feat(quid): debian 12 based quid image
This commit is contained in:
parent
c7bb64c671
commit
4b9a4b6e8a
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
/output
|
||||||
|
/packer-manifest.json
|
3
.vscode/settings.json
vendored
Normal file
3
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
"ansible.python.interpreterPath": "/bin/python"
|
||||||
|
}
|
6
build
6
build
@ -1,5 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eo pipefail
|
||||||
|
|
||||||
# Simple build wrapper
|
# Simple build wrapper
|
||||||
|
|
||||||
ACTION=${1}
|
ACTION=${1}
|
||||||
@ -25,8 +27,8 @@ initPacker() {
|
|||||||
# First the "base" image then the provisionned ones
|
# First the "base" image then the provisionned ones
|
||||||
#
|
#
|
||||||
run() {
|
run() {
|
||||||
${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/."
|
# ${PACKER} build ${PACKER_OPTS} -on-error=abort -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.*.${OS}" "${RCP_DIR}/${OS}/."
|
||||||
${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/."
|
${PACKER} build ${PACKER_OPTS} -on-error=abort -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.*.${OS}" "${RCP_DIR}/${OS}/."
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
name = "debian"
|
|
||||||
version = "11"
|
|
||||||
short_version = "11"
|
|
||||||
code_name = "bullseye"
|
|
||||||
arch = "amd64"
|
|
||||||
source_url = "https://cloud.debian.org/images/cloud/bullseye/latest"
|
|
||||||
iso_cd_checksum = "9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741"
|
|
||||||
image_dir_name= "latest"
|
|
||||||
boot_command = [ "<enter>" ]
|
|
||||||
# "<enter>",
|
|
||||||
# "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter>",
|
|
||||||
# "<wait>",
|
|
||||||
# "<wait1s>mkdir -p .ssh<enter>",
|
|
||||||
# "<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys<enter><wait1s>",
|
|
||||||
# "<wait1s>chmod 600 .ssh/authorized_keys<enter>",
|
|
||||||
#]
|
|
7
recipes/debian/12.pkrvars.hcl
Normal file
7
recipes/debian/12.pkrvars.hcl
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
name = "debian"
|
||||||
|
version = "12.2.0"
|
||||||
|
short_version = "12"
|
||||||
|
code_name = "bookworm"
|
||||||
|
arch = "amd64"
|
||||||
|
source_url = "https://cdimage.debian.org/cdimage/release/12.2.0"
|
||||||
|
image_dir_name= "latest"
|
@ -1,7 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
Globals = {
|
Globals = {
|
||||||
Vars = {
|
Vars = {}
|
||||||
PrometheusPort = "9090"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -10,24 +10,10 @@ locals {
|
|||||||
dirs = local.locations
|
dirs = local.locations
|
||||||
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
|
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
|
||||||
output_name = "${var.name}"
|
output_name = "${var.name}"
|
||||||
source_checksum_url = "file:${var.source_url}/SHA512SUMS"
|
source_iso = "${var.source_url}/${var.arch}/iso-cd/debian-${var.version}-${var.arch}-netinst.iso"
|
||||||
source_iso = "${var.source_url}/debian-${var.version}-generic-${var.arch}.qcow2"
|
iso_cd_checksum = "file:${var.source_url}/${var.arch}/iso-cd/SHA256SUMS"
|
||||||
source_checksum = "${var.iso_cd_checksum}"
|
|
||||||
ssh_user = "root"
|
ssh_user = "root"
|
||||||
ssh_password = "PbkRc1vup7Wq5n4r"
|
ssh_password = "toor"
|
||||||
disk_size = 8000
|
disk_size = 8000
|
||||||
memory = 512
|
memory = 512
|
||||||
instance_data = {
|
|
||||||
"instance-id": "${var.name}"
|
|
||||||
}
|
|
||||||
installOpts = {
|
|
||||||
hostname = var.name
|
|
||||||
user = "eole"
|
|
||||||
disk_device = "/dev/vda"
|
|
||||||
}
|
|
||||||
installOptsVMWare = {
|
|
||||||
hostname = var.name
|
|
||||||
user = "eole"
|
|
||||||
disk_device = "/dev/sda"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -7,38 +7,20 @@ EOF
|
|||||||
|
|
||||||
source "vmware-iso.debian" {
|
source "vmware-iso.debian" {
|
||||||
output_directory = "${var.output_dir}/${var.version}/base"
|
output_directory = "${var.output_dir}/${var.version}/base"
|
||||||
vm_name = "${local.output_name}-${var.version}.img"
|
vm_name = "${local.output_name}-${var.version}"
|
||||||
disk_size = 10240
|
disk_size = 10240
|
||||||
iso_url = "${local.source_iso}"
