update ubuntu24-x86_64-minimal-ptl-pv-raw.yml with latest SREL and AREL#667
update ubuntu24-x86_64-minimal-ptl-pv-raw.yml with latest SREL and AREL#667devendragajjarintel wants to merge 2 commits into
Conversation
changes , add configuration steps Signed-off-by: devendragajjarintel <devendra.gajjar@intel.com>
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates the Ubuntu 24 minimal PTL PV raw image template to align with newer kernel/userspace requirements and additional post-install configuration.
Changes:
- Increase disk and swap sizing for the image layout.
- Update Intel kernel packages to 6.18 and refresh GPU runtime download versions.
- Add a local user and several post-install configuration commands (GRUB, sudoers, firmware, etc.).
| - name: user | ||
| password: user1234 | ||
| groups: ["sudo"] |
| - cmd: "echo 'sys_olvtelemetry ALL=(ALL) NOPASSWD: /usr/sbin/biosdecode, /usr/sbin/dmidecode, /usr/sbin/ownership, /usr/sbin/vpddecode' > /etc/sudoers.d/user-sudo" | ||
| - cmd: "echo 'user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/user-sudo" | ||
| - cmd: "chmod 440 /etc/sudoers.d/user-sudo" |
| - cmd: "echo 'kernel.printk = 7 4 1 7' > /etc/sysctl.d/99-kernel-printk.conf" | ||
| - cmd: "echo 'kernel.dmesg_restrict = 0' >> /etc/sysctl.d/99-kernel-printk.conf" | ||
| # Keep swap UUID stable as in installer.sh and ensure fstab points to it | ||
| - cmd: "swap_dev=$(blkid -t TYPE=swap -o device | head -n1 || true); [ -n \"$swap_dev\" ] && mkswap \"$swap_dev\" -U 6443e3b1-12bc-41d0-83d8-e5c25477b5a0 || true" |
| - cmd: "[ -f /etc/gdm3/custom.conf ] && sed -i 's/.*AutomaticLoginEnable =.*/AutomaticLoginEnable = true/g' /etc/gdm3/custom.conf || true" | ||
| - cmd: "[ -f /etc/gdm3/custom.conf ] && sed -i 's/.*AutomaticLogin = user1/AutomaticLogin = user/g' /etc/gdm3/custom.conf || true" |
There was a problem hiding this comment.
agreed , in that case we can remove this
| - cmd: "wget https://github.com/intel/intel-graphics-compiler/releases/download/v2.28.4/intel-igc-core-2_2.28.4+20760_amd64.deb -O /tmp/gpu-packages/intel-igc-core-2_2.20.3+19972_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: intel-igc-core-2 download failed'" | ||
| - cmd: "wget https://github.com/intel/intel-graphics-compiler/releases/download/v2.28.4/intel-igc-opencl-2_2.28.4+20760_amd64.deb -O /tmp/gpu-packages/intel-igc-opencl-2_2.20.3+19972_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: intel-igc-opencl-2 download failed'" | ||
| - cmd: "wget https://github.com/intel/compute-runtime/releases/download/26.05.37020.3/intel-ocloc_26.05.37020.3-0_amd64.deb -O /tmp/gpu-packages/intel-ocloc_25.40.35563.4-0_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: intel-ocloc download failed'" | ||
| - cmd: "wget https://github.com/intel/compute-runtime/releases/download/26.05.37020.3/intel-opencl-icd_26.05.37020.3-0_amd64.deb -O /tmp/gpu-packages/intel-opencl-icd_25.40.35563.4-0_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: intel-opencl-icd download failed'" | ||
| - cmd: "wget https://github.com/intel/compute-runtime/releases/download/26.05.37020.3/libze-intel-gpu1_26.05.37020.3-0_amd64.deb -O /tmp/gpu-packages/libze-intel-gpu1_25.40.35563.4-0_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: libze-intel-gpu1 download failed'" |
| - cmd: "wget https://github.com/intel/compute-runtime/releases/download/25.40.35563.4/intel-ocloc_25.40.35563.4-0_amd64.deb -O /tmp/gpu-packages/intel-ocloc_25.40.35563.4-0_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: intel-ocloc download failed'" | ||
| - cmd: "wget https://github.com/intel/compute-runtime/releases/download/25.40.35563.4/intel-opencl-icd_25.40.35563.4-0_amd64.deb -O /tmp/gpu-packages/intel-opencl-icd_25.40.35563.4-0_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: intel-opencl-icd download failed'" | ||
| - cmd: "wget https://github.com/intel/compute-runtime/releases/download/25.40.35563.4/libze-intel-gpu1_25.40.35563.4-0_amd64.deb -O /tmp/gpu-packages/libze-intel-gpu1_25.40.35563.4-0_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: libze-intel-gpu1 download failed'" | ||
| - cmd: "wget https://github.com/intel/intel-graphics-compiler/releases/download/v2.28.4/intel-igc-core-2_2.28.4+20760_amd64.deb -O /tmp/gpu-packages/intel-igc-core-2_2.20.3+19972_amd64.deb --no-check-certificate 2>&1 || echo 'Warning: intel-igc-core-2 download failed'" |
There was a problem hiding this comment.
@devendragajjarintel We might need to address this. Disables TLS verification for GPU package downloads from GitHub. This was there since day 1 but may raise alarms at some point if used in production, as it is vulnerable to MITM.
