Merge branch 'v3' into PMM-12641-clean-up-build-scripts

Author: ademidoff

build/Makefile

@@ -9,27 +9,25 @@ fetch:
 		-o ${PACKER_CACHE_DIR}/id_rsa_vagrant
 	chmod 600 ${PACKER_CACHE_DIR}/id_rsa_vagrant
 	test -f ${PACKER_CACHE_DIR}/box/oracle9.ova \
-		|| curl https://vagrantcloud.com/bento/boxes/oracle-9.0/versions/202207.20.0/providers/virtualbox.box -o ${PACKER_CACHE_DIR}/box/oracle9.ova
+		|| curl -fL https://vagrantcloud.com/bento/boxes/oracle-9.0/versions/202207.20.0/providers/virtualbox.box -o ${PACKER_CACHE_DIR}/box/oracle9.ova
 
 	# NOTE: image from vagrant registry is twice as large
 	test -f ${PACKER_CACHE_DIR}/box/box.ovf \
 		|| tar -C ${PACKER_CACHE_DIR}/box -xvf ${PACKER_CACHE_DIR}/box/oracle9.ova
 
 deps:
 	mkdir -p ${PACKER_CACHE_DIR} ~/bin || :
-	curl https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip -o ${PACKER_CACHE_DIR}/packer.zip
+	curl -fL https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip -o ${PACKER_CACHE_DIR}/packer.zip
 	unzip -o ${PACKER_CACHE_DIR}/packer.zip -d ~/bin
 
 pmm-ovf: fetch
 	/usr/bin/packer build \
-			-only virtualbox-ovf -color=false packer/pmm.el9.json \
-					| tee build.log
+			-only virtualbox-ovf -color=false packer/pmm.el9.json | tee build.log
 
 # NOTE: no difference between rc and dev-latest (i.e. pmm-ovf) ATM
 pmm-ovf-rc: fetch
 	/usr/bin/packer build \
-			-only virtualbox-ovf -color=false packer/pmm.el9.json \
-					| tee build.log
+			-only virtualbox-ovf -color=false packer/pmm.el9.json | tee build.log
 
 pmm-digitalocean:
 	packer build -only digitalocean -var 'single_disk=true' packer/pmm.json
@@ -38,16 +36,8 @@ pmm-azure:
 	packer build -only azure-arm packer/pmm.json
 
 pmm-ami:
-	mkdir -p update && \
-		docker run --rm -v ${HOME}/.aws:/root/.aws -v `pwd`:/build -w /build hashicorp/packer:${PACKER_VERSION} \
-			build -only amazon-ebs -color=false packer/pmm.el9.json
-
-# NOTE: no difference between rc and dev-latest (pmm-ami) for now, TBD
-pmm-ami-rc:
-	mkdir -p update && \
-		docker run --rm -v ${HOME}/.aws:/root/.aws -v `pwd`:/build -w /build hashicorp/packer:${PACKER_VERSION} \
-			build -only amazon-ebs '-color=false' packer/pmm.el9.json
-
+	docker run --rm -v ${HOME}/.aws:/root/.aws -v `pwd`:/build -w /build \hashicorp/packer:${PACKER_VERSION} \
+		build -only amazon-ebs -color=false packer/pmm.json | tee build.log
 ## ----------------- PACKER ------------------
 
 check:                          ## Run required checks and linters

build/packer/ansible/pmm.yml

@@ -0,0 +1,10 @@
+---
+- name: Create PMM image
+  hosts: all
+  become: yes
+  become_user: root
+  roles:
+    - cloud-node
+    - lvm-init
+    - podman-setup
+    - ami-ovf

build/packer/ansible/roles/ami-ovf/files/show-pmm-url

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -o errexit
+
+PATH=/bin:/sbin
+
+SOURCE=$(
+    cat /var/lib/cloud/data/status.json 2>/dev/null \
+        | python -c 'import json, sys; print json.load(sys.stdin)["v1"]["datasource"];' 2>/dev/null
+)
+
+IP=$(ip route get 1 2>/dev/null | awk '{print $7;exit}')
+if [ "x$SOURCE" = "xDataSourceEc2" ]; then
+    IP=$(curl --connect-timeout 5 -s http://169.254.169.254/latest/meta-data/public-ipv4)
+fi
+
+if [ -z "$IP" ]; then
+    IP=$(ip addr show up | grep 'inet ' | awk '{print$2}' | cut -d '/' -f 1 | grep -v '^127.')
+fi
+
+echo "
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+    Percona Monitoring and Management           https://${IP}/
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+" | tee -a /dev/tty0

