diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6a1961e --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/output +/packer-manifest.json \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..9d14cfb --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/bin/python" +} \ No newline at end of file diff --git a/build b/build index ef5af55..8681184 100755 --- a/build +++ b/build @@ -1,5 +1,7 @@ #!/bin/bash +set -eo pipefail + # Simple build wrapper ACTION=${1} @@ -25,8 +27,8 @@ initPacker() { # First the "base" image then the provisionned ones # run() { - ${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/." - ${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/." + # ${PACKER} build ${PACKER_OPTS} -on-error=abort -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.*.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -on-error=abort -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.*.${OS}" "${RCP_DIR}/${OS}/." } # diff --git a/recipes/debian/11.pkrvars.hcl b/recipes/debian/11.pkrvars.hcl deleted file mode 100644 index b0a6e6f..0000000 --- a/recipes/debian/11.pkrvars.hcl +++ /dev/null @@ -1,16 +0,0 @@ -name = "debian" -version = "11" -short_version = "11" -code_name = "bullseye" -arch = "amd64" -source_url = "https://cloud.debian.org/images/cloud/bullseye/latest" -iso_cd_checksum = "9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741" -image_dir_name= "latest" -boot_command = [ "" ] -# "", -# "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg", -# "", -# "mkdir -p .ssh", -# "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", -# "chmod 600 .ssh/authorized_keys", -#] diff --git a/recipes/debian/12.pkrvars.hcl b/recipes/debian/12.pkrvars.hcl new file mode 100644 index 0000000..cd61a1a --- /dev/null +++ b/recipes/debian/12.pkrvars.hcl @@ -0,0 +1,7 @@ +name = "debian" +version = "12.2.0" +short_version = "12" +code_name = "bookworm" +arch = "amd64" +source_url = "https://cdimage.debian.org/cdimage/release/12.2.0" +image_dir_name= "latest" diff --git a/recipes/debian/locals.globals.pkr.hcl b/recipes/debian/locals.globals.pkr.hcl index f940e19..404a7c7 100644 --- a/recipes/debian/locals.globals.pkr.hcl +++ b/recipes/debian/locals.globals.pkr.hcl @@ -1,7 +1,5 @@ locals { Globals = { - Vars = { - PrometheusPort = "9090" - } + Vars = {} } } \ No newline at end of file diff --git a/recipes/debian/locals.pkr.hcl b/recipes/debian/locals.pkr.hcl index 0d290d3..da983d5 100644 --- a/recipes/debian/locals.pkr.hcl +++ b/recipes/debian/locals.pkr.hcl @@ -10,24 +10,10 @@ locals { dirs = local.locations timestamp = regex_replace(timestamp(), "[- TZ:]", "") output_name = "${var.name}" - source_checksum_url = "file:${var.source_url}/SHA512SUMS" - source_iso = "${var.source_url}/debian-${var.version}-generic-${var.arch}.qcow2" - source_checksum = "${var.iso_cd_checksum}" + source_iso = "${var.source_url}/${var.arch}/iso-cd/debian-${var.version}-${var.arch}-netinst.iso" + iso_cd_checksum = "file:${var.source_url}/${var.arch}/iso-cd/SHA256SUMS" ssh_user = "root" - ssh_password = "PbkRc1vup7Wq5n4r" + ssh_password = "toor" disk_size = 8000 memory = 512 - instance_data = { - "instance-id": "${var.name}" - } - installOpts = { - hostname = var.name - user = "eole" - disk_device = "/dev/vda" - } - installOptsVMWare = { - hostname = var.name - user = "eole" - disk_device = "/dev/sda" - } } diff --git a/recipes/debian/main.pkr.hcl b/recipes/debian/main.pkr.hcl index 89271fc..0b0b22a 100644 --- a/recipes/debian/main.pkr.hcl +++ b/recipes/debian/main.pkr.hcl @@ -7,38 +7,20 @@ EOF source "vmware-iso.debian" { output_directory = "${var.output_dir}/${var.version}/base" - vm_name = "${local.output_name}-${var.version}.img" + vm_name = "${local.output_name}-${var.version}" disk_size = 10240 iso_url = "${local.source_iso}" iso_checksum = "${var.iso_cd_checksum}" + guest_os_type = "ubuntu-64" http_content = { "/ssh-packer-pub.key" = data.sshkey.install.public_key - "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare) + "/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local }) } - boot_command = var.boot_command - cd_label = "cidata" - } - - source "qemu.debian" { - output_directory = "${var.output_dir}/${var.version}/base" - vm_name = "${local.output_name}-${var.version}.img" - iso_url = "${local.source_iso}" - iso_checksum = "${var.iso_cd_checksum}" - disk_image = true - disk_size = 10240 - cd_content = { - "meta-data" = jsonencode(local.instance_data) - "user-data" = templatefile("${path.cwd}/recipes/debian/templates/conf/cloud-init/user-data", - { user = local.ssh_user, - password = local.ssh_password, - runcmd = var.cloud_init_runcmd }) - } - #http_content = { - # "/ssh-packer-pub.key" = data.sshkey.install.public_key - # "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts) - #} - cd_label = "cidata" - boot_command = var.boot_command + boot_command = [ + "", + "auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg", + "" + ] } provisioner "shell" { @@ -49,7 +31,6 @@ EOF script = "${local.locations.provisionning}/letsencrypt.sh" } - post-processor "shell-local" { inline = [ "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}", diff --git a/recipes/debian/plugins.pkr.hcl b/recipes/debian/plugins.pkr.hcl index ff44743..548ed16 100644 --- a/recipes/debian/plugins.pkr.hcl +++ b/recipes/debian/plugins.pkr.hcl @@ -11,7 +11,11 @@ packer { qemu = { source = "github.com/hashicorp/qemu" version = "~> 1" - } + } + ansible = { + version = "~> 1" + source = "github.com/hashicorp/ansible" + } } } diff --git a/recipes/debian/provisionning/conf/harbor/init.d/harbor b/recipes/debian/provisionning/conf/harbor/init.d/harbor deleted file mode 100755 index 86a2255..0000000 --- a/recipes/debian/provisionning/conf/harbor/init.d/harbor +++ /dev/null @@ -1,64 +0,0 @@ -#!/sbin/openrc-run - -: ${SUBCFGDIR:=/srv} -DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"} - -SUBSVC="${SVCNAME#*.}" -[ -z "${SUBSVC}" ] && exit 1 -: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"} -DOCOCMD="/usr/bin/docker-compose" -export COMPOSE_HTTP_TIMEOUT=300 - -description="Manage docker services defined in ${SUBCFG}" -extra_commands="configtest build" -description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\"" -description_build="Run \"docker-compose -f ${SUBCFG} build\"" - -depend() { - need localmount net docker - use dns - after docker -} - -configtest() { - if ! [ -f "${SUBCFG}" ]; then - eerror "The config file ${SUBCFG} does not exist!" - return 1 - fi - if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then - einfo "config: ok" - else - eerror "config: error" - return 1 - fi -} - -build() { - configtest || return 1 - ebegin "Building dockerservice ${SUBSVC}" - "${DOCOCMD}" -f "${SUBCFG}" build - eend $? -} - -start() { - configtest || return 1 - ebegin "Starting dockerservice ${SUBSVC}" - sleep 5 - "${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS} - eend $? -} - -stop() { - ebegin "Stopping dockerservice ${SUBSVC}" - "${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300 - eend $? -} - -status() { - if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then - einfo "status: started" - else - einfo "status: stopped" - return 3 - fi -} diff --git a/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start b/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start deleted file mode 100644 index a0e0748..0000000 --- a/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/sh - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} -LOG_FILE="/var/log/initkubernets.log" -FIRST_BOOT="/var/run/firstboot.flag" - -infoLog() { - echo "Info: $@" | tee -a ${LOG_FILE} -} - -errorLog() { - echo "Error: $@" | tee -a ${LOG_FILE} -} - -waitReadyState() { - local vmID="${1}" - local timeout="${2}" - - local tick=0 - while true ;do - local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY") - if [ "${ready}" = "YES" ];then - return 0 - elif [ "${timeout}" -eq "${tick}" ];then - return ${timeout} - else - sleep 1 - tick=$((tick+1)) - fi - done -} - -returnToken() { - infoLog "Returning tokens" - local caSecretKey="${1}" - local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1) - local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}') - local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf) - - if [ -n "${ONEGATE_ENDPOINT}" ];then - infoLog "Onegate detected" - data="READY=YES" - data="${data} MASTER_ADDR=${masterAddr}" - data="${data} MASTER_TOKEN=${kubeToken}" - data="${data} MASTER_CA_TOKEN=sha256:${caToken}" - data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}" - onegate vm update --data "${data}" - infoLog "Onegate data seted" - else - infoLog "Onegate is not present" - echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token - infoLog "Tokens are available at /root/kube.token" - fi -} - -joinCluster() { - local master="${MASTER_ADDR}" - local token="${MASTER_TOKEN}" - local caToken="${MASTER_CA_TOKEN}" - local caSecretKey="${MASTER_CA_SECRET_KEY}" - local sname="${SERVICE_NAME}" - - if [ -n "${ONEGATE_ENDPOINT}" ];then - local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id') - if [ "${?