4b38216e97
* [baseimage]: Update openssh to 1:8.4p1-5+deb11u2 (#16826) Openssh in Debian Bullseye has been updated to 1:8.4p1-5+deb11u2 to fix CVE-2023-38408. Since we're building openssh with some patches, we need to update our version as well. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Remove main deb installation for derived deb build (#16859) * Don't install dependencies of derived debs When "building" a derived deb package, don't install the dependencies of the package into the container. It's not needed at this stage. * Re-add openssh-client and openssh-sftp-server as derived debs Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> --------- Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Re-add missing dependency for derived debs. (#16896) * Re-add missing dependency for derived debs. My previous changed removed the whole dependency on the main deb existing, not just the installation of the main deb. Fix this by readding a dependency on the main deb being built/pulled from cache. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Add the kernel and initramfs as dependencies for RFS build Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> --------- Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> --------- Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
961 lines
48 KiB
Django/Jinja
961 lines
48 KiB
Django/Jinja
#!/bin/bash
|
|
## This script is to automate loading of vendor specific docker images
|
|
## and installation of configuration files and vendor specific packages
|
|
## to debian file system.
|
|
##
|
|
## USAGE:
|
|
## ./sonic_debian_extension.sh FILESYSTEM_ROOT PLATFORM_DIR
|
|
## PARAMETERS:
|
|
## FILESYSTEM_ROOT
|
|
## Path to debian file system root directory
|
|
|
|
FILESYSTEM_ROOT=$1
|
|
[ -n "$FILESYSTEM_ROOT" ] || {
|
|
echo "Error: no or empty FILESYSTEM_ROOT argument"
|
|
exit 1
|
|
}
|
|
|
|
PLATFORM_DIR=$2
|
|
[ -n "$PLATFORM_DIR" ] || {
|
|
echo "Error: no or empty PLATFORM_DIR argument"
|
|
exit 1
|
|
}
|
|
|
|
IMAGE_DISTRO=$3
|
|
[ -n "$IMAGE_DISTRO" ] || {
|
|
echo "Error: no or empty IMAGE_DISTRO argument"
|
|
exit 1
|
|
}
|
|
|
|
## Enable debug output for script
|
|
set -x -e
|
|
|
|
CONFIGURED_ARCH=$([ -f .arch ] && cat .arch || echo amd64)
|
|
|
|
. functions.sh
|
|
BUILD_SCRIPTS_DIR=files/build_scripts
|
|
BUILD_TEMPLATES=files/build_templates
|
|
IMAGE_CONFIGS=files/image_config
|
|
SCRIPTS_DIR=files/scripts
|
|
DOCKER_SCRIPTS_DIR=files/docker
|
|
|
|
DOCKER_CTL_DIR=/usr/lib/docker/
|
|
DOCKER_CTL_SCRIPT="$DOCKER_CTL_DIR/docker.sh"
|
|
|
|
# Define target fold macro
|
|
FILESYSTEM_ROOT_USR="$FILESYSTEM_ROOT/usr"
|
|
FILESYSTEM_ROOT_USR_LIB="$FILESYSTEM_ROOT/usr/lib/"
|
|
FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM="$FILESYSTEM_ROOT_USR_LIB/systemd/system"
|
|
FILESYSTEM_ROOT_USR_SHARE="$FILESYSTEM_ROOT_USR/share"
|
|
FILESYSTEM_ROOT_USR_SHARE_SONIC="$FILESYSTEM_ROOT_USR_SHARE/sonic"
|
|
FILESYSTEM_ROOT_USR_SHARE_SONIC_SCRIPTS="$FILESYSTEM_ROOT_USR_SHARE_SONIC/scripts"
|
|
FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES="$FILESYSTEM_ROOT_USR_SHARE_SONIC/templates"
|
|
FILESYSTEM_ROOT_USR_SHARE_SONIC_FIRMWARE="$FILESYSTEM_ROOT_USR_SHARE_SONIC/firmware"
|
|
FILESYSTEM_ROOT_ETC="$FILESYSTEM_ROOT/etc"
|
|
FILESYSTEM_ROOT_ETC_SONIC="$FILESYSTEM_ROOT_ETC/sonic"
|
|
|
|
GENERATED_SERVICE_FILE="$FILESYSTEM_ROOT/etc/sonic/generated_services.conf"
|
|
|
|
clean_sys() {
|
|
sudo chroot $FILESYSTEM_ROOT umount /sys/fs/cgroup/* \
|
|
/sys/fs/cgroup \
|
|
/sys || true
|
|
}
|
|
trap_push clean_sys
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT mount sysfs /sys -t sysfs
|
|
|
|
sudo bash -c "echo \"DOCKER_OPTS=\"--storage-driver=overlay2\"\" >> $FILESYSTEM_ROOT/etc/default/docker"
|
|
# Copy docker start script to be able to start docker in chroot
|
|
sudo mkdir -p "$FILESYSTEM_ROOT/$DOCKER_CTL_DIR"
|
|
sudo cp $DOCKER_SCRIPTS_DIR/docker "$FILESYSTEM_ROOT/$DOCKER_CTL_SCRIPT"
|
|
if [ $MULTIARCH_QEMU_ENVIRON == y ]; then
|
|
DOCKER_HOST="unix:///dockerfs/var/run/docker.sock"
|
|
SONIC_NATIVE_DOCKERD_FOR_DOCKERFS_PID="cat `pwd`/dockerfs/var/run/docker.pid"
