README.md

BOSH Linux Stemcell Builder

This repo contains tools for creating BOSH stemcells. A stemcell is a bootable disk image that is used as a template by a BOSH Director to create VMs.

This branch (ubuntu-resolute) builds stemcells for Ubuntu 26.04 LTS (Resolute). For other Ubuntu releases, switch to the appropriate branch (e.g. ubuntu-noble for 24.04).

Quick Start: Building a Stemcell Locally

git clone git@github.com:cloudfoundry/bosh-linux-stemcell-builder.git
cd bosh-linux-stemcell-builder
git checkout ubuntu-resolute/1.x
mkdir -p tmp
docker build -t bosh/os-image-stemcell-builder:resolute \
  ci/docker/os-image-stemcell-builder-resolute/
docker run \
   --privileged \
   -v "$(pwd):/opt/bosh" \
   --workdir /opt/bosh \
   --user=1000:1000 \
   -it \
   bosh/os-image-stemcell-builder:resolute
# You're now in the the Docker container
ulimit -n 16384 # only necessary if your host is Fedora
gem install bundler
bundle
 # build OS image
bundle exec rake stemcell:build_os_image[ubuntu,resolute,$PWD/tmp/ubuntu_base_image.tgz]
 # build vSphere stemcell
bundle exec rake stemcell:build_with_local_os_image[vsphere,esxi,ubuntu,resolute,$PWD/tmp/ubuntu_base_image.tgz]

When building a vSphere stemcell, you must download VMware-ovftool-*.bundle and place it in the ci/docker/os-image-stemcell-builder-resolute/ directory. See External Assets for download instructions.

OS image

An OS image is a tarball that contains a snapshot of an OS filesystem, including the libraries and system utilities needed by the BOSH agent; however, it does not contain the BOSH agent nor the virtualization tools: a subsequent Rake task adds the BOSH agent and a set of virtualization tools to the base OS image to produce a stemcell.

The OS Image should be rebuilt when you are making changes to the packages installed in the operating system or when making changes to the configuration of those packages.

bundle exec rake stemcell:build_os_image[ubuntu,resolute,$PWD/tmp/ubuntu_base_image.tgz]

The arguments to the stemcell:build_os_image rake task follow:

0. operating_system_name (ubuntu): identifies which type of OS to fetch. Determines which package repository and packaging tool will be used to download and assemble the files. Currently, only ubuntu is recognized.
1. operating_system_version (resolute): an identifier that the system uses to decide which release of the OS to download. For this branch, use resolute (Ubuntu 26.04 LTS).
2. os_image_path ($PWD/tmp/ubuntu_base_image.tgz): the path to write the finished OS image tarball to. If a file exists at this path already, it will be overwritten without warning.

Building a Stemcell

Rebuild the stemcell when you are making and testing BOSH-specific changes such as a new BOSH agent.

bundle exec rake stemcell:build_with_local_os_image[vsphere,esxi,ubuntu,resolute,$PWD/tmp/ubuntu_base_image.tgz,"0.0.8"]

The arguments to stemcell:build_with_local_os_image are:

0. infrastructure_name: Which IaaS you are producing the stemcell for. Determines which virtualization tools to package on top of the stemcell.
1. hypervisor_name: Depending on what the IAAS supports, which hypervisor to target: aws → xen-hvm, azure → hyperv, google → kvm, openstack → kvm, vsphere → esxi, warden → warden
2. operating_system_name (ubuntu): Type of OS. Same as stemcell:build_os_image. Can optionally include a variant suffix (e.g. resolute-fips)
3. operating_system_version (resolute): OS release. Same as stemcell:build_os_image.
4. os_image_path ($PWD/tmp/ubuntu_base_image.tgz): Path to base OS image produced in stemcell:build_os_image
5. build_number (0.0.8): Stemcell version. Pro-tip: take the version number of the most recent release and add one, e.g.: "0.0.7" → "0.0.8". If not specified, it will default to "0000".

The Resulting Stemcell

You can find the resulting stemcell in the tmp/ directory of the host, or in the /opt/bosh/tmp directory in the Docker container. Using the above example, the stemcell would be at tmp/bosh-stemcell-0.0.8-vsphere-esxi-ubuntu-resolute-go_agent.tgz. You can upload the stemcell to a BOSH Director:

bosh upload-stemcell tmp/bosh-stemcell-0.0.8-vsphere-esxi-ubuntu-resolute-go_agent.tgz

Testing

How to run tests for OS Images

The OS tests are meant to be run against the OS environment to which they belong. When you run the stemcell:build_os_image rake task, it will create a .raw OS image that it runs the OS specific tests against. You will need to run the rake task the first time you create your docker container, but everytime after, as long as you do not destroy the container, you should be able to run the specific tests.

