Merge branch 'ubuntu-resolute' into noble-to-resolute

Author: aramprice

.gitignore

@@ -13,5 +13,7 @@ acceptance-tests/syslog-release
 acceptance-tests/os-conf-release
 
 ci/docker/os-image-stemcell-builder/VMware-ovftool-*.bundle
+ci/docker/VMware-ovftool-*.bundle
+ci/docker/*/VMware-ovftool-*.bundle
 
-tmp/
+tmp/

README.md

@@ -3,39 +3,56 @@
 This repo contains tools for creating BOSH stemcells. A stemcell is a bootable
 disk image that is used as a template by a BOSH Director to create VMs.
 
+This branch builds stemcells for **Ubuntu 26.04 LTS (Resolute)**. For other
+Ubuntu releases, switch to the appropriate branch (for example `ubuntu-noble`
+for 24.04).
+
 ## Quick Start: Building a Stemcell Locally
 
 ```bash
-export short_name="noble"
+export short_name="resolute"
 
 git clone git@github.com:cloudfoundry/bosh-linux-stemcell-builder.git
 cd bosh-linux-stemcell-builder
 git checkout ubuntu-${short_name}
 mkdir -p tmp
 docker build \
    --platform linux/amd64 \
-   --build-arg SYFT_VERSION=v1.42.3 \
+   --build-arg BASE_IMAGE="ubuntu:${short_name}" \
+   --build-arg META4_CLI_URL="https://github.com/dpb587/metalink/releases/download/v0.5.0/meta4-0.5.0-linux-amd64" \
+   --build-arg SYFT_CLI_URL="https://github.com/anchore/syft/releases/download/v1.42.3/syft_1.42.3_linux_amd64.tar.gz" \
+   --build-arg YQ_CLI_URL="https://github.com/mikefarah/yq/releases/download/v4.52.5/yq_linux_amd64" \
+   --build-arg RUBY_INSTALL_URL="https://github.com/postmodern/ruby-install/releases/download/v0.10.2/ruby-install-0.10.2.tar.gz" \
+   --build-arg RUBY_VERSION="$(cat .ruby-version)" \
+   --build-arg GEM_HOME="/usr/local/bundle" \
+   --build-arg OVF_TOOL_INSTALLER="VMware-ovftool-4.4.3-18663434-lin.x86_64.bundle" \
+   --build-arg OVF_TOOL_INSTALLER_SHA1="6c24e473be49c961cfc3bb16774b52b48e822991" \
    -t bosh/os-image-stemcell-builder:${short_name} \
    ci/docker/os-image-stemcell-builder/
 docker run \
    --platform linux/amd64 \
    --privileged \
    -v "$(pwd):/opt/bosh" \
    --workdir /opt/bosh \
-   --user=1000:1000 \
+   --user="$(id -u):$(id -g)" \
    -it \
    bosh/os-image-stemcell-builder:${short_name}
 
 # You're now in the Docker container
+export short_name="resolute"
+
 ulimit -n 16384 # only necessary if your host is Fedora
 gem install bundler
 bundle install
 
  # build OS image
-bundle exec rake stemcell:build_os_image[ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image.tgz]
+bundle exec rake stemcell:build_os_image[ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image_${short_name}.tgz]
 
  # build vSphere stemcell
-bundle exec rake stemcell:build[vsphere,esxi,ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image.tgz]
+bundle exec rake stemcell:build[vsphere,esxi,ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image_${short_name}.tgz,9.000]
+
+ # build warden (BOSH Lite) stemcell
+bundle exec rake stemcell:build[warden,warden,ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image_${short_name}.tgz,9.000]
 ```
 
 When building a vSphere stemcell, you must download `VMware-ovftool-*.bundle`
@@ -56,7 +73,7 @@ installed in the operating system or when making changes to the configuration
 of those packages.
 
 ```bash
-export short_name="noble"
+export short_name="resolute"
 
 bundle exec rake stemcell:build_os_image[ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image.tgz]
 ```
@@ -78,7 +95,7 @@ The arguments to the `stemcell:build_os_image` rake task follow:
 Rebuild the stemcell when you are making and testing BOSH-specific changes such as a new BOSH agent.
 
 ```bash
-export short_name="noble"
+export short_name="resolute"
 export build_number="0.0.8"
 
 bundle exec rake stemcell:build[vsphere,esxi,ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image.tgz,${build_number}]
@@ -95,6 +112,7 @@ The arguments to `stemcell:build` are:
     - `google` → `kvm`
     - `openstack` → `kvm`
     - `vsphere` → `esxi`
+    - `warden` → `warden`
 3. `operating_system_name` (`ubuntu`): Type of OS. Same as
    `stemcell:build_os_image`.
 4. `operating_system_version` (`<short_name>`): OS release. Same as
@@ -114,7 +132,7 @@ the stemcell would be at
 upload the stemcell to a vSphere BOSH Director:
 