build/packer/ansible/roles/ami-ovf/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: PMM                        | Delete ec2-user EL9
+  shell: cd /tmp; nohup sh -c "trap 'userdel -r ec2-user' EXIT; sleep 600" </dev/null >/dev/null 2>&1 &
+  when:
+    - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux'
+    - ansible_distribution_major_version == '9'
+
+- name: PMM                        | Delete vagrant
+  shell: cd /tmp; nohup sh -c "trap 'userdel -r vagrant' EXIT; sleep 600" </dev/null >/dev/null 2>&1 &
+
+- name: PMM                        | Delete Azure user
+  shell: cd /tmp; nohup sh -c "trap '/usr/sbin/waagent -force -deprovision+user && sync' EXIT; sleep 600" </dev/null >/dev/null 2>&1 &

build/packer/ansible/roles/cloud-node/files/banner.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=URL banner service
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart=/opt/show-url
+
+[Install]
+WantedBy=multi-user.target

build/packer/ansible/roles/cloud-node/files/show-url

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+PATH=/bin:/sbin
+SOURCE=
+
+if [ -f /var/lib/cloud/data/status.json ]; then
+    SOURCE=$(
+        cat /var/lib/cloud/data/status.json 2>/dev/null \
+            | python -c 'import json, sys; print json.load(sys.stdin)["v1"]["datasource"];' 2>/dev/null
+    )
+fi
+
+IP=$(ip route get 1 2>/dev/null | awk '{print $7;exit}')
+if [ "x$SOURCE" = "xDataSourceEc2" ]; then
+    IP=$(curl --connect-timeout 5 -s http://169.254.169.254/latest/meta-data/public-ipv4)
+fi
+
+if [ -z "$IP" ]; then
+    IP=$(ip addr show up | grep 'inet ' | awk '{print$2}' | cut -d '/' -f 1 | grep -v '^127.')
+fi
+
+echo "
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+    Percona Monitoring and Management           https://${IP}/
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+" | tee -a /dev/tty0

build/packer/ansible/roles/cloud-node/tasks/ami.yml

@@ -0,0 +1,32 @@
+---
+# Common things for all AWS images
+
+    - name: ami                 | Enable swap on AWS
+      when: ansible_virtualization_type == "xen"
+      command: dd if=/dev/zero of=/var/tmp/swapfile bs=1024 count=1000000
+
+    - name: ami                 | Enable swap on AWS
+      when: ansible_virtualization_type == "xen"
+      file:
+        path: /var/tmp/swapfile
+        owner: root
+        group: root
+        mode: 0600
+
+    - name: ami                 | Enable swap on AWS
+      when: ansible_virtualization_type == "xen"
+      command: mkswap /var/tmp/swapfile
+
+    - name: ami                 | Enable swap on AWS
+      when: ansible_virtualization_type == "xen"
+      mount:
+        path: swap
+        src: /var/tmp/swapfile
+        fstype: swap
+        opts: defaults
+        state: present
+
+    - name: ami                 | Enable swap on AWS
+      when: ansible_virtualization_type == "xen"
+      command: swapon -a
+

