Create 24.04 headless image

config/gw-fxci-gcp-l1-2404-headless-alpha.yaml

@@ -0,0 +1,13 @@
+---
+image:
+  source_image_family: ubuntu-2404-lts-amd64
+  project_id: "taskcluster-imaging"
+  workload_identity_provider_project_number: 324168772199
+  image_name: gw-fxci-gcp-l1-2404-amd64-headless-googlecompute
+  zone: us-west1-a
+vm:
+  disk_size: 60
+  taskcluster_version: 73.0.0
+  tc_arch: AMD64
+  script_paths: 
+  - "scripts/linux/ubuntu-2404-headless-amd64-headless"

gcp.pkr.hcl

@@ -150,6 +150,18 @@ source "googlecompute" "gw-fxci-gcp-l1-2404-x11-alpha" {
   use_iap             = true
 }
 
+source "googlecompute" "gw-fxci-gcp-l1-2404-headless-alpha" {
+  disk_size           = var.disk_size
+  image_licenses      = ["projects/vm-options/global/licenses/enable-vmx"]
+  image_name          = var.image_name
+  machine_type        = null
+  project_id          = var.project_id
+  source_image_family = var.source_image_family
+  ssh_username        = "ubuntu"
+  zone                = var.zone
+  use_iap             = true
+}
+
 build {
   sources = [
     "source.googlecompute.gw-fxci-gcp-l1-2404-alpha"
@@ -436,4 +448,45 @@ build {
     strip_path = true
   }
 
+}
+
+build {
+  sources = [
+    "source.googlecompute.gw-fxci-gcp-l1-2404-headless-alpha"
+  ]
+
+  provisioner "shell" {
+    execute_command = "sudo -S bash -c '{{ .Vars }} {{ .Path }}'"
+    environment_vars = [
+      "CLOUD=google",
+      "TC_ARCH=${var.tc_arch}",
+      "TASKCLUSTER_VERSION=${var.taskcluster_version}",
+    ]
+    scripts = [
+      "${path.cwd}/scripts/linux/common/papertrail.sh",
+      "${path.cwd}/scripts/linux/ubuntu-2404-amd64-headless/fxci/01-bootstrap.sh",
+      "${path.cwd}/scripts/linux/ubuntu-2404-amd64-headless/fxci/02-additional-packages.sh"
+    ]
+  }
+
+  provisioner "shell" {
+    inline = ["/usr/bin/cloud-init status --wait"]
+  }
+
+  ## Install gcp ops agent and cleanup
+  provisioner "shell" {
+    execute_command = "sudo -S bash -c '{{ .Vars }} {{ .Path }}'"
+    expect_disconnect = true
+    scripts = [
+      "${path.cwd}/scripts/linux/common/01-install-ops-agent.sh",
+      "${path.cwd}/scripts/linux/common/99-clean.sh",
+    ]
+    start_retry_timeout = "30m"
+  }
+
+  post-processor "manifest" {
+    output     = "packer-artifacts.json"
+    strip_path = true
+  }
+
 }