|
iso_url = "${local.source_iso}"
|
||||||
iso_checksum = "${var.iso_cd_checksum}"
|
iso_checksum = "${var.iso_cd_checksum}"
|
||||||
|
guest_os_type = "ubuntu-64"
|
||||||
http_content = {
|
http_content = {
|
||||||
"/ssh-packer-pub.key" = data.sshkey.install.public_key
|
"/ssh-packer-pub.key" = data.sshkey.install.public_key
|
||||||
"/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare)
|
"/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local })
|
||||||
}
|
}
|
||||||
boot_command = var.boot_command
|
boot_command = [
|
||||||
cd_label = "cidata"
|
"<esc><wait>",
|
||||||
}
|
"auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter><wait10s>",
|
||||||
|
"<enter>"
|
||||||
source "qemu.debian" {
|
]
|
||||||
output_directory = "${var.output_dir}/${var.version}/base"
|
|
||||||
vm_name = "${local.output_name}-${var.version}.img"
|
|
||||||
iso_url = "${local.source_iso}"
|
|
||||||
iso_checksum = "${var.iso_cd_checksum}"
|
|
||||||
disk_image = true
|
|
||||||
disk_size = 10240
|
|
||||||
cd_content = {
|
|
||||||
"meta-data" = jsonencode(local.instance_data)
|
|
||||||
"user-data" = templatefile("${path.cwd}/recipes/debian/templates/conf/cloud-init/user-data",
|
|
||||||
{ user = local.ssh_user,
|
|
||||||
password = local.ssh_password,
|
|
||||||
runcmd = var.cloud_init_runcmd })
|
|
||||||
}
|
|
||||||
#http_content = {
|
|
||||||
# "/ssh-packer-pub.key" = data.sshkey.install.public_key
|
|
||||||
# "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts)
|
|
||||||
#}
|
|
||||||
cd_label = "cidata"
|
|
||||||
boot_command = var.boot_command
|
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "shell" {
|
provisioner "shell" {
|
||||||
@ -49,7 +31,6 @@ EOF
|
|||||||
script = "${local.locations.provisionning}/letsencrypt.sh"
|
script = "${local.locations.provisionning}/letsencrypt.sh"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
post-processor "shell-local" {
|
post-processor "shell-local" {
|
||||||
inline = [
|
inline = [
|
||||||
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}",
|
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}",
|
||||||
|
@ -12,6 +12,10 @@ packer {
|
|||||||
source = "github.com/hashicorp/qemu"
|
source = "github.com/hashicorp/qemu"
|
||||||
version = "~> 1"
|
version = "~> 1"
|
||||||
}
|
}
|
||||||
|
ansible = {
|
||||||
|
version = "~> 1"
|
||||||
|
source = "github.com/hashicorp/ansible"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,64 +0,0 @@
|
|||||||
#!/sbin/openrc-run
|
|
||||||
|
|
||||||
: ${SUBCFGDIR:=/srv}
|
|
||||||
DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"}
|
|
||||||
|
|
||||||
SUBSVC="${SVCNAME#*.}"
|
|
||||||
[ -z "${SUBSVC}" ] && exit 1
|
|
||||||
: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"}
|
|
||||||
DOCOCMD="/usr/bin/docker-compose"
|
|
||||||
export COMPOSE_HTTP_TIMEOUT=300
|
|
||||||
|
|
||||||
description="Manage docker services defined in ${SUBCFG}"
|
|
||||||
extra_commands="configtest build"
|
|
||||||
description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\""
|
|
||||||
description_build="Run \"docker-compose -f ${SUBCFG} build\""
|
|
||||||
|
|
||||||
depend() {
|
|
||||||
need localmount net docker
|
|
||||||
use dns
|
|
||||||
after docker
|
|
||||||
}
|
|
||||||
|
|
||||||
configtest() {
|
|
||||||
if ! [ -f "${SUBCFG}" ]; then
|
|
||||||
eerror "The config file ${SUBCFG} does not exist!"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then
|
|
||||||
einfo "config: ok"
|
|
||||||
else
|
|
||||||
eerror "config: error"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
build() {
|
|
||||||
configtest || return 1
|
|
||||||
ebegin "Building dockerservice ${SUBSVC}"
|
|
||||||
"${DOCOCMD}" -f "${SUBCFG}" build
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
start() {
|
|
||||||
configtest || return 1
|
|
||||||
ebegin "Starting dockerservice ${SUBSVC}"
|
|
||||||
sleep 5
|
|
||||||
"${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS}
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
stop() {
|
|
||||||
ebegin "Stopping dockerservice ${SUBSVC}"
|
|
||||||
"${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300
|
|
||||||
eend $?