}" -eq 0 ]; then - waitReadyState ${masterID} 600 - if [ "${?}" -ne 0 ];then - errorLog "Master node is node ready after 600s" - return 3 - fi - local masterInfo=$(onegate vm show ${masterID} --json | \ - jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP") - master=$(echo ${masterInfo} | cut -d " " -f 1) - token=$(echo ${masterInfo} | cut -d " " -f 2) - caToken=$(echo ${masterInfo} | cut -d " " -f 3) - caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4) - masterIP=$(echo ${masterInfo} | cut -d " " -f 5) - sname=$(onegate service show --json | jq -cr ".SERVICE.name") - fi - - # Setting dns resolution for cluster - echo "${masterIP} ${sname}" >> /etc/hosts - onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts - fi - if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then - opts="--node-name $(hostname -f)" - opts="${opts} --token ${token}" - opts="${opts} --discovery-token-ca-cert-hash ${caToken}" - if [ -n "${1}" ];then - opts="${opts} --control-plane" - opts="${opts} --certificate-key ${caSecretKey}" - fi - opts="${opts} ${master}" - - kubeadm join ${opts} | tee -a "${LOG_FILE}" - else - errorLog "Something is missing, can't join the cluster:" - errorLog " Master addr: [${master}]" - errorLog " Master token: [${token}]" - errorLog " Master CA token: [${caToken}]" - return 3 - fi -} - -getServiceName() { - local sname=$(onegate service show --json | jq -cr ".SERVICE.name") - local tmout=30 - local tick=0 - while true ;do - if [ -z "${sname}" ];then - sname=$(onegate service show --json | jq -cr ".SERVICE.name") - else - echo ${sname} - return 0 - fi - sleep 1 - tick=$((tick+1)) - if [ ${tmout} -eq ${tick} ];then - hostname -f - return 3 - fi - done -} - -initLeader() { - sname="$(hostname -f)" - - if [ -n "${ONEGATE_ENDPOINT}" ];then - sname=$(getServiceName) - sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP") - echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts - onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts - fi - - caSecretKey=$(date | sha256sum | awk '{print $1}') - - infoLog "Kubernetes init started" - kubeadm init --pod-network-cidr=10.244.0.0/16 \ - --node-name="${SET_HOSTNAME}" \ - --control-plane-endpoint "${sname}:6443" \ - --upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}" - infoLog "Kubernetes init ended" - - infoLog "Configuring kubectl" - mkdir /root/.kube - ln -s /etc/kubernetes/admin.conf /root/.kube/config - infoLog "kubectl configured" - - infoLog "Installing cilium" - sleep 20 - kubectl config view --minify -o jsonpath='{.clusters[].name}' - sleep 20 - cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}" - infoLog "Cilium is installed" - - returnToken "${caSecretKey}" -} - -initKube() { - if [ "${SERVER_ROLE}" == "leader" ];then - initLeader - elif [ "${SERVER_ROLE}" == "worker" ];then - joinCluster - elif [ "${SERVER_ROLE}" == "master" ];then - joinCluster "${SERVER_ROLE}" - fi - touch ${FIRST_BOOT} - infoLog "Kubernetes cluster init is finished" -} - -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -if [ -f "${FIRST_BOOT}" ];then - exit 0 -else - uuidgen > /etc/machine-id - swapoff -a # Make sure swap is disabled - initKube & -fi \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start b/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start deleted file mode 100644 index 6876caf..0000000 --- a/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -mount --make-rshared / \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/matchbox/initmatchbox.start b/recipes/debian/provisionning/conf/matchbox/initmatchbox.start deleted file mode 100644 index 9180b96..0000000 --- a/recipes/debian/provisionning/conf/matchbox/initmatchbox.start +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh - -FL_VERSIONS="current 3374.2.0" -MATCHBOX_DIR="/var/lib/matchbox" -ASSETS_DIR="${MATCHBOX_DIR}/assets/" - -GPG_FNAME="Flatcar_Image_Signing_Key.asc" -GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/" - -cd /tmp -curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME} -gpg --import --keyid-format LONG ${GPG_FNAME} -cd - - -echo "Provisionning matchbox with flatcar images" -tout=30 -for version in ${FL_VERSIONS}; do - for i in $(seq 1 ${tout});do - echo " * ${FL_VERSIONS} stable image (try ${i})" - /usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR} - if [[ "${?}" -eq 0 ]]; then - break - fi - done -done diff --git a/recipes/debian/provisionning/conf/matchbox/inittftp.start b/recipes/debian/provisionning/conf/matchbox/inittftp.start deleted file mode 100644 index e076de9..0000000 --- a/recipes/debian/provisionning/conf/matchbox/inittftp.start +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -dest="${1}" - -ipxeEFISource="http://boot.ipxe.org/ipxe.efi" -kpxeSource="http://boot.ipxe.org/undionly.kpxe" - -cd "${dest}" -wget "${ipxeEFISource}" -wget "${kpxeSource}" \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/nuo-harbor b/recipes/debian/provisionning/conf/nuo-harbor deleted file mode 120000 index 8b35999..0000000 --- a/recipes/debian/provisionning/conf/nuo-harbor +++ /dev/null @@ -1 +0,0 @@ -harbor \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/nuo-matchbox b/recipes/debian/provisionning/conf/nuo-matchbox deleted file mode 120000 index ed5a219..0000000 --- a/recipes/debian/provisionning/conf/nuo-matchbox +++ /dev/null @@ -1 +0,0 @@ -matchbox \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave b/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave deleted file mode 100644 index 2540f0e..0000000 --- a/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -CONF="/etc/conf.d/jenkins-slave" -if [ -e "/etc/jenkins-slave.conf" ]; then - CONF="/etc/jenkins-slave.conf" -fi - -TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }') -sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}" -sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}" -sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}" -sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}" -sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}" diff --git a/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register b/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register deleted file mode 100644 index 821d654..0000000 --- a/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} - -# $TOKENTXT is available only through the env. file -# shellcheck disable=SC1090 -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -### - -if [ -n "${GITLAB_URL}" ]; then - if command -v gitlab-runner; then - if [ -n "${GITLAB_SHELL}" ]; then - opts="--shell=${GITLAB_SHELL}" - fi - # shellcheck disable=SC2086 - gitlab-runner register \ - --non-interactive \ - --url="${GITLAB_URL}" \ - --registration-token="${GITLAB_TOKEN}" \ - --executor="${GITLAB_EXECUTOR}" \ - --description="${GITLAB_RUNNER_NAME}" \ - --tag-list="${GITLAB_TAG_LIST}" \ - --locked=false \ - --access-level=not_protected \ - --run-untagged=false \ - "${opts}" - fi -fi diff --git a/recipes/debian/provisionning/conf/one-context/net-97-k3s b/recipes/debian/provisionning/conf/one-context/net-97-k3s deleted file mode 100644 index 77bd98a..0000000 --- a/recipes/debian/provisionning/conf/one-context/net-97-k3s +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} - -# $TOKENTXT is available only through the env. file -# shellcheck disable=SC1090 -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -### - -if [ -n "${K3S_ROLE}" ]; then - if [ "${K3S_ROLE}" = "server" ]; then - rc-update add dnsmasq default - service dnsmasq start - - rc-update add k3s default - service k3s start - fi -fi diff --git a/recipes/debian/provisionning/debian/debian-11-install.sh b/recipes/debian/provisionning/debian/debian-12-install.sh similarity index 67% rename from recipes/debian/provisionning/debian/debian-11-install.sh rename to recipes/debian/provisionning/debian/debian-12-install.sh index 695b527..acb3bbe 100644 --- a/recipes/debian/provisionning/debian/debian-11-install.sh +++ b/recipes/debian/provisionning/debian/debian-12-install.