diff --git a/build b/build index 7ff618c..ef5af55 100755 --- a/build +++ b/build @@ -9,6 +9,8 @@ VERSION=${3} RCP_DIR="./recipes" PACKER=${PACKER:-packer} +BUILDER=${BUILDER:-qemu} + # # Init packer # install plugins @@ -23,8 +25,8 @@ initPacker() { # First the "base" image then the provisionned ones # run() { - ${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.qemu.${OS}" "${RCP_DIR}/${OS}/." - ${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.qemu.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/." } # @@ -34,7 +36,7 @@ run_build() { target=${4} ${PACKER} build ${PACKER_OPTS} -force \ -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" \ - -only="${target}.qemu.${OS}" \ + -only="${target}.${BUILDER}.${OS}" \ "${RCP_DIR}/${OS}/." } @@ -45,7 +47,7 @@ run_many() { targets="${@:4}" only="" for target in ${targets};do - only="${only}-only=${target}.qemu.${OS} " + only="${only}-only=${target}.${BUILDER}.${OS} " done ${PACKER} build ${PACKER_OPTS} -force \ @@ -132,6 +134,11 @@ case "${ACTION}" in initPacker "${2}" || exit 1 run_build $@ ;; + + "runVMW") + initPacker "${2}" || exit 1 + run_build $@ + ;; "mrun") initPacker "${2}" || exit 1 diff --git a/recipes/alpine/3.18.pkrvars.hcl b/recipes/alpine/3.18.pkrvars.hcl new file mode 100644 index 0000000..bdbee73 --- /dev/null +++ b/recipes/alpine/3.18.pkrvars.hcl @@ -0,0 +1,6 @@ +name = "alpine" +version = "3.18.2" +short_version = "3.18" +arch = "x86_64" +source_url = "https://dl-cdn.alpinelinux.org/alpine" +iso_cd_checksum = "6bc7ff54f5249bfb67082e1cf261aaa6f307d05f64089d3909e18b2b0481467f" \ No newline at end of file diff --git a/recipes/alpine/emissary.hcl b/recipes/alpine/emissary.hcl new file mode 100644 index 0000000..8e0c128 --- /dev/null +++ b/recipes/alpine/emissary.hcl @@ -0,0 +1,76 @@ +#Flavour emissary +build { + name = "emissary" + description = <" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.emissary)}" + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${local.dirs.provisionning}/one-context.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'", + "sh -cx 'sh /tmp/${build.name}.sh'" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/emissary ${var.image_version}", + "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-emissary -c 'Emissary base image' --image-file ${var.output_dir}/${var.version}/provisionned/emissary/${local.output_name}-${var.version}-emissary.img", + "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/emissary.xml -n ${local.output_name}-${var.version}-emissary --image-name ${local.output_name}-${var.version}-emissary" + ] + } + +} diff --git a/recipes/alpine/harbor.pkr.hcl b/recipes/alpine/harbor.pkr.hcl new file mode 100644 index 0000000..f6df9e5 --- /dev/null +++ b/recipes/alpine/harbor.pkr.hcl @@ -0,0 +1,97 @@ +#Flavour ${build.name} +build { + name = "${local.Harbor.Name}" + description = <" ] + ssh_clear_authorized_keys = true + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${path.cwd}/provisionning/${var.name}/${build.name}.sh" + } + + provisioner "file" { + destination = "/tmp/install-${build.name}.sh" + source = "${path.cwd}/provisionning/${build.name}/install.sh" + } + + provisioner "file" { + destination = "/tmp/install-templater.sh" + source = "${path.cwd}/provisionning/templater/install.sh" + } + + // Install OpenNebula context tool + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${path.cwd}/provisionning/${var.name}/one-context.sh" + } + + // Deploy the opennebula context script to manage configuration + provisioner "file" { + destination = "/tmp/net-96-templater" + source = "${path.cwd}/provisionning/one-context/net-96-templater" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'", + "sh -cx 'sh /tmp/${build.name}.sh'", + "sh -cx 'sh /tmp/install-templater.sh'", + "sh -cx 'sh /tmp/install-${build.name}.sh'", + "sh -cx 'cp /tmp/net-96-templater /etc/one-context.d/net-96-templater'", + "sh -cx 'chmod +x /etc/one-context.d/net-96-templater'" + ] + } + + provisioner "file" { + name = "templater" + destination = "${local.Config.ConfigFiles[0].destination}" + content = templatefile("${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}", local.Config) + } + + + // Create Builder directories on the image. + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}/${build.name}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.TemplateDir}/${build.name}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}/${build.name}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.ValueDir}/${build.name}'", + "sh -cx 'mkdir -p ${local.Config.StorageRoot}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.Config.StorageRoot}'" ] + } + + // Copy configuration template on the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/${build.name}/${local.Config.ConfigFiles[0].source}" + source = "${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}/values.json" + content = "${jsonencode(local.Config)}" + } + + post-processor "shell-local" { + name = "publish" + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${build.name} ${var.image_version}", + "ruby ${path.cwd}/tools/one-templates -t image -T ${path.cwd}/templates/one/image/common.tpl -n ${local.output_name}-${var.version}-${build.name} -c '${build.name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${build.name}/${local.output_name}-${var.version}-${build.name}.img", + "ruby ${path.cwd}/tools/one-templates -t vm -T ${path.cwd}/templates/one/vm/${build.name}.xml -n ${local.output_name}-${var.version}-${build.name} --image-name ${local.output_name}-${var.version}-${build.name}", + ] + } + +} \ No newline at end of file diff --git a/recipes/alpine/locals.harbor.pkr.hcl b/recipes/alpine/locals.harbor.pkr.hcl new file mode 100644 index 0000000..4f1e99a --- /dev/null +++ b/recipes/alpine/locals.harbor.pkr.hcl @@ -0,0 +1,22 @@ +locals { + ServiceHarbor = { + ConfigFiles = [ + { + destination = "/etc/harbor/harbor.yaml" + source = "habor.yaml.pktpl.hcl" + mod = "600" + } + ] + AuthEnabled = false + User = "harbor" + Group = "harbor" + HarborDomain = "reg.cadoles.com" + } + Harbor = { + Name = "harbor" + Globals = local.Globals + Services = { + Harbor = local.ServiceHarbor + } + } +} \ No newline at end of file diff --git a/recipes/alpine/locals.matchbox.pkr.hcl b/recipes/alpine/locals.matchbox.pkr.hcl index dbb67dc..9951e58 100644 --- a/recipes/alpine/locals.matchbox.pkr.hcl +++ b/recipes/alpine/locals.matchbox.pkr.hcl @@ -38,6 +38,12 @@ locals { url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" enabled = true } + AlpineEdgeCommunity = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/community" + enabled = true + } } Packages = { dnsmasq = { @@ -117,4 +123,4 @@ locals { MatchBox = local.ServiceMatchBox } } -} \ No newline at end of file +} diff --git a/recipes/alpine/locals.nuo-harbor.pkr.hcl b/recipes/alpine/locals.nuo-harbor.pkr.hcl new file mode 100644 index 0000000..ec99fbc --- /dev/null +++ b/recipes/alpine/locals.nuo-harbor.pkr.hcl @@ -0,0 +1,87 @@ +locals { + ServiceNuoHarbor = { + ConfigFiles = [ + { + destination = "/etc/harbor/harbor.yaml" + source = "harbor/habor.yaml.pktpl.hcl" + mod = "600" + }, + { + destination = "/etc/subuid" + source = "harbor/subuid.pktpl.hcl" + mod = "600" + }, + { + destination = "/etc/subgid" + source = "harbor/subgid.pktpl.hcl" + mod = "600" + } + ] + Vars = { + AuthEnabled = false + User = "harbor" + Group = "harbor" + HarborDomain = "reg.k8s.in.nuonet.fr" + NIC = [ + { + Name = "eth0" + IP = "192.168.160.10" + Mask = "255.255.254.0" + Gateway = "192.168.160.1" + } + ] + DNS = [ "192.168.160.10" ] + Set = { Hostname = "reg.k8s.in.nuonet.fr" } + } + Packages = { + docker = { + name = "docker" + action = "install" + } + docker-rootless-extras = { + name = "docker-rootless-extras" + action = "install" + } + docker-compose = { + name = "docker-compose" + action = "install" + } + gpg = { + name = "gpg" + action = "install" + } + } + Daemons = { + docker = { + name = "docker" + type = "auto" + enabled = true + } + cgroups = { + name = "cgroups" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + Users = { + harbor = { + username = "harbor" + group = "harbor" + home = "/srv/harbor" + shell = "/bin/nologin" + } + } + } + NuoHarbor = { + Name = "nuo-harbor" + Globals = local.Globals + Services = { + Harbor = local.ServiceNuoHarbor + } + } +} \ No newline at end of file diff --git a/recipes/alpine/locals.nuo-matchbox.pkr.hcl b/recipes/alpine/locals.nuo-matchbox.pkr.hcl new file mode 100644 index 0000000..8d74353 --- /dev/null +++ b/recipes/alpine/locals.nuo-matchbox.pkr.hcl @@ -0,0 +1,171 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceNuoMatchBox = { + ConfigFiles = [ + { + destination = "/etc/dnsmasq.d/pxe.conf" + source = "dnsmasq.d/ipxe.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/dnsmasq-hosts.conf" + source = "dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl" + mode = "600" + owner = "dnsmasq" + group = "root" + }, + { + destination = "/etc/conf.d/matchbox" + source = "conf.d/matchbox.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/init.d/matchbox" + source = "init.d/matchbox.pktpl.hcl" + mode = "700" + owner = "root" + group = "root" + }, + { + destination = "/etc/network/interfaces" + source = "network/interfaces.pktpl.hcl" + mode = "700" + owner = "root" + group = "root" + }, + { + destination = "/etc/resolv.conf" + source = "resolv.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/hostname" + source = "hostname.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + AlpineEdgeCommunity = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/community" + enabled = true + } + } + Packages = { + dnsmasq = { + name = "dnsmasq" + action = "install" + } + terraform = { + name = "terraform" + action = "install" + } + git = { + name = "git" + action = "install" + } + kubectl = { + name = "kubectl" + action = "install" + } + gpg = { + name = "gpg" + action = "install" + } + vmtools = { + name = "open-vm-tools" + action = "install" + } + bash = { + name = "bash" + action = "install" + } + } + Vars = { + PXE = { + DHCPMode = "standalone" + DNSDomain = "k8s.in.nuonet.fr" + ListenInterface = "eth0" + GreetingMessage = "Nuo PXE Boot Server" + DelayTime = "5" + BootingMessage = "Booting from network the Nuo way" + DHCPRangeStart = "192.168.160.20" + DHCPRangeEnd = "192.168.160.60" + DHCPLeaseDuration = "48h" + TFTPRoot = "/var/lib/tftpboot" + } + DNSMasq = { + Hosts = [ + { + Name = "reg.k8s.in.nuonet.fr" + IP = "192.168.160.11" + } + ] + } + MatchBox = { + Hostname = "mb.k8s.in.nuonet.fr" + HTTPPort = "8080" + gRPCPort = "8081" + LogLevel = "info" + } + NIC = [ + { + Name = "eth0" + IP = "192.168.160.10" + Mask = "255.255.254.0" + Gateway = "192.168.160.1" + } + ] + DNS = [ "10.253.50.105" ] + Hosts = [ + { + Name = "harbor.k8s.in.nuonet.fr" + IP = "192.168.160.11" + } + ] + Set = { Hostname = "mb.k8s.in.nuonet.fr" } + } + Users = {} + Daemons = { + matchbox = { + name = "matchbox" + type = "auto" + enabled = true + } + dnsmasq = { + name = "dnsmasq" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + NuoMatchBox = { + Name = "nuo-matchbox" + Globals = local.Globals + Services = { + NuoMatchBox = local.ServiceNuoMatchBox + } + } +} diff --git a/recipes/alpine/locals.pkr.hcl b/recipes/alpine/locals.pkr.hcl index 8a562ad..d6bd5e2 100644 --- a/recipes/alpine/locals.pkr.hcl +++ b/recipes/alpine/locals.pkr.hcl @@ -20,5 +20,11 @@ locals { installOpts = { hostname = var.name user = "eole" + disk_device = "/dev/vda" + } + installOptsVMWare = { + hostname = var.name + user = "eole" + disk_device = "/dev/sda" } } diff --git a/recipes/alpine/main.pkr.hcl b/recipes/alpine/main.pkr.hcl index b7ddac4..87e81e1 100644 --- a/recipes/alpine/main.pkr.hcl +++ b/recipes/alpine/main.pkr.hcl @@ -5,6 +5,29 @@ build { This builder builds a QEMU image from an Alpine "virt" CD ISO file. EOF + source "vmware-iso.alpine" { + output_directory = "${var.output_dir}/${var.version}/base" + vm_name = "${local.output_name}-${var.version}.img" + disk_size = 8000 + iso_url = "${local.source_iso}" + iso_checksum = "${var.iso_cd_checksum}" + http_content = { + "/ssh-packer-pub.key" = data.sshkey.install.public_key + "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare) + } + boot_command = [ + "root", + "", + "setup-interfaces", + "ifup eth0", + "mkdir -p .ssh", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", + "chmod 600 .ssh/authorized_keys", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/install.conf", + "setup-sshd -c openssh -k .ssh/authorized_keys", + ] + } + source "qemu.alpine" { output_directory = "${var.output_dir}/${var.version}/base" vm_name = "${local.output_name}-${var.version}.img" diff --git a/recipes/alpine/matchbox.pkr.hcl b/recipes/alpine/matchbox.pkr.hcl index cece909..358f8d1 100644 --- a/recipes/alpine/matchbox.pkr.hcl +++ b/recipes/alpine/matchbox.pkr.hcl @@ -92,9 +92,7 @@ EOF post-processor "shell-local" { inline = [ - "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/matchbox ${var.image_version}", - "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-matchbox -c 'Matchbox base image' --image-file ${var.output_dir}/${var.version}/provisionned/matchbox/${local.output_name}-${var.version}-matchbox.img", - "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/matchbox.xml -n ${local.output_name}-${var.version}-matchbox --image-name ${local.output_name}-${var.version}-matchbox" + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/matchbox ${var.image_version}" ] } diff --git a/recipes/alpine/nuo-harbor.pkr.hcl b/recipes/alpine/nuo-harbor.pkr.hcl new file mode 100644 index 0000000..80cc86a --- /dev/null +++ b/recipes/alpine/nuo-harbor.pkr.hcl @@ -0,0 +1,105 @@ +#Flavour ${build.name} +build { + name = "nuo-harbor" + description = <" ] + ssh_clear_authorized_keys = true + } + + source "source.qemu.alpine" { + output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Config.Name}" + vm_name = "${local.output_name}-${var.version}-${local.Config.Name}.img" + iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" + iso_checksum = "none" + disk_size = 40960 + disk_image = true + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${path.cwd}/provisionning/${var.name}/${build.name}.sh" + } + + provisioner "file" { + destination = "/tmp/install-${build.name}.sh" + source = "${path.cwd}/provisionning/${build.name}/install.sh" + } + + provisioner "file" { + destination = "/tmp/install-templater.sh" + source = "${path.cwd}/provisionning/templater/install.sh" + } + + // Install OpenNebula context tool + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${path.cwd}/provisionning/${var.name}/one-context.sh" + } + + // Deploy the opennebula context script to manage configuration + provisioner "file" { + destination = "/tmp/net-96-templater" + source = "${path.cwd}/provisionning/one-context/net-96-templater" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'", + "sh -cx 'sh /tmp/${build.name}.sh'", + "sh -cx 'sh /tmp/install-templater.sh'", + "sh -cx 'sh /tmp/install-${build.name}.sh'", + "sh -cx 'cp /tmp/net-96-templater /etc/one-context.d/net-96-templater'", + "sh -cx 'chmod +x /etc/one-context.d/net-96-templater'" + ] + } + + provisioner "file" { + name = "templater" + destination = "${local.Config.ConfigFiles[0].destination}" + content = templatefile("${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}", local.Config) + } + + + // Create Builder directories on the image. + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}/${build.name}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.TemplateDir}/${build.name}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}/${build.name}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.ValueDir}/${build.name}'", + "sh -cx 'mkdir -p ${local.Config.StorageRoot}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.Config.StorageRoot}'" ] + } + + // Copy configuration template on the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/${build.name}/${local.Config.ConfigFiles[0].source}" + source = "${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}/values.json" + content = "${jsonencode(local.Config)}" + } + + post-processor "shell-local" { + name = "publish" + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${build.name} ${var.image_version}", + "ruby ${path.cwd}/tools/one-templates -t image -T ${path.cwd}/templates/one/image/common.tpl -n ${local.output_name}-${var.version}-${build.name} -c '${build.name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${build.name}/${local.output_name}-${var.version}-${build.name}.img", + "ruby ${path.cwd}/tools/one-templates -t vm -T ${path.cwd}/templates/one/vm/${build.name}.xml -n ${local.output_name}-${var.version}-${build.name} --image-name ${local.output_name}-${var.version}-${build.name}", + ] + } + +} \ No newline at end of file diff --git a/recipes/alpine/nuo-matchbox.pkr.hcl b/recipes/alpine/nuo-matchbox.pkr.hcl new file mode 100644 index 0000000..6b52e02 --- /dev/null +++ b/recipes/alpine/nuo-matchbox.pkr.hcl @@ -0,0 +1,120 @@ +#Flavour nuo-matchbox +build { + name = "nuo-matchbox" + description = <" ] + ssh_clear_authorized_keys = true + } + + source "source.qemu.alpine" { + output_directory = "${var.output_dir}/${var.version}/provisionned/nuo-matchbox" + vm_name = "${local.output_name}-${var.version}-nuo-matchbox.img" + iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" + iso_checksum = "none" + disk_size = 40960 + disk_image = true + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.NuoMatchBox)}" + } + + // Copy nuo-matchbox boot provisionning script + provisioner "file" { + destination = "/etc/local.d/initmatchbox.start" + source = "${local.locations.provisionning}/conf/${build.name}/initmatchbox.start" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + provisioner "file" { + destination = "/etc/local.d/templater.start" + source = "${local.locations.provisionning}/conf/${build.name}/templater.start" + } + + // Copy tftp provisionning script + provisioner "file" { + destination = "/etc/local.d/inittftp.start" + source = "${local.locations.provisionning}/conf/${build.name}/inittftp.start" + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/${build.name}.sh'" + ] + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/initmatchbox.start", + "chmod +x /etc/local.d/templater.start", + "chmod +x /etc/local.d/inittftp.start" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/nuo-matchbox ${var.image_version}" + ] + } + +} diff --git a/recipes/alpine/plugins.pkr.hcl b/recipes/alpine/plugins.pkr.hcl index 676a4b4..889b389 100644 --- a/recipes/alpine/plugins.pkr.hcl +++ b/recipes/alpine/plugins.pkr.hcl @@ -4,6 +4,10 @@ packer { version = ">= 1.0.1" source = "github.com/ivoronin/sshkey" } + vmware = { + version = ">= 1.0.8" + source = "github.com/hashicorp/vmware" + } } } diff --git a/recipes/alpine/provisionning/alpine-3.16-install.sh b/recipes/alpine/provisionning/alpine-3.16-install.sh index 1bdc826..256fa92 100644 --- a/recipes/alpine/provisionning/alpine-3.16-install.sh +++ b/recipes/alpine/provisionning/alpine-3.16-install.sh @@ -11,5 +11,6 @@ cp -rp .ssh /mnt/root/ sync umount /mnt + echo "Rebooting the host after install" reboot -nf \ No newline at end of file diff --git a/recipes/alpine/provisionning/alpine-3.16-postinstall.sh b/recipes/alpine/provisionning/alpine-3.16-postinstall.sh index 9c3af99..181f501 100644 --- a/recipes/alpine/provisionning/alpine-3.16-postinstall.sh +++ b/recipes/alpine/provisionning/alpine-3.16-postinstall.sh @@ -1,7 +1,7 @@ #!/bin/sh set -xeo pipefail -apk add --no-cache wget curl jq haveged ca-certificates rsyslog +apk add --no-cache wget curl jq haveged ca-certificates rsyslog bash shadow rc-update add haveged boot rc-update add rsyslog boot @@ -18,4 +18,6 @@ echo -e "${pass}\n${pass}" | passwd # We don't need an access to ttyS0 sed -i 's@^\(ttyS0::respawn.*\)@#\1@' /etc/inittab +usermod --password $( echo "Cadoles;21" | openssl passwd -1 -stdin) root + sync diff --git a/recipes/alpine/provisionning/alpine-3.18-install.sh b/recipes/alpine/provisionning/alpine-3.18-install.sh new file mode 120000 index 0000000..2d4ac84 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.18-install.sh @@ -0,0 +1 @@ +alpine-3.16-install.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/alpine-3.18-postinstall.sh b/recipes/alpine/provisionning/alpine-3.18-postinstall.sh new file mode 120000 index 0000000..db37049 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.18-postinstall.sh @@ -0,0 +1 @@ +alpine-3.16-postinstall.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/harbor/subgid.pktpl.hcl b/recipes/alpine/provisionning/conf/harbor/subgid.pktpl.hcl new file mode 100644 index 0000000..4b0808d --- /dev/null +++ b/recipes/alpine/provisionning/conf/harbor/subgid.pktpl.hcl @@ -0,0 +1 @@ +harbor:231072:65536 \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/harbor/subuid.pktpl.hcl b/recipes/alpine/provisionning/conf/harbor/subuid.pktpl.hcl new file mode 100644 index 0000000..4b0808d --- /dev/null +++ b/recipes/alpine/provisionning/conf/harbor/subuid.pktpl.hcl @@ -0,0 +1 @@ +harbor:231072:65536 \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/matchbox/templater.start b/recipes/alpine/provisionning/conf/matchbox/templater.start new file mode 100644 index 0000000..f4f253d --- /dev/null +++ b/recipes/alpine/provisionning/conf/matchbox/templater.start @@ -0,0 +1,104 @@ +#!/usr/bin/env bash + +# +# Generate all the configuration files +# Get all the values from the VLS_DIR +# Process each template from the TPL_DIR with this values +# + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} +TPL_DIR="/usr/share/builder/templates" +VLS_DIR="/usr/share/builder/values" +CONFIG="" + +if [ -f "${ENV_FILE}" ]; then +. ${ENV_FILE} +fi + +BTR="$(command -v btr)" +if [ "${?