To run the OS image tests (assuming you've already built the OS image at the tmp/ubuntu_base_image.tgz and you're within the Docker container):

cd /opt/bosh/bosh-stemcell
OS_IMAGE=/opt/bosh/tmp/ubuntu_base_image.tgz bundle exec rspec -fd spec/os_image/ubuntu_spec.rb

How to Run Tests for Stemcell

When you run the stemcell:build_with_local_os_image or stemcell:build rake task, it will create a stemcell that it runs the stemcell specific tests against. You will need to run the rake task the first time you create your docker container, but everytime after, as long as you do not destroy the container, you should be able to run the specific tests:

cd /opt/bosh/bosh-stemcell; \
STEMCELL_IMAGE=/mnt/stemcells/vsphere/esxi/ubuntu/work/work/vsphere-esxi-ubuntu.raw \
STEMCELL_WORKDIR=/mnt/stemcells/vsphere/esxi/ubuntu/work/work/chroot \
OS_NAME=ubuntu \
bundle exec rspec -fd --tag ~exclude_on_vsphere \
spec/os_image/ubuntu_spec.rb \
spec/stemcells/ubuntu_spec.rb \
spec/stemcells/go_agent_spec.rb \
spec/stemcells/vsphere_spec.rb \
spec/stemcells/stig_spec.rb \
spec/stemcells/cis_spec.rb

How to run tests for ShelloutTypes

In pursuit of more robustly testing, we wrote our testing library for stemcell contents, called ShelloutTypes.

The ShelloutTypes code has its own unit tests, but require root privileges and an ubuntu chroot environment to run. For this reason, we use the bosh/main-ubuntu-chroot docker image for unit tests. To run these unit tests locally, run:

bundle install --local
cd /opt/bosh/bosh-stemcell
OS_IMAGE=/opt/bosh/tmp/ubuntu_base_image.tgz bundle exec rspec spec/ --tag shellout_types

If on macOS, run:

OSX=true OS_IMAGE=/opt/bosh/tmp/ubuntu_base_image.tgz bundle exec rspec spec/ --tag shellout_types

How to run tests for BOSH Linux Stemcell Builder

The BOSH Linux Stemcell Builder code itself can be tested with the following commands:

bundle install --local
cd /opt/bosh/bosh-stemcell
bundle exec rspec spec/

Troubleshooting

If you find yourself debugging any of the above processes, here is what you need to know:

0. Most of the action happens in Bash scripts, which are referred to as stages, and can be found in stemcell_builder/stages/<stage_name>/apply.sh.

1. While debugging a particular stage that is failing, you can resume the process from that stage by adding resume_from=<stage_name> to the end of your bundle exec rake command. When a stage's apply.sh fails, you should see a message of the form Can't find stage '<stage>' to resume from. Aborting. so you know which stage failed and where you can resume from after fixing the problem. Please use caution as stages are not guaranteed to be idempotent.

   Example usage:

   bundle exec rake stemcell:build_os_image[ubuntu,resolute,$PWD/tmp/ubuntu_base_image.tgz] resume_from=rsyslog_config

Pro Tips

• If the OS image has been built and so long as you only make test case modifications you can rerun the tests (without rebuilding OS image). Details in section How to run tests for OS Images
• If the Stemcell has been built and you are only updating tests, you do not need to re-build the stemcell. You can simply rerun the tests (without rebuilding Stemcell). Details in section How to run tests for Stemcell
• It's possible to verify OS/Stemcell changes without making a deployment using the stemcell. For a vSphere-specific Ubuntu stemcell, the filesystem is available at /mnt/stemcells/vsphere/esxi/ubuntu/work/work/chroot

External Assets

The OVF Tool is only required for building vSphere stemcells. Download "OVF Tool for Linux Zip" from Broadcom's developer portal.

Extract the zip and place the resulting ovftool/ directory inside the Docker build context so that the Dockerfile's COPY ovftool/ /usr/lib/vmware-ovftool/ can find it:

cd ci/docker/os-image-stemcell-builder-resolute/
unzip ~/Downloads/VMware-ovftool-*.zip   # creates ovftool/ in the current directory

The ovftool/ directory is already in .gitignore and will not be committed.

Rebuilding the Docker Image

You will need the ovftool/ directory present in ci/docker/os-image-stemcell-builder-resolute/ (see External Assets above). Then build the image:

docker build -t bosh/os-image-stemcell-builder:resolute \
  ci/docker/os-image-stemcell-builder-resolute/