scripts/linux/ubuntu-2404-amd64-headless/fxci/01-bootstrap.sh

@@ -0,0 +1,164 @@
+#!/bin/bash
+
+set -exv
+
+function retry {
+  set +e
+  local n=0
+  local max=10
+  while true; do
+    "$@" && break || {
+      if [[ $n -lt $max ]]; then
+        ((n++))
+        echo "Command failed" >&2
+        sleep_time=$((2 ** n))
+        echo "Sleeping $sleep_time seconds..." >&2
+        sleep $sleep_time
+        echo "Attempt $n/$max:" >&2
+      else
+        echo "Failed after $n attempts." >&2
+        exit 1
+      fi
+    }
+  done
+  set -e
+}
+
+start_time="$(date '+%s')"
+
+case "$(uname -m)" in
+  x86_64)
+    ARCH=amd64
+    ;;
+  aarch64)
+    ARCH=arm64
+    ;;
+  *)
+    echo "Unsupported architecture '$(uname -m)' - currently bootstrap.sh only supports architectures x86_64 and aarch64" >&2
+    exit 64
+    ;;
+esac
+
+retry apt-get update
+DEBIAN_FRONTEND=noninteractive retry apt-get upgrade -yq
+retry apt-get -y remove docker docker.io containerd runc
+# build-essential is needed for running `go test -race` with the -vet=off flag as of go1.19
+retry apt-get install -y apt-transport-https ca-certificates curl software-properties-common gzip python3-venv build-essential snapd
+
+# needed for kvm, see https://help.ubuntu.com/community/KVM/Installation
+retry apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils
+
+# install docker
+retry curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
+retry apt-get update
+retry apt-get install -y docker-ce docker-ce-cli containerd.io
+retry docker run hello-world
+
+# configure kvm vmware backdoor
+# this enables a vmware compatible interface for kvm, and is needed for some fuzzing tasks
+#cat > /etc/modprobe.d/kvm-backdoor.conf << "EOF"
+#options kvm enable_vmware_backdoor=y
+#EOF
+
+# configure core dumps to be in the process' current directory with filename 'core'
+# (required for 3 legacy JS engine fuzzers)
+echo "kernel.core_pattern = core" >> /etc/sysctl.d/90-custom.conf
+
+# fix 'bugmon-process: error: rr needs /proc/sys/kernel/perf_event_paranoid <= 1, but it is 4'
+echo 'kernel.perf_event_paranoid = 1' >> /etc/sysctl.d/90-custom.conf
+
+# create group for running snap
+groupadd snap_sudo
+echo '%snap_sudo ALL=(ALL:ALL) NOPASSWD: /usr/bin/snap' | EDITOR='tee -a' visudo
+
+# instead of building from source, we can install the pre-built binary
+cd /usr/local/bin
+retry curl -fsSL "https://github.com/taskcluster/taskcluster/releases/download/v${TASKCLUSTER_VERSION}/generic-worker-multiuser-linux-${TC_ARCH}" > generic-worker
+retry curl -fsSL "https://github.com/taskcluster/taskcluster/releases/download/v${TASKCLUSTER_VERSION}/start-worker-linux-${TC_ARCH}" > start-worker
+retry curl -fsSL "https://github.com/taskcluster/taskcluster/releases/download/v${TASKCLUSTER_VERSION}/livelog-linux-${TC_ARCH}" > livelog
+retry curl -fsSL "https://github.com/taskcluster/taskcluster/releases/download/v${TASKCLUSTER_VERSION}/taskcluster-proxy-linux-${TC_ARCH}" > taskcluster-proxy
+chmod a+x generic-worker start-worker taskcluster-proxy livelog
+
+mkdir -p /etc/generic-worker
+mkdir -p /var/local/generic-worker
+/usr/local/bin/generic-worker --version
+/usr/local/bin/generic-worker new-ed25519-keypair --file /etc/generic-worker/ed25519_key
+
+# ensure host 'taskcluster' resolves to localhost
+echo 127.0.1.1 taskcluster >> /etc/hosts
+
+# configure generic-worker to run on boot
+cat > /lib/systemd/system/worker.service << EOF
+[Unit]
+Description=Start TC worker
+# start once networking is online
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/start-worker /etc/start-worker.yml
+# log to console to make output visible in cloud consoles, and syslog for ease of
+# redirecting to external logging services
+StandardOutput=journal+console
+StandardError=journal+console
+User=root
+
+[Install]
+RequiredBy=graphical.target
+EOF
+
+cat > /etc/start-worker.yml << EOF
+provider:
+    providerType: google
+worker:
+    implementation: generic-worker
+    path: /usr/local/bin/generic-worker
+    configPath: /etc/generic-worker/config
+cacheOverRestarts: /etc/start-worker-cache.json
+EOF
+
+systemctl enable worker
+
+retry apt-get install -y ubuntu-desktop ubuntu-gnome-desktop podman
+
+# this is neccessary in GCP because after installing gnome desktop both NetworkManager and systemd-networkd are enabled
+# which leads to https://bugs.launchpad.net/ubuntu/jammy/+source/systemd/+bug/2036358
+systemctl disable systemd-networkd-wait-online.service
+
+# set podman registries conf
+(
+  echo '[registries.search]'
+  echo 'registries=["docker.io"]'
+) >> /etc/containers/registries.conf
+
+# Installs the v4l2loopback kernel module
+# used for the video device, and vkms
+# required by Wayland
+retry apt-get install -y linux-modules-extra-$(uname -r)
+# needed for mutter to work with DRM rather than falling back to X11
+grep -Fx vkms /etc/modules || echo vkms >> /etc/modules
+# disable udev rule that tags platform-vkms with "mutter-device-ignore"
+# ENV{ID_PATH}=="platform-vkms", TAG+="mutter-device-ignore"
+sed '/platform-vkms/d' /lib/udev/rules.d/61-mutter.rules > /etc/udev/rules.d/61-mutter.rules
+
+# install necessary packages for KVM
+# https://help.ubuntu.com/community/KVM/Installation
+retry apt-get install -y qemu-kvm bridge-utils
+
+# snd-aloop currently supported in aws kernel, but not in gcp kernel
+#if [ '%MY_CLOUD%' == 'aws' ]; then
+#  echo 'options snd-aloop enable=1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 index=0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31' > /etc/modprobe.d/snd-aloop.conf
+#  echo 'snd-aloop' >> /etc/modules
+#fi
+
+# avoid unnecessary shutdowns during worker startups
+systemctl disable unattended-upgrades
+
+end_time="$(date '+%s')"
+echo "UserData execution took: $(($end_time - $start_time)) seconds"
+
+# shutdown so that instance can be snapshotted
+#shutdown -h now

scripts/linux/ubuntu-2404-amd64-headless/fxci/02-additional-packages.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -exv
+
+# init helpers
+function retry {
+  set +e
+  local n=0
+  local max=10
+  while true; do
+    "$@" && break || {
+      if [[ $n -lt $max ]]; then
+        ((n++))
+        echo "Command failed" >&2
+        sleep_time=$((2 ** n))
+        echo "Sleeping $sleep_time seconds..." >&2
+        sleep $sleep_time
+        echo "Attempt $n/$max:" >&2
+      else
+        echo "Failed after $n attempts." >&2
+        exit 1
+      fi
+    }
+  done
+  set -e
+}
+
+# add additional packages
+
+MISC_PACKAGES=()
+# essentials
+MISC_PACKAGES+=(build-essential curl git gnupg-agent jq mercurial)
+# python things
+MISC_PACKAGES+=(python3-pip python3-certifi python3-psutil)
+# zstd packages
+MISC_PACKAGES+=(zstd python3-zstd)
+# install zstandard to avoid installing via pip and breaking via PEP 668 https://peps.python.org/pep-0668/ 
+MISC_PACKAGES+=(python3-zstandard)
+MISC_PACKAGES+=(apt-transport-https ca-certificates software-properties-common)
+# docker-worker needs this for unpacking lz4 images, perhaps uneeded but shouldn't hurt
+MISC_PACKAGES+=(liblz4-tool)
+# random bits
+MISC_PACKAGES+=(libhunspell-1.7-0 libhunspell-dev)
+
+retry apt-get install -y ${MISC_PACKAGES[@]}