}" -ne 0 ]; then + echo "Warning: Nothing to do the templater is not installed" + exit 0 +fi + +if [ ! -e "${TPL_DIR}" ]; then + echo "Error: The template dir is missing (${TPL_DIR})" + exit 1 +fi + +if [ ! -e "${VLS_DIR}" ]; then + echo "Error: The template dir is missing (${VLS_DIR})" + exit 1 +fi + +jsonQuery() { + local data="${1}" + local query="${2}" + echo "${data}" | jq -cr "${query}" +} + +# NAME: @jsonMerge +# AIM: Merge two json structures +# NOTES: +# The last one has de last word +# if you have the same key in A and B +# this keeps the value of the B structure. +# PARAMS: +# $1: original JSON Structure +# $2: updated JSON Structure +jsonMerge() { + local data="${1}" + local data2="${2}" + + echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]" +} + +jsonUpdateVal() { + local json="${1}" + local key="${2}" + local value="${3}" + + echo "${json}" | jq --arg a "${value}" "${key} = \$a" +} + +getValues() { + + local values="" + + for file in $(find ${VLS_DIR} -name "*.json"); do + values="${values}$(cat ${file})" + done + + if [ -n "${RAW_CONFIG}" ]; then + values="$(jsonMerge ${values} ${RAW_CONFIG})" + fi + + for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do + for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do + ukey=${key^^} + vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")" + if [ ${?} -eq 0 ]; then + for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do + uvar=${var^^} + val=$(eval echo "\$${ukey}_${uvar}") + if [ -n "${val}" ]; then + values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}") + fi + done + else + values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}") + fi + done + done + echo ${values} +} + +processTemplates() { + ${BTR} -t ${TPL_DIR} -c "${1}" +} + +VALUES=$(getValues) +file=$(mktemp) +echo "${VALUES}" > "${file}" +processTemplates "${file}" +rm -rf "${file}" diff --git a/recipes/alpine/provisionning/conf/nuo-matchbox b/recipes/alpine/provisionning/conf/nuo-matchbox new file mode 120000 index 0000000..ed5a219 --- /dev/null +++ b/recipes/alpine/provisionning/conf/nuo-matchbox @@ -0,0 +1 @@ +matchbox \ No newline at end of file diff --git a/recipes/alpine/provisionning/harbor.sh b/recipes/alpine/provisionning/harbor.sh new file mode 100644 index 0000000..f5e8a06 --- /dev/null +++ b/recipes/alpine/provisionning/harbor.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +HARBOR_VERSION="2.8.2" +HARBOR_SOURCE_URL="https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/" +HARBOR_INSTALLER="harbor-offline-installer-v${HARBOR_VERSION}.tgz" + + +gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C + +cd /tmp +wget ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} + +gpg -v --keyserver hkps://keyserver.ubuntu.com --verify ${HARBOR_INSTALLER}.asc +if [ $? -ne 0 ]; then + echo "Harbor sources ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} are corrupt" + exit 3 +fi + +tar xzvf ${HARBOR_INSTALLER} + diff --git a/recipes/alpine/provisionning/matchbox.sh b/recipes/alpine/provisionning/matchbox.sh index d8b42c9..a57e4a5 100644 --- a/recipes/alpine/provisionning/matchbox.sh +++ b/recipes/alpine/provisionning/matchbox.sh @@ -1,12 +1,13 @@ #!/bin/sh -VERSION=0.9.1 +VERSION=0.10.0 ARCH=amd64 BIN="matchbox" FILENAME="matchbox-v${VERSION}-linux-${ARCH}.tar.gz" URL="https://github.com/poseidon/matchbox/releases/download/v${VERSION}/${FILENAME}" MATCHBOX_DIR="/var/lib/matchbox" ASSETS_DIR="${MATCHBOX_DIR}/assets/" +TFTP_DIR="/var/lib/tftpboot" MATCHBOX_USER="matchbox" FL_VERSIONS="current 3374.2.0" @@ -25,14 +26,14 @@ echo "Installing get-flatcar" cp ./scripts/get-flatcar /usr/local/bin chmod +x /usr/local/bin/get-flatcar -useradd -U "${MATCHBOX_USER}" +adduser "${MATCHBOX_USER}" mkdir -p "${ASSETS_DIR}" +mkdir -p "${TFTP_DIR}" chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${MATCHBOX_DIR}" chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${ASSETS_DIR}" - chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${ASSETS_DIR}" ls -lhaR ${ASSETS_DIR} cp -rp ./scripts/tls /root -exit "${?}" \ No newline at end of file +exit "${?}" diff --git a/recipes/alpine/provisionning/nuo-harbor b/recipes/alpine/provisionning/nuo-harbor new file mode 120000 index 0000000..8b35999 --- /dev/null +++ b/recipes/alpine/provisionning/nuo-harbor @@ -0,0 +1 @@ +harbor \ No newline at end of file diff --git a/recipes/alpine/provisionning/nuo-matchbox.sh b/recipes/alpine/provisionning/nuo-matchbox.sh new file mode 120000 index 0000000..673230a --- /dev/null +++ b/recipes/alpine/provisionning/nuo-matchbox.sh @@ -0,0 +1 @@ +matchbox.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/ssh/cadoles/pcaseiro.pub b/recipes/alpine/provisionning/ssh/cadoles/pcaseiro.pub new file mode 100644 index 0000000..9ac0828 --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cadoles/pcaseiro.