From e9586a82c4606c9983472fa9a42dc143e7c78eb5 Mon Sep 17 00:00:00 2001 From: Matt Brockman Date: Fri, 20 Mar 2026 16:50:18 -0700 Subject: [PATCH 1/2] add e2fsprogs to provision.sh --- .../template/build/phases/base/provision.sh | 97 +++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 packages/orchestrator/internal/template/build/phases/base/provision.sh diff --git a/packages/orchestrator/internal/template/build/phases/base/provision.sh b/packages/orchestrator/internal/template/build/phases/base/provision.sh new file mode 100644 index 0000000000..7cfe893f32 --- /dev/null +++ b/packages/orchestrator/internal/template/build/phases/base/provision.sh @@ -0,0 +1,97 @@ +#!/bin/sh +set -eu + +BUSYBOX="{{ .BusyBox }}" +RESULT_PATH="{{ .ResultPath }}" + +echo "Starting provisioning script" + +echo "Making configuration immutable" +$BUSYBOX chattr +i /etc/resolv.conf + +# Helper function to check if a package is installed +is_package_installed() { + dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -q "install ok installed" +} + +# Install required packages if not already installed +PACKAGES="systemd systemd-sysv openssh-server sudo chrony socat curl ca-certificates fuse3 iptables git nfs-common e2fsprogs" +echo "Checking presence of the following packages: $PACKAGES" + +MISSING="" +for pkg in $PACKAGES; do + if ! is_package_installed "$pkg"; then + echo "Package $pkg is missing, will install it." + MISSING="$MISSING $pkg" + fi +done + +if [ -n "$MISSING" ]; then + echo "Missing packages detected, installing:$MISSING" + apt-get -q update + DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes apt-get -qq -o=Dpkg::Use-Pty=0 install -y --no-install-recommends $MISSING +else + echo "All required packages are already installed." +fi + +echo "Setting up shell" +echo "export SHELL='/bin/bash'" >/etc/profile.d/shell.sh +echo "export PS1='\w \$ '" >/etc/profile.d/prompt.sh +echo "export PS1='\w \$ '" >>"/etc/profile" +echo "export PS1='\w \$ '" >>"/root/.bashrc" + +echo "Use .bashrc and .profile" +echo "if [ -f ~/.bashrc ]; then source ~/.bashrc; fi; if [ -f ~/.profile ]; then source ~/.profile; fi" >>/etc/profile + +echo "Remove root password" +passwd -d root + +echo "Setting up chrony" +mkdir -p /etc/chrony +cat </etc/chrony/chrony.conf +refclock PHC /dev/ptp0 poll 2 dpoll 2 +EOF + +# Add a proxy config, as some environments expects it there (e.g. timemaster in Node Dockerimage) +echo "include /etc/chrony/chrony.conf" >/etc/chrony.conf + +echo "Setting up SSH" +mkdir -p /etc/ssh +cat <>/etc/ssh/sshd_config +PermitRootLogin yes +PermitEmptyPasswords yes +PasswordAuthentication yes +EOF + +echo "Increasing inotify watch limit" +echo 'fs.inotify.max_user_watches=65536' | tee -a /etc/sysctl.conf + +echo "Don't wait for ttyS0 (serial console kernel logs)" +# This is required when the Firecracker kernel args has specified console=ttyS0 +systemctl mask serial-getty@ttyS0.service + +echo "Disable network online wait" +systemctl mask systemd-networkd-wait-online.service + +echo "Disable system first boot wizard" +# This was problem with Ubuntu 24.04, that differently calculate wizard should be called +# and Linux boot was stuck in wizard until envd wait timeout +systemctl mask systemd-firstboot.service + +# Clean machine-id from Docker +rm -rf /etc/machine-id + +echo "Linking systemd to init" +ln -sf /lib/systemd/systemd /usr/sbin/init + +echo "Unlocking immutable configuration" +$BUSYBOX chattr -i /etc/resolv.conf + +echo "Finished provisioning script" + +# Delete itself +rm -rf /etc/init.d/rcS +rm -rf /usr/local/bin/provision.sh + +# Report successful provisioning +printf "0" > "$RESULT_PATH" From 01bd32ac312c69d4928efe7142e7799e1b985d72 Mon Sep 17 00:00:00 2001 From: Matt Brockman Date: Fri, 20 Mar 2026 17:08:41 -0700 Subject: [PATCH 2/2] put in right place --- .../template/build/phases/base/provision.sh | 97 ------------------- .../template/build/phases/base/provision.sh | 2 +- 2 files changed, 1 insertion(+), 98 deletions(-) delete mode 100644 packages/orchestrator/internal/template/build/phases/base/provision.sh