 ```bash
-export short_name="noble"
+export short_name="resolute"
 
 bosh upload-stemcell tmp/bosh-stemcell-0.0.8-vsphere-esxi-ubuntu-${short_name}-go_agent.tgz
 ```
@@ -135,7 +153,6 @@ the OS image** at the `tmp/ubuntu_base_image.tgz` and you're within the Docker
 container):
 
 ```shell
-  export short_name="noble"
   cd /opt/bosh/bosh-stemcell
   bundle install
   OS_IMAGE=/opt/bosh/tmp/ubuntu_base_image.tgz bundle exec rspec -fd spec/os_image/ubuntu_spec.rb
@@ -208,7 +225,7 @@ If you find yourself debugging any of the above processes, here is what you need
    Example usage:
 
    ```shell
-   export short_name="noble"
+   export short_name="resolute"
 
    bundle exec rake stemcell:build_os_image[ubuntu,${short_name},${PWD}/tmp/ubuntu_base_image.tgz] resume_from=rsyslog_config
    ```
@@ -219,8 +236,8 @@ If you find yourself debugging any of the above processes, here is what you need
   modifications you can rerun the tests (without rebuilding OS image). Details
   in section `How to run tests for OS Images`
 * If the Stemcell has been built, and you are only updating tests, you do not
-  need to re-build the stemcell. You can simply rerun the tests - without
-  rebuilding Stemcell. Details in section `How to run tests for Stemcell`
+  need to re-build the stemcell. You can simply rerun the tests (without
+  rebuilding Stemcell). Details in section `How to run tests for Stemcell`
 * It's possible to verify OS/Stemcell changes without making a deployment using
   the stemcell. For a vSphere-specific Ubuntu stemcell, the filesystem is
   available at `/mnt/stemcells/vsphere/esxi/ubuntu/work/work/chroot`
@@ -249,7 +266,7 @@ You will need the ovftool installer present in
 Rebuild the container with:
 
 ```shell
-export short_name="noble"
+export short_name="resolute"
 
 docker build \
     --platform linux/amd64 \
@@ -280,7 +297,7 @@ gsutil cp MY_OVFTOOL_FILE gs://bosh-vmware-ovftool/MY_OS/
 Example:
 
 ```shell
-export short_name="noble"
+export short_name="resolute"
 
