diff --git a/ansible/environments/vm/host_vars/freebsdupdatemrmanager b/ansible/environments/vm/host_vars/freebsdupdatemrmanager new file mode 100644 index 0000000..f68e738 --- /dev/null +++ b/ansible/environments/vm/host_vars/freebsdupdatemrmanager @@ -0,0 +1,5 @@ +os_flavor: "freebsd" +cpu_opt: tigerlake +build_user: + name: root + group: wheel diff --git a/ansible/environments/vm/hosts b/ansible/environments/vm/hosts index afaa022..efffe2b 100644 --- a/ansible/environments/vm/hosts +++ b/ansible/environments/vm/hosts @@ -1,9 +1,13 @@ [vm] poudriereodo ansible_user=builder ansible_host=10.213.177.12 poudrieremrmanager ansible_user=root ansible_host=poudriere +freebsdupdatemrmanager ansible_user=root ansible_host=freebsdupdate # # Put in ~/.ssh/config # Host poudriere # ProxyJump talexander@mrmanager # HostName 10.215.1.203 # +# Host freebsdupdate +# ProxyJump talexander@mrmanager +# HostName 10.215.1.213 diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index b826a66..7e7bfb3 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -68,6 +68,7 @@ - portshaker - poudriere - poudrierenginx + - freebsd_update_server - hosts: mrmanager vars: @@ -118,3 +119,19 @@ ansible_become: True roles: - framework_laptop + +- hosts: odofreebsd + vars: + ansible_become: True + roles: + - freebsd_update_server + +- hosts: freebsdupdatemrmanager + vars: + ansible_become: True + roles: + - sudo # for poudboot script + - doas + - fstab + - build + - freebsd_update_server diff --git a/ansible/roles/blank/tasks/common.yaml b/ansible/roles/blank/tasks/common.yaml index fef1101..bef243a 100644 --- a/ansible/roles/blank/tasks/common.yaml +++ b/ansible/roles/blank/tasks/common.yaml @@ -1,3 +1,43 @@ +# - name: Create directories +# file: +# name: "{{ item }}" +# state: directory +# mode: 0755 +# owner: root +# group: wheel +# loop: +# - /foo/bar + +# - name: Install scripts +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ item.dest }}" +# mode: 0755 +# owner: root +# group: wheel +# loop: +# - src: foo.bash +# dest: /usr/local/bin/foo + +# - name: Install Configuration +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ item.dest }}" +# mode: 0600 +# owner: root +# group: wheel +# loop: +# - src: foo.conf +# dest: /usr/local/etc/foo.conf + +# - name: Clone Source +# git: +# repo: "https://foo.bar/baz.git" +# dest: /foo/bar +# version: "v1.0.2" +# force: true +# diff: false + - import_tasks: tasks/freebsd.yaml when: 'os_flavor == "freebsd"' diff --git a/ansible/roles/build/defaults/main.yaml b/ansible/roles/build/defaults/main.yaml index cb87021..dbfe087 100644 --- a/ansible/roles/build/defaults/main.yaml +++ b/ansible/roles/build/defaults/main.yaml @@ -1 +1,2 @@ -freebsd_version: "releng/13.2" +# freebsd_version: "releng/13.2" +freebsd_version: "9c80d66ec1b4c5b9ac7aaf5b0fdbb1628d49c181" diff --git a/ansible/roles/build/meta/main.yaml b/ansible/roles/build/meta/main.yaml index 8586ba4..d62eaf8 100644 --- a/ansible/roles/build/meta/main.yaml +++ b/ansible/roles/build/meta/main.yaml @@ -1,3 +1,5 @@ dependencies: - - users - - gpg + - role: users + when: 'os_flavor == "linux"' + - role: gpg + when: 'os_flavor == "linux"' diff --git a/ansible/roles/build/tasks/common.yaml b/ansible/roles/build/tasks/common.yaml index 225b20c..b0a9a0a 100644 --- a/ansible/roles/build/tasks/common.yaml +++ b/ansible/roles/build/tasks/common.yaml @@ -3,12 +3,3 @@ - import_tasks: tasks/linux.yaml when: 'os_flavor == "linux"' - -- include_tasks: - file: tasks/peruser.yaml - apply: - become: yes - become_user: "{{ initialize_user }}" - loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" - loop_control: - loop_var: initialize_user diff --git a/ansible/roles/build/tasks/peruser.yaml b/ansible/roles/build/tasks/peruser.yaml