There was a problem hiding this comment.
agree let me check what are the option we have to install certificate when chroot is creating image
| # Install build dependencies | ||
| #- cmd: "apt install -y --allow-downgrades git quilt libssl-dev kernel-wedge liblz4-tool libelf-dev flex bison libdw-dev" | ||
| - cmd: "[ -f /etc/gdm3/custom.conf ] && sed -i 's/#WaylandEnable=/WaylandEnable=/g' /etc/gdm3/custom.conf || true" | ||
| - cmd: "[ -f /etc/apt/apt.conf.d/20auto-upgrades ] && sed -i 's/\"1\"/\"0\"/g' /etc/apt/apt.conf.d/20auto-upgrades || true" |
|
review is required , |
| - type: raw | ||
| compression: gz | ||
| size: 32GiB | ||
| size: 63GiB |
There was a problem hiding this comment.
Is it intentional to choose 63GB instead of 64GB ?
There was a problem hiding this comment.
it can be made to 64 GB
I increased storage to run Silver test case , i calculated and increased according to requirement
| - linux-image-6.18-intel_260427t075939z-r2 | ||
| - linux-headers-6.18-intel_260427t075939z-r2 | ||
| users: | ||
| - name: user |
There was a problem hiding this comment.
user credentials can not be comitted
There was a problem hiding this comment.
sure,
i can remove that , i can add credential in template locally when we create image
| - cmd: "grep -qxF 'set enable-bracketed-paste off' /etc/inputrc || echo 'set enable-bracketed-paste off' >> /etc/inputrc" | ||
| # Mirror installer.sh sudoers setup for passwordless sudo access | ||
| - cmd: "echo 'sys_olvtelemetry ALL=(ALL) NOPASSWD: /usr/sbin/biosdecode, /usr/sbin/dmidecode, /usr/sbin/ownership, /usr/sbin/vpddecode' > /etc/sudoers.d/user-sudo" | ||
| - cmd: "echo 'user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/user-sudo" |
There was a problem hiding this comment.
Grants unrestricted passwordless May not be a good idea for production system image.
There was a problem hiding this comment.
agreed ,
as this is image was created to run silver test coverage . some test case need password less access so i added , can be removed , and added locally when we create image for internal test
| - cmd: "[ -f /etc/gdm3/custom.conf ] && sed -i 's/.*AutomaticLoginEnable =.*/AutomaticLoginEnable = true/g' /etc/gdm3/custom.conf || true" | ||
| - cmd: "[ -f /etc/gdm3/custom.conf ] && sed -i 's/.*AutomaticLogin = user1/AutomaticLogin = user/g' /etc/gdm3/custom.conf || true" | ||
| - cmd: "echo 'kernel.printk = 7 4 1 7' > /etc/sysctl.d/99-kernel-printk.conf" | ||
| - cmd: "echo 'kernel.dmesg_restrict = 0' >> /etc/sysctl.d/99-kernel-printk.conf" |
There was a problem hiding this comment.
Exposes full kernel logs to unprivileged users. Acceptable only in debug/test images; If its for debugging, you may create separate template or add on the fly
There was a problem hiding this comment.
agreed, sure i will update
| fsType: linux-swap | ||
| start: 1025MiB | ||
| end: 3073MiB | ||
| end: 9217MiB |
There was a problem hiding this comment.
2 GB to 8 GB. That's a large swap for most edge workloads. If this is intentional for PTL PV then you may want to document.
There was a problem hiding this comment.
i increased to 8GB as out current silver PMSST test case expects 8GB Swap , i can make it local change as it is not required for external image
|
@devendragajjarintel Please fill the PR template |
| - cmd: "curl -s https://af01p-ir.devtools.intel.com/artifactory/drivers_vpu_linux_client-ir-local/builds/opensource-linux-vpu-driver/ci/opensource_main/npu-linux-driver-ci-1.30.0.20260315-23110866573/linux-npu-driver-v1.30.0.20260315-23110866573-ubuntu2404.tar.gz | tar -zxv --strip-components=1 -C /tmp/npu-drv-package -f -" | ||
| - cmd: "cd /tmp/npu-drv-package && dpkg -i *.deb" | ||
| - cmd: "mkdir -pv /lib/firmware/intel/sof-ipc4/mtl/ /lib/firmware/intel/sof-ace-tplg/" | ||
| - cmd: "wget https://af01p-png.devtools.intel.com/artifactory/hspe-edge-png-local/ubuntu-mtl-audio-tplg-6/c0/intel/sof-ipc4/mtl/sof-mtl.ldc -O /lib/firmware/intel/sof-ipc4/mtl/sof-mtl.ldc" |
There was a problem hiding this comment.
Is this for the time being? as it will not be accessible outside.
There was a problem hiding this comment.
These were removed earlier as well. Guess these have been added for some internal validation pipeline. Need to be removed here in opensource.
| - cmd: "update-initramfs -u" | ||
| # Mirror installer.sh InternalConfigSetup baseline settings | ||
| # Install build dependencies | ||
| #- cmd: "apt install -y --allow-downgrades git quilt libssl-dev kernel-wedge liblz4-tool libelf-dev flex bison libdw-dev" |
There was a problem hiding this comment.
dead code. remove if not needed
| @@ -1 +1 @@ | |||
| # AI-searchable metadata for template discovery | |||
There was a problem hiding this comment.
Add metadata at the begining. This is used in AI assistem template generation. Refer other templates.
There was a problem hiding this comment.
i will update metadata
Signed-off-by: devendragajjarintel <devendra.gajjar@intel.com>
changes , add configuration steps
Merge Checklist
All boxes should be checked before merging the PR
Description
Any Newly Introduced Dependencies
How Has This Been Tested?