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDph3zh6ojSvH44k13z9B6xj+Hargo3uzkxnYv5s5NI4yagNuBXEc3aS++KdocND+FtVfLK+iVE8qHo2bvmpMmVkqU6WU2apN7DfIP0QGLlSGeo+UOZ9hGeEDlgVO4AOnZKZ5kPGBEPZ84JXuE9CmhKfwEVCK8w3B8XQttA8alFl4A4/4F14x2w4njsSLY1H3b0qah7hgYKU5zHIGLg8Lxx+1BxGIF0l5n5m5rqAskRNaF+aYbs0CcWHv49bPK0sJJ0qPV2r2sq8BlzuZFHExnZRIxpsIXdce4Bm4rdlGi7tBmmurLk4OOtDkwvhD0LMaNJf10k6QLSmRUTVzgsYz/dmGxopbMtwwIXkwi014uSZgi8wAuznXx5I4j2TUGPZHOVf+1iw/yaxWlgTVOSoX7ZxyhDgW5cCgZZGNzU5UWe0vUuVTB+hfSMj50/Q6+Vi92/mDMbPhm4nBoVzD5DT15mB+yGyN45Ej61m0JzVUyZexfvVaffEug1/u5dnwilP0WGKr4i2OXxOXtvSdAs5rlZjvppZk6IxRCwXIcPwEFL97ZrQZAxlVS5Nh+ZnlSwTe3zfQhzHj1ao0AdCAHFPUEdoUPJhSb0OjyCvZ9XZ1KCkXhuhuN/3IUhuoWl4soNCeC3KmU/USx1wda438Exj0hM1mTyBZScDPGyD9nw78DGw== Philippe Caseiro diff --git a/recipes/alpine/provisionning/ssh/cadoles/vfebvre.pub b/recipes/alpine/provisionning/ssh/cadoles/vfebvre.pub new file mode 100644 index 0000000..648c129 --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cadoles/vfebvre.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZxr8C81Dm5Zl2AtDzTVa8hFs04aV1z8ANrXYVHnLf7gEG4c1BI9iWbm94gVCQT4IvoKR5oZxjxGnx1a7VaX6h6dt33+p/s2IJiwG+9/DykPnImw+ALTcnMcyrwOYh68jnQIOGkYzK/VaHRzrvFNuoVWIU+FqfN+sW+bLQWi9v/K5oiup83xQBze6kjMEL2PT48bJwT/dQgP5cnTTEYwcOK/Yes1Cmb+VqjAs5B3uiHDoch10fy4b4duuALozPGhgoOfTLqe9Ekbt8PdIhUzGxFCw79W7IBA9vw79tYBy4B2et8Zb9sf+sMmxPINDkouYmfSnU0PjNjida7Tii2IEWbrb/qbSkRNcyIBmpGKz6VnSIvomv4FA9dGkOLYRyvTjAM6Shy5aiGV8F7T9hMxm3zGDjiVseyPVtMdSjM2SCx95uPCH5oSrj8M1OIjC2D+w3DsmTPFvTjA1gmKEYnXfFj82DvO+wDcbb6/DF2qS6y5rNpdnPWDb57iBqKeZISQ5x+h8arV0U3yItHoi7z4Cb51V29pdBE0xgFx5DE5akuPO3RC+BP0CK242HBdb94YXQCfmoQ1dV59mvu0ObAhP4CH/efOqONHXjTG9eurQyJWUr8yYO9DI7HkQHwvYDS7xuEO9yvs7gizm22FOTcxBPc4M/KFhPfnUs7Nyfw6I0Nw== vfebvre@cadoles.com diff --git a/recipes/alpine/provisionning/ssh/cnous/nmelin.pub b/recipes/alpine/provisionning/ssh/cnous/nmelin.pub new file mode 100644 index 0000000..a4e15ee --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cnous/nmelin.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr diff --git a/recipes/alpine/provisionning/ssh/cnous/operrot.pub b/recipes/alpine/provisionning/ssh/cnous/operrot.pub new file mode 100644 index 0000000..f68677c --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cnous/operrot.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr diff --git a/recipes/alpine/sources.pkr.hcl b/recipes/alpine/sources.pkr.hcl index 4f76ed7..bba83a3 100644 --- a/recipes/alpine/sources.pkr.hcl +++ b/recipes/alpine/sources.pkr.hcl @@ -31,3 +31,69 @@ source qemu "alpine" { boot_wait = "5s" } + +source "vmware-iso" "alpine" { + cpus = 1 + disk_type_id = 0 + memory = "${local.memory}" + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} + +source "vmware-vmx" "alpine" { + disk_type_id = 0 + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} diff --git a/recipes/alpine/templates/conf/harbor/harbor.yml.pkr.hcl b/recipes/alpine/templates/conf/harbor/harbor.yml.pkr.hcl new file mode 100644 index 0000000..7e2cab9 --- /dev/null +++ b/recipes/alpine/templates/conf/harbor/harbor.yml.pkr.hcl @@ -0,0 +1,263 @@ +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: ${Vars.HarborDomain} + +# http related config +http: + # port for http, default is 80. If https enabled, this port will redirect to https port + port: 80 + +# https related config +https: + # https port for harbor, default is 443 + port: 443 + # The path of cert and key files for nginx + certificate: /etc/ssl/certs/cadoles.com.cert + private_key: /etc/ssl/private/cadoles.com.key + +# # Uncomment following will enable tls communication between all harbor components +# internal_tls: +# # set enabled to true means internal tls is enabled +# enabled: true +# # put your cert and key files on dir +# dir: /etc/harbor/tls/internal + +# Uncomment external_url if you want to enable external proxy +# And when it enabled the hostname will no longer used +# external_url: https://reg.mydomain.com:8433 + +# The initial password of Harbor admin +# It only works in first time to install harbor +# Remember Change the admin password from UI after launching Harbor. +harbor_admin_password: FixMeAsSoonAsPossible + +# Harbor DB configuration +database: + # The password for the root user of Harbor DB. Change this before any production use. + password: FixMeAsSoonAsPossible + # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. + max_idle_conns: 50 + # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. + # Note: the default number of connections is 100 for postgres. + max_open_conns: 200 + +# The default data volume +data_volume: /srv/harbor/data + +# Harbor Storage settings by default is using /data dir on local filesystem +# Uncomment storage_service setting If you want to using external storage +# storage_service: +# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore +# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. +# ca_bundle: + +# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss +# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ +# filesystem: +# maxthreads: 100 +# # set disable to true when you want to disable registry redirect +# redirect: +# disabled: false + +# Trivy configuration +# +# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. +# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached +# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it +# should download a newer version from the Internet or use the cached one. Currently, the database is updated every +# 12 hours and published as a new release to GitHub. +trivy: + # ignoreUnfixed The flag to display only fixed vulnerabilities + ignore_unfixed: false + # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub + # + # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. + # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and + # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. + skip_update: false + # + # The offline_scan option prevents Trivy from sending API requests to identify dependencies. + # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. + # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't + # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode. + # It would work if all the dependencies are in local. + # This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment. + offline_scan: false + # + # insecure The flag to skip verifying registry certificate + insecure: false + # github_token The GitHub access token to download Trivy DB + # + # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough + # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 + # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult + # https://developer.github.com/v3/#rate-limiting + # + # You can create a GitHub token by following the instructions in + # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line + # + # github_token: xxx + +jobservice: + # Maximum number of job workers in job service + max_job_workers: 10 + +notification: + # Maximum retry count for webhook job + webhook_job_max_retry: 10 + +chart: + # Change the value of absolute_url to enabled can enable absolute url in chart + absolute_url: disabled + +# Log configurations +log: + # options are debug, info, warning, error, fatal + level: info + # configs for logs in local storage + local: + # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. + rotate_count: 50 + # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. + # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G + # are all valid. + rotate_size: 200M + # The directory on your host that store log + location: /var/log/harbor + + # Uncomment following lines to enable external syslog endpoint. + # external_endpoint: + # # protocol used to transmit log to external endpoint, options is tcp or udp + # protocol: tcp + # # The host of external endpoint + # host: localhost + # # Port of external endpoint + # port: 5140 + +#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! +_version: 2.6.0 + +# Uncomment external_database if using external database. +# external_database: +# harbor: +# host: harbor_db_host +# port: harbor_db_port +# db_name: harbor_db_name +# username: harbor_db_username +# password: harbor_db_password +# ssl_mode: disable +# max_idle_conns: 2 +# max_open_conns: 0 +# notary_signer: +# host: notary_signer_db_host +# port: notary_signer_db_port +# db_name: notary_signer_db_name +# username: notary_signer_db_username +# password: notary_signer_db_password +# ssl_mode: disable +# notary_server: +# host: notary_server_db_host +# port: notary_server_db_port +# db_name: notary_server_db_name +# username: notary_server_db_username +# password: notary_server_db_password +# ssl_mode: disable + +# Uncomment external_redis if using external Redis server +# external_redis: +# # support redis, redis+sentinel +# # host for redis: : +# # host for redis+sentinel: +# # :,:,: +# host: redis:6379 +# password: +# # sentinel_master_set must be set to support redis+sentinel +# #sentinel_master_set: +# # db_index 0 is for core, it's unchangeable +# registry_db_index: 1 +# jobservice_db_index: 2 +# chartmuseum_db_index: 3 +# trivy_db_index: 5 +# idle_timeout_seconds: 30 + +# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. +# uaa: +# ca_file: /path/to/ca + +# Global proxy +# Config http proxy for components, e.g. http://my.proxy.com:3128 +# Components doesn't need to connect to each others via http proxy. +# Remove component from `components` array if want disable proxy +# for it. If you want use proxy for replication, MUST enable proxy +# for core and jobservice, and set `http_proxy` and `https_proxy`. +# Add domain to the `no_proxy` field, when you want disable proxy +# for some special registry. +proxy: + http_proxy: + https_proxy: + no_proxy: + components: + - core + - jobservice + - notary + - trivy + +metric: + enabled: false + port: 9090 + path: /metrics + +# Trace related config +# only can enable one trace provider(jaeger or otel) at the same time, +# and when using jaeger as provider, can only enable it with agent mode or collector mode. +# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed +# if using jaeger agetn mode uncomment agent_host and agent_port +# trace: +# enabled: true +# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth +# sample_rate: 1 +# # # namespace used to differenciate different harbor services +# # namespace: +# # # attributes is a key value dict contains user defined attributes used to initialize trace provider +# # attributes: +# # application: harbor +# # # jaeger should be 1.26 or newer. +# # jaeger: +# # endpoint: http://hostname:14268/api/traces +# # username: +# # password: +# # agent_host: hostname +# # # export trace data by jaeger.thrift in compact mode +# # agent_port: 6831 +# # otel: +# # endpoint: hostname:4318 +# # url_path: /v1/traces +# # compression: false +# # insecure: true +# # timeout: 10s + +# enable purge _upload directories +upload_purging: + enabled: true + # remove files in _upload directories which exist for a period of time, default is one week. + age: 168h + # the interval of the purge operations + interval: 24h + dryrun: false + +# cache layer configurations +# If this feature enabled, harbor will cache the resource +# `project/project_metadata/repository/artifact/manifest` in the redis +# which