|
|
||||||
}
|
|
||||||
|
|
||||||
status() {
|
|
||||||
if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then
|
|
||||||
einfo "status: started"
|
|
||||||
else
|
|
||||||
einfo "status: stopped"
|
|
||||||
return 3
|
|
||||||
fi
|
|
||||||
}
|
|
@ -1,181 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
|
||||||
LOG_FILE="/var/log/initkubernets.log"
|
|
||||||
FIRST_BOOT="/var/run/firstboot.flag"
|
|
||||||
|
|
||||||
infoLog() {
|
|
||||||
echo "Info: $@" | tee -a ${LOG_FILE}
|
|
||||||
}
|
|
||||||
|
|
||||||
errorLog() {
|
|
||||||
echo "Error: $@" | tee -a ${LOG_FILE}
|
|
||||||
}
|
|
||||||
|
|
||||||
waitReadyState() {
|
|
||||||
local vmID="${1}"
|
|
||||||
local timeout="${2}"
|
|
||||||
|
|
||||||
local tick=0
|
|
||||||
while true ;do
|
|
||||||
local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY")
|
|
||||||
if [ "${ready}" = "YES" ];then
|
|
||||||
return 0
|
|
||||||
elif [ "${timeout}" -eq "${tick}" ];then
|
|
||||||
return ${timeout}
|
|
||||||
else
|
|
||||||
sleep 1
|
|
||||||
tick=$((tick+1))
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
returnToken() {
|
|
||||||
infoLog "Returning tokens"
|
|
||||||
local caSecretKey="${1}"
|
|
||||||
local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1)
|
|
||||||
local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}')
|
|
||||||
local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf)
|
|
||||||
|
|
||||||
if [ -n "${ONEGATE_ENDPOINT}" ];then
|
|
||||||
infoLog "Onegate detected"
|
|
||||||
data="READY=YES"
|
|
||||||
data="${data} MASTER_ADDR=${masterAddr}"
|
|
||||||
data="${data} MASTER_TOKEN=${kubeToken}"
|
|
||||||
data="${data} MASTER_CA_TOKEN=sha256:${caToken}"
|
|
||||||
data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}"
|
|
||||||
onegate vm update --data "${data}"
|
|
||||||
infoLog "Onegate data seted"
|
|
||||||
else
|
|
||||||
infoLog "Onegate is not present"
|
|
||||||
echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token
|
|
||||||
infoLog "Tokens are available at /root/kube.token"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
joinCluster() {
|
|
||||||
local master="${MASTER_ADDR}"
|
|
||||||
local token="${MASTER_TOKEN}"
|
|
||||||
local caToken="${MASTER_CA_TOKEN}"
|
|
||||||
local caSecretKey="${MASTER_CA_SECRET_KEY}"
|
|
||||||
local sname="${SERVICE_NAME}"
|
|
||||||
|
|
||||||
if [ -n "${ONEGATE_ENDPOINT}" ];then
|
|
||||||
local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id')
|
|
||||||
if [ "${?}" -eq 0 ]; then
|
|
||||||
waitReadyState ${masterID} 600
|
|
||||||
if [ "${?}" -ne 0 ];then
|
|
||||||
errorLog "Master node is node ready after 600s"
|
|
||||||
return 3
|
|
||||||
fi
|
|
||||||
local masterInfo=$(onegate vm show ${masterID} --json | \
|
|
||||||
jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP")
|
|
||||||
master=$(echo ${masterInfo} | cut -d " " -f 1)
|
|
||||||
token=$(echo ${masterInfo} | cut -d " " -f 2)
|
|
||||||
caToken=$(echo ${masterInfo} | cut -d " " -f 3)
|
|
||||||
caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4)
|
|
||||||
masterIP=$(echo ${masterInfo} | cut -d " " -f 5)
|
|
||||||
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Setting dns resolution for cluster
|
|
||||||
echo "${masterIP} ${sname}" >> /etc/hosts
|
|
||||||
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
|
|
||||||
fi
|
|
||||||
if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then
|
|
||||||
opts="--node-name $(hostname -f)"
|
|
||||||
opts="${opts} --token ${token}"
|
|
||||||
opts="${opts} --discovery-token-ca-cert-hash ${caToken}"
|
|
||||||
if [ -n "${1}" ];then
|
|
||||||
opts="${opts} --control-plane"
|
|
||||||
opts="${opts} --certificate-key ${caSecretKey}"
|
|
||||||
fi
|
|
||||||
opts="${opts} ${master}"
|
|
||||||
|
|
||||||
kubeadm join ${opts} | tee -a "${LOG_FILE}"
|
|
||||||
else
|
|
||||||
errorLog "Something is missing, can't join the cluster:"
|
|
||||||
errorLog " Master addr: [${master}]"
|
|
||||||
errorLog " Master token: [${token}]"
|
|
||||||
errorLog " Master CA token: [${caToken}]"
|
|
||||||
return 3
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
getServiceName() {
|
|
||||||
local sname=$(onegate service show --json | jq -cr ".SERVICE.name")
|
|
||||||
local tmout=30
|
|
||||||
local tick=0
|
|
||||||
while true ;do
|
|
||||||
if [ -z "${sname}" ];then
|
|
||||||
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
|
|
||||||
else
|
|
||||||
echo ${sname}
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
sleep 1
|
|
||||||
tick=$((tick+1))
|
|
||||||
