Cloud releases: Switch to firstboot_pkg_upgrade
Cloud images are deployed with base system packages. Introduce a firstboot package auto updater to patch the base system on first boot. MFC after: 1 hour MFC to: stable/15 Reviewed by: cperciva Sponsored by: Google Cloud Differential Revision: https://reviews.freebsd.org/D56890
This commit is contained in:
@@ -6,10 +6,10 @@
|
|||||||
export VMSIZE=30g
|
export VMSIZE=30g
|
||||||
|
|
||||||
# Set to a list of packages to install.
|
# Set to a list of packages to install.
|
||||||
export VM_EXTRA_PACKAGES="azure-agent python python3 firstboot-freebsd-update firstboot-pkgs"
|
export VM_EXTRA_PACKAGES="azure-agent python python3 firstboot-pkg-upgrade firstboot-pkgs"
|
||||||
|
|
||||||
# Set to a list of third-party software to enable in rc.conf(5).
|
# Set to a list of third-party software to enable in rc.conf(5).
|
||||||
export VM_RC_LIST="ntpd sshd waagent firstboot_freebsd_update firstboot_pkgs"
|
export VM_RC_LIST="ntpd sshd waagent firstboot_pkg_upgrade firstboot_pkgs"
|
||||||
|
|
||||||
# No swap space; waagent will allocate swap space on the resource disk.
|
# No swap space; waagent will allocate swap space on the resource disk.
|
||||||
# See ResourceDisk.EnableSwap and ResourceDisk.SwapSizeMB in waagent.conf
|
# See ResourceDisk.EnableSwap and ResourceDisk.SwapSizeMB in waagent.conf
|
||||||
@@ -43,6 +43,7 @@ vm_extra_pre_umount() {
|
|||||||
cat << EOF >> ${DESTDIR}/etc/rc.conf
|
cat << EOF >> ${DESTDIR}/etc/rc.conf
|
||||||
ifconfig_hn0="SYNCDHCP"
|
ifconfig_hn0="SYNCDHCP"
|
||||||
ntpd_sync_on_start="YES"
|
ntpd_sync_on_start="YES"
|
||||||
|
firstboot_pkg_upgrade_repos="FreeBSD-base"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat << EOF >> ${DESTDIR}/boot/loader.conf
|
cat << EOF >> ${DESTDIR}/boot/loader.conf
|
||||||
|
|||||||
@@ -7,15 +7,15 @@
|
|||||||
# * amazon-ssm-agent (not enabled by default, but some users need to use
|
# * amazon-ssm-agent (not enabled by default, but some users need to use
|
||||||
# it on systems not connected to the internet),
|
# it on systems not connected to the internet),
|
||||||
# * ec2-scripts, which provides a range of EC2ification startup scripts,
|
# * ec2-scripts, which provides a range of EC2ification startup scripts,
|
||||||
# * firstboot-freebsd-update, to install security updates at first boot,
|
# * firstboot-pkg-upgrade, to install security updates at first boot,
|
||||||
# * firstboot-pkgs, to install packages at first boot, and
|
# * firstboot-pkgs, to install packages at first boot, and
|
||||||
# * isc-dhcp44-client, used for IPv6 network setup.
|
# * isc-dhcp44-client, used for IPv6 network setup.
|
||||||
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} amazon-ssm-agent ec2-scripts \
|
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} amazon-ssm-agent ec2-scripts \
|
||||||
firstboot-freebsd-update firstboot-pkgs isc-dhcp44-client"
|
firstboot-pkg-upgrade firstboot-pkgs isc-dhcp44-client"
|
||||||
|
|
||||||
# Services to enable in rc.conf(5).
|
# Services to enable in rc.conf(5).
|
||||||
export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \
|
export VM_RC_LIST="${VM_RC_LIST} ec2_configinit ec2_ephemeral_swap \
|
||||||
ec2_fetchkey ec2_loghostkey firstboot_freebsd_update firstboot_pkgs \
|
ec2_fetchkey ec2_loghostkey firstboot_pkg_upgrade firstboot_pkgs \
|
||||||
growfs sshd"
|
growfs sshd"
|
||||||
|
|
||||||
vm_extra_pre_umount() {
|
vm_extra_pre_umount() {
|
||||||
@@ -24,6 +24,9 @@ vm_extra_pre_umount() {
|
|||||||
# via EC2 user-data.
|
# via EC2 user-data.
|
||||||
echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf
|
echo 'firstboot_pkgs_list="devel/py-awscli"' >> ${DESTDIR}/etc/rc.conf
|
||||||
|
|
||||||
|
# Limit firstboot_pkg_upgrade to the base system.
|
||||||
|
echo 'firstboot_pkg_upgrade_repos="FreeBSD-base"' >> ${DESTDIR}/etc/rc.conf
|
||||||
|
|
||||||
# Any EC2 ephemeral disks seen when the system first boots will
|
# Any EC2 ephemeral disks seen when the system first boots will
|
||||||
# be "new" disks; there is no "previous boot" when they might have
|
# be "new" disks; there is no "previous boot" when they might have
|
||||||
# been seen and used already.
|
# been seen and used already.
|
||||||
|
|||||||
@@ -6,14 +6,14 @@
|
|||||||
export VMSIZE=20g
|
export VMSIZE=20g
|
||||||
|
|
||||||
# Set to a list of packages to install.
|
# Set to a list of packages to install.
|
||||||
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-freebsd-update \
|
export VM_EXTRA_PACKAGES="${VM_EXTRA_PACKAGES} firstboot-pkg-upgrade \
|
||||||
firstboot-pkgs google-cloud-sdk panicmail sudo \
|
firstboot-pkgs google-cloud-sdk panicmail sudo \
|
||||||
sysutils/py-google-compute-engine lang/python \
|
sysutils/py-google-compute-engine lang/python \
|
||||||
lang/python3"
|
lang/python3"
|
||||||
|
|
||||||
# Set to a list of third-party software to enable in rc.conf(5).
|
# Set to a list of third-party software to enable in rc.conf(5).
|
||||||
export VM_RC_LIST="ntpd sshd growfs \
|
export VM_RC_LIST="ntpd sshd growfs \
|
||||||
firstboot_pkgs firstboot_freebsd_update google_startup \
|
firstboot_pkgs firstboot_pkg_upgrade google_startup \
|
||||||
google_accounts_daemon google_clock_skew_daemon \
|
google_accounts_daemon google_clock_skew_daemon \
|
||||||
google_instance_setup google_network_daemon"
|
google_instance_setup google_network_daemon"
|
||||||
|
|
||||||
@@ -47,6 +47,7 @@ ifconfig_DEFAULT="SYNCDHCP mtu 1460"
|
|||||||
ntpd_sync_on_start="YES"
|
ntpd_sync_on_start="YES"
|
||||||
# need to fill in something here
|
# need to fill in something here
|
||||||
#firstboot_pkgs_list=""
|
#firstboot_pkgs_list=""
|
||||||
|
firstboot_pkg_upgrade_repos="FreeBSD-base"
|
||||||
panicmail_autosubmit="YES"
|
panicmail_autosubmit="YES"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user