diff --git a/packages/orchestrator/internal/template/build/phases/base/provision.sh b/packages/orchestrator/internal/template/build/phases/base/provision.sh deleted file mode 100644 index 7cfe893f32..0000000000 --- a/packages/orchestrator/internal/template/build/phases/base/provision.sh +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/sh -set -eu - -BUSYBOX="{{ .BusyBox }}" -RESULT_PATH="{{ .ResultPath }}" - -echo "Starting provisioning script" - -echo "Making configuration immutable" -$BUSYBOX chattr +i /etc/resolv.conf - -# Helper function to check if a package is installed -is_package_installed() { - dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -q "install ok installed" -} - -# Install required packages if not already installed -PACKAGES="systemd systemd-sysv openssh-server sudo chrony socat curl ca-certificates fuse3 iptables git nfs-common e2fsprogs" -echo "Checking presence of the following packages: $PACKAGES" - -MISSING="" -for pkg in $PACKAGES; do - if ! is_package_installed "$pkg"; then - echo "Package $pkg is missing, will install it." - MISSING="$MISSING $pkg" - fi -done - -if [ -n "$MISSING" ]; then - echo "Missing packages detected, installing:$MISSING" - apt-get -q update - DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes apt-get -qq -o=Dpkg::Use-Pty=0 install -y --no-install-recommends $MISSING -else - echo "All required packages are already installed." -fi - -echo "Setting up shell" -echo "export SHELL='/bin/bash'" >/etc/profile.d/shell.sh -echo "export PS1='\w \$ '" >/etc/profile.d/prompt.sh -echo "export PS1='\w \$ '" >>"/etc/profile" -echo "export PS1='\w \$ '" >>"/root/.bashrc" - -echo "Use .bashrc and .profile" -echo "if [ -f ~/.bashrc ]; then source ~/.bashrc; fi; if [ -f ~/.profile ]; then source ~/.profile; fi" >>/etc/profile - -echo "Remove root password" -passwd -d root - -echo "Setting up chrony" -mkdir -p /etc/chrony -cat </etc/chrony/chrony.conf -refclock PHC /dev/ptp0 poll 2 dpoll 2 -EOF - -# Add a proxy config, as some environments expects it there (e.g. timemaster in Node Dockerimage) -echo "include /etc/chrony/chrony.conf" >/etc/chrony.conf - -echo "Setting up SSH" -mkdir -p /etc/ssh -cat <>/etc/ssh/sshd_config -PermitRootLogin yes -PermitEmptyPasswords yes -PasswordAuthentication yes -EOF - -echo "Increasing inotify watch limit" -echo 'fs.inotify.max_user_watches=65536' | tee -a /etc/sysctl.conf - -echo "Don't wait for ttyS0 (serial console kernel logs)" -# This is required when the Firecracker kernel args has specified console=ttyS0 -systemctl mask serial-getty@ttyS0.service - -echo "Disable network online wait" -systemctl mask systemd-networkd-wait-online.service - -echo "Disable system first boot wizard" -# This was problem with Ubuntu 24.04, that differently calculate wizard should be called -# and Linux boot was stuck in wizard until envd wait timeout -systemctl mask systemd-firstboot.service - -# Clean machine-id from Docker -rm -rf /etc/machine-id - -echo "Linking systemd to init" -ln -sf /lib/systemd/systemd /usr/sbin/init - -echo "Unlocking immutable configuration" -$BUSYBOX chattr -i /etc/resolv.conf - -echo "Finished provisioning script" - -# Delete itself -rm -rf /etc/init.d/rcS -rm -rf /usr/local/bin/provision.sh - -# Report successful provisioning -printf "0" > "$RESULT_PATH" diff --git a/packages/orchestrator/pkg/template/build/phases/base/provision.sh b/packages/orchestrator/pkg/template/build/phases/base/provision.sh index 79e28e8502..7cfe893f32 100644 --- a/packages/orchestrator/pkg/template/build/phases/base/provision.sh +++ b/packages/orchestrator/pkg/template/build/phases/base/provision.sh @@ -15,7 +15,7 @@ is_package_installed() { } # Install required packages if not already installed -PACKAGES="systemd systemd-sysv openssh-server sudo chrony socat curl ca-certificates fuse3 iptables git nfs-common" +PACKAGES="systemd systemd-sysv openssh-server sudo chrony socat curl ca-certificates fuse3 iptables git nfs-common e2fsprogs" echo "Checking presence of the following packages: $PACKAGES" MISSING=""