deleted file mode 100644 index 111e886..0000000 --- a/ansible/roles/build/tasks/peruser.yaml +++ /dev/null @@ -1,29 +0,0 @@ -- include_role: - name: per_user - -# - name: Create directories -# file: -# name: "{{ account_homedir.stdout }}/{{ item }}" -# state: directory -# mode: 0700 -# owner: "{{ account_name.stdout }}" -# group: "{{ group_name.stdout }}" -# loop: -# - ".config/foo" - -# - name: Copy files -# copy: -# src: "files/{{ item.src }}" -# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" -# mode: 0600 -# owner: "{{ account_name.stdout }}" -# group: "{{ group_name.stdout }}" -# loop: -# - src: foo.conf -# dest: .config/foo/foo.conf - -- import_tasks: tasks/peruser_freebsd.yaml - when: 'os_flavor == "freebsd"' - -- import_tasks: tasks/peruser_linux.yaml - when: 'os_flavor == "linux"' diff --git a/ansible/roles/build/tasks/peruser_freebsd.yaml b/ansible/roles/build/tasks/peruser_freebsd.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/build/tasks/peruser_linux.yaml b/ansible/roles/build/tasks/peruser_linux.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/build/templates/src.conf.j2 b/ansible/roles/build/templates/src.conf.j2 index 9869264..cbb2fe8 100644 --- a/ansible/roles/build/templates/src.conf.j2 +++ b/ansible/roles/build/templates/src.conf.j2 @@ -5,12 +5,12 @@ KERNCONF=CUSTOM WITH_MALLOC_PRODUCTION=YES WITHOUT_LLVM_ASSERTIONS=YES WITH_REPRODUCIBLE_BUILD=YES -PORTS_MODULES+=graphics/drm-510-kmod -NO_SHARED=YES +PORTS_MODULES+=graphics/drm-kmod +PORTS_MODULES+=graphics/gpu-firmware-intel-kmod +PORTS_MODULES+=net/wireguard-kmod # Would be fun to experiment with: # WITHOUT_SOURCELESS=YES -# WITHOUT_SHARED_TOOLCHAIN=YES # WITHOUT_GAMES=YES # WITHOUT_KERBEROS=YES # WITHOUT_LEGACY_CONSOLE=YES diff --git a/ansible/roles/freebsd_update_server/files/build_release.bash b/ansible/roles/freebsd_update_server/files/build_release.bash new file mode 100644 index 0000000..92cc305 --- /dev/null +++ b/ansible/roles/freebsd_update_server/files/build_release.bash @@ -0,0 +1,130 @@ +#!/usr/bin/env bash +# +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +: ${DATA_DIRECTORY:="/usr/local/share/freebsdupdate"} +: ${STAGE_FILE:="${DATA_DIRECTORY}/stage"} +: ${RELEASE_DIRECTORY:="${DATA_DIRECTORY}/release"} +: ${LOG_DIRECTORY:="${DATA_DIRECTORY}/logs"} +: ${PORTS_TREE:="/usr/ports"} +: ${PORTS_REPO:="https://git.FreeBSD.org/ports.git"} + +############## Setup ######################### + +function die { + local status_code="$1" + shift + (>&2 echo "${@}") + exit "$status_code" +} + +function log { + (>&2 echo "${@}") +} + +############## Program ######################### + +function main { + assert_directories + + local stage="" + if [ -e "$STAGE_FILE" ]; then + local stage=$(cat "$STAGE_FILE") + fi + if [ "$stage" = "selfbuild" ]; then + log_cmd stage_selfbuild + elif [ "$stage" = "selfinstallworld" ]; then + log_cmd stage_selfinstallworld + elif [ "$stage" = "selfconflictcheck" ]; then + log_cmd stage_selfconflictcheck + elif [ "$stage" = "releasebuild" ]; then + log_cmd stage_releasebuild + elif [ "$stage" = "done" ]; then + log_cmd stage_done + else + die 1 "Unhandled stage: \"$stage\"." + fi +} + +function log_cmd { + "${@}" |& tee "$LOG_DIRECTORY/$(date +%Y%m%d-%s).log" +} + +function self_conflict_check { + if etcupdate status | grep -qE '^ C '; then + die 1 'Conflicts remain in etcupdate. Run `etcupdate resolve` to fix them first.' + fi +} + +function assert_directories { + for d in "$DATA_DIRECTORY" "$RELEASE_DIRECTORY" "$LOG_DIRECTORY"; do + if [ ! -e "$d" ]; then + mkdir -p "$d" + fi + done +} + +function update_ports_tree { + if [ ! -e "$PORTS_TREE" ]; then + mkdir -p $PORTS_TREE + git -C $PORTS_TREE init --initial-branch=main + git -C $PORTS_TREE remote add origin $PORTS_REPO + fi + git -C $PORTS_TREE fetch origin main # 'refs/heads/main' + git -C $PORTS_TREE checkout FETCH_HEAD +} + +function set_stage { + echo "${@}" > "$STAGE_FILE" +} + +function stage_selfbuild { + self_conflict_check + assert_directories + update_ports_tree + + SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean + SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src buildworld buildkernel + SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installkernel + + set_stage "selfinstallworld" + /sbin/shutdown -r now +} + +function stage_selfinstallworld { + etcupdate -p + SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src installworld + etcupdate -B + + set_stage "selfconflictcheck" + stage_selfconflictcheck +} + +function stage_selfconflictcheck { + self_conflict_check + set_stage "releasebuild" + /sbin/shutdown -r now +} + +function stage_releasebuild { + local today=$(date +%Y%m%d) + local target_directory="${RELEASE_DIRECTORY}/${today}" + if [ -e "$target_directory" ]; then + die 1 "The release directory $target_directory already exists. Exiting." + fi + SRCCONF=/dev/null __MAKE_CONF=/dev/null make -C /usr/src clean + make -C /usr/src buildworld buildkernel + make -C /usr/src/release obj + make -C /usr/src/release release + mkdir -p "$target_directory" + make -C /usr/src/release install DESTDIR="$target_directory" + set_stage "done" +} + +function stage_done { + log "Everything is done." +} + +main "${@}" diff --git a/ansible/roles/freebsd_update_server/files/release.conf b/ansible/roles/freebsd_update_server/files/release.conf new file mode 100644 index 0000000..f03758d --- /dev/null +++ b/ansible/roles/freebsd_update_server/files/release.conf @@ -0,0 +1,120 @@ +#!/bin/sh +# + +## Redefine environment variables here to override prototypes +## defined in release.sh. +#load_chroot_env() { } +#load_target_env() { } +#buildenv_setup() { } + +## Set the directory within which the release will be built. +CHROOTDIR="/scratch" + +## Do not explicitly require the devel/git port to be installed. +#NOGIT=1 +## Set the version control system host. +GITROOT="https://git.freebsd.org/" +GITSRC="src.git" +GITPORTS="ports.git" + +## Set the src/, ports/, and doc/ branches or tags. +#SRCBRANCH="stable/13" +SRCBRANCH="main" +PORTBRANCH="main" + +## Sample configuration for using git from ports. +#GITCMD="/usr/local/bin/git clone -q --branch main" + +## Set to override the default target architecture. +#TARGET="amd64" +#TARGET_ARCH="amd64" +#KERNEL="GENERIC" +KERNEL="GENERIC-NODEBUG" +## Multiple kernels may be set. +#KERNEL="GENERIC XENHVM" + +## Set to specify a custom make.conf and/or src.conf +#MAKE_CONF="/etc/local/make.conf" +MAKE_CONF="/etc/make.conf" +#SRC_CONF="/etc/local/src.conf" +SRC_CONF="/etc/src.conf" + +## Set to use make(1) flags. +#MAKE_FLAGS="-s" + +## Set to use world- and kernel-specific make(1) flags. +#WORLD_FLAGS="-j $(sysctl -n hw.ncpu)" +#KERNEL_FLAGS="-j $(( $(( $(sysctl -n hw.ncpu) + 1 )) / 2 ))" + +## Set miscellaneous 'make release' settings. +#NOPORTS= +#NOSRC= +#WITH_DVD= +#WITH_COMPRESSED_IMAGES= + +## Set to '1' to disable multi-threaded xz(1) compression. +#XZ_THREADS=0 + +## Set when building embedded images. +#EMBEDDEDBUILD= + +## Set to a list of ports required to build embedded system-on-chip +## images, such as sysutils/u-boot-rpi. +#EMBEDDEDPORTS= + +## Set to the hardware platform of the target userland. This value +## is passed to make(1) to set the TARGET (value of uname -m) to cross +## build. +#EMBEDDED_TARGET= + +## Set to the machine processor architecture of the target userland. +## This value is passed to make(1) to set the TARGET_ARCH (value of uname -p) +## to cross