|
|
else
|
|
sudo chroot $FILESYSTEM_ROOT $DOCKER_CTL_SCRIPT start
|
|
fi
|
|
|
|
# Update apt's snapshot of its repos
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get update
|
|
|
|
# Apply environtment configuration files
|
|
sudo cp $IMAGE_CONFIGS/environment/environment $FILESYSTEM_ROOT/etc/
|
|
sudo cp $IMAGE_CONFIGS/environment/motd $FILESYSTEM_ROOT/etc/
|
|
|
|
# Create all needed directories
|
|
sudo mkdir -p $FILESYSTEM_ROOT/etc/sonic/
|
|
sudo mkdir -p $FILESYSTEM_ROOT/etc/modprobe.d/
|
|
sudo mkdir -p $FILESYSTEM_ROOT/var/cache/sonic/
|
|
sudo mkdir -p $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
sudo mkdir -p $FILESYSTEM_ROOT_USR_SHARE_SONIC_FIRMWARE/
|
|
# This is needed for Stretch and might not be needed for Buster where Linux create this directory by default.
|
|
# Keeping it generic. It should not harm anyways.
|
|
sudo mkdir -p $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
|
|
# Install a patched version of ifupdown2 (and its dependencies via 'apt-get -y install -f')
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ifupdown2_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
|
|
# Install a patched version of ntp (and its dependencies via 'apt-get -y install -f')
|
|
sudo dpkg --root=$FILESYSTEM_ROOT --force-confdef --force-confold -i $debs_path/ntp_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y \
|
|
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -f
|
|
|
|
# Install dependencies for SONiC config engine
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \
|
|
python3-dev
|
|
|
|
# Install j2cli for handling jinja template
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "j2cli==0.3.10"
|
|
|
|
# Install Python client for Redis
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "redis==3.5.3"
|
|
|
|
# Install redis-dump-load Python 3 package
|
|
# Note: the scripts will be overwritten by corresponding Python 2 package
|
|
REDIS_DUMP_LOAD_PY3_WHEEL_NAME=$(basename {{redis_dump_load_py3_wheel_path}})
|
|
sudo cp {{redis_dump_load_py3_wheel_path}} $FILESYSTEM_ROOT/$REDIS_DUMP_LOAD_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $REDIS_DUMP_LOAD_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$REDIS_DUMP_LOAD_PY3_WHEEL_NAME
|
|
|
|
# Install Python module for psutil
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install psutil
|
|
|
|
# Install Python module for ipaddr
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install ipaddr
|
|
|
|
# Install Python module for grpcio and grpcio-toole
|
|
if [[ $CONFIGURED_ARCH == amd64 ]]; then
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio==1.39.0"
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio-tools==1.39.0"
|
|
fi
|
|
|
|
# Install SwSS SDK Python 3 package
|
|
# Note: the scripts will be overwritten by corresponding Python 2 package
|
|
SWSSSDK_PY3_WHEEL_NAME=$(basename {{swsssdk_py3_wheel_path}})
|
|
sudo cp {{swsssdk_py3_wheel_path}} $FILESYSTEM_ROOT/$SWSSSDK_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SWSSSDK_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SWSSSDK_PY3_WHEEL_NAME
|
|
|
|
# Install sonic-py-common Python 3 package
|
|
SONIC_PY_COMMON_PY3_WHEEL_NAME=$(basename {{sonic_py_common_py3_wheel_path}})
|
|
sudo cp {{sonic_py_common_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_PY_COMMON_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_PY_COMMON_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SONIC_PY_COMMON_PY3_WHEEL_NAME
|
|
|
|
# Install dependency pkgs for SONiC config engine Python 2 package
|
|
if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libxslt-dev libz-dev
|
|
fi
|
|
|
|
# Install sonic-yang-models Python 3 package, install dependencies
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang_*.deb
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang-cpp_*.deb
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/python3-yang_*.deb
|
|
SONIC_YANG_MODEL_PY3_WHEEL_NAME=$(basename {{sonic_yang_models_py3_wheel_path}})
|
|
sudo cp {{sonic_yang_models_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MODEL_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME
|
|
|
|
# Install sonic-yang-mgmt Python3 package
|
|
SONIC_YANG_MGMT_PY3_WHEEL_NAME=$(basename {{sonic_yang_mgmt_py3_wheel_path}})
|
|
sudo cp {{sonic_yang_mgmt_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MGMT_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME
|
|
|
|
# For sonic-config-engine Python 3 package
|
|
# Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed.
|
|
# Then immediately uninstall enum34, as enum34 should not be installed for Python >= 3.4, as it causes a
|
|
# conflict with the new 'enum' module in the standard library
|
|
# https://github.com/robshakir/pyangbind/issues/232
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyangbind==0.8.1
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 uninstall -y enum34
|
|
|
|
# Install SONiC config engine Python 3 package
|
|
CONFIG_ENGINE_PY3_WHEEL_NAME=$(basename {{config_engine_py3_wheel_path}})
|
|
sudo cp {{config_engine_py3_wheel_path}} $FILESYSTEM_ROOT/$CONFIG_ENGINE_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $CONFIG_ENGINE_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$CONFIG_ENGINE_PY3_WHEEL_NAME
|
|
|
|
|
|
# Install sonic-platform-common Python 3 package
|
|
PLATFORM_COMMON_PY3_WHEEL_NAME=$(basename {{platform_common_py3_wheel_path}})
|
|
sudo cp {{platform_common_py3_wheel_path}} $FILESYSTEM_ROOT/$PLATFORM_COMMON_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $PLATFORM_COMMON_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$PLATFORM_COMMON_PY3_WHEEL_NAME
|
|
|
|
{% if pddf_support == "y" %}
|
|
# Install pddf-platform-api-base Python 3 package
|
|
PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME=$(basename {{pddf_platform_api_base_py3_wheel_path}})
|
|
sudo cp {{pddf_platform_api_base_py3_wheel_path}} $FILESYSTEM_ROOT/$PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$PLATFORM_PDDF_COMMON_PY3_WHEEL_NAME
|
|
{% endif %}
|
|
|
|
{# Barefoot platform vendors' sonic_platform packages import the Python 'thrift' library #}
|
|
{% if sonic_asic_platform == "barefoot" %}
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install thrift==0.13.0
|
|
{% endif %}
|
|
|
|
# Install system-health Python 3 package
|
|
SYSTEM_HEALTH_PY3_WHEEL_NAME=$(basename {{system_health_py3_wheel_path}})
|
|
sudo cp {{system_health_py3_wheel_path}} $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SYSTEM_HEALTH_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME
|
|
|
|
# Install prerequisites needed for installing the Python m2crypto package, used by sonic-utilities
|
|
# These packages can be uninstalled after intallation
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install build-essential libssl-dev swig
|
|
|
|
# Install prerequisites needed for using the Python m2crypto package, used by sonic-utilities
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install openssl
|
|
|
|
# Install SONiC Utilities Python package
|
|
SONIC_UTILITIES_PY3_WHEEL_NAME=$(basename {{sonic_utilities_py3_wheel_path}})
|
|
sudo cp {{sonic_utilities_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_UTILITIES_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_UTILITIES_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SONIC_UTILITIES_PY3_WHEEL_NAME
|
|
|
|
# Install sonic-utilities data files (and any dependencies via 'apt-get -y install -f')
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-utilities-data_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