if [ ${tmout} -eq ${tick} ];then
|
|
||||||
hostname -f
|
|
||||||
return 3
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
initLeader() {
|
|
||||||
sname="$(hostname -f)"
|
|
||||||
|
|
||||||
if [ -n "${ONEGATE_ENDPOINT}" ];then
|
|
||||||
sname=$(getServiceName)
|
|
||||||
sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP")
|
|
||||||
echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts
|
|
||||||
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
|
|
||||||
fi
|
|
||||||
|
|
||||||
caSecretKey=$(date | sha256sum | awk '{print $1}')
|
|
||||||
|
|
||||||
infoLog "Kubernetes init started"
|
|
||||||
kubeadm init --pod-network-cidr=10.244.0.0/16 \
|
|
||||||
--node-name="${SET_HOSTNAME}" \
|
|
||||||
--control-plane-endpoint "${sname}:6443" \
|
|
||||||
--upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}"
|
|
||||||
infoLog "Kubernetes init ended"
|
|
||||||
|
|
||||||
infoLog "Configuring kubectl"
|
|
||||||
mkdir /root/.kube
|
|
||||||
ln -s /etc/kubernetes/admin.conf /root/.kube/config
|
|
||||||
infoLog "kubectl configured"
|
|
||||||
|
|
||||||
infoLog "Installing cilium"
|
|
||||||
sleep 20
|
|
||||||
kubectl config view --minify -o jsonpath='{.clusters[].name}'
|
|
||||||
sleep 20
|
|
||||||
cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}"
|
|
||||||
infoLog "Cilium is installed"
|
|
||||||
|
|
||||||
returnToken "${caSecretKey}"
|
|
||||||
}
|
|
||||||
|
|
||||||
initKube() {
|
|
||||||
if [ "${SERVER_ROLE}" == "leader" ];then
|
|
||||||
initLeader
|
|
||||||
elif [ "${SERVER_ROLE}" == "worker" ];then
|
|
||||||
joinCluster
|
|
||||||
elif [ "${SERVER_ROLE}" == "master" ];then
|
|
||||||
joinCluster "${SERVER_ROLE}"
|
|
||||||
fi
|
|
||||||
touch ${FIRST_BOOT}
|
|
||||||
infoLog "Kubernetes cluster init is finished"
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ -f "${ENV_FILE}" ]; then
|
|
||||||
. "${ENV_FILE}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "${FIRST_BOOT}" ];then
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
uuidgen > /etc/machine-id
|
|
||||||
swapoff -a # Make sure swap is disabled
|
|
||||||
initKube &
|
|
||||||
fi
|
|
@ -1,3 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
mount --make-rshared /
|
|
@ -1,25 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
FL_VERSIONS="current 3374.2.0"
|
|
||||||
MATCHBOX_DIR="/var/lib/matchbox"
|
|
||||||
ASSETS_DIR="${MATCHBOX_DIR}/assets/"
|
|
||||||
|
|
||||||
GPG_FNAME="Flatcar_Image_Signing_Key.asc"
|
|
||||||
GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/"
|
|
||||||
|
|
||||||
cd /tmp
|
|
||||||
curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME}
|
|
||||||
gpg --import --keyid-format LONG ${GPG_FNAME}
|
|
||||||
cd -
|
|
||||||
|
|
||||||
echo "Provisionning matchbox with flatcar images"
|
|
||||||
tout=30
|
|
||||||
for version in ${FL_VERSIONS}; do
|
|
||||||
for i in $(seq 1 ${tout});do
|
|
||||||
echo " * ${FL_VERSIONS} stable image (try ${i})"
|
|
||||||
/usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR}
|
|
||||||
if [[ "${?}" -eq 0 ]]; then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
done
|
|
@ -1,10 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
dest="${1}"
|
|
||||||
|
|
||||||
ipxeEFISource="http://boot.ipxe.org/ipxe.efi"
|
|
||||||
kpxeSource="http://boot.ipxe.org/undionly.kpxe"
|
|
||||||
|
|
||||||
cd "${dest}"
|
|
||||||
wget "${ipxeEFISource}"
|
|
||||||
wget "${kpxeSource}"
|
|
@ -1 +0,0 @@
|
|||||||
harbor
|
|
@ -1 +0,0 @@
|
|||||||
matchbox
|
|
@ -1,13 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
CONF="/etc/conf.d/jenkins-slave"
|
|
||||||
if [ -e "/etc/jenkins-slave.conf" ]; then
|
|
||||||
CONF="/etc/jenkins-slave.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }')
|
|
||||||
sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}"
|
|
||||||
sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}"
|
|
||||||
sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}"
|
|
||||||
sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}"
|
|
||||||
sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}"
|
|
@ -1,31 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
|
||||||
|
|
||||||
# $TOKENTXT is available only through the env. file
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
if [ -f "${ENV_FILE}" ]; then
|
|
||||||
. "${ENV_FILE}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
###
|
|
||||||
|
|
||||||
if [ -n "${GITLAB_URL}" ]; then
|
|
||||||
if command -v gitlab-runner; then
|
|
||||||
if [ -n "${GITLAB_SHELL}" ]; then
|
|
||||||