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash echo "${1}" >/etc/hostname diff --git a/recipes/debian/provisionning/debian/http/preseed.cfg b/recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl similarity index 79% rename from recipes/debian/provisionning/debian/http/preseed.cfg rename to recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl index 88788c9..dbe1b67 100644 --- a/recipes/debian/provisionning/debian/http/preseed.cfg +++ b/recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl @@ -37,10 +37,14 @@ d-i finish-install/reboot_in_progress note # Bootloader options d-i grub-installer/only_debian boolean true d-i grub-installer/with_other_os boolean true -d-i grub-installer/bootdev string /dev/vda +d-i grub-installer/bootdev string /dev/sda # Set the keyboard layout +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/variant select France d-i keyboard-configuration/xkb-keymap select fr +d-i console-keymaps-at/keymap select fr-latin9 +d-i debian-installer/keymap string fr-latin9 # Mirror from which packages will be downloaded d-i mirror/country string manual @@ -65,15 +69,19 @@ d-i partman/confirm_write_new_label boolean true # User configuration d-i passwd/root-login boolean true -d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 +d-i passwd/root-password password ${local.ssh_password} +d-i passwd/root-password-again password ${local.ssh_password} d-i passwd/user-fullname string packer d-i passwd/user-uid string 1000 d-i passwd/username string packer -d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 +d-i passwd/user-password password ${local.ssh_password} +d-i passwd/user-password-again password ${local.ssh_password} # Extra packages to be installed d-i pkgsel/include string sudo -d-i pkgsel/include string openssh-server build-essential +d-i pkgsel/include string openssh-server +d-i pkgsel/include string wget +d-i pkgsel/include string cloud-init d-i pkgsel/install-language-support boolean false d-i pkgsel/update-policy select none @@ -102,6 +110,6 @@ popularity-contest popularity-contest/participate boolean false # Select base install tasksel tasksel/first multiselect standard, ssh-server -# Setup passwordless sudo for packer user -d-i preseed/late_command string \ - echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer \ No newline at end of file +d-i preseed/late_command string in-target mkdir -p /root/.ssh; \ +in-target /bin/sh -c "echo '${data.sshkey.install.public_key}' >> /root/.ssh/authorized_keys"; \ +in-target chown -R root:root /root/.ssh/ \ No newline at end of file diff --git a/recipes/debian/provisionning/letsencrypt.sh b/recipes/debian/provisionning/letsencrypt.sh index 4ae1968..3b267a5 100644 --- a/recipes/debian/provisionning/letsencrypt.sh +++ b/recipes/debian/provisionning/letsencrypt.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -eo pipefail @@ -20,7 +20,7 @@ for cert in $CERTS; do echo "Downloading '$cert'..." filename=$(basename "$cert") wget --tries=10 --timeout=30 -O "$filename" "$cert" - #openssl x509 -in "$filename" -inform PEM -out "$filename.crt" + openssl x509 -in "$filename" -inform PEM -out "$filename.crt" done $UPDATE_CERTS_CMD \ No newline at end of file diff --git a/recipes/debian/provisionning/one-context.sh b/recipes/debian/provisionning/one-context.sh index 23dd304..a5d47c2 100644 --- a/recipes/debian/provisionning/one-context.sh +++ b/recipes/debian/provisionning/one-context.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e diff --git a/recipes/debian/provisionning/one-context/net-97-k3s b/recipes/debian/provisionning/one-context/net-97-k3s deleted file mode 100644 index 77bd98a..0000000 --- a/recipes/debian/provisionning/one-context/net-97-k3s +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} - -# $TOKENTXT is available only through the env. file -# shellcheck disable=SC1090 -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -### - -if [ -n "${K3S_ROLE}" ]; then - if [ "${K3S_ROLE}" = "server" ]; then - rc-update add dnsmasq default - service dnsmasq start - - rc-update add k3s default - service k3s start - fi -fi diff --git a/recipes/debian/provisionning/quid/.gitignore b/recipes/debian/provisionning/quid/.gitignore new file mode 100644 index 0000000..2fb066b --- /dev/null +++ b/recipes/debian/provisionning/quid/.gitignore @@ -0,0 +1,2 @@ +/quid-ansible +/.ansible_vault_passphrase \ No newline at end of file diff --git a/recipes/debian/provisionning/quid/ansible-vars.yml b/recipes/debian/provisionning/quid/ansible-vars.yml new file mode 100644 index 0000000..e28d318 --- /dev/null +++ b/recipes/debian/provisionning/quid/ansible-vars.yml @@ -0,0 +1,141 @@ +--- +quid_ansible_repo_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38336638386137306630663064323930363136373637323739393638663839373836316432636166 + 6564316233353439353437613138636536663738313034350a663765643630383131353462386434 + 63346530663831373766616439323034376436663633663436666265373333363431363832643632 + 3530386534343935610a666430346539303730333763353230646137363764666663366164336631 + 35323435313061633661366432313737653533623033353861386132663066316532623537326564 + 30626432316235623532633665663464316536363037363534656336386136363530633266373736 + 32613434346662633230363065393539613661636434623035333861323932333031346662336263 + 31363834383364383930666435626438333536383434353439623438346262373639636264376438 + 32343739383561663461623635643565326436353936313539643933343231383436653636313362 + 62373530363632666165613332623361663861656333336638366131646537376433636632656333 + 33363936313838623939656562333533656530373131643539613238323530656532376637663365 + 36316363633234633832663437313865626664663436386163636332646365373661643561363564 + 61363762333538636262306438353662363639346439363037623838303734646432386434373930 + 30656236303130343063393966396236366564643764313836363062383032353537633130323565 + 31346333613636616532303365666434366631323538383933343965633332323361386663396236 + 64393137656538386666623336363539613238386430663836343733343733626564323564613734 + 36376332623561613461313934386637353065396238643763666165333931323236313037643531 + 35323733303530623334653563386434383837333331396438613434636661383136356162323737 + 64333162393264626537373239653133623637353463616564396539653132336266396165346234 + 30333561626332303339303963666366353639333764336430363838666261333261393633353938 + 38326132333134363437633633623130303464626434356339303533366563326539626530613134 + 64633262326164336438656361633864316565393166323631383361343932663439353966613066 + 66666432346364353539363832666163663533616636363635636539363531333663613665383933 + 38326464343635386166373030386130366261633233356635336531336364343766323963616162 + 63313434613637376235333562313731633434663363313534363535303663353239346433636532 + 65343939366335396466366638333037636462616330643363646631353135333338373462323930 + 32396436653036653838623235386333353164323335613161306637306232336430633136383064 + 34656564346138333461353430613237633135306461366165346432353732626236313530636337 + 32653134353866373739343936363231613437313135383564316634366263393966376239313766 + 33366137383636383563303331393036313766356139323436353762633961626234326334333361 + 61346665646663336531666332323966363936633764336664636465326534323035666364346665 + 33316262316331353066623237323931363932623662656234613432643237353864346436633837 + 34376266653334653339396161646266396165316463353433636235656530643364656637346465 + 31656636383935343032316334336434333033386135343835303232366231343166313032356139 + 38353764336665636139333261656130396636626566656666303933663665353063616636663732 + 33343030363134646364313338323330353064313562376437313138356664633636613330616533 + 36643766643439393534353932346162303363663536656661656666653533643533633137646665 + 33653430346563343961393566333266666338373466623938356537396637646265656161653863 + 