSTEMD_NSPAWN_API_VFS_WRITABLE=1
-ExecStart=/usr/bin/systemd-nspawn --keep-unit --register=no --link-journal=no \
-    --machine=oem-gce --capability=CAP_NET_ADMIN --bind=/dev/log --bind=/run/systemd --tmpfs=/run/lock --bind=/etc --bind=/home --bind-ro=/usr/share/google-oslogin/nsswitch.conf \
-    --read-only --volatile=overlay --image=/var/lib/flatcar-oem-gce.img --kill-signal=SIGTERM /init.sh
+ExecStart=/usr/bin/init.sh
 
 [Install]
 WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/setup-oem.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Setup OEM
+Before=oem-gce-enable-oslogin.service
+DefaultDependencies=false
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=-/usr/bin/ln --symbolic --force /usr/share/gce/hosts /etc/hosts
+ExecStart=-/usr/bin/ln --symbolic /usr/share/gce/google-cloud-sdk.sh /etc/profile.d/google-cloud-sdk.sh
+[Install]
+WantedBy=sysinit.target

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r5.ebuild

@@ -1,33 +0,0 @@
-# Copyright (c) 2013 CoreOS, Inc.. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DESCRIPTION="OEM suite for Google Compute Engine images"
-HOMEPAGE=""
-SRC_URI=""
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64"
-IUSE=""
-
-# no source directory
-S="${WORKDIR}"
-
-src_prepare() {
-	default
-	sed -e "s\\@@OEM_VERSION_ID@@\\${PVR}\\g" \
-	    "${FILESDIR}/oem-release" > "${T}/oem-release" || die
-}
-
-src_install() {
-	insinto "/oem"
-	doins "${FILESDIR}/grub.cfg"
-	doins "${T}/oem-release"
-	doins -r "${FILESDIR}/base"
-	doins -r "${FILESDIR}/files"
-	doins -r "${FILESDIR}/units"
-	exeinto "/oem/bin"
-	doexe "${FILESDIR}/bin/enable-oslogin"
-}

sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild

@@ -0,0 +1,41 @@
+# Copyright (c) 2013 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+# Copyright (c) 2020 Kinvolk GmbH. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd
+
+DESCRIPTION="OEM suite for Google Compute Engine images"
+HOMEPAGE="https://cloud.google.com/products/compute-engine/"
+SRC_URI=""
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64"
+IUSE=""
+
+# no source directory
+S="${WORKDIR}"
+
+RDEPEND="
+    app-emulation/google-compute-engine
+"
+
+OEM_NAME="Google Compute Engine"
+
+src_install() {
+    systemd_dounit "${FILESDIR}/units/oem-gce.service"
+    systemd_dounit "${FILESDIR}/units/oem-gce-enable-oslogin.service"
+    systemd_dounit "${FILESDIR}/units/setup-oem.service"
+    systemd_install_dropin "multi-user.target" "${FILESDIR}/units/10-oem-gce.conf"
+
+    dobin "${FILESDIR}/bin/enable-oslogin"
+    dobin "${FILESDIR}/bin/init.sh"
+
+    # These files will be symlinked to /etc via 'setup-oem.service'
+    insinto /usr/share/gce/
+    doins "${FILESDIR}/files/hosts"
+    doins "${FILESDIR}/files/google-cloud-sdk.sh"
+}

sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild

@@ -20,8 +20,8 @@ IUSE=""
 DEPEND=""
 RDEPEND="
 	amd64? (
+		app-emulation/google-compute-engine
 		app-emulation/open-vm-tools
-		coreos-base/coreos-oem-gce
 		coreos-base/nova-agent-container
 		coreos-base/nova-agent-watcher
 	)