|
|
# Install customized bash version to patch bash plugin support.
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/bash_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
|
|
# sonic-utilities-data installs bash-completion as a dependency. However, it is disabled by default
|
|
# in bash.bashrc, so we copy a version of the file with it enabled here.
|
|
sudo cp -f $IMAGE_CONFIGS/bash/bash.bashrc $FILESYSTEM_ROOT/etc/
|
|
|
|
# Install readline's initialization file
|
|
sudo cp -f $IMAGE_CONFIGS/readline/inputrc $FILESYSTEM_ROOT/etc/
|
|
|
|
# Install prerequisites needed for installing the dependent Python packages of sonic-host-services
|
|
# These packages can be uninstalled after installation
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config
|
|
|
|
# Mark runtime dependencies as manually installed to avoid them being auto-removed while uninstalling build dependencies
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-mark manual gir1.2-glib-2.0 libdbus-1-3 libgirepository-1.0-1 libsystemd0 python3-dbus
|
|
|
|
# Install systemd-python for SONiC host services
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install systemd-python
|
|
|
|
# Install SONiC host services package
|
|
SONIC_HOST_SERVICES_PY3_WHEEL_NAME=$(basename {{sonic_host_services_py3_wheel_path}})
|
|
sudo cp {{sonic_host_services_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_HOST_SERVICES_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_HOST_SERVICES_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SONIC_HOST_SERVICES_PY3_WHEEL_NAME
|
|
|
|
# Install SONiC host services data files (and any dependencies via 'apt-get -y install -f')
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-host-services-data_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
|
|
{% if enable_ztp == "y" %}
|
|
# Install ZTP (and its dependencies via 'apt-get -y install -f')
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-ztp_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
{% endif %}
|
|
|
|
{% for machine_debs in lazy_build_installer_debs.strip().split() -%}
|
|
{% set machine, pkgname = machine_debs.split('|') %}
|
|
if [[ -z "{{machine}}" || -n "{{machine}}" && $TARGET_MACHINE == "{{machine}}" ]]; then
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/{{pkgname}} || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
fi
|
|
{% endfor %}
|
|
|
|
# Install SONiC Device Data (and its dependencies via 'apt-get -y install -f')
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-device-data_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
|
|
# package for supporting password hardening
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libpam-cracklib
|
|
|
|
# Install pam-tacplus and nss-tacplus
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libtac2_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libpam-tacplus_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-tacplus_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
# Install bash-tacplus
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/bash-tacplus_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
# Install audisp-tacplus
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/audisp-tacplus_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
# Disable tacplus by default
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove tacplus
|
|
sudo sed -i -e '/^passwd/s/ tacplus//' $FILESYSTEM_ROOT/etc/nsswitch.conf
|
|
|
|
# Install pam-radius-auth and nss-radius
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libpam-radius-auth_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libnss-radius_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
# Disable radius by default
|
|
# radius does not have any profiles
|
|
#sudo LANG=C chroot $FILESYSTEM_ROOT pam-auth-update --remove radius tacplus
|
|
sudo sed -i -e '/^passwd/s/ radius//' $FILESYSTEM_ROOT/etc/nsswitch.conf
|
|
|
|
# Install a custom version of kdump-tools (and its dependencies via 'apt-get -y install -f')
|
|
if [[ $CONFIGURED_ARCH == amd64 ]]; then
|
|
sudo DEBIAN_FRONTEND=noninteractive dpkg --root=$FILESYSTEM_ROOT -i $debs_path/kdump-tools_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true chroot $FILESYSTEM_ROOT apt-get -q --no-install-suggests --no-install-recommends install
|
|
cat $IMAGE_CONFIGS/kdump/kdump-tools | sudo tee -a $FILESYSTEM_ROOT/etc/default/kdump-tools > /dev/null
|
|
|
|
for kernel_release in $(ls $FILESYSTEM_ROOT/lib/modules/); do
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT /etc/kernel/postinst.d/kdump-tools $kernel_release > /dev/null 2>&1
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT kdump-config symlinks $kernel_release
|
|
done
|
|
fi
|
|
|
|
# Install python-swss-common package and all its dependent packages
|
|
{% if python_swss_debs.strip() -%}
|
|
{% for deb in python_swss_debs.strip().split(' ') -%}
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
# Install sonic-db-cli
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-db-cli_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
|
|
# Install custom-built monit package and SONiC configuration files
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/monit_*.deb || \
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
sudo cp $IMAGE_CONFIGS/monit/monitrc $FILESYSTEM_ROOT/etc/monit/
|
|
sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/monitrc
|
|
sudo cp $IMAGE_CONFIGS/monit/conf.d/* $FILESYSTEM_ROOT/etc/monit/conf.d/
|
|
sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/conf.d/*
|
|
sudo cp $IMAGE_CONFIGS/monit/container_checker $FILESYSTEM_ROOT/usr/bin/
|
|
sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/container_checker
|
|
sudo cp $IMAGE_CONFIGS/monit/memory_checker $FILESYSTEM_ROOT/usr/bin/
|
|
sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/memory_checker
|
|
sudo cp $IMAGE_CONFIGS/monit/restart_service $FILESYSTEM_ROOT/usr/bin/
|
|
sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/restart_service
|
|
|
|
# Installed smartmontools version should match installed smartmontools in docker-platform-monitor Dockerfile
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install smartmontools=7.2-1
|
|
|
|
# Install custom-built openssh sshd
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_${OPENSSH_VERSION}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION}_*.deb
|
|
|
|
{% if sonic_asic_platform == 'broadcom' %}
|
|
# Install custom-built flashrom
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb
|
|
{% endif %}
|
|
|
|
# Copy crontabs
|
|
sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/
|
|
|
|
# Copy NTP configuration files and templates
|
|
sudo cp $IMAGE_CONFIGS/ntp/ntp-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "ntp-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
sudo cp $IMAGE_CONFIGS/ntp/ntp-config.sh $FILESYSTEM_ROOT/usr/bin/
|
|
sudo cp $IMAGE_CONFIGS/ntp/ntp.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
sudo cp $IMAGE_CONFIGS/ntp/ntp-systemd-wrapper $FILESYSTEM_ROOT/usr/lib/ntp/
|
|
sudo cp $IMAGE_CONFIGS/ntp/ntp.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "ntp.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy warmboot-finalizer files
|
|
sudo LANG=C cp $IMAGE_CONFIGS/warmboot-finalizer/finalize-warmboot.sh $FILESYSTEM_ROOT/usr/local/bin/finalize-warmboot.sh
|
|