build/packer/ansible/roles/cloud-node/tasks/main.yml

@@ -0,0 +1,182 @@
+---
+# Common things for all cloud images
+- name: Packages                   | Add EPEL repository for EL9
+  when:
+    - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux'
+    - ansible_distribution_major_version == '9'
+  yum:
+    name: epel-release
+    state: installed
+
+- name: Packages                   | Install OS tools for EL9
+  when:
+    - (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9'
+  yum:
+    name:
+      - screen
+      - yum-utils
+      - cloud-init
+      - firewalld
+      - python3-libselinux
+      - python3-firewall
+
+- name: Firewalld                  | Start EL9
+  when:
+    - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux'
+    - ansible_distribution_major_version == '9'
+    - ansible_os_family == 'RedHat'
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
+- name: Add firewalld rule        | EL9
+  when:
+    - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux'
+    - ansible_distribution_major_version == '9'
+  firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+  with_items:
+    - 80/tcp
+    - 443/tcp
+
+- name: cleanup cache              | Cleanup cache
+  file: path={{ item }} state=absent
+  with_items:
+    - /var/lib/cloud/sem
+    - /var/lib/cloud/data
+    - /var/lib/cloud/instance
+    - /var/lib/cloud/instances
+    - /var/log/cloud-init.log
+    - /var/log/cloud-init-output.log
+
+- name: create dir                 | Create getty@.service.d directory
+  file:
+    path: /etc/systemd/system/getty@.service.d
+    state: directory
+
+- name: cloud-init                 | Disable console cleanup
+  copy:
+    content: |
+      [Service]
+      TTYVTDisallocate=no
+    dest: /etc/systemd/system/getty@.service.d/nodisallocate.conf
+    mode: 0644
+
+- name: root password              | Set root password
+  when: ansible_virtualization_type == "virtualbox"
+  user:
+    name: root
+    password: "$6$J7pGg2a7vuRTbTV5$vORqkiAKdkyomU3iYwr/SPn.yLIkGsl5ludEx5DUvGVASSTquTjOldHt/nUWrFRnJeZyzt6CIOjAcugbcfGtN1"
+
+- name: root password              | Set root password
+  when: ansible_virtualization_type == "virtualbox"
+  command: chage -d 0 root
+  changed_when: False
+
+- name: root password              | Disable root password
+  when: ansible_virtualization_type != "virtualbox"
+  command: passwd --delete root
+  changed_when: False
+
+- name: root password              | Disable root password
+  when: ansible_virtualization_type != "virtualbox"
+  command: passwd --lock root
+  changed_when: False
+
+- name: chronyd                    | Fix start-up sequence
+  replace:
+    dest: /usr/lib/systemd/system/chronyd.service
+    regexp: "After="
+    replace: 'Before=cloud-config.target\nAfter=network-online.target '
+
+- name: disable root user          | Disable root user
+  copy:
+    content: |
+      no_ssh_fingerprints: true
+      disable_root: true
+    dest: /etc/cloud/cloud.cfg.d/00_disable-root.cfg
+    mode: 0644
+
+- name: add user                   | Add admin user
+  when: create_admin == "true"
+  user:
+    name: admin
+    comment: Cloud User
+    groups: wheel,adm,systemd-journal
+    shell: /bin/bash
+
+- name: add user                   | Add sudo for admin user
+  when: create_admin == "true"
+  copy:
+    content: |
+      admin ALL=(ALL) NOPASSWD: ALL
+    dest: /etc/sudoers.d/90-admin-user
+    mode: 0440
+
+- name: change cloud user for OVF EL9      | Change cloud user
+  when:
+    - create_admin == "true"
+    - ansible_virtualization_type == "virtualbox"
+    - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux'
+    - ansible_distribution_major_version == '9'
+  replace:
+    dest: /etc/cloud/cloud.cfg
+    regexp: "name: cloud-user"
+    replace: "name: admin"
+
+- name: change cloud user for AMI EL9      | Change cloud user
+  when:
+    - create_admin == "true"
+    - ansible_virtualization_type != "virtualbox"
+    - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux'
+    - ansible_distribution_major_version == '9'
+  replace:
+    dest: /etc/cloud/cloud.cfg.d/00_ol-default-user.cfg
+    regexp: "name: ec2-user"
+    replace: "name: admin"
+
+- name: cloud-init configuration   | stat /etc/waagent.conf
+  stat: path=/etc/waagent.conf
+  register: waagent_conf
+
+- name: cloud-init configuration   | Enable cloud-init for Azure
+  when: waagent_conf.stat.exists
+  replace:
+    dest: /etc/waagent.conf
+    regexp: "Provisioning.UseCloudInit=n"
+    replace: "Provisioning.UseCloudInit=y"
+
+- name: Azure tweaks
+  when: waagent_conf.stat.exists
+  replace:
+    dest: /usr/lib/python2.7/site-packages/azurelinuxagent/pa/deprovision/default.py
+    regexp: "warnings, actions, deluser=deluser"
+    replace: "warnings, actions, include_once=False, deluser=deluser"
+
+- name: PMM URL file               | Add script which show PMM URL
+  copy:
+    src: show-url
+    dest: /opt/show-url
+    mode: 0755
+
+- name: PMM URL Service            | Add Service for script which show PMM URL
+  copy:
+    src: banner.service
+    dest: /etc/systemd/system/banner.service
+    mode: 0755
+
+- name: Enable PMM URL Service     | Enable PMM URL Service
+  systemd:
+    name: banner
+    state: started
+    enabled: yes
+
+- name: PMM IP in Log              | Add PMM IP in Log file
+  lineinfile:
+    line: 'IP: \4'
+    path: /etc/issue
+    create: yes
+
+- import_tasks: security.yml
+- import_tasks: ovf.yml
+- import_tasks: ami.yml

build/packer/ansible/roles/cloud-node/tasks/ovf.yml

@@ -0,0 +1,15 @@
+---
+# Common things for all OVF images
+- name: ovf                 | Disable EC2, CloudStack
+  when: ansible_virtualization_type == "virtualbox"
+  copy:
+    content: |
+      datasource_list: [ NoCloud, ConfigDrive, OpenNebula, DigitalOcean, Azure, AltCloud, OVF, MAAS, GCE, OpenStack, CloudSigma, SmartOS, None ]
+      disable_ec2_metadata: true
+      datasource:
+        OpenStack:
+          max_wait: 6
+          timeout: 3
+          retries: 2
+    dest: /etc/cloud/cloud.cfg.d/90_disable-cloud.cfg
+    mode: 0644

build/packer/ansible/roles/cloud-node/tasks/security.yml

@@ -0,0 +1,12 @@
+---
+    - name: security                   | Disable root SSH access
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: '^PermitRootLogin'
+        line: 'PermitRootLogin no'
+        state: present
+
+    - name: security                   | Remove authorized_keys file
+      file:
+        path: /root/.ssh/authorized_keys
+        state: absent