opts="--shell=${GITLAB_SHELL}"
|
|
||||||
fi
|
|
||||||
# shellcheck disable=SC2086
|
|
||||||
gitlab-runner register \
|
|
||||||
--non-interactive \
|
|
||||||
--url="${GITLAB_URL}" \
|
|
||||||
--registration-token="${GITLAB_TOKEN}" \
|
|
||||||
--executor="${GITLAB_EXECUTOR}" \
|
|
||||||
--description="${GITLAB_RUNNER_NAME}" \
|
|
||||||
--tag-list="${GITLAB_TAG_LIST}" \
|
|
||||||
--locked=false \
|
|
||||||
--access-level=not_protected \
|
|
||||||
--run-untagged=false \
|
|
||||||
"${opts}"
|
|
||||||
fi
|
|
||||||
fi
|
|
@ -1,21 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
|
||||||
|
|
||||||
# $TOKENTXT is available only through the env. file
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
if [ -f "${ENV_FILE}" ]; then
|
|
||||||
. "${ENV_FILE}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
###
|
|
||||||
|
|
||||||
if [ -n "${K3S_ROLE}" ]; then
|
|
||||||
if [ "${K3S_ROLE}" = "server" ]; then
|
|
||||||
rc-update add dnsmasq default
|
|
||||||
service dnsmasq start
|
|
||||||
|
|
||||||
rc-update add k3s default
|
|
||||||
service k3s start
|
|
||||||
fi
|
|
||||||
fi
|
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
echo "${1}" >/etc/hostname
|
echo "${1}" >/etc/hostname
|
||||||
|
|
@ -37,10 +37,14 @@ d-i finish-install/reboot_in_progress note
|
|||||||
# Bootloader options
|
# Bootloader options
|
||||||
d-i grub-installer/only_debian boolean true
|
d-i grub-installer/only_debian boolean true
|
||||||
d-i grub-installer/with_other_os boolean true
|
d-i grub-installer/with_other_os boolean true
|
||||||
d-i grub-installer/bootdev string /dev/vda
|
d-i grub-installer/bootdev string /dev/sda
|
||||||
|
|
||||||
# Set the keyboard layout
|
# Set the keyboard layout
|
||||||
|
d-i console-setup/ask_detect boolean false
|
||||||
|
d-i keyboard-configuration/variant select France
|
||||||
d-i keyboard-configuration/xkb-keymap select fr
|
d-i keyboard-configuration/xkb-keymap select fr
|
||||||
|
d-i console-keymaps-at/keymap select fr-latin9
|
||||||
|
d-i debian-installer/keymap string fr-latin9
|
||||||
|
|
||||||
# Mirror from which packages will be downloaded
|
# Mirror from which packages will be downloaded
|
||||||
d-i mirror/country string manual
|
d-i mirror/country string manual
|
||||||
@ -65,15 +69,19 @@ d-i partman/confirm_write_new_label boolean true
|
|||||||
|
|
||||||
# User configuration
|
# User configuration
|
||||||
d-i passwd/root-login boolean true
|
d-i passwd/root-login boolean true
|
||||||
d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
|
d-i passwd/root-password password ${local.ssh_password}
|
||||||
|
d-i passwd/root-password-again password ${local.ssh_password}
|
||||||
d-i passwd/user-fullname string packer
|
d-i passwd/user-fullname string packer
|
||||||
d-i passwd/user-uid string 1000
|
d-i passwd/user-uid string 1000
|
||||||
d-i passwd/username string packer
|
d-i passwd/username string packer
|
||||||
d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
|
d-i passwd/user-password password ${local.ssh_password}
|
||||||
|
d-i passwd/user-password-again password ${local.ssh_password}
|
||||||
|
|
||||||
# Extra packages to be installed
|
# Extra packages to be installed
|
||||||
d-i pkgsel/include string sudo
|
d-i pkgsel/include string sudo
|
||||||
d-i pkgsel/include string openssh-server build-essential
|
d-i pkgsel/include string openssh-server
|
||||||
|
d-i pkgsel/include string wget
|
||||||
|
d-i pkgsel/include string cloud-init
|
||||||
|
|
||||||
d-i pkgsel/install-language-support boolean false
|
d-i pkgsel/install-language-support boolean false
|
||||||
d-i pkgsel/update-policy select none
|
d-i pkgsel/update-policy select none
|
||||||
@ -102,6 +110,6 @@ popularity-contest popularity-contest/participate boolean false
|
|||||||
# Select base install
|
# Select base install
|
||||||
tasksel tasksel/first multiselect standard, ssh-server
|
tasksel tasksel/first multiselect standard, ssh-server
|
||||||
|
|
||||||
# Setup passwordless sudo for packer user
|
d-i preseed/late_command string in-target mkdir -p /root/.ssh; \
|
||||||
d-i preseed/late_command string \
|
in-target /bin/sh -c "echo '${data.sshkey.install.public_key}' >> /root/.ssh/authorized_keys"; \
|
||||||
echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer
|
in-target chown -R root:root /root/.ssh/
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
set -eo pipefail
|
set -eo pipefail
|
||||||
|
|
||||||
@ -20,7 +20,7 @@ for cert in $CERTS; do
|
|||||||
echo "Downloading '$cert'..."
|
echo "Downloading '$cert'..."