sudo LANG=C cp $IMAGE_CONFIGS/warmboot-finalizer/warmboot-finalizer.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "warmboot-finalizer.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy watchdog-control files
|
|
sudo LANG=C cp $IMAGE_CONFIGS/watchdog-control/watchdog-control.sh $FILESYSTEM_ROOT/usr/local/bin/watchdog-control.sh
|
|
sudo LANG=C cp $IMAGE_CONFIGS/watchdog-control/watchdog-control.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "watchdog-control.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy rsyslog configuration files and templates
|
|
sudo cp $IMAGE_CONFIGS/rsyslog/rsyslog-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo cp $IMAGE_CONFIGS/rsyslog/rsyslog-config.sh $FILESYSTEM_ROOT/usr/bin/
|
|
sudo cp $IMAGE_CONFIGS/rsyslog/rsyslog.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
sudo cp $IMAGE_CONFIGS/rsyslog/rsyslog-container.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
sudo cp $IMAGE_CONFIGS/rsyslog/rsyslog.d/* $FILESYSTEM_ROOT/etc/rsyslog.d/
|
|
echo "rsyslog-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy syslog override files
|
|
sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/syslog.socket.d
|
|
sudo cp $IMAGE_CONFIGS/syslog/override.conf $FILESYSTEM_ROOT/etc/systemd/system/syslog.socket.d/override.conf
|
|
sudo cp $IMAGE_CONFIGS/syslog/host_umount.sh $FILESYSTEM_ROOT/usr/bin/
|
|
|
|
# Copy system-health files
|
|
sudo LANG=C cp $IMAGE_CONFIGS/system-health/system-health.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "system-health.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy logrotate.d configuration files
|
|
sudo cp -f $IMAGE_CONFIGS/logrotate/logrotate.d/* $FILESYSTEM_ROOT/etc/logrotate.d/
|
|
sudo cp $IMAGE_CONFIGS/logrotate/rsyslog.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
sudo cp $IMAGE_CONFIGS/logrotate/logrotate-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo cp $IMAGE_CONFIGS/logrotate/logrotate-config.sh $FILESYSTEM_ROOT/usr/bin/
|
|
sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/logrotate.timer.d
|
|
sudo cp $IMAGE_CONFIGS/logrotate/timerOverride.conf $FILESYSTEM_ROOT/etc/systemd/system/logrotate.timer.d/
|
|
echo "logrotate-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy systemd-journald configuration files
|
|
sudo cp -f $IMAGE_CONFIGS/systemd/journald.conf $FILESYSTEM_ROOT/etc/systemd/
|
|
|
|
# Copy interfaces configuration files and templates
|
|
sudo cp $IMAGE_CONFIGS/interfaces/interfaces-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo cp $IMAGE_CONFIGS/interfaces/interfaces-config.sh $FILESYSTEM_ROOT/usr/bin/
|
|
sudo cp $IMAGE_CONFIGS/interfaces/*.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
echo "interfaces-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy CoPP configuration files and templates
|
|
sudo cp $IMAGE_CONFIGS/copp/copp-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo cp $IMAGE_CONFIGS/copp/copp-config.sh $FILESYSTEM_ROOT/usr/bin/
|
|
sudo cp $IMAGE_CONFIGS/copp/copp_cfg.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
echo "copp-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy dhcp client configuration template and create an initial configuration
|
|
sudo cp files/dhcp/dhclient.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
j2 files/dhcp/dhclient.conf.j2 | sudo tee $FILESYSTEM_ROOT/etc/dhcp/dhclient.conf
|
|
sudo cp files/dhcp/ifupdown2_policy.json $FILESYSTEM_ROOT/etc/network/ifupdown2/policy.d
|
|
sudo cp files/dhcp/90-dhcp6-systcl.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
|
|
# Copy initial interfaces configuration file, will be overwritten on first boot
|
|
sudo cp $IMAGE_CONFIGS/interfaces/init_interfaces $FILESYSTEM_ROOT/etc/network/interfaces
|
|
sudo mkdir -p $FILESYSTEM_ROOT/etc/network/interfaces.d
|
|
|
|
# System'd network udev rules
|
|
sudo cp $IMAGE_CONFIGS/systemd/network/* $FILESYSTEM_ROOT_ETC/systemd/network/
|
|
|
|
# copy core file uploader files
|
|
sudo cp $IMAGE_CONFIGS/corefile_uploader/core_uploader.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable core_uploader.service
|
|
sudo cp $IMAGE_CONFIGS/corefile_uploader/core_uploader.py $FILESYSTEM_ROOT/usr/bin/
|
|
sudo cp $IMAGE_CONFIGS/corefile_uploader/core_analyzer.rc.json $FILESYSTEM_ROOT_ETC_SONIC/
|
|
sudo chmod og-rw $FILESYSTEM_ROOT_ETC_SONIC/core_analyzer.rc.json
|
|
|
|
# Rasdaemon service configuration. Use timer to start rasdaemon with a delay for better fast/warm boot performance
|
|
sudo cp $IMAGE_CONFIGS/rasdaemon/rasdaemon.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT systemctl disable rasdaemon.service
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT systemctl enable rasdaemon.timer
|
|
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libffi-dev libssl-dev
|
|
|
|
if [[ $CONFIGURED_ARCH == armhf ]]; then
|
|
# The azure-storage package depends on the cryptography package. Newer
|
|
# versions of cryptography require the rust compiler, the correct version
|
|
# for which is not readily available in buster. Hence we pre-install an
|
|
# older version here to satisfy the azure-storage dependency.
|
|
# Note: This is not a problem for other architectures as pre-built versions
|
|
# of cryptography are available for those. This sequence can be removed
|
|
# after upgrading to debian bullseye.
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install cryptography==3.3.1
|
|
fi
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install azure-storage==0.36.0
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install watchdog==0.10.3
|
|
|
|
{% if include_kubernetes == "y" %}
|
|
# Point to kubelet to /etc/resolv.conf
|
|
#
|
|
echo 'KUBELET_EXTRA_ARGS="--resolv-conf=/etc/resolv.conf --cgroup-driver=cgroupfs --node-ip=::"' | sudo tee -a $FILESYSTEM_ROOT/etc/default/kubelet
|
|
|
|
# Copy Flannel conf file into sonic-templates
|
|
#
|
|
sudo cp $BUILD_TEMPLATES/kube_cni.10-flannel.conflist $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
|
|
# Install remote Container mgmt package
|
|
# Required even if include_kubernetes != y, as it contains the
|
|
# the container wrapper for docker start/stop/wait commands.
|
|
#
|
|
SONIC_CTRMGMT_WHEEL_NAME=$(basename {{sonic_ctrmgmt_py3_wheel_path}})
|
|
sudo cp {{sonic_ctrmgmt_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_CTRMGMT_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_CTRMGMT_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$SONIC_CTRMGMT_WHEEL_NAME
|
|
|
|
# Config file used by container mgmt scripts/service
|
|
fl="${files_path}/remote_ctr.config.json"
|
|
use_k8s_as_http_proxy=$(python3 -c 'import json
|
|
with open("'${fl}'", "r") as s:
|
|
d=json.load(s);print(d.get("use_k8s_as_http_proxy", ""))
|
|
')
|
|
if [ "${use_k8s_as_http_proxy}" == "y" ]; then
|
|
# create proxy files for docker using private IP which will
|
|
# be later directed to k8s master upon config
|
|
PROXY_INFO="${kube_docker_proxy}"
|
|
cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/http_proxy.conf > /dev/null
|
|
[Service]
|
|
Environment="HTTP_PROXY=${PROXY_INFO}"
|
|
EOT
|
|
cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/https_proxy.conf > /dev/null
|
|
[Service]
|
|
Environment="HTTPS_PROXY=${PROXY_INFO}"
|
|
EOT
|
|
fi
|
|
|
|
sudo cp ${files_path}/remote_ctr.config.json ${FILESYSTEM_ROOT_ETC_SONIC}/
|
|
|
|
# Remote container management service files
|
|
sudo cp ${files_path}/ctrmgrd.service ${FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM}/
