From 1cb1d428561d485f84ececeebd2401beba183dc7 Mon Sep 17 00:00:00 2001 From: Andre Sailer Date: Wed, 3 Apr 2024 13:39:24 +0200 Subject: [PATCH] Ubuntu22: add creation of image --- .github/workflows/images-creator.yml | 2 +- ubuntu2204/Dockerfile | 56 +++++++++++++ ubuntu2204/krb5.conf/common | 97 +++++++++++++++++++++++ ubuntu2204/krb5.conf/rhel | 97 +++++++++++++++++++++++ ubuntu2204/krb5.conf/ubuntu | 96 +++++++++++++++++++++++ ubuntu2204/misc/bashrc | 18 +++++ ubuntu2204/misc/ccache.conf | 4 + ubuntu2204/misc/config | 5 ++ ubuntu2204/misc/keyboard | 17 ++++ ubuntu2204/misc/krb5.conf | 97 +++++++++++++++++++++++ ubuntu2204/packages.txt | 113 +++++++++++++++++++++++++++ 11 files changed, 601 insertions(+), 1 deletion(-) create mode 100644 ubuntu2204/Dockerfile create mode 100644 ubuntu2204/krb5.conf/common create mode 100644 ubuntu2204/krb5.conf/rhel create mode 100644 ubuntu2204/krb5.conf/ubuntu create mode 100644 ubuntu2204/misc/bashrc create mode 100644 ubuntu2204/misc/ccache.conf create mode 100644 ubuntu2204/misc/config create mode 100644 ubuntu2204/misc/keyboard create mode 100644 ubuntu2204/misc/krb5.conf create mode 100644 ubuntu2204/packages.txt diff --git a/.github/workflows/images-creator.yml b/.github/workflows/images-creator.yml index 7007ca7..009c555 100644 --- a/.github/workflows/images-creator.yml +++ b/.github/workflows/images-creator.yml @@ -21,7 +21,7 @@ jobs: build: strategy: matrix: - image: ["centos7", "centos8", "el9"] + image: ["centos7", "centos8", "el9", "ubuntu2204"] runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 diff --git a/ubuntu2204/Dockerfile b/ubuntu2204/Dockerfile new file mode 100644 index 0000000..c340efb --- /dev/null +++ b/ubuntu2204/Dockerfile @@ -0,0 +1,56 @@ +FROM ubuntu:22.04 +LABEL maintainer="andresailer" + +# Suppress debconf messages for user interaction during installations +COPY misc/keyboard /etc/default/keyboard +ENV DEBIAN_FRONTEND noninteractive + +# Install krb5.conf (before installing krb5-user) +COPY krb5.conf/common /etc/krb5.conf + +# Install native packages +COPY packages.txt /tmp/packages +RUN apt-get update \ + && apt-get install -y --no-install-recommends apt-utils \ + && apt-get upgrade -y \ + && apt-get install -y $(cat /tmp/packages) \ + && rm -fv /tmp/packages \ + && locale-gen en_US.UTF-8 \ + && rm -rfv /var/lib/apt/lists/* + +# Install network file transfer programs +RUN apt-get update \ + && apt-get install -y curl \ + && apt-get install -y wget \ + && rm -fv /tmp/packages \ + && rm -rfv /var/lib/apt/lists/* + +# Xrootd client from CERN debian repository +RUN echo "deb http://storage-ci.web.cern.ch/storage-ci/debian/xrootd/ focal release" > /etc/apt/sources.list.d/xrootd.list +RUN curl -sL http://storage-ci.web.cern.ch/storage-ci/storageci.key -o /tmp/storageci.key \ + && APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/storageci.key \ + && rm -fr /tmp/storageci.key +RUN apt-get update && apt-get install -y xrootd-client + +# Set the correct timezone +RUN ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime + +# Add some subfolders in the $HOME folder +RUN mkdir /root/.ssh \ + && mkdir /root/.ccache + +# Setup SSH configuration +COPY misc/config /root/.ssh/config +RUN chmod 600 /root/.ssh/config + +# Setup ccache +RUN mkdir -p /ccache +COPY misc/ccache.conf /root/.ccache/ccache.conf +RUN cp $( which ccache ) /usr/local/bin \ + && ln -s /usr/local/bin/ccache /usr/local/bin/gcc \ + && ln -s /usr/local/bin/ccache /usr/local/bin/g++ \ + && ln -s /usr/local/bin/ccache /usr/local/bin/cc \ + && ln -s /usr/local/bin/ccache /usr/local/bin/c++ + +# Run bash as default command +CMD ["/bin/bash"] diff --git a/ubuntu2204/krb5.conf/common b/ubuntu2204/krb5.conf/common new file mode 100644 index 0000000..62fb82b --- /dev/null +++ b/ubuntu2204/krb5.conf/common @@ -0,0 +1,97 @@ +; AD : This Kerberos configuration is for CERN's Active Directory realm +; The line above this is magic and is used by cern-config-keytab. Do +; not remove. + +; Installed with puppet from a series of +; template fragments. + +; /etc/krb5.conf + +[libdefaults] + default_realm = CERN.CH + ticket_lifetime = 25h + renew_lifetime = 120h + forwardable = true + proxiable = true + default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc + chpw_prompt = true + allow_weak_crypto = true + + +[appdefaults] +pam = { + external = true + krb4_convert = false + krb4_convert_524 = false + krb4_use_as_req = false +} + +[domain_realm] +.cern.ch = CERN.CH +.fnal.gov = FNAL.GOV +.hep.man.ac.uk = HEP.MAN.AC.UK +.in2p3.fr = IN2P3.FR +# No default domain for KFKI.HU specified. + +[realms] +# Start of puppet output for CERN.CH + CERN.CH = { + default_domain = cern.ch + kpasswd_server = cerndc.cern.ch + admin_server = cerndc.cern.ch + kdc = cerndc.cern.ch + v4_name_convert = { + host = { + rcmd = host + } + } + } + + +# Start of puppet output for FNAL.GOV + FNAL.GOV = { + default_domain = fnal.gov + admin_server = krb-fnal-admin.fnal.gov + kdc = krb-fnal-fcc3.fnal.gov:88 + kdc = krb-fnal-2.fnal.gov:88 + kdc = krb-fnal-3.fnal.gov:88 + kdc = krb-fnal-1.fnal.gov:88 + kdc = krb-fnal-4.fnal.gov:88 + kdc = krb-fnal-enstore.fnal.gov:88 + kdc = krb-fnal-fg2.fnal.gov:88 + kdc = krb-fnal-cms188.fnal.gov:88 + kdc = krb-fnal-cms204.fnal.gov:88 + kdc = krb-fnal-d0online.fnal.gov:88 + } + + +# Start of puppet output for HEP.MAN.AC.UK + HEP.MAN.AC.UK = { + default_domain = hep.man.ac.uk + kpasswd_server = afs4.hep.man.ac.uk + admin_server = afs4.hep.man.ac.uk + kdc = afs1.hep.man.ac.uk + kdc = afs2.hep.man.ac.uk + kdc = afs3.hep.man.ac.uk + kdc = afs4.hep.man.ac.uk + } + + +# Start of puppet output for IN2P3.FR + IN2P3.FR = { + default_domain = in2p3.fr + kpasswd_server = kerberos-admin.in2p3.fr + admin_server = kerberos-admin.in2p3.fr + kdc = kerberos-1.in2p3.fr + kdc = kerberos-2.in2p3.fr + kdc = kerberos-3.in2p3.fr + } + + +# Start of puppet output for KFKI.HU + KFKI.HU = { + admin_server = kerberos.kfki.hu + kdc = kerberos.kfki.hu + } + + diff --git a/ubuntu2204/krb5.conf/rhel b/ubuntu2204/krb5.conf/rhel new file mode 100644 index 0000000..62fb82b --- /dev/null +++ b/ubuntu2204/krb5.conf/rhel @@ -0,0 +1,97 @@ +; AD : This Kerberos configuration is for CERN's Active Directory realm +; The line above this is magic and is used by cern-config-keytab. Do +; not remove. + +; Installed with puppet from a series of +; template fragments. + +; /etc/krb5.conf + +[libdefaults] + default_realm = CERN.CH + ticket_lifetime = 25h + renew_lifetime = 120h + forwardable = true + proxiable = true + default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc + chpw_prompt = true + allow_weak_crypto = true + + +[appdefaults] +pam = { + external = true + krb4_convert = false + krb4_convert_524 = false + krb4_use_as_req = false +} + +[domain_realm] +.cern.ch = CERN.CH +.fnal.gov = FNAL.GOV +.hep.man.ac.uk = HEP.MAN.AC.UK +.in2p3.fr = IN2P3.FR +# No default domain for KFKI.HU specified. + +[realms] +# Start of puppet output for CERN.CH + CERN.CH = { + default_domain = cern.ch + kpasswd_server = cerndc.cern.ch + admin_server = cerndc.cern.ch + kdc = cerndc.cern.ch + v4_name_convert = { + host = { + rcmd = host + } + } + } + + +# Start of puppet output for FNAL.GOV + FNAL.GOV = { + default_domain = fnal.gov + admin_server = krb-fnal-admin.fnal.gov + kdc = krb-fnal-fcc3.fnal.gov:88 + kdc = krb-fnal-2.fnal.gov:88 + kdc = krb-fnal-3.fnal.gov:88 + kdc = krb-fnal-1.fnal.gov:88 + kdc = krb-fnal-4.fnal.gov:88 + kdc = krb-fnal-enstore.fnal.gov:88 + kdc = krb-fnal-fg2.fnal.gov:88 + kdc = krb-fnal-cms188.fnal.gov:88 + kdc = krb-fnal-cms204.fnal.gov:88 + kdc = krb-fnal-d0online.fnal.gov:88 + } + + +# Start of puppet output for HEP.MAN.AC.UK + HEP.MAN.AC.UK = { + default_domain = hep.man.ac.uk + kpasswd_server = afs4.hep.man.ac.uk + admin_server = afs4.hep.man.ac.uk + kdc = afs1.hep.man.ac.uk + kdc = afs2.hep.man.ac.uk + kdc = afs3.hep.man.ac.uk + kdc = afs4.hep.man.ac.uk + } + + +# Start of puppet output for IN2P3.FR + IN2P3.FR = { + default_domain = in2p3.fr + kpasswd_server = kerberos-admin.in2p3.fr + admin_server = kerberos-admin.in2p3.fr + kdc = kerberos-1.in2p3.fr + kdc = kerberos-2.in2p3.fr + kdc = kerberos-3.in2p3.fr + } + + +# Start of puppet output for KFKI.HU + KFKI.HU = { + admin_server = kerberos.kfki.hu + kdc = kerberos.kfki.hu + } + + diff --git a/ubuntu2204/krb5.conf/ubuntu b/ubuntu2204/krb5.conf/ubuntu new file mode 100644 index 0000000..7c65244 --- /dev/null +++ b/ubuntu2204/krb5.conf/ubuntu @@ -0,0 +1,96 @@ +[libdefaults] + default_realm = CERN.CH + +# The following krb5.conf variables are only for MIT Kerberos. + kdc_timesync = 1 + ccache_type = 4 + forwardable = true + proxiable = true + +# The following encryption type specification will be used by MIT Kerberos +# if uncommented. In general, the defaults in the MIT Kerberos code are +# correct and overriding these specifications only serves to disable new +# encryption types as they are added, creating interoperability problems. +# +# The only time when you might need to uncomment these lines and change +# the enctypes is if you have local software that will break on ticket +# caches containing ticket encryption types it doesn't know about (such as +# old versions of Sun Java). + +# default_tgs_enctypes = des3-hmac-sha1 +# default_tkt_enctypes = des3-hmac-sha1 +# permitted_enctypes = des3-hmac-sha1 + +# The following libdefaults parameters are only for Heimdal Kerberos. + fcc-mit-ticketflags = true + +[realms] + ATHENA.MIT.EDU = { + kdc = kerberos.mit.edu + kdc = kerberos-1.mit.edu + kdc = kerberos-2.mit.edu:88 + admin_server = kerberos.mit.edu + default_domain = mit.edu + } + ZONE.MIT.EDU = { + kdc = casio.mit.edu + kdc = seiko.mit.edu + admin_server = casio.mit.edu + } + CSAIL.MIT.EDU = { + admin_server = kerberos.csail.mit.edu + default_domain = csail.mit.edu + } + IHTFP.ORG = { + kdc = kerberos.ihtfp.org + admin_server = kerberos.ihtfp.org + } + 1TS.ORG = { + kdc = kerberos.1ts.org + admin_server = kerberos.1ts.org + } + ANDREW.CMU.EDU = { + admin_server = kerberos.andrew.cmu.edu + default_domain = andrew.cmu.edu + } + CS.CMU.EDU = { + kdc = kerberos-1.srv.cs.cmu.edu + kdc = kerberos-2.srv.cs.cmu.edu + kdc = kerberos-3.srv.cs.cmu.edu + admin_server = kerberos.cs.cmu.edu + } + DEMENTIA.ORG = { + kdc = kerberos.dementix.org + kdc = kerberos2.dementix.org + admin_server = kerberos.dementix.org + } + stanford.edu = { + kdc = krb5auth1.stanford.edu + kdc = krb5auth2.stanford.edu + kdc = krb5auth3.stanford.edu + master_kdc = krb5auth1.stanford.edu + admin_server = krb5-admin.stanford.edu + default_domain = stanford.edu + } + UTORONTO.CA = { + kdc = kerberos1.utoronto.ca + kdc = kerberos2.utoronto.ca + kdc = kerberos3.utoronto.ca + admin_server = kerberos1.utoronto.ca + default_domain = utoronto.ca + } + +[domain_realm] + .mit.edu = ATHENA.MIT.EDU + mit.edu = ATHENA.MIT.EDU + .media.mit.edu = MEDIA-LAB.MIT.EDU + media.mit.edu = MEDIA-LAB.MIT.EDU + .csail.mit.edu = CSAIL.MIT.EDU + csail.mit.edu = CSAIL.MIT.EDU + .whoi.edu = ATHENA.MIT.EDU + whoi.edu = ATHENA.MIT.EDU + .stanford.edu = stanford.edu + .slac.stanford.edu = SLAC.STANFORD.EDU + .toronto.edu = UTORONTO.CA + .utoronto.ca = UTORONTO.CA + diff --git a/ubuntu2204/misc/bashrc b/ubuntu2204/misc/bashrc new file mode 100644 index 0000000..5d0d0cc --- /dev/null +++ b/ubuntu2204/misc/bashrc @@ -0,0 +1,18 @@ +# .bashrc + +# Source global definitions +if [ -f /etc/bashrc ]; then + . /etc/bashrc +fi + +# If not running interactively, don't do anything +[[ $- != *i* ]] && return + +PS1="\[\033[0;33m\][\h] [\W] \[\033[1;33m\][\D{%F %T}]\n\[\033[01;36m\]\u \\$ \[\033[0m\]" + +# User specific aliases and functions +alias ls='ls --color=auto' +alias l='ls -1' +alias ll='ls -hAltr' +alias lll='ls --color -hal --group-directories-first' + diff --git a/ubuntu2204/misc/ccache.conf b/ubuntu2204/misc/ccache.conf new file mode 100644 index 0000000..d20e167 --- /dev/null +++ b/ubuntu2204/misc/ccache.conf @@ -0,0 +1,4 @@ +cache_dir = /ccache +cache_dir_levels = 8 +max_files = 0 +max_size = 20.0G \ No newline at end of file diff --git a/ubuntu2204/misc/config b/ubuntu2204/misc/config new file mode 100644 index 0000000..f31c1a4 --- /dev/null +++ b/ubuntu2204/misc/config @@ -0,0 +1,5 @@ +Host epsft-jenkins.cern.ch + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + User sftnight + LogLevel QUIET diff --git a/ubuntu2204/misc/keyboard b/ubuntu2204/misc/keyboard new file mode 100644 index 0000000..4f85957 --- /dev/null +++ b/ubuntu2204/misc/keyboard @@ -0,0 +1,17 @@ +# Check /usr/share/doc/keyboard-configuration/README.Debian for +# documentation on what to do after having modified this file. + +# The following variables describe your keyboard and can have the same +# values as the XkbModel, XkbLayout, XkbVariant and XkbOptions options +# in /etc/X11/xorg.conf. + +XKBMODEL="pc105" +XKBLAYOUT="us" +XKBVARIANT="" +XKBOPTIONS="" + +# If you don't want to use the XKB layout on the console, you can +# specify an alternative keymap. Make sure it will be accessible +# before /usr is mounted. +# KMAP=/etc/console-setup/defkeymap.kmap.gz +BACKSPACE="guess" diff --git a/ubuntu2204/misc/krb5.conf b/ubuntu2204/misc/krb5.conf new file mode 100644 index 0000000..62fb82b --- /dev/null +++ b/ubuntu2204/misc/krb5.conf @@ -0,0 +1,97 @@ +; AD : This Kerberos configuration is for CERN's Active Directory realm +; The line above this is magic and is used by cern-config-keytab. Do +; not remove. + +; Installed with puppet from a series of +; template fragments. + +; /etc/krb5.conf + +[libdefaults] + default_realm = CERN.CH + ticket_lifetime = 25h + renew_lifetime = 120h + forwardable = true + proxiable = true + default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc + chpw_prompt = true + allow_weak_crypto = true + + +[appdefaults] +pam = { + external = true + krb4_convert = false + krb4_convert_524 = false + krb4_use_as_req = false +} + +[domain_realm] +.cern.ch = CERN.CH +.fnal.gov = FNAL.GOV +.hep.man.ac.uk = HEP.MAN.AC.UK +.in2p3.fr = IN2P3.FR +# No default domain for KFKI.HU specified. + +[realms] +# Start of puppet output for CERN.CH + CERN.CH = { + default_domain = cern.ch + kpasswd_server = cerndc.cern.ch + admin_server = cerndc.cern.ch + kdc = cerndc.cern.ch + v4_name_convert = { + host = { + rcmd = host + } + } + } + + +# Start of puppet output for FNAL.GOV + FNAL.GOV = { + default_domain = fnal.gov + admin_server = krb-fnal-admin.fnal.gov + kdc = krb-fnal-fcc3.fnal.gov:88 + kdc = krb-fnal-2.fnal.gov:88 + kdc = krb-fnal-3.fnal.gov:88 + kdc = krb-fnal-1.fnal.gov:88 + kdc = krb-fnal-4.fnal.gov:88 + kdc = krb-fnal-enstore.fnal.gov:88 + kdc = krb-fnal-fg2.fnal.gov:88 + kdc = krb-fnal-cms188.fnal.gov:88 + kdc = krb-fnal-cms204.fnal.gov:88 + kdc = krb-fnal-d0online.fnal.gov:88 + } + + +# Start of puppet output for HEP.MAN.AC.UK + HEP.MAN.AC.UK = { + default_domain = hep.man.ac.uk + kpasswd_server = afs4.hep.man.ac.uk + admin_server = afs4.hep.man.ac.uk + kdc = afs1.hep.man.ac.uk + kdc = afs2.hep.man.ac.uk + kdc = afs3.hep.man.ac.uk + kdc = afs4.hep.man.ac.uk + } + + +# Start of puppet output for IN2P3.FR + IN2P3.FR = { + default_domain = in2p3.fr + kpasswd_server = kerberos-admin.in2p3.fr + admin_server = kerberos-admin.in2p3.fr + kdc = kerberos-1.in2p3.fr + kdc = kerberos-2.in2p3.fr + kdc = kerberos-3.in2p3.fr + } + + +# Start of puppet output for KFKI.HU + KFKI.HU = { + admin_server = kerberos.kfki.hu + kdc = kerberos.kfki.hu + } + + diff --git a/ubuntu2204/packages.txt b/ubuntu2204/packages.txt new file mode 100644 index 0000000..a0463ac --- /dev/null +++ b/ubuntu2204/packages.txt @@ -0,0 +1,113 @@ +attr +libfontconfig1-dev +libfreetype6-dev +libx11-dev +libx11-xcb-dev +libxext-dev +libxfixes-dev +libxi-dev +libxrender-dev +libxcb1-dev +libxcb-glx0-dev +libxcb-keysyms1-dev +libxcb-image0-dev +libxcb-shm0-dev +libxcb-icccm4-dev +libxcb-sync0-dev +libxcb-xfixes0-dev +libxcb-shape0-dev +libxcb-randr0-dev +libxcb-render-util0-dev +libxkbcommon-dev +libxkbcommon-x11-dev +libxcb-randr0-dev +libxcb-xtest0-dev +libxcb-xinerama0-dev +libxcb-shape0-dev +libxcb-xkb-dev +libx11-xcb-dev +libglu1-mesa-dev +libxrender-dev +libxi-dev +libxkbcommon-dev +libxkbcommon-x11-dev +autoconf +automake +bc +binutils +bison +byacc +bzip2 +ccache +cmake +emacs +flex +g++ +gcc +gdb +gettext +gfortran +git +krb5-user +libatlas-base-dev +libatlas3-base +libbz2-dev +libcairo2-dev +libcap-dev +libcurl4-openssl-dev +libffi-dev +libffi7 +libgdbm-dev +libgdbm6 +libglib2.0-dev +libglib2.0-dev-bin +libglu1-mesa +libglu1-mesa-dev +libgmp-dev +libicu-dev +libjpeg-turbo8 +libjpeg-turbo8-dev +liblzma-dev +libmotif-dev +libncurses5-dev +libnss3-dev +libpixman-1-dev +libpcre3 +libpcre3-dev +libreadline6-dev +libsasl2-dev +libssl-dev +libtiff5 +libtiff5-dev +libtool +libx11-dev +libxcb-shm0-dev +libxext-dev +libxft-dev +libxi-dev +libxmu-dev +libxpm-dev +locales +lsb-release +mesa-common-dev +nano +python-is-python2 +python-cairo-dev +python3 +python3-cairo-dev +python3-distro +python3-distutils +python3-lib2to3 +python3-pip +qt5-default +rsync +subversion +tcl +tcl-dev +time +tk +tk-dev +unzip +uuid-dev +zip +zlib1g-dev