|
||||||
filename=$(basename "$cert")
|
filename=$(basename "$cert")
|
||||||
wget --tries=10 --timeout=30 -O "$filename" "$cert"
|
wget --tries=10 --timeout=30 -O "$filename" "$cert"
|
||||||
#openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
||||||
done
|
done
|
||||||
|
|
||||||
$UPDATE_CERTS_CMD
|
$UPDATE_CERTS_CMD
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
@ -1,21 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
|
||||||
|
|
||||||
# $TOKENTXT is available only through the env. file
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
if [ -f "${ENV_FILE}" ]; then
|
|
||||||
. "${ENV_FILE}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
###
|
|
||||||
|
|
||||||
if [ -n "${K3S_ROLE}" ]; then
|
|
||||||
if [ "${K3S_ROLE}" = "server" ]; then
|
|
||||||
rc-update add dnsmasq default
|
|
||||||
service dnsmasq start
|
|
||||||
|
|
||||||
rc-update add k3s default
|
|
||||||
service k3s start
|
|
||||||
fi
|
|
||||||
fi
|
|
2
recipes/debian/provisionning/quid/.gitignore
vendored
Normal file
2
recipes/debian/provisionning/quid/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
/quid-ansible
|
||||||
|
/.ansible_vault_passphrase
|
141
recipes/debian/provisionning/quid/ansible-vars.yml
Normal file
141
recipes/debian/provisionning/quid/ansible-vars.yml
Normal file
@ -0,0 +1,141 @@
|
|||||||
|
---
|
||||||
|
quid_ansible_repo_private_key: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
38336638386137306630663064323930363136373637323739393638663839373836316432636166
|
||||||
|
6564316233353439353437613138636536663738313034350a663765643630383131353462386434
|
||||||
|
63346530663831373766616439323034376436663633663436666265373333363431363832643632
|
||||||
|
3530386534343935610a666430346539303730333763353230646137363764666663366164336631
|
||||||
|
35323435313061633661366432313737653533623033353861386132663066316532623537326564
|
||||||
|
30626432316235623532633665663464316536363037363534656336386136363530633266373736
|
||||||
|
32613434346662633230363065393539613661636434623035333861323932333031346662336263
|
||||||
|
31363834383364383930666435626438333536383434353439623438346262373639636264376438
|
||||||
|
32343739383561663461623635643565326436353936313539643933343231383436653636313362
|
||||||
|
62373530363632666165613332623361663861656333336638366131646537376433636632656333
|
||||||
|
33363936313838623939656562333533656530373131643539613238323530656532376637663365
|
||||||
|
36316363633234633832663437313865626664663436386163636332646365373661643561363564
|
||||||
|
61363762333538636262306438353662363639346439363037623838303734646432386434373930
|
||||||
|
30656236303130343063393966396236366564643764313836363062383032353537633130323565
|
||||||
|
31346333613636616532303365666434366631323538383933343965633332323361386663396236
|
||||||
|
64393137656538386666623336363539613238386430663836343733343733626564323564613734
|
||||||
|
36376332623561613461313934386637353065396238643763666165333931323236313037643531
|
||||||
|
35323733303530623334653563386434383837333331396438613434636661383136356162323737
|
||||||
|
64333162393264626537373239653133623637353463616564396539653132336266396165346234
|
||||||
|
30333561626332303339303963666366353639333764336430363838666261333261393633353938
|
||||||
|
38326132333134363437633633623130303464626434356339303533366563326539626530613134
|
||||||
|
64633262326164336438656361633864316565393166323631383361343932663439353966613066
|
||||||
|
66666432346364353539363832666163663533616636363635636539363531333663613665383933
|
||||||
|
38326464343635386166373030386130366261633233356635336531336364343766323963616162
|
||||||
|
63313434613637376235333562313731633434663363313534363535303663353239346433636532
|
||||||
|
65343939366335396466366638333037636462616330643363646631353135333338373462323930
|
||||||
|
32396436653036653838623235386333353164323335613161306637306232336430633136383064
|
||||||
|
34656564346138333461353430613237633135306461366165346432353732626236313530636337
|
||||||
|
32653134353866373739343936363231613437313135383564316634366263393966376239313766
|
||||||
|
33366137383636383563303331393036313766356139323436353762633961626234326334333361
|
||||||
|
61346665646663336531666332323966363936633764336664636465326534323035666364346665
|
||||||
|
33316262316331353066623237323931363932623662656234613432643237353864346436633837
|
||||||
|
34376266653334653339396161646266396165316463353433636235656530643364656637346465
|
||||||
|
31656636383935343032316334336434333033386135343835303232366231343166313032356139
|
||||||
|
38353764336665636139333261656130396636626566656666303933663665353063616636663732
|
||||||
|
33343030363134646364313338323330353064313562376437313138356664633636613330616533
|
||||||
|
36643766643439393534353932346162303363663536656661656666653533643533633137646665
|
||||||
|
33653430346563343961393566333266666338373466623938356537396637646265656161653863
|
||||||
|
33326235636235653663656363323661636135333463313537326533346366623562373635646337
|
||||||
|
32316361346538613935383533323236623763366164356638643365633331383166663233376564
|
||||||
|
64343539323231373335363662633461376338643537393665306437313762326630643561313362
|
||||||
|
33363635666534616433303137366362616335306633353831636238323631613665643938336562