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable ctrmgrd.service
|
|
|
|
# kubelet service is controlled by ctrmgrd daemon.
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable kubelet.service
|
|
{% else %}
|
|
# container script for docker commands, which is required as
|
|
# all docker commands are replaced with container commands.
|
|
# So just copy that file only.
|
|
#
|
|
sudo cp ${files_path}/container $FILESYSTEM_ROOT/usr/local/bin/
|
|
{% endif %}
|
|
|
|
# Copy the buffer configuration template
|
|
sudo cp $BUILD_TEMPLATES/buffers_config.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
|
|
# Copy the qos configuration template
|
|
sudo cp $BUILD_TEMPLATES/qos_config.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
|
|
# Copy the templates for dynamically buffer calculation
|
|
{% if sonic_asic_platform == "mellanox" or sonic_asic_platform == "vs" %}
|
|
if [ -f platform/{{ sonic_asic_platform }}/asic_table.j2 ]
|
|
then
|
|
sudo cp platform/{{ sonic_asic_platform }}/asic_table.j2 $FILESYSTEM_ROOT/usr/share/sonic/templates/asic_table.j2
|
|
fi
|
|
|
|
if [ -f platform/{{ sonic_asic_platform }}/peripheral_table.j2 ]
|
|
then
|
|
sudo cp platform/{{ sonic_asic_platform }}/peripheral_table.j2 $FILESYSTEM_ROOT/usr/share/sonic/templates/peripheral_table.j2
|
|
fi
|
|
|
|
if [ -f platform/{{ sonic_asic_platform }}/zero_profiles.j2 ]
|
|
then
|
|
sudo cp platform/{{ sonic_asic_platform }}/zero_profiles.j2 $FILESYSTEM_ROOT/usr/share/sonic/templates/zero_profiles.j2
|
|
fi
|
|
{% endif %}
|
|
|
|
# Copy backend acl template
|
|
sudo cp $BUILD_TEMPLATES/backend_acl.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
|
|
|
|
# Copy hostname configuration scripts
|
|
sudo cp $IMAGE_CONFIGS/hostname/hostname-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "hostname-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
sudo cp $IMAGE_CONFIGS/hostname/hostname-config.sh $FILESYSTEM_ROOT/usr/bin/
|
|
|
|
# Copy miscellaneous scripts
|
|
sudo cp $IMAGE_CONFIGS/misc/docker-wait-any $FILESYSTEM_ROOT/usr/bin/
|
|
|
|
# Copy internal topology configuration scripts
|
|
{%- if sonic_asic_platform == "vs" %}
|
|
sudo cp $IMAGE_CONFIGS/topology/topology.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "topology.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
sudo cp $IMAGE_CONFIGS/topology/topology.sh $FILESYSTEM_ROOT/usr/bin
|
|
{%- endif %}
|
|
|
|
# Copy platform topology configuration scripts
|
|
sudo cp $IMAGE_CONFIGS/config-topology/config-topology.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "config-topology.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
sudo cp $IMAGE_CONFIGS/config-topology/config-topology.sh $FILESYSTEM_ROOT/usr/bin
|
|
|
|
# Copy updategraph script and service file
|
|
j2 files/build_templates/updategraph.service.j2 | sudo tee $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/updategraph.service
|
|
sudo cp $IMAGE_CONFIGS/updategraph/updategraph $FILESYSTEM_ROOT/usr/bin/
|
|
echo "updategraph.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
{% if enable_dhcp_graph_service == "y" %}
|
|
sudo bash -c "echo enabled=true > $FILESYSTEM_ROOT/etc/sonic/updategraph.conf"
|
|
sudo bash -c "echo src=dhcp >> $FILESYSTEM_ROOT/etc/sonic/updategraph.conf"
|
|
sudo bash -c "echo dhcp_as_static=true >> $FILESYSTEM_ROOT/etc/sonic/updategraph.conf"
|
|
{% else %}
|
|
sudo bash -c "echo enabled=false > $FILESYSTEM_ROOT/etc/sonic/updategraph.conf"
|
|
{% endif %}
|
|
|
|
# Generate initial SONiC configuration file
|
|
j2 files/build_templates/init_cfg.json.j2 | sudo tee $FILESYSTEM_ROOT/etc/sonic/init_cfg.json
|
|
|
|
# Copy config-setup script and service file
|
|
j2 files/build_templates/config-setup.service.j2 | sudo tee $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/config-setup.service
|
|
sudo cp $IMAGE_CONFIGS/config-setup/config-setup $FILESYSTEM_ROOT/usr/bin/config-setup
|
|
echo "config-setup.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable config-setup.service
|
|
|
|
# Add delayed tacacs application service
|
|
sudo cp files/build_templates/tacacs-config.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/
|
|
echo "tacacs-config.timer" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
sudo cp files/build_templates/tacacs-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/
|
|
echo "tacacs-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy config-chassisdb script and service file
|
|
j2 files/build_templates/config-chassisdb.service.j2 | sudo tee $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/config-chassisdb.service
|
|
sudo cp $IMAGE_CONFIGS/config-chassisdb/config-chassisdb $FILESYSTEM_ROOT/usr/bin/config-chassisdb
|
|
echo "config-chassisdb.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable config-chassisdb.service
|
|
|
|
# Copy backend-acl script and service file
|
|
sudo cp $IMAGE_CONFIGS/backend_acl/backend-acl.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM/backend-acl.service
|
|
sudo cp $IMAGE_CONFIGS/backend_acl/backend_acl.py $FILESYSTEM_ROOT/usr/bin/backend_acl.py
|
|
echo "backend-acl.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
# Copy SNMP configuration files
|
|
sudo cp $IMAGE_CONFIGS/snmp/snmp.yml $FILESYSTEM_ROOT/etc/sonic/
|
|
|
|
# Copy ASN configuration files
|
|
sudo cp $IMAGE_CONFIGS/constants/constants.yml $FILESYSTEM_ROOT/etc/sonic/
|
|
|
|
# Copy sudoers configuration file
|
|
sudo cp $IMAGE_CONFIGS/sudoers/sudoers $FILESYSTEM_ROOT/etc/
|
|
sudo cp $IMAGE_CONFIGS/sudoers/sudoers.lecture $FILESYSTEM_ROOT/etc/
|
|
|
|
# Copy pcie-check service files
|
|
sudo cp $IMAGE_CONFIGS/pcie-check/pcie-check.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "pcie-check.service" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
sudo cp $IMAGE_CONFIGS/pcie-check/pcie-check.sh $FILESYSTEM_ROOT/usr/bin/
|
|
|
|
## Install package without starting service
|
|
## ref: https://wiki.debian.org/chroot
|
|