 gsutil cp VMware-ovftool-4.4.3-18663434-lin.x86_64.bundle gs://bosh-vmware-ovftool/${short_name}/
 ```
@@ -387,4 +404,3 @@ When switching from the old pipeline to the new one, don't forget to:
   whatever the public bucket should be
 * update the tasks YAML to point to tasks in the `os-images` directory
 * rename this directory from `new`
-

Rakefile

@@ -11,12 +11,18 @@ namespace :stemcell do
     require "bosh/stemcell/stage_collection"
     require "bosh/stemcell/stage_runner"
 
+    os_image_path = File.expand_path(args.os_image_path)
+    if args.operating_system_version.to_s.strip.empty?
+      raise "stemcell:build_os_image: operating_system_version (2nd argument) is empty. " \
+            "Set it to the Ubuntu release codename (for example export short_name=resolute per README), " \
+            "or pass it literally: rake stemcell:build_os_image[ubuntu,resolute,tmp/os.tgz]"
+    end
     definition = Bosh::Stemcell::Definition.for("null", "null", args.operating_system_name, args.operating_system_version)
     environment = Bosh::Stemcell::BuildEnvironment.new(
       ENV.to_hash,
       definition,
       "",
-      args.os_image_path
+      os_image_path
     )
     collection = Bosh::Stemcell::StageCollection.new(definition)
     runner = Bosh::Stemcell::StageRunner.new(
@@ -33,7 +39,7 @@ namespace :stemcell do
       runner: runner,
       archive_handler: archive_handler
     )
-    builder.build(args.os_image_path)
+    builder.build(os_image_path)
 
     sh(environment.os_image_rspec_command)
   rescue RuntimeError => e
@@ -52,12 +58,13 @@ namespace :stemcell do
 
     args.with_defaults(build_number: "0000")
 
+    os_image_path = File.expand_path(args.os_image_path)
     definition = Bosh::Stemcell::Definition.for(args.infrastructure_name, args.hypervisor_name, args.operating_system_name, args.operating_system_version)
     environment = Bosh::Stemcell::BuildEnvironment.new(
       ENV.to_hash,
       definition,
       args.build_number,
-      args.os_image_path
+      os_image_path
     )
 
     sh(environment.os_image_rspec_command)

acceptance-tests/ipv4director/auditd/smoke_test.go

@@ -60,7 +60,7 @@ var _ = Describe("Auditd", func() {
 		Expect(err).ToNot(HaveOccurred())
 		Expect(exitStatus).To(Equal(0))
 
-		auditLoginRegexp := `.*type=USER_LOGIN.*exe="/usr/sbin/sshd".*res=success`
+		auditLoginRegexp := `.*type=USER_LOGIN.*exe="/usr/lib/openssh/sshd-session".*res=success`
 		Expect(output).To(MatchRegexp(auditLoginRegexp))
 	})
 })

bosh-stemcell/image-metalinks/ubuntu-resolute.meta4

@@ -0,0 +1,19 @@
+<metalink xmlns="urn:ietf:params:xml:ns:metalink">
+  <file name="ubuntu-resolute.tgz">
+    <hash type="sha-512">placeholder-update-when-resolute-os-image-is-published</hash>
+    <hash type="sha-256">placeholder</hash>
+    <hash type="sha-1">placeholder</hash>
+    <size>0</size>
+    <url>https://storage.googleapis.com/bosh-os-images/ubuntu-resolute/ubuntu-resolute.tgz</url>
+    <version>0.0.0</version>
+  </file>
+  <file name="usn-log.json">
+    <hash type="sha-512">placeholder</hash>
+    <hash type="sha-256">placeholder</hash>
+    <size>1</size>
+    <url>https://storage.googleapis.com/bosh-os-images/ubuntu-resolute/usn-log.json</url>
+    <version>0.0.0</version>
+  </file>
+  <generator>metalink-repository-resource/0.0.0</generator>
+  <published>1970-01-01T00:00:00Z</published>
+</metalink>

bosh-stemcell/lib/bosh/stemcell/stage_collection.rb

@@ -198,7 +198,7 @@ def google_stages
     end
 
     def warden_stages
-      [
+      stages = [
         :system_parameters,
         :base_warden,
         :bosh_clean,
@@ -211,6 +211,8 @@ def warden_stages
         :image_install_grub,
         :sbom_create
       ]
+      stages.insert(2, :base_ubuntu_warden_rosetta) if operating_system.variant == "rosetta"
+      stages
     end
 
     def azure_stages

bosh-stemcell/spec/assets/dpkg-list-ubuntu-azure-additions.txt

@@ -1,7 +1,9 @@
 azure-vm-utils
 cloud-init
-linux-cloud-tools-6.8
-linux-cloud-tools-6.8-generic
+cloud-init-base
+libjs-sphinxdoc
+linux-cloud-tools-7.0
+linux-cloud-tools-7.0-generic
 linux-cloud-tools-common
 linux-cloud-tools-generic
 netplan.io
@@ -16,10 +18,12 @@ python3-jinja2
 python3-json-pointer
 python3-jsonpatch
 python3-jsonschema
+python3-jsonschema-specifications
 python3-markupsafe
+python3-passlib
 python3-pyasn1
-python3-pyrsistent:amd64
+python3-referencing
 python3-requests
+python3-rpds-py
 python3-serial
-python3-setuptools
 python3-urllib3

bosh-stemcell/spec/assets/dpkg-list-ubuntu-kernel.txt

@@ -1,8 +1,8 @@
 linux-generic
-linux-headers-6.8
-linux-headers-6.8-generic
+linux-headers-7.0
+linux-headers-7.0-generic
 linux-headers-generic
-linux-image-6.8-generic
+linux-image-7.0-generic
 linux-image-generic
-linux-modules-6.8-generic
-linux-modules-extra-6.8-generic
+linux-main-modules-zfs-7.0-generic
+linux-modules-7.0-generic

bosh-stemcell/spec/assets/dpkg-list-ubuntu-vsphere-additions.txt

@@ -2,8 +2,8 @@ libdrm-common
 libdrm2:amd64
 libmspack0t64:amd64
 libpci3:amd64
-libxmlsec1t64:amd64
-libxmlsec1t64-openssl:amd64
+libxmlsec1-1:amd64
+libxmlsec1-openssl1:amd64
 open-vm-tools
 pciutils
 pci.ids