33326235636235653663656363323661636135333463313537326533346366623562373635646337 + 32316361346538613935383533323236623763366164356638643365633331383166663233376564 + 64343539323231373335363662633461376338643537393665306437313762326630643561313362 + 33363635666534616433303137366362616335306633353831636238323631613665643938336562 + 36353939326236656164653932626239373831356535666664393835663730643062386266336136 + 38653437613336373030396138346465363963666536343439313738326264646531663166386165 + 36653539636632663664636564343834313264356537343230613634386463316333623538653537 + 37373233343834356534346535313832623838663131666133373866376434353438336564323931 + 38633737343762646134346536346133303936616637366134646461376663636336333062326530 + 31313565363439626333323766366462636133613130353033623337323566643364316237333035 + 30323633633532666162376330653861363430363636323962646137366638323464313330336663 + 31373666613566353739663864356566383164616264666230626439316366616662393234343031 + 65363039626239393062373338366533646530333038303966336238386663366335633830303336 + 62363063333833646534376565653431663431663735653832333466353166653562613738386433 + 34336230636566653463383335343738333036613963373435383465656336376266386334613036 + 31346264613134323736633938646564666238333530396562376636333130653962363161613235 + 37633538623966373561316662373862353138323963343534333962393038643036633434316666 + 36376231313036356565316665366330653632653032386536356635633035396633613835353931 + 37363465613636306161613639653933333763366336623830623237313665343466303862306336 + 61643437346133336231383166303038336362646466303338396637386162336262343634613565 + 37663938316330386436353233666662353930363531326531626632343033616235393930633538 + 64353538393532346663323065333836313733376362366532373032323239613962303235336439 + 33363562353338366332653765373061316237313630393930636465383533343335636565333532 + 37633933643832616531626135623334396332396536306163376338306230653732313330386432 + 65613864323363333366323634656662333938373466653564633461656335313063623034393631 + 34383836396134363033623433383730633264366238323330653835656362643531373939303732 + 35326534646430623762393432313431623135373030303036316133663038333836353636616632 + 38646163373263616339643835306637303661376339663765663933343333613237643437303738 + 61616230313863326361636338393039396636643130376131643964323165393034346565623961 + 63303739643764383464393066306533326464353938363561346466393530626238623262333665 + 36383065336664643265353536386566333261376636323137656538383834373131643563386132 + 63343766653364663532313761326331346239306535353837363035653135616565656364373131 + 39386462313963366537393133336163373433356532646365666239316662343631373263326366 + 34633963636238383536333933336161343866373337393333353361613537343531353735366134 + 38613036373736386139663831303535636239643032376265623538353833623732333332636364 + 39656365306264616362393836323835616636393861383338313735646430616630626562333532 + 61373539633564386239343938313538616539626533376364353766323237323566386534383530 + 66633261663136646534623134323061633033643935613139343335343632383839303366303039 + 34303230366236623065326137666134663365666365326532626534373931633838383937613131 + 39353962656139323131636664636537316665666639643632336639656564346132356334386262 + 61363437323236616632323531643134333531383030323763343835316433366433353633336332 + 66333666376132626564393639383839626465363362643531323332633334326663623435316534 + 31656633306362663566393439613934353864613562396136313264313535313164613432393765 + 65366138383438383936396165626536623766346165646633626532646165626538373239346531 + 33656135613437323433613066663761663332663734343261646466336266303564653137353566 + 34646237626132303266333464646235313737366265663636633333643031366539636434366333 + 36306434366137666639373964356539653461323631326337323431386534356338656230616335 + 34326435326166656535336561643036303562643738626130313865633737313638626537383365 + 35386434626663323166316233303332636337623763323666646331346161343363636631326535 + 37633736366332343064663030366262653264336565623635303562323732366665666439323263 + 65666362396662373533353462353962343363643038326463646362633637636162623933643065 + 39353766333831343466383664376463613930366565616135326636376132643239323231616436 + 35373034613738383438363131353137396262653261643365373866373165633431363465336165 + 64386333653133316434363966363161323833333761316337663630356638626431613461653233 + 63366436383861643232613833343638316331373230323137386337333636663663393730333133 + 37633163326631313635373263616536373439316634393431373839323361623630653435326362 + 31393665356462653561623232353930326431386536396562333366633535616331373938633733 + 33383363653539366163653435393566333264396163303038386238356361663836346636656366 + 65303832623835313235646464383331396564666134653535626233336566306135333839363634 + 35663634636164646131653736386436313639643633313339363065336437396439353665663832 + 66646363363238643933643939623035613737343236306236623136666332363463363832626232 + 38376565333763313165326234663737653661653438363730376264306163316533613661626232 + 34373761336361633030313136333066313535373337393633623035643130666561313736636137 + 64343030353734323734623137386161343762353633646338396463343132373437383666643139 + 35363532373432643165663533386462323234663831316265613964383632613537333464656638 + 66646166653236663265353136326466643335356563333138326539643265626464616262326438 + 64653439323336623134623735643163646335653761396535383266393365613762613066306530 + 33353938333237663937613862373066633764373961303532323965303436616337336564363564 + 64666664393664376335616133393232633035326638353864623462346661636565303166663939 + 32343434623465343231383266316566646231643036303339363733393665343738363961313066 + 32323734323039656531646231313863343132653431386436323261613036646131396638336331 + 62633436616133353265366532326532653262636331353539336263316131336161653462663036 + 30393435386335646565313436636465623562323539313064663230366266323562383062386166 + 66373063323461323934363138653066613635613063646663333862653166326332646162663536 + 30396437316432356632616239323236636436653036616663353164383936353638306165356135 + 66636665393565373435393864363735323930666133633631303134333263643735643434303238 + 38643038303134313266343833613132616435623539666535316331386461353733326335313766 + 38366637643030323266326139343238393165633136313962313833366134323639326164373464 + 64646335623065636361643038636439346261353637373539653964616463313335313731376231 + 36373936653637323531616137646635383437373862356130346233323261666230313835303863 + 34366433643762633837343162313763643032653131636663306261383265323237643563363965 + 31653632316662343865636133306139666661393761303930356234613637373866356264323564 + 37376163306463633561323635616636343163386134656534376665613030656537623036333966 + 39313535663563656164386564333064323338346130656264393066663838373233336230306534 + 62636433366562333934613264363736376131396437633331663336376336346366303964643163 + 35633430393736366463346236353262393166623232353565326537363730356634383433333364 + 61393934336230633538383531393733666138336436346262386131386565373830313166623032 + 61336366653030383065616438326237396666656264333061623536366332636635316437373265 + 62336133303134646434313435356463336561653333393937363065313763613533633563633836 + 37306337633965623235653261323832653836306230653865353939346136386264653939393563 + 37663138643837313363356236653232613164323630383431303139353164316463326261326563 + 33316565623562633861356631346639383335633364656464623661653536393133663963653233 + 62326334623161653337633833333436626335653534386266666639363136616234643835316635 + 61333339646238623032353561633335336131383630326636313934376462333866383931663231 + 62633836306239383538376365393437643166636665353462346532316664386139323637363263 + 34633832316533306534313261353030363637356463626338373434636435656439656535376630 + 62616336363964376639653061613661366131616230353837326665393230623861343637343238 + 62343037303632373634363862323633653465616261656431663036306633656166646464386134 + 36343539326533313464663463356139633131646463633062366538353064333536306464306434 + 3436613865386465626165323037353239346564373763303338 \ No newline at end of file diff --git a/recipes/debian/provisionning/quid/update-playbook.sh b/recipes/debian/provisionning/quid/update-playbook.sh new file mode 100755 index 0000000..03699c9 --- /dev/null +++ b/recipes/debian/provisionning/quid/update-playbook.