can especially help to improve the performance of high concurrent +# manifest pulling. +# NOTICE +# If you are deploying Harbor in HA mode, make sure that all the harbor +# instances have the same behaviour, all with caching enabled or disabled, +# otherwise it can lead to potential data inconsistency. +cache: + # not enabled by default + enabled: false + # keep cache for one day by default + expire_hours: 24 diff --git a/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl b/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl index 1ba7461..33d05d0 100644 --- a/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl +++ b/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl @@ -37,7 +37,7 @@ SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys" NTPOPTS="-c openntpd" # Use /dev/sda as a data disk -DISKOPTS="-L -m sys /dev/vda" +DISKOPTS="-L -m sys ${disk_device}" USEROPTS="-a -g 'netdev' ${user}" diff --git a/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl index d99d357..489b338 100644 --- a/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl +++ b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -1,4 +1,4 @@ -${Vars.ETH0.IP} ${Vars.Set.Hostname} +${Vars.NIC[0].IP} ${Vars.Set.Hostname} %{ if Vars.MatchBox.Hostname != "" } -${Vars.ETH0.IP} ${Vars.MatchBox.Hostname} +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} %{ endif } \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl new file mode 100644 index 0000000..b8432f0 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl @@ -0,0 +1 @@ +command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl new file mode 100644 index 0000000..0809dc3 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -0,0 +1,7 @@ +${Vars.NIC[0].IP} ${Vars.Set.Hostname} +%{ if Vars.MatchBox.Hostname != "" } +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} +%{ endif } +%{ for host in Vars.DNSMasq.Hosts } +${host.IP} ${host.Name} +%{ endfor } \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl new file mode 100644 index 0000000..afbef7f --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl @@ -0,0 +1,60 @@ +log-queries +log-dhcp + +#port=0 +listen-address=0.0.0.0 +interface=${Vars.PXE.ListenInterface} +no-resolv +domain-needed +bogus-priv +expand-hosts +server=${Vars.DNS[0]} +strict-order +addn-hosts=/etc/dnsmasq-hosts.conf +domain=${Vars.PXE.DNSDomain} +local=/${Vars.PXE.DNSDomain}/ +localise-queries + + +%{ if Vars.PXE.DHCPMode == "proxy" } +#dhcp-no-override +dhcp-range=${Vars.NIC[0].IP},proxy +%{ else } +dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} +dhcp-option=option:router,${Vars.NIC[0].Gateway} +%{ endif } + +dhcp-option=option:dns-server,${Vars.NIC[0].IP} +dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} + +# TFTP Configuration +enable-tftp +tftp-root="${Vars.PXE.TFTPRoot}" + +pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} + +# Based on logic in https://gist.github.com/robinsmidsrod/4008017 +# iPXE sends a 175 option, checking suboptions +dhcp-match=set:ipxe-http,175,19 +dhcp-match=set:ipxe-https,175,20 +dhcp-match=set:ipxe-menu,175,39 +# pcbios specific +dhcp-match=set:ipxe-pxe,175,33 +dhcp-match=set:ipxe-bzimage,175,24 +dhcp-match=set:ipxe-iscsi,175,17 +# efi specific +dhcp-match=set:ipxe-efi,175,36 +# combination +# set ipxe-ok tag if we have correct combination +# http && menu && iscsi ((pxe && bzimage) || efi) +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi + + +## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) +pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe +pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi +pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP} diff --git a/recipes/alpine/templates/conf/nuo-matchbox/hostname.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/hostname.pktpl.hcl new file mode 100644 index 0000000..f9a48de --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/hostname.pktpl.hcl @@ -0,0 +1 @@ +${Vars.Set.Hostname} \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl new file mode 100644 index 0000000..2128aa2 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/$RC_SVCNAME" +command_user="$RC_SVCNAME" +pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" +start_stop_daemon_args="--start -b" +command_args="$command_args" +command_background="yes" + +depend() { + need net +} + +start_pre() { + checkpath --directory --owner $command_user:$command_user --mode 0775 \ + /run/$RC_SVCNAME /var/log/$RC_SVCNAME + if [ ! -f "/etc/matchbox/server.crt" ]; then + cd /root/tls + export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}" + ./cert-gen + mkdir -p /etc/matchbox + cp ca.crt server.crt server.key /etc/matchbox + chown -R matchbox:matchbox /etc/matchbox + mkdir -p /root/.matchbox + cp client.crt client.key ca.crt /root/.matchbox/ + fi +} \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl new file mode 100644 index 0000000..ab21faa --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl @@ -0,0 +1,9 @@ + +%{ for iface in Vars.NIC } +auto ${iface.Name} + +iface ${iface.Name} inet static + address ${iface.IP} + netmask ${iface.Mask} + gateway ${iface.Gateway} +%{ endfor ~} \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl new file mode 100644 index 0000000..9a677a5 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl @@ -0,0 +1,4 @@ + +%{ for dns in Vars.DNS } +nameserver ${dns} +%{ endfor ~} \ No newline at end of file