sudo tee -a $FILESYSTEM_ROOT/usr/sbin/policy-rc.d > /dev/null <<EOF
|
|
#!/bin/sh
|
|
exit 101
|
|
EOF
|
|
sudo chmod a+x $FILESYSTEM_ROOT/usr/sbin/policy-rc.d
|
|
|
|
{% if installer_debs.strip() -%}
|
|
{% for deb in installer_debs.strip().split(' ') -%}
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
## Run depmod command for target kernel modules
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT depmod -a {{kversion}}
|
|
|
|
## download all dependency packages for platform debian packages
|
|
{% if lazy_installer_debs.strip() -%}
|
|
{% for file in lazy_installer_debs.strip().split(' ') -%}
|
|
|
|
{% set dev = file.split('@')[0] -%}
|
|
{% set deb = file.split('@')[1] -%}
|
|
{% set debfilename = deb.split('/')|last -%}
|
|
{% set debname = debfilename.split('_')|first -%}
|
|
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -i {{deb}} || sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f --download-only
|
|
|
|
sudo mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/{{dev}}
|
|
sudo mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/common
|
|
sudo cp {{ deb }} $FILESYSTEM_ROOT/$PLATFORM_DIR/common/
|
|
sudo ln -sf "../common/{{ debfilename }}" "$FILESYSTEM_ROOT/$PLATFORM_DIR/{{dev}}/{{ debfilename }}"
|
|
for f in $(find $FILESYSTEM_ROOT/var/cache/apt/archives -name "*.deb"); do
|
|
sudo mv $f $FILESYSTEM_ROOT/$PLATFORM_DIR/common/
|
|
sudo ln -sf "../common/$(basename $f)" "$FILESYSTEM_ROOT/$PLATFORM_DIR/{{dev}}/$(basename $f)"
|
|
done
|
|
|
|
sudo dpkg --root=$FILESYSTEM_ROOT -P {{ debname }}
|
|
|
|
{% endfor %}
|
|
# create a trivial apt repo if any of the debs have dependencies, including between lazy debs
|
|
if [ $(for f in $FILESYSTEM_ROOT/$PLATFORM_DIR/common/*.deb; do \
|
|
sudo dpkg -I $f | grep "Depends:\|Pre-Depends:"; done | wc -l) -gt 0 ]; then
|
|
(cd $FILESYSTEM_ROOT/$PLATFORM_DIR/common && sudo dpkg-scanpackages . | \
|
|
sudo gzip | sudo tee Packages.gz > /dev/null)
|
|
fi
|
|
{% endif %}
|
|
|
|
# Remove sshd host keys, and will regenerate on first sshd start. This needs to be
|
|
# done again here because our custom version of sshd is being installed, which
|
|
# will regenerate the sshd host keys.
|
|
sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key*
|
|
|
|
sudo rm -f $FILESYSTEM_ROOT/usr/sbin/policy-rc.d
|
|
|
|
# Copy fstrim service and timer file, enable fstrim timer
|
|
sudo cp $IMAGE_CONFIGS/fstrim/* $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable fstrim.timer
|
|
|
|
## copy platform rc.local
|
|
sudo cp $IMAGE_CONFIGS/platform/rc.local $FILESYSTEM_ROOT/etc/
|
|
|
|
## copy blacklist file
|
|
sudo cp $IMAGE_CONFIGS/platform/linux_kernel_bde.conf $FILESYSTEM_ROOT/etc/modprobe.d/
|
|
|
|
# Enable psample drivers to support sFlow on vs
|
|
{% if sonic_asic_platform == "vs" %}
|
|
sudo tee -a $FILESYSTEM_ROOT/etc/modules-load.d/modules.conf > /dev/null <<EOF
|
|
psample
|
|
act_sample
|
|
EOF
|
|
{% endif %}
|
|
|
|
## Bind docker path
|
|
if [ $MULTIARCH_QEMU_ENVIRON == y ]; then
|
|
sudo mkdir -p $FILESYSTEM_ROOT/dockerfs
|
|
sudo mount --bind dockerfs $FILESYSTEM_ROOT/dockerfs
|
|
fi
|
|
|
|
{% if installer_images.strip() -%}
|
|
## ensure proc is mounted
|
|
sudo mount proc /proc -t proc || true
|
|
if [[ $CONFIGURED_ARCH == armhf ]]; then
|
|
# A workaround to fix the armhf build hung issue, caused by sonic-platform-nokia-7215_1.0_armhf.deb post installation script
|
|
ps -eo pid,cmd | grep python | grep "/etc/entropy.py" | awk '{print $1}' | xargs sudo kill -9 2>/dev/null || true
|
|
fi
|
|
|
|
sudo mkdir $FILESYSTEM_ROOT/target
|
|
sudo mount --bind target $FILESYSTEM_ROOT/target
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT docker info
|
|
|
|
{% for docker_installation_target in installer_images.strip().split() -%}
|
|
{% set pkgname, docker_build_path, machine, image = docker_installation_target.split('|') %}
|
|
{% set imagefilepath = image.split(':')|first -%}
|
|
{% set imagefilename = imagefilepath.split('/')|last -%}
|
|
{% set imagename = imagefilename.split('.')|first -%}
|
|
if [[ -z "{{machine}}" || -n "{{machine}}" && $TARGET_MACHINE == "{{machine}}" ]]; then
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT docker load -i {{imagefilepath}}
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT docker tag {{imagename}}:latest {{imagename}}:"${SONIC_IMAGE_VERSION}"
|
|
# Check if manifest exists for {{imagename}} and it is a valid JSON
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT docker inspect {{imagename}}:latest \
|
|
| jq '.[0].Config.Labels["com.azure.sonic.manifest"]' -r > /tmp/manifest.json
|
|
jq -e . /tmp/manifest.json || {
|
|
>&2 echo "docker image {{imagename}} has no manifest or manifest is not a valid JSON"
|
|
exit 1
|
|
}
|
|
{% if imagename.endswith('-dbg') %}
|
|
{% set imagebasename = imagename.replace('-dbg', '') -%}
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT docker tag {{imagename}}:latest {{imagebasename}}:"${SONIC_IMAGE_VERSION}"
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT docker tag {{imagename}}:latest {{imagebasename}}:latest
|
|
{% endif %}
|
|
fi
|
|
{% endfor %}
|
|
|
|
SONIC_PACKAGE_MANAGER_FOLDER="/var/lib/sonic-package-manager/"
|
|
sudo mkdir -p $FILESYSTEM_ROOT/$SONIC_PACKAGE_MANAGER_FOLDER
|
|
target_machine="$TARGET_MACHINE" j2 $BUILD_TEMPLATES/packages.json.j2 | sudo tee $FILESYSTEM_ROOT/$SONIC_PACKAGE_MANAGER_FOLDER/packages.json
|
|
if [ "${PIPESTATUS[0]}" != "0" ]; then
|
|
echo "Failed to generate packages.json" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Copy docker_image_ctl.j2 for SONiC Package Manager
|
|
sudo cp $BUILD_TEMPLATES/docker_image_ctl.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/docker_image_ctl.j2
|
|
|
|
# Generate shutdown order
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT /usr/local/bin/generate_shutdown_order.py
|
|
|
|
{% if include_kubernetes == "y" %}
|
|
## Pull in kubernetes docker images
|
|
echo "pulling universal k8s images ..."