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Clone repository if necessary +if [ ! -d "${REPO_DEST}" ]; then + git clone "${REPO_URL}" "${REPO_DEST}" +fi + +cd "${REPO_DEST}" + +# Update local repository +git fetch + +# Checkout repository ref +git checkout ${REPO_REF} \ No newline at end of file diff --git a/recipes/debian/provisionning/ssh/cnous/nmelin.pub b/recipes/debian/provisionning/ssh/cnous/nmelin.pub deleted file mode 100644 index a4e15ee..0000000 --- a/recipes/debian/provisionning/ssh/cnous/nmelin.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr diff --git a/recipes/debian/provisionning/ssh/cnous/operrot.pub b/recipes/debian/provisionning/ssh/cnous/operrot.pub deleted file mode 100644 index f68677c..0000000 --- a/recipes/debian/provisionning/ssh/cnous/operrot.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr diff --git a/recipes/debian/provisionning/templater-install.sh b/recipes/debian/provisionning/templater-install.sh index 091bbdb..b4b7c50 100644 --- a/recipes/debian/provisionning/templater-install.sh +++ b/recipes/debian/provisionning/templater-install.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -ex diff --git a/recipes/debian/quid.pkr.hcl b/recipes/debian/quid.pkr.hcl new file mode 100644 index 0000000..81e5cc0 --- /dev/null +++ b/recipes/debian/quid.pkr.hcl @@ -0,0 +1,71 @@ +#Flavour base +build { + name = "quid" + description = <", + "auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg", + "" + ] + } + + provisioner "shell-local" { + script = "${local.locations.provisionning}/quid/update-playbook.sh" + env = { + "REPO_DEST": "${local.locations.provisionning}/quid/quid-ansible", + "REPO_URL": "ssh://git@forge.cadoles.com:2222/EFS/quid-ansible.git", + "REPO_REF": "master" + } + } + + provisioner "shell" { + script = "${local.locations.provisionning}/${var.name}/${var.name}-${var.short_version}-install.sh" + } + + provisioner "shell" { + script = "${local.locations.provisionning}/letsencrypt.sh" + } + + // Store temporarily ansible vault password in local file + provisioner "shell-local" { + inline = ["echo '${var.quid_ansible_vault_passphrase}' > '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"] + } + + provisioner "ansible" { + playbook_file = "${local.locations.provisionning}/quid/quid-ansible/deploy.yml" + groups = ["quid_server"] + // Manjaro/Arch OpenSSH version compatibility mode + // See https://github.com/hashicorp/packer/issues/11783 + extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--vault-password-file=${local.locations.provisionning}/quid/.ansible_vault_passphrase", "--extra-vars=@${local.locations.provisionning}/quid/ansible-vars.yml" ] + } + + // Remove ansible vault password file + provisioner "shell-local" { + inline = ["rm -f '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}", + ] + } + + post-processor "manifest" { + keep_input_artifact = true + } +} \ No newline at end of file diff --git a/recipes/debian/readme.quid.md b/recipes/debian/readme.quid.md new file mode 100644 index 0000000..f1854b3 --- /dev/null +++ b/recipes/debian/readme.quid.md @@ -0,0 +1,23 @@ +# Flavor "Quid" + +## Construction de l'image + +1. Récupérer la phrase de passe pour les données chiffrées via `ansible-vault` dans le coffre-fort partagé (Section "Cadoles" -> "Kube"). + +2. Lancer la construction de l'image de la machine virtuelle + + ``` + BUILDER="vmware-iso" QUID_ANSIBLE_VAULT_PASSPHRASE="" ./build start debian 12 + ``` + +## Configuration de l'environnement Quid sur la machine virtuelle + +1. Ajouter l'image de la machine sur votre environnement de virtualisation. Les fichiers sont normalement générés dans le répertoire `output/debian/12.2.0/quid`. + +2. Démarrer la machine virtuelle. Le mot de passe par défaut du compte administrateur est `quid`. + +3. Éditer le fichier `/etc/quid-ansible/config.yml` avec les valeurs correspondant à votre environnement de déploiement ([voir les valeurs par défaut](recipes/debian/provisionning/quid/quid-ansible/roles/quid-server/files/quid_ansible_default_config.yml)) + +4. Exécuter la commande `apply-config` pour mettre à jour la machine avec les valeurs présentes dans le fichier précédemment édité. + +Pour plus d'informations voir la documentation du projet [`quid-ansible`](https://forge.cadoles.com/EFS/quid-ansible). \ No newline at end of file diff --git a/recipes/debian/sources.pkr.hcl b/recipes/debian/sources.pkr.hcl index 353ce0b..8c23554 100644 --- a/recipes/debian/sources.pkr.hcl +++ b/recipes/debian/sources.pkr.hcl @@ -39,7 +39,7 @@ source "vmware-iso" "debian" { memory = "${local.memory}" vnc_bind_address = "0.0.0.0" - headless = true + headless = false # Serve the `http` directory via HTTP, used for preseeding the Debian installer. #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" @@ -69,10 +69,9 @@ source "vmware-iso" "debian" { } source "vmware-vmx" "debian" { - disk_type_id = 0 vnc_bind_address = "0.0.0.0" - - headless = true + + headless = false # Serve the `http` directory via HTTP, used for preseeding the Debian installer. #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" @@ -99,4 +98,4 @@ source "vmware-vmx" "debian" { format = "ova" boot_wait = "5s" -} +} \ No newline at end of file diff --git a/recipes/debian/templates/conf/conf.d/chronyd b/recipes/debian/templates/conf/conf.d/chronyd deleted file mode 100644 index e692251..0000000 --- a/recipes/debian/templates/conf/conf.d/chronyd +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/conf.d/chronyd -CFGFILE="/etc/chrony/chrony.conf" -FAST_STARTUP=yes -ARGS="" -# vrf e.g 'vrf-mgmt' -#vrf="" diff --git a/recipes/debian/templates/conf/docker/subgid.pktpl.hcl b/recipes/debian/templates/conf/docker/subgid.pktpl.hcl deleted file mode 100644 index 6187cff..0000000 --- a/recipes/debian/templates/conf/docker/subgid.pktpl.hcl +++ /dev/null @@ -1,6 +0,0 @@ - -# Configuration file of Harbor - -# The IP address or hostname to access admin UI and registry service. -# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname: ${Vars.RootlessDocker} diff --git a/recipes/debian/templates/conf/docker/subuid.pktpl.hcl b/recipes/debian/templates/conf/docker/subuid.pktpl.hcl deleted file mode 100644 index c512a70..0000000 --- a/recipes/debian/templates/conf/docker/subuid.pktpl.hcl +++ /dev/null @@ -1,3 +0,0 @@ -%{ if Vars.RootlessDocker } -docker:231072:65536 -%{ endif } \ No newline at end of file diff --git a/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl b/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl deleted file mode 100644 index 24a94cf..0000000 --- a/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl +++ /dev/null @@ -1,265 +0,0 @@ -# Configuration file of Harbor - -# The IP address or hostname to access admin UI and registry service. -# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname: ${Vars.HarborDomain} - -# http related config -http: - # port for http, default is 80. If https enabled, this port will redirect to https port - port: ${Vars.HarborHTTPPort} - -# https related config -https: - # https port for harbor, default is 443 - port: ${Vars.HarborHTTPSPort} - # The path of cert and key files for nginx - certificate: ${Vars.HarborSSLCert} - private_key: ${Vars.HarborSSLPrivKey} - -# # Uncomment following will enable tls communication between all harbor components -# internal_tls: -# # set enabled to true means internal tls is enabled -# enabled: true -# # put your cert and key files on dir -# dir: /etc/harbor/tls/internal - -# Uncomment external_url if you want to enable external proxy -# And when it enabled the hostname will no longer used -# external_url: https://reg.mydomain.com:8433 - -# The initial password of Harbor admin -# It only works in first time to install harbor -# Remember Change the admin password from UI after launching Harbor. -harbor_admin_password: ${Vars.HarborAdminPassword} - -# Harbor DB configuration -database: - # The password for the root user of Harbor DB. Change this before any production use. - password: ${Vars.HarborDBPassword} - # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. - max_idle_conns: 50 - # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. - # Note: the default number of connections is 100 for postgres. - max_open_conns: 200 - -# The default data volume -data_volume: /srv/harbor/data - -# Harbor Storage settings by default is using /data dir on local filesystem -# Uncomment storage_service setting If you want to using external storage -# storage_service: -# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore -# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. -# ca_bundle: - -# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss -# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ -# filesystem: -# maxthreads: 100 -# # set disable to true when you want to disable registry redirect -# redirect: -# disabled: false - -# Trivy configuration -# -# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. -# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached -# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it -# should download a newer version from the Internet or use the cached one. Currently, the database is updated every -# 12 hours and published as a new release to GitHub. -trivy: - # ignoreUnfixed The flag to display only fixed vulnerabilities - ignore_unfixed: false - # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub - # - # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. - # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and - # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. - skip_update: false - # - # The offline_scan option prevents Trivy from sending API requests to identify dependencies. - # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. - # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't - # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode. - # It would work if all the dependencies are in local. - # This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment. - offline_scan: false - # - # insecure The flag to skip verifying registry certificate - insecure: false - # github_token The GitHub access token to download Trivy DB - # - # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough - # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 - # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult - # https://developer.github.com/v3/#rate-limiting - # - # You can create a GitHub token by following the instructions in - # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line - # - # github_token: xxx - -jobservice: - # Maximum number of job workers in job service - max_job_workers: 10 - logger_sweeper_duration: 300 - -notification: - # Maximum retry count for webhook job - webhook_job_max_retry: 10 - webhook_job_http_client_timeout: 300 - -chart: - # Change the value of absolute_url to enabled can enable absolute url in chart - absolute_url: disabled - -# Log configurations -log: - # options are debug, info, warning, error, fatal - level: info - # configs for logs in local storage - local: - # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. - rotate_count: 50 - # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. - # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G - # are all valid. - rotate_size: 200M - # The directory on your host that store log - location: /var/log/harbor - - # Uncomment following lines to enable external syslog endpoint. - # external_endpoint: - # # protocol used to transmit log to external endpoint, options is tcp or udp - # protocol: tcp - # # The host of external endpoint - # host: localhost - # # Port of external endpoint - # port: 5140 - -#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version: 2.6.0 - -# Uncomment external_database if using external database. -# external_database: -# harbor: -# host: harbor_db_host -# port: harbor_db_port -# db_name: harbor_db_name -# username: harbor_db_username -# password: harbor_db_password -# ssl_mode: disable -# max_idle_conns: 2 -# max_open_conns: 0 -# notary_signer: -# host: notary_signer_db_host -# port: notary_signer_db_port -# db_name: notary_signer_db_name -# username: notary_signer_db_username -# password: notary_signer_db_password -# ssl_mode: disable -# notary_server: -# host: notary_server_db_host -# port: notary_server_db_port -# db_name: notary_server_db_name -# username: notary_server_db_username -# password: notary_server_db_password -# ssl_mode: disable - -# Uncomment external_redis if using external Redis server -# external_redis: -# # support redis, redis+sentinel -# # host for redis: : -# # host for redis+sentinel: -# # :,:,: -# host: redis:6379 -# password: -# # sentinel_master_set must be set to support redis+sentinel -# #sentinel_master_set: -# # db_index 0 is for core, it's unchangeable -# registry_db_index: 1 -# jobservice_db_index: 2 -# chartmuseum_db_index: 3 -# trivy_db_index: 5 -# idle_timeout_seconds: 30 - -# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. -# uaa: -# ca_file: /path/to/ca - -# Global proxy -# Config http proxy for components, e.g. http://my.proxy.com:3128 -# Components doesn't need to connect to each others via http proxy. -# Remove component from `components` array if want disable proxy -# for it. If you want use proxy for replication, MUST enable proxy -# for core and jobservice, and set `http_proxy` and `https_proxy`. -# Add domain to the `no_proxy` field, when you want disable proxy -# for some special registry. -proxy: - http_proxy: - https_proxy: - no_proxy: - components: - - core - - jobservice - - notary - - trivy - -metric: - enabled: false - port: 9090 - path: /metrics - -# Trace related config -# only can enable one trace provider(jaeger or otel) at the same time, -# and when using jaeger as provider, can only enable it with agent mode or collector mode. -# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed -# if using jaeger agetn mode uncomment agent_host and agent_port -# trace: -# enabled: true -# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth -# sample_rate: 1 -# # # namespace used to differenciate different harbor services -# # namespace: -# # # attributes is a key value dict contains user defined attributes used to initialize trace provider -# # attributes: -# # application: harbor -# # # jaeger should be 1.26 or newer. -# # jaeger: -# # endpoint: http://hostname:14268/api/traces -# # username: -# # password: -# # agent_host: hostname -# # # export trace data by jaeger.thrift in compact mode -# # agent_port: 6831 -# # otel: -# # endpoint: hostname:4318 -# # url_path: /v1/traces -# # compression: false -# # insecure: true -# # timeout: 10s - -# enable purge _upload directories -upload_purging: - enabled: true - # remove files in _upload directories which exist for a period of time, default is one week. - age: 168h - # the interval of the purge operations - interval: 24h - dryrun: false - -# cache layer configurations -# If this feature enabled, harbor will cache the resource -# `project/project_metadata/repository/artifact/manifest` in the redis -# which can especially help to improve the performance of high concurrent -# manifest pulling. -# NOTICE -# If you are deploying Harbor in HA mode, make sure that all the harbor -# instances have the same behaviour, all with caching enabled or disabled, -# otherwise it can lead to potential data inconsistency. -cache: - # not enabled by default - enabled: false - # keep cache for one day by default - expire_hours: 24 diff --git a/recipes/debian/templates/conf/install/awnsers.pktpl.hcl b/recipes/debian/templates/conf/install/awnsers.pktpl.hcl deleted file mode 100644 index 33d05d0..0000000 --- a/recipes/debian/templates/conf/install/awnsers.pktpl.hcl +++ /dev/null @@ -1,47 +0,0 @@ - -# Example answer file for setup-alpine script -# If you don't want to use a certain option, then comment it out - -# Use US layout with US variant -KEYMAPOPTS="fr fr" - -# Set hostname to alpine-test -HOSTNAMEOPTS="-n ${hostname}" - -# Contents of /etc/network/interfaces -INTERFACESOPTS="auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp - hostname ${hostname} -" - -# Search domain of example.com, OpenDNS public nameserver -# ex: -d example.com 1.1.1.1" -DNSOPTS="" - -# Set timezone to UTC -TIMEZONEOPTS="-z Europe/Paris" - -# set http/ftp proxy -PROXYOPTS="none" - -# Add a random mirror -APKREPOSOPTS="-r -c" - -# Install Openssh -SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys" - -# Use openntpd -NTPOPTS="-c openntpd" - -# Use /dev/sda as a data disk -DISKOPTS="-L -m sys ${disk_device}" - -USEROPTS="-a -g 'netdev' ${user}" - -# Setup in /media/vda1 -# LBUOPTS="/media/vda1" -# APKCACHEOPTS="/media/vda1/cache" - diff --git a/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl b/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl deleted file mode 100644 index 3fa8501..0000000 --- a/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl +++ /dev/null @@ -1,8 +0,0 @@ -# k3s options -export PATH="/usr/libexec/cni/:$PATH" -K3S_EXEC="server" -%{ if Vars.DeployTraefik } -K3S_OPTS="" -%{ else } -K3S_OPTS="--disable traefik" -%{ endif } diff --git a/recipes/debian/templates/conf/kubernetes/.flag b/recipes/debian/templates/conf/kubernetes/.flag deleted file mode 100644 index e69de29..0000000 diff --git a/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl deleted file mode 100644 index b8432f0..0000000 --- a/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl deleted file mode 100644 index 489b338..0000000 --- a/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl +++ /dev/null @@ -1,4 +0,0 @@ -${Vars.NIC[0].IP} ${Vars.Set.Hostname} -%{ if Vars.MatchBox.Hostname != "" } -${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} -%{ endif } \ No newline at end of file diff --git a/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl deleted file mode 100644 index 8d08dac..0000000 --- a/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl +++ /dev/null @@ -1,60 +0,0 @@ -log-queries -log-dhcp - -#port=0 -listen-address=0.0.0.0 -interface=${Vars.PXE.ListenInterface} -no-resolv -domain-needed -bogus-priv -expand-hosts -server=${Vars.ETH0.DNS} -strict-order -addn-hosts=/etc/dnsmasq-hosts.conf -domain=${Vars.PXE.DNSDomain} -local=/${Vars.PXE.DNSDomain}/ -localise-queries - - -%{ if Vars.PXE.DHCPMode == "proxy" } -#dhcp-no-override -dhcp-range=${Vars.ETH0.IP},proxy -%{ else } -dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} -dhcp-option=option:router,${Vars.ETH0.GATEWAY} -%{ endif } - -dhcp-option=option:dns-server,${Vars.ETH0.IP} -dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} - -# TFTP Configuration -enable-tftp -tftp-root="${Vars.PXE.TFTPRoot}" - -pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} - -# Based on logic in https://gist.github.com/robinsmidsrod/4008017 -# iPXE sends a 175 option, checking suboptions -dhcp-match=set:ipxe-http,175,19 -dhcp-match=set:ipxe-https,175,20 -dhcp-match=set:ipxe-menu,175,39 -# pcbios specific -dhcp-match=set:ipxe-pxe,175,33 -dhcp-match=set:ipxe-bzimage,175,24 -dhcp-match=set:ipxe-iscsi,175,17 -# efi specific -dhcp-match=set:ipxe-efi,175,36 -# combination -# set ipxe-ok tag if we have correct combination -# http && menu && iscsi ((pxe && bzimage) || efi) -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi - - -## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) -pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe -pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi -pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi - -dhcp-userclass=set:ipxe,iPXE -dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP} diff --git a/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl b/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl deleted file mode 100644 index 6652098..0000000 --- a/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl +++ /dev/null @@ -1,28 +0,0 @@ -#!/sbin/openrc-run - -name=$RC_SVCNAME -command="/usr/local/bin/$RC_SVCNAME" -command_user="$RC_SVCNAME" -pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" -start_stop_daemon_args="--start -b" -command_args="$command_args" -command_background="yes" - -depend() { - need net -} - -start_pre() { - checkpath --directory --owner $command_user:$command_user --mode 0775 \ - /run/$RC_SVCNAME /var/log/$RC_SVCNAME - if [ ! -f "/etc/matchbox/server.crt" ]; then - cd /root/tls - export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}" - ./cert-gen - mkdir -p /etc/matchbox - cp ca.crt server.crt server.key /etc/matchbox - chown -R matchbox:matchbox /etc/matchbox - mkdir -p /root/.matchbox - cp client.crt client.key ca.crt /root/.matchbox/ - fi -} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-harbor b/recipes/debian/templates/conf/nuo-harbor deleted file mode 120000 index 8b35999..0000000 --- a/recipes/debian/templates/conf/nuo-harbor +++ /dev/null @@ -1 +0,0 @@ -harbor \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl deleted file mode 100644 index b8432f0..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl deleted file mode 100644 index 0809dc3..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl +++ /dev/null @@ -1,7 +0,0 @@ -${Vars.NIC[0].IP} ${Vars.Set.Hostname} -%{ if Vars.MatchBox.Hostname != "" } -${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} -%{ endif } -%{ for host in Vars.DNSMasq.Hosts } -${host.IP} ${host.Name} -%{ endfor } \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl deleted file mode 100644 index afbef7f..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl +++ /dev/null @@ -1,60 +0,0 @@ -log-queries -log-dhcp - -#port=0 -listen-address=0.0.0.0 -interface=${Vars.PXE.ListenInterface} -no-resolv -domain-needed -bogus-priv -expand-hosts -server=${Vars.DNS[0]} -strict-order -addn-hosts=/etc/dnsmasq-hosts.conf -domain=${Vars.PXE.DNSDomain} -local=/${Vars.PXE.DNSDomain}/ -localise-queries - - -%{ if Vars.PXE.DHCPMode == "proxy" } -#dhcp-no-override -dhcp-range=${Vars.NIC[0].IP},proxy -%{ else } -dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} -dhcp-option=option:router,${Vars.NIC[0].Gateway} -%{ endif } - -dhcp-option=option:dns-server,${Vars.NIC[0].IP} -dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} - -# TFTP Configuration -enable-tftp -tftp-root="${Vars.PXE.TFTPRoot}" - -pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} - -# Based on logic in https://gist.github.com/robinsmidsrod/4008017 -# iPXE sends a 175 option, checking suboptions -dhcp-match=set:ipxe-http,175,19 -dhcp-match=set:ipxe-https,175,20 -dhcp-match=set:ipxe-menu,175,39 -# pcbios specific -dhcp-match=set:ipxe-pxe,175,33 -dhcp-match=set:ipxe-bzimage,175,24 -dhcp-match=set:ipxe-iscsi,175,17 -# efi specific -dhcp-match=set:ipxe-efi,175,36 -# combination -# set ipxe-ok tag if we have correct combination -# http && menu && iscsi ((pxe && bzimage) || efi) -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi - - -## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) -pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe -pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi -pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi - -dhcp-userclass=set:ipxe,iPXE -dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP} diff --git a/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl deleted file mode 100644 index f9a48de..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -${Vars.Set.Hostname} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl deleted file mode 100644 index 2128aa2..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl +++ /dev/null @@ -1,28 +0,0 @@ -#!/sbin/openrc-run - -name=$RC_SVCNAME -command="/usr/local/bin/$RC_SVCNAME" -command_user="$RC_SVCNAME" -pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" -start_stop_daemon_args="--start -b" -command_args="$command_args" -command_background="yes" - -depend() { - need net -} - -start_pre() { - checkpath --directory --owner $command_user:$command_user --mode 0775 \ - /run/$RC_SVCNAME /var/log/$RC_SVCNAME - if [ ! -f "/etc/matchbox/server.crt" ]; then - cd /root/tls - export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}" - ./cert-gen - mkdir -p /etc/matchbox - cp ca.crt server.crt server.key /etc/matchbox - chown -R matchbox:matchbox /etc/matchbox - mkdir -p /root/.matchbox - cp client.crt client.key ca.crt /root/.matchbox/ - fi -} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl deleted file mode 100644 index ab21faa..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl +++ /dev/null @@ -1,9 +0,0 @@ - -%{ for iface in Vars.NIC } -auto ${iface.Name} - -iface ${iface.Name} inet static - address ${iface.IP} - netmask ${iface.Mask} - gateway ${iface.Gateway} -%{ endfor ~} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl deleted file mode 100644 index 9a677a5..