build. +#EMBEDDED_TARGET_ARCH= + +## Set to skip the chroot environment buildworld/installworld/distribution +## step if it is expected the build environment will exist via alternate +## means. +#CHROOTBUILD_SKIP= + +## Set to a non-empty value skip checkout or update of /usr/src in +## the chroot. This is intended for use when /usr/src already exists. +#SRC_UPDATE_SKIP= + +## Set to a non-empty value skip checkout or update of /usr/ports in +## the chroot. This is intended for use when /usr/ports already exists. +#PORTS_UPDATE_SKIP= + +## Set to pass additional flags to make(1) for the build chroot setup, such +## as TARGET/TARGET_ARCH. +#CHROOT_MAKEENV= + +## Set to a non-empty value to build virtual machine images as part of the +## release build. +#WITH_VMIMAGES= + +## Set to a non-empty value to compress virtual machine images with xz(1) +## as part of the release build. +#WITH_COMPRESSED_VMIMAGES= + +## If WITH_VMIMAGES is set to a non-empty value, this is the name of the +## file to use for the installed userland/kernel. +#VMBASE="vm" + +## If WITH_VMIMAGES is set to a non-empty value, this is the size of the +## virtual machine disk filesystem. Valid size values are described in +## the makefs(8) manual page. +#VMSIZE="20g" + +## If WITH_VMIMAGES is set to a non-empty value, this is a list of disk +## image formats to create. Valid values are listed in the mkimg(1) +## manual page, as well as 'mkimg --formats' output. +#VMFORMATS="vhdf vmdk qcow2 raw" + +## Set to a non-empty value to build virtual machine images for various +## cloud providers as part of the release build. +#WITH_CLOUDWARE= + +## If WITH_CLOUDWARE is set to a non-empty value, this is a list of providers +## to create disk images. +#CLOUDWARE="EC2 GCE VAGRANT-VIRTUALBOX VAGRANT-VMWARE" diff --git a/ansible/roles/freebsd_update_server/tasks/common.yaml b/ansible/roles/freebsd_update_server/tasks/common.yaml new file mode 100644 index 0000000..b0a9a0a --- /dev/null +++ b/ansible/roles/freebsd_update_server/tasks/common.yaml @@ -0,0 +1,5 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd" and build_user is defined' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/freebsd_update_server/tasks/freebsd.yaml b/ansible/roles/freebsd_update_server/tasks/freebsd.yaml new file mode 100644 index 0000000..68ab5d4 --- /dev/null +++ b/ansible/roles/freebsd_update_server/tasks/freebsd.yaml @@ -0,0 +1,50 @@ +- name: Install packages + package: + name: + - git + - tmux # For convenience + - htop # For convenience + - bash + state: present + +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: "{{ build_user.name }}" + group: "{{ build_user.group }}" + loop: + - /opt/freebsd_update_server + +- name: Clone freebsd-update-build + git: + repo: "https://github.com/freebsd/freebsd-update-build.git" + dest: /opt/freebsd_update_server/freebsd-update-build + version: "28bb3ae7de9c1332fe8a366fb154a5b9faf37f49" + force: true + become: true + become_user: "{{ build_user.name }}" + diff: false + +- name: Install Configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0600 + owner: "{{ build_user.name }}" + group: "{{ build_user.group }}" + loop: + - src: release.conf + dest: /opt/freebsd_update_server/release.conf + +- name: Install scripts + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + owner: root + group: wheel + loop: + - src: build_release.bash + dest: /usr/local/bin/build_release diff --git a/ansible/roles/freebsd_update_server/tasks/linux.yaml b/ansible/roles/freebsd_update_server/tasks/linux.yaml new file mode 100644 index 0000000..43ba876 --- /dev/null +++ b/ansible/roles/freebsd_update_server/tasks/linux.yaml @@ -0,0 +1,29 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present + +# - name: Enable services +# systemd: +# enabled: yes +# name: "{{ item }}" +# daemon_reload: yes +# loop: +# - foo.service diff --git a/ansible/roles/freebsd_update_server/tasks/main.yaml b/ansible/roles/freebsd_update_server/tasks/main.yaml new file mode 100644 index 0000000..6805b9d --- /dev/null +++ b/ansible/roles/freebsd_update_server/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + # when: foo is defined diff --git a/ansible/roles/fstab/tasks/common.yaml b/ansible/roles/fstab/tasks/common.yaml index fef1101..c4f2d20 100644 --- a/ansible/roles/fstab/tasks/common.yaml +++ b/ansible/roles/fstab/tasks/common.yaml @@ -3,13 +3,3 @@ - import_tasks: tasks/linux.yaml when: 'os_flavor == "linux"' - -- include_tasks: - file: tasks/peruser.yaml - apply: - become: yes - become_user: "{{ initialize_user }}" - when: users is defined - loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" - loop_control: - loop_var: initialize_user diff --git a/ansible/roles/fstab/tasks/peruser.yaml b/ansible/roles/fstab/tasks/peruser.yaml deleted file mode 100644 index 111e886..0000000 --- a/ansible/roles/fstab/tasks/peruser.yaml +++ /dev/null @@ -1,29 +0,0 @@ -- include_role: - name: per_user - -# - name: Create directories -# file: -# name: "{{ account_homedir.stdout }}/{{ item }}" -# state: directory -# mode: 0700 -# owner: "{{ account_name.stdout }}" -# group: "{{ group_name.stdout }}" -# loop: -# - ".config/foo" - -# - name: Copy files -# copy: -# src: "files/{{ item.src }}" -# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" -# mode: 0600 -# owner: "{{ account_name.stdout }}" -# group: "{{ group_name.stdout }}" -# loop: -# - src: foo.conf -# dest: .config/foo/foo.conf - -- import_tasks: tasks/peruser_freebsd.yaml - when: 'os_flavor == "freebsd"' - -- import_tasks: tasks/peruser_linux.yaml - when: 'os_flavor == "linux"' diff --git a/ansible/roles/fstab/tasks/peruser_freebsd.yaml b/ansible/roles/fstab/tasks/peruser_freebsd.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/fstab/tasks/peruser_linux.yaml b/ansible/roles/fstab/tasks/peruser_linux.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/graphics/files/intel_hw_accel_video_loader.conf b/ansible/roles/graphics/files/intel_hw_accel_video_loader.conf new file mode 100644 index 0000000..64c4ca9 --- /dev/null +++ b/ansible/roles/graphics/files/intel_hw_accel_video_loader.conf @@ -0,0 +1,2 @@ +#enable_guc=2 +#hw.i915kms.enable_guc=2 diff --git a/ansible/roles/graphics/tasks/freebsd_intel.yaml b/ansible/roles/graphics/tasks/freebsd_intel.yaml index 96a1c82..1385e24 100644 --- a/ansible/roles/graphics/tasks/freebsd_intel.yaml +++ b/ansible/roles/graphics/tasks/freebsd_intel.yaml @@ -29,6 +29,7 @@ group: wheel loop: - intel_power + - intel_hw_accel_video - name: Install service configuration copy: diff --git a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf index f02f4b3..54a4996 100644 --- a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf +++ b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf @@ -78,6 +78,11 @@ // brianai "hw-address": "06:a6:dc:59:78:12", "ip-address": "10.215.1.215" + }, + { + // freebsdupdate + "hw-address": "06:14:5c:92:3d:5b", + "ip-address": "10.215.1.213" } ] } diff --git a/ansible/run.bash b/ansible/run.bash index 294ba62..7021801 100755 --- a/ansible/run.bash +++ b/ansible/run.bash @@ -38,6 +38,8 @@ elif [ "$target" = "jail_admin_git" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit admin_git "${@}" elif [ "$target" = "jail_public_dns" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit public_dns "${@}" +elif [ "$target" = "vm_freebsdupdatemrmanager" ]; then + ansible-playbook -v -i environments/vm playbook.yaml --diff --limit freebsdupdatemrmanager "${@}" else die 1 "Unrecognized target" fi