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/pause:${K8s_GCR_IO_PAUSE_VERSION}
|
|
echo "docker images pull complete"
|
|
{% endif %}
|
|
|
|
{% if include_kubernetes_master == "y" %}
|
|
# Pull in kubernetes master docker images
|
|
echo "pulling kubernetes master images ..."
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/pause:${MASTER_PAUSE_VERSION}
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/kube-apiserver:${MASTER_KUBERNETES_CONTAINER_IMAGE_VERSION}
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/kube-controller-manager:${MASTER_KUBERNETES_CONTAINER_IMAGE_VERSION}
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/kube-scheduler:${MASTER_KUBERNETES_CONTAINER_IMAGE_VERSION}
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/kube-proxy:${MASTER_KUBERNETES_CONTAINER_IMAGE_VERSION}
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/coredns/coredns:${MASTER_COREDNS_VERSION}
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT docker $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS pull k8s.gcr.io/etcd:${MASTER_ETCD_VERSION}
|
|
echo "kubernetes master docker images pull complete"
|
|
# Install python package for mdm service usage
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install psutil
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install statsd
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable mdm.service
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable kubelet.service
|
|
# Add kubernetes master entrance
|
|
sudo cp files/image_config/kubernetes/kubernetes_master_entrance.sh $FILESYSTEM_ROOT/usr/sbin/
|
|
sudo sed -i '/^exit 0/i\bash /usr/sbin/kubernetes_master_entrance.sh' $FILESYSTEM_ROOT/etc/rc.local
|
|
{% endif %}
|
|
|
|
{% macro get_install_options(set_owner, enabled) -%}
|
|
{% set args = ["-y", "-v", "DEBUG"] -%}
|
|
{% if set_owner -%}
|
|
{% set args = args + ["--set-owner", set_owner] -%}
|
|
{% endif -%}
|
|
{% if enabled == "y" -%}
|
|
{% set args = args + ["--enable"] -%}
|
|
{% endif -%}
|
|
{{ args | join(' ') }}
|
|
{% endmacro -%}
|
|
|
|
{% for package in sonic_packages.strip().split() -%}
|
|
{% set name, repo, version, set_owner, enabled = package.split('|') -%}
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT sonic-package-manager repository add {{ name }} {{ repo }}
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT sonic-package-manager install {{ name }}=={{ version }} {{ get_install_options(set_owner, enabled) }}
|
|
{% endfor -%}
|
|
|
|
{% for package in sonic_local_packages.strip().split() -%}
|
|
{% set name, path, set_owner, enabled = package.split('|') -%}
|
|
sudo LANG=C DOCKER_HOST="$DOCKER_HOST" chroot $FILESYSTEM_ROOT sonic-package-manager install --from-tarball {{ path }} {{ get_install_options(set_owner, enabled) }}
|
|
{% endfor -%}
|
|
|
|
sudo umount $FILESYSTEM_ROOT/target
|
|
sudo rm -r $FILESYSTEM_ROOT/target
|
|
if [ $MULTIARCH_QEMU_ENVIRON == y ]; then
|
|
sudo umount $FILESYSTEM_ROOT/dockerfs
|
|
sudo rm -fr $FILESYSTEM_ROOT/dockerfs
|
|
sudo kill -9 `sudo $SONIC_NATIVE_DOCKERD_FOR_DOCKERFS_PID` || true
|
|
else
|
|
sudo chroot $FILESYSTEM_ROOT $DOCKER_CTL_SCRIPT stop
|
|
fi
|
|
|
|
sudo bash -c "echo { > $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ctr_image_names.json"
|
|
{% for entry in feature_vs_image_names.split(' ') -%}
|
|
{% if entry|length %}
|
|
{% set lst = entry.split(':') %}
|
|
{% set lst1 = lst[1].split('.') %}
|
|
sudo bash -c "echo -n -e \"\x22{{ lst[0] }}\x22 : \x22{{ lst1[0] }}\x22\" >> $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ctr_image_names.json"
|
|
{% if not loop.last %}
|
|
sudo bash -c "echo \",\" >> $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ctr_image_names.json"
|
|
{% else %}
|
|
sudo bash -c "echo \"\" >> $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ctr_image_names.json"
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
sudo bash -c "echo } >> $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/ctr_image_names.json"
|
|
|
|
{% for script in installer_start_scripts.split(' ') -%}
|
|
if [ -f $TARGET_MACHINE"_{{script}}" ]; then
|
|
sudo cp $TARGET_MACHINE"_{{script}}" $FILESYSTEM_ROOT/usr/bin/{{script}}
|
|
else
|
|
sudo cp {{script}} $FILESYSTEM_ROOT/usr/bin/
|
|
fi
|
|
{% endfor %}
|
|
{% for service in installer_services.split(' ') -%}
|
|
if [ -f {{service}} ]; then
|
|
sudo cp {{service}} $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
|
|
{% if "@" in service %}
|
|
MULTI_INSTANCE="{{service}}"
|
|
SINGLE_INSTANCE=${MULTI_INSTANCE/"@"}
|
|
sudo cp $SINGLE_INSTANCE $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
{% endif %}
|
|
|
|
echo "{{service}}" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
fi
|
|
{% endfor %}
|
|
{% for timer in installer_timers.split(' ') -%}
|
|
if [ -f {{timer}} ]; then
|
|
sudo cp {{timer}} $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
|
|
{% if "@" in timer %}
|
|
MULTI_INSTANCE="{{timer}}"
|
|
SINGLE_INSTANCE=${MULTI_INSTANCE/"@"}
|
|
sudo cp $SINGLE_INSTANCE $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
{% endif %}
|
|
|
|
echo "{{timer}}" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
fi
|
|
{% endfor %}
|
|
if [ -f iccpd.service ]; then
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable iccpd.service
|
|
fi
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT fuser -km /sys || true
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT umount -lf /sys
|
|
{% endif %}
|
|
|
|
# Copy service scripts (swss, syncd, bgp, teamd, lldp, radv)
|
|