|
||||||
|
36353939326236656164653932626239373831356535666664393835663730643062386266336136
|
||||||
|
38653437613336373030396138346465363963666536343439313738326264646531663166386165
|
||||||
|
36653539636632663664636564343834313264356537343230613634386463316333623538653537
|
||||||
|
37373233343834356534346535313832623838663131666133373866376434353438336564323931
|
||||||
|
38633737343762646134346536346133303936616637366134646461376663636336333062326530
|
||||||
|
31313565363439626333323766366462636133613130353033623337323566643364316237333035
|
||||||
|
30323633633532666162376330653861363430363636323962646137366638323464313330336663
|
||||||
|
31373666613566353739663864356566383164616264666230626439316366616662393234343031
|
||||||
|
65363039626239393062373338366533646530333038303966336238386663366335633830303336
|
||||||
|
62363063333833646534376565653431663431663735653832333466353166653562613738386433
|
||||||
|
34336230636566653463383335343738333036613963373435383465656336376266386334613036
|
||||||
|
31346264613134323736633938646564666238333530396562376636333130653962363161613235
|
||||||
|
37633538623966373561316662373862353138323963343534333962393038643036633434316666
|
||||||
|
36376231313036356565316665366330653632653032386536356635633035396633613835353931
|
||||||
|
37363465613636306161613639653933333763366336623830623237313665343466303862306336
|
||||||
|
61643437346133336231383166303038336362646466303338396637386162336262343634613565
|
||||||
|
37663938316330386436353233666662353930363531326531626632343033616235393930633538
|
||||||
|
64353538393532346663323065333836313733376362366532373032323239613962303235336439
|
||||||
|
33363562353338366332653765373061316237313630393930636465383533343335636565333532
|
||||||
|
37633933643832616531626135623334396332396536306163376338306230653732313330386432
|
||||||
|
65613864323363333366323634656662333938373466653564633461656335313063623034393631
|
||||||
|
34383836396134363033623433383730633264366238323330653835656362643531373939303732
|
||||||
|
35326534646430623762393432313431623135373030303036316133663038333836353636616632
|
||||||
|
38646163373263616339643835306637303661376339663765663933343333613237643437303738
|
||||||
|
61616230313863326361636338393039396636643130376131643964323165393034346565623961
|
||||||
|
63303739643764383464393066306533326464353938363561346466393530626238623262333665
|
||||||
|
36383065336664643265353536386566333261376636323137656538383834373131643563386132
|
||||||
|
63343766653364663532313761326331346239306535353837363035653135616565656364373131
|
||||||
|
39386462313963366537393133336163373433356532646365666239316662343631373263326366
|
||||||
|
34633963636238383536333933336161343866373337393333353361613537343531353735366134
|
||||||
|
38613036373736386139663831303535636239643032376265623538353833623732333332636364
|
||||||
|
39656365306264616362393836323835616636393861383338313735646430616630626562333532
|
||||||
|
61373539633564386239343938313538616539626533376364353766323237323566386534383530
|
||||||
|
66633261663136646534623134323061633033643935613139343335343632383839303366303039
|
||||||
|
34303230366236623065326137666134663365666365326532626534373931633838383937613131
|
||||||
|
39353962656139323131636664636537316665666639643632336639656564346132356334386262
|
||||||
|
61363437323236616632323531643134333531383030323763343835316433366433353633336332
|
||||||
|
66333666376132626564393639383839626465363362643531323332633334326663623435316534
|
||||||
|
31656633306362663566393439613934353864613562396136313264313535313164613432393765
|
||||||
|
65366138383438383936396165626536623766346165646633626532646165626538373239346531
|
||||||
|
33656135613437323433613066663761663332663734343261646466336266303564653137353566
|
||||||
|
34646237626132303266333464646235313737366265663636633333643031366539636434366333
|
||||||
|
36306434366137666639373964356539653461323631326337323431386534356338656230616335
|
||||||
|
34326435326166656535336561643036303562643738626130313865633737313638626537383365
|
||||||
|
35386434626663323166316233303332636337623763323666646331346161343363636631326535
|
||||||
|
37633736366332343064663030366262653264336565623635303562323732366665666439323263
|
||||||
|
65666362396662373533353462353962343363643038326463646362633637636162623933643065
|
||||||
|
39353766333831343466383664376463613930366565616135326636376132643239323231616436
|
||||||
|
35373034613738383438363131353137396262653261643365373866373165633431363465336165
|
||||||
|
64386333653133316434363966363161323833333761316337663630356638626431613461653233
|
||||||
|
63366436383861643232613833343638316331373230323137386337333636663663393730333133
|
||||||
|
37633163326631313635373263616536373439316634393431373839323361623630653435326362
|
||||||
|
31393665356462653561623232353930326431386536396562333366633535616331373938633733
|
||||||
|
33383363653539366163653435393566333264396163303038386238356361663836346636656366
|
||||||
|
65303832623835313235646464383331396564666134653535626233336566306135333839363634
|
||||||
|
35663634636164646131653736386436313639643633313339363065336437396439353665663832
|
||||||
|
66646363363238643933643939623035613737343236306236623136666332363463363832626232
|
||||||
|