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl +++ /dev/null @@ -1,4 +0,0 @@ - -%{ for dns in Vars.DNS } -nameserver ${dns} -%{ endfor ~} \ No newline at end of file diff --git a/recipes/debian/templates/one/image/common.tpl b/recipes/debian/templates/one/image/common.tpl deleted file mode 100644 index d422fb1..0000000 --- a/recipes/debian/templates/one/image/common.tpl +++ /dev/null @@ -1,7 +0,0 @@ -NAME = <%= image_name %> -PATH = <%= image_source %> -TYPE = OS -PERSISTENT = No -DESCRIPTION = "<%= image_comment %>" -DEV_PREFIX = vd -FORMAT = qcow2 \ No newline at end of file diff --git a/recipes/debian/templates/one/service/kubernetes-cluster.json b/recipes/debian/templates/one/service/kubernetes-cluster.json deleted file mode 100644 index 635b8d2..0000000 --- a/recipes/debian/templates/one/service/kubernetes-cluster.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "<%= template_name %>", - "deployment": "straight", - "description": "Cluster Kubernetes (k8s)", - "roles": [ - { - "name": "leader", - "cardinality": 1, - "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, - "shutdown_action": "terminate", - "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", - "elasticity_policies": [], - "scheduled_policies": [] - }, - { - "name": "master", - "cardinality": 2, - "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, - "shutdown_action": "terminate", - "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", - "elasticity_policies": [], - "scheduled_policies": [] - }, - { - "name": "worker", - "cardinality": 4, - "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, - "shutdown_action": "terminate", - "parents": [ - "leader" - ], - "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", - "elasticity_policies": [], - "scheduled_policies": [] - } - ], - "networks": { - "main": "M|network|Main network| |id:", - "internal": "M|network|Internal network| |id:" - }, - "custom_attrs": { - "KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local", - "INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |", - "LE_EMAIL": "M|text|Email | |" - }, - "shutdown_action": "terminate", - "ready_status_gate": true - } diff --git a/recipes/debian/templates/one/vm/common.xml b/recipes/debian/templates/one/vm/common.xml deleted file mode 100644 index fdb5be4..0000000 --- a/recipes/debian/templates/one/vm/common.xml +++ /dev/null @@ -1,33 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", - TOKEN = "YES" ] -CPU = "0.2" -DESCRIPTION = "Alpine basic image" -DISK = [ - DEV_PREFIX = "vd", - DRIVER = "qcow2", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>" ] -GRAPHICS = [ - KEYMAP = "fr", - LISTEN = "0.0.0.0", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/linux.png" -MEMORY = "512" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -VCPU = "2" diff --git a/recipes/debian/templates/one/vm/k3s.xml b/recipes/debian/templates/one/vm/k3s.xml deleted file mode 100644 index 6c515f2..0000000 --- a/recipes/debian/templates/one/vm/k3s.xml +++ /dev/null @@ -1,32 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", - TOKEN = "YES" ] -CPU = "0.2" -DESCRIPTION = "K3S Ready VM" -DISK = [ - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - KEYMAP = "fr", - LISTEN = "0.0.0.0", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -VCPU = "2" diff --git a/recipes/debian/templates/one/vm/kubeleader.xml b/recipes/debian/templates/one/vm/kubeleader.xml deleted file mode 100644 index c68faa5..0000000 --- a/recipes/debian/templates/one/vm/kubeleader.xml +++ /dev/null @@ -1,35 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SERVER_ROLE = "leader", - TOKEN = "YES", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" -] -CPU = "0.8" -DESCRIPTION = "Kubernetes master or Docker VM (check the name)" -DISK = [ - DEV_PREFIX = "vd", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - LISTEN = "0.0.0.0", - KEYMAP = "fr", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/kubemaster.xml b/recipes/debian/templates/one/vm/kubemaster.xml deleted file mode 100644 index e0fe33d..0000000 --- a/recipes/debian/templates/one/vm/kubemaster.xml +++ /dev/null @@ -1,42 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SERVER_ROLE = "master", - MASTER_ADDR = "$MASTER_ADDR", - MASTER_TOKEN = "$MASTER_TOKEN", - MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", - TOKEN = "YES", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" -] -CPU = "0.8" -DESCRIPTION = "Kubernetes worker VM" -DISK = [ - DEV_PREFIX = "vd", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - LISTEN = "0.0.0.0", - KEYMAP = "fr", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -USER_INPUTS = [ - MASTER_ADDR = "O|text|Master address (for workers only)", - MASTER_TOKEN = "O|text|Master Token (for workers only)", - MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] -VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/kubeworker.xml b/recipes/debian/templates/one/vm/kubeworker.xml deleted file mode 100644 index 9aa3f0a..0000000 --- a/recipes/debian/templates/one/vm/kubeworker.xml +++ /dev/null @@ -1,42 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SERVER_ROLE = "worker", - MASTER_ADDR = "$MASTER_ADDR", - MASTER_TOKEN = "$MASTER_TOKEN", - MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", - TOKEN = "YES", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" -] -CPU = "0.8" -DESCRIPTION = "Kubernetes worker VM" -DISK = [ - DEV_PREFIX = "vd", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - LISTEN = "0.0.0.0", - KEYMAP = "fr", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "4096" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -USER_INPUTS = [ - MASTER_ADDR = "O|text|Master address (for workers only)", - MASTER_TOKEN = "O|text|Master Token (for workers only)", - MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] -VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/matchbox.xml b/recipes/debian/templates/one/vm/matchbox.xml deleted file mode 100644 index 794ab44..0000000 --- a/recipes/debian/templates/one/vm/matchbox.xml +++ /dev/null @@ -1,47 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - MATCHBOX_URL = "http://$NAME", - NETWORK = "YES", - PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION", - PXE_DHCPMODE = "$ADHCPMODE", - PXE_DNSDOMAIN = "$BDNSDOMAIN", - PXE_DHCPRANGESTART = "$CDHCPRANGESTART", - PXE_DHCPRANGEEND = "$DDHCPRANGEEND", - PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION", - MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", - TOKEN = "YES" ] -CPU = "0.2" -DESCRIPTION = "Matchbox Ready VM" -DISK = [ - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - KEYMAP = "fr", - LISTEN = "0.0.0.0", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -USER_INPUTS = [ - ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy", - BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)", - CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP", - DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP", - EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h", - FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ] -VCPU = "2" diff --git a/recipes/debian/variables.pkr.hcl b/recipes/debian/variables.pkr.hcl index 20d31cd..5ff3219 100644 --- a/recipes/debian/variables.pkr.hcl +++ b/recipes/debian/variables.pkr.hcl @@ -5,17 +5,17 @@ variable "name" { variable "version" { type = string - default = "11" + default = "12.2.0" } variable "short_version" { type = string - default = "11" + default = "12" } variable "arch" { type = string - default = "amd6464" + default = "amd64" } variable "output_dir" { @@ -25,12 +25,12 @@ variable "output_dir" { variable "source_url" { type = string - default = "https://cdimage.debian.org/cdimage/release" + default = "https://cdimage.debian.org/cdimage/release/12.2.0" } variable "iso_cd_checksum" { type = string - default = "sha256:9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741" + default = "file:https://cdimage.debian.org/cdimage/release/12.2.0/amd64/iso-cd/SHA256SUMS" } variable "image_version" { diff --git a/recipes/debian/variables.quid.pkr.hcl b/recipes/debian/variables.quid.pkr.hcl new file mode 100644 index 0000000..ca629a5 --- /dev/null +++ b/recipes/debian/variables.quid.pkr.hcl @@ -0,0 +1,6 @@ + +variable "quid_ansible_vault_passphrase" { + type = string + default = env("QUID_ANSIBLE_VAULT_PASSPHRASE") + sensitive = true +} \ No newline at end of file