sudo LANG=C cp $SCRIPTS_DIR/swss.sh $FILESYSTEM_ROOT/usr/local/bin/swss.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/syncd.sh $FILESYSTEM_ROOT/usr/local/bin/syncd.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/syncd_common.sh $FILESYSTEM_ROOT/usr/local/bin/syncd_common.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/gbsyncd.sh $FILESYSTEM_ROOT/usr/local/bin/gbsyncd.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/gbsyncd-platform.sh $FILESYSTEM_ROOT/usr/bin/gbsyncd-platform.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/bgp.sh $FILESYSTEM_ROOT/usr/local/bin/bgp.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/teamd.sh $FILESYSTEM_ROOT/usr/local/bin/teamd.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/lldp.sh $FILESYSTEM_ROOT/usr/local/bin/lldp.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/radv.sh $FILESYSTEM_ROOT/usr/local/bin/radv.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/database.sh $FILESYSTEM_ROOT/usr/local/bin/database.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/snmp.sh $FILESYSTEM_ROOT/usr/local/bin/snmp.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/telemetry.sh $FILESYSTEM_ROOT/usr/local/bin/telemetry.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/mgmt-framework.sh $FILESYSTEM_ROOT/usr/local/bin/mgmt-framework.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/asic_status.sh $FILESYSTEM_ROOT/usr/local/bin/asic_status.sh
|
|
sudo LANG=C cp $SCRIPTS_DIR/asic_status.py $FILESYSTEM_ROOT/usr/local/bin/asic_status.py
|
|
|
|
# Copy sonic-netns-exec script
|
|
sudo LANG=C cp $SCRIPTS_DIR/sonic-netns-exec $FILESYSTEM_ROOT/usr/bin/sonic-netns-exec
|
|
|
|
# Copy write_standby script for mux state
|
|
sudo LANG=C cp $SCRIPTS_DIR/write_standby.py $FILESYSTEM_ROOT/usr/local/bin/write_standby.py
|
|
|
|
# Copy mark_dhcp_packet script
|
|
sudo LANG=C cp $SCRIPTS_DIR/mark_dhcp_packet.py $FILESYSTEM_ROOT/usr/local/bin/mark_dhcp_packet.py
|
|
|
|
# Copy systemd timer configuration
|
|
# It implements delayed start of services
|
|
sudo cp $BUILD_TEMPLATES/snmp.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "snmp.timer" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
{% if include_system_telemetry == 'y' %}
|
|
sudo cp $BUILD_TEMPLATES/telemetry.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "telemetry.timer" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
{% endif %}
|
|
|
|
{% if include_mgmt_framework == 'y' %}
|
|
sudo cp $BUILD_TEMPLATES/mgmt-framework.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "mgmt-framework.timer" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
{% endif %}
|
|
|
|
sudo cp $BUILD_TEMPLATES/pmon.timer $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
echo "pmon.timer" | sudo tee -a $GENERATED_SERVICE_FILE
|
|
|
|
sudo cp $BUILD_TEMPLATES/sonic.target $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable sonic.target
|
|
|
|
sudo cp $BUILD_TEMPLATES/sonic-delayed.target $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable sonic-delayed.target
|
|
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y python3-dev
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y build-essential libssl-dev swig
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get clean -y
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get autoremove -y
|
|
|
|
{% for file in installer_extra_files.split(' ') -%}
|
|
{% if file.strip() -%}
|
|
{% set src = file.split(':')[0] -%}
|
|
{% set dst = file.split(':')[1] -%}
|
|
sudo cp {{src}} $FILESYSTEM_ROOT/{{dst}}
|
|
{% endif -%}
|
|
{% endfor -%}
|
|
|
|
{% if sonic_asic_platform == "mellanox" %}
|
|
declare -rA FW_FILE_MAP=( \
|
|
[$MLNX_SPC_FW_FILE]="fw-SPC.mfa" \
|
|
[$MLNX_SPC2_FW_FILE]="fw-SPC2.mfa" \
|
|
[$MLNX_SPC3_FW_FILE]="fw-SPC3.mfa" \
|
|
)
|
|
sudo mkdir -p $FILESYSTEM_ROOT/$PLATFORM_DIR/fw/asic/
|
|
sudo mkdir -p $FILESYSTEM_ROOT_ETC/mlnx/
|
|
for fw_file_name in ${!FW_FILE_MAP[@]}; do
|
|
sudo cp $files_path/$fw_file_name $FILESYSTEM_ROOT/$PLATFORM_DIR/fw/asic/${FW_FILE_MAP[$fw_file_name]}
|
|
# Link old FW location to not break existing automation/scripts
|
|
sudo ln -s /host/image-$SONIC_IMAGE_VERSION/$PLATFORM_DIR/fw/asic/${FW_FILE_MAP[$fw_file_name]} $FILESYSTEM_ROOT/etc/mlnx/${FW_FILE_MAP[$fw_file_name]}
|
|
done
|
|
sudo cp $files_path/$ISSU_VERSION_FILE $FILESYSTEM_ROOT/$PLATFORM_DIR/fw/asic/issu-version
|
|
sudo ln -s /host/image-$SONIC_IMAGE_VERSION/$PLATFORM_DIR/fw/asic/issu-version $FILESYSTEM_ROOT/etc/mlnx/issu-version
|
|
sudo cp $files_path/$MLNX_FFB_SCRIPT $FILESYSTEM_ROOT/usr/bin/mlnx-ffb.sh
|
|
sudo cp $files_path/$MLNX_ONIE_FW_UPDATE $FILESYSTEM_ROOT/usr/bin/$MLNX_ONIE_FW_UPDATE
|
|
sudo cp $files_path/$MLNX_SSD_FW_UPDATE $FILESYSTEM_ROOT/usr/bin/$MLNX_SSD_FW_UPDATE
|
|
sudo cp $files_path/$MLNX_INSTALL_PENDING_FW $FILESYSTEM_ROOT/usr/bin/$MLNX_INSTALL_PENDING_FW
|
|
j2 platform/mellanox/mlnx-fw-upgrade.j2 | sudo tee $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh
|
|
sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/mlnx-fw-upgrade.sh
|
|
|
|
# Install mlnx-sonic-platform Python 3 package
|
|
MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME=$(basename {{mlnx_platform_api_py3_wheel_path}})
|
|
sudo cp {{mlnx_platform_api_py3_wheel_path}} $FILESYSTEM_ROOT/$MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME
|
|
sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME
|
|
sudo rm -rf $FILESYSTEM_ROOT/$MLNX_SONIC_PLATFORM_PY3_WHEEL_NAME
|
|
{% endif %}
|
|
|
|
{%- if SONIC_ROUTING_STACK == "frr" %}
|
|
sudo mkdir $FILESYSTEM_ROOT/etc/sonic/frr
|
|
sudo touch $FILESYSTEM_ROOT/etc/sonic/frr/frr.conf
|
|
sudo touch $FILESYSTEM_ROOT/etc/sonic/frr/vtysh.conf
|
|
sudo chown -R $FRR_USER_UID:$FRR_USER_GID $FILESYSTEM_ROOT/etc/sonic/frr
|
|
sudo chmod -R 640 $FILESYSTEM_ROOT/etc/sonic/frr/
|
|
sudo chmod 750 $FILESYSTEM_ROOT/etc/sonic/frr
|
|
{%- endif %}
|
|
|
|
# Mask services which are disabled by default
|
|
sudo cp $BUILD_SCRIPTS_DIR/mask_disabled_services.py $FILESYSTEM_ROOT/tmp/
|
|
sudo chmod a+x $FILESYSTEM_ROOT/tmp/mask_disabled_services.py
|
|
sudo LANG=C chroot $FILESYSTEM_ROOT /tmp/mask_disabled_services.py
|
|
sudo rm -rf $FILESYSTEM_ROOT/tmp/mask_disabled_services.py
|
|
|
|
|
|
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install python3-dbus
|