38376565333763313165326234663737653661653438363730376264306163316533613661626232
|
||||||
|
34373761336361633030313136333066313535373337393633623035643130666561313736636137
|
||||||
|
64343030353734323734623137386161343762353633646338396463343132373437383666643139
|
||||||
|
35363532373432643165663533386462323234663831316265613964383632613537333464656638
|
||||||
|
66646166653236663265353136326466643335356563333138326539643265626464616262326438
|
||||||
|
64653439323336623134623735643163646335653761396535383266393365613762613066306530
|
||||||
|
33353938333237663937613862373066633764373961303532323965303436616337336564363564
|
||||||
|
64666664393664376335616133393232633035326638353864623462346661636565303166663939
|
||||||
|
32343434623465343231383266316566646231643036303339363733393665343738363961313066
|
||||||
|
32323734323039656531646231313863343132653431386436323261613036646131396638336331
|
||||||
|
62633436616133353265366532326532653262636331353539336263316131336161653462663036
|
||||||
|
30393435386335646565313436636465623562323539313064663230366266323562383062386166
|
||||||
|
66373063323461323934363138653066613635613063646663333862653166326332646162663536
|
||||||
|
30396437316432356632616239323236636436653036616663353164383936353638306165356135
|
||||||
|
66636665393565373435393864363735323930666133633631303134333263643735643434303238
|
||||||
|
38643038303134313266343833613132616435623539666535316331386461353733326335313766
|
||||||
|
38366637643030323266326139343238393165633136313962313833366134323639326164373464
|
||||||
|
64646335623065636361643038636439346261353637373539653964616463313335313731376231
|
||||||
|
36373936653637323531616137646635383437373862356130346233323261666230313835303863
|
||||||
|
34366433643762633837343162313763643032653131636663306261383265323237643563363965
|
||||||
|
31653632316662343865636133306139666661393761303930356234613637373866356264323564
|
||||||
|
37376163306463633561323635616636343163386134656534376665613030656537623036333966
|
||||||
|
39313535663563656164386564333064323338346130656264393066663838373233336230306534
|
||||||
|
62636433366562333934613264363736376131396437633331663336376336346366303964643163
|
||||||
|
35633430393736366463346236353262393166623232353565326537363730356634383433333364
|
||||||
|
61393934336230633538383531393733666138336436346262386131386565373830313166623032
|
||||||
|
61336366653030383065616438326237396666656264333061623536366332636635316437373265
|
||||||
|
62336133303134646434313435356463336561653333393937363065313763613533633563633836
|
||||||
|
37306337633965623235653261323832653836306230653865353939346136386264653939393563
|
||||||
|
37663138643837313363356236653232613164323630383431303139353164316463326261326563
|
||||||
|
33316565623562633861356631346639383335633364656464623661653536393133663963653233
|
||||||
|
62326334623161653337633833333436626335653534386266666639363136616234643835316635
|
||||||
|
61333339646238623032353561633335336131383630326636313934376462333866383931663231
|
||||||
|
62633836306239383538376365393437643166636665353462346532316664386139323637363263
|
||||||
|
34633832316533306534313261353030363637356463626338373434636435656439656535376630
|
||||||
|
62616336363964376639653061613661366131616230353837326665393230623861343637343238
|
||||||
|
62343037303632373634363862323633653465616261656431663036306633656166646464386134
|
||||||
|
36343539326533313464663463356139633131646463633062366538353064333536306464306434
|
||||||
|
3436613865386465626165323037353239346564373763303338
|
14
recipes/debian/provisionning/quid/update-playbook.sh
Executable file
14
recipes/debian/provisionning/quid/update-playbook.sh
Executable file
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Clone repository if necessary
|
||||||
|
if [ ! -d "${REPO_DEST}" ]; then
|
||||||
|
git clone "${REPO_URL}" "${REPO_DEST}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd "${REPO_DEST}"
|
||||||
|
|
||||||
|
# Update local repository
|
||||||
|
git fetch
|
||||||
|
|
||||||
|
# Checkout repository ref
|
||||||
|
git checkout ${REPO_REF}
|
@ -1 +0,0 @@
|
|||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr
|
|
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr
|
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
|
71
recipes/debian/quid.pkr.hcl
Normal file
71
recipes/debian/quid.pkr.hcl
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
#Flavour base
|
||||||
|
build {
|
||||||
|
name = "quid"
|
||||||
|
description = <<EOF
|
||||||
|
This builder builds a QEMU image from a Debian cloud image.
|
||||||
|
EOF
|
||||||
|
|
||||||
|
source "vmware-iso.debian" {
|
||||||
|
output_directory = "${var.output_dir}/${var.version}/quid"
|
||||||
|
vm_name = "quid-${local.output_name}-${var.version}"
|
||||||
|
disk_size = 10240
|
||||||
|
iso_url = "${local.source_iso}"
|
||||||
|
iso_checksum = "${var.iso_cd_checksum}"
|
||||||
|
guest_os_type = "ubuntu-64"
|
||||||
|
ssh_password = "quid"
|
||||||
|
http_content = {
|
||||||
|
"/ssh-packer-pub.key" = data.sshkey.install.public_key
|
||||||
|
"/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local })
|
||||||
|
}
|
||||||
|
boot_command = [
|
||||||
|
"<esc><wait>",
|
||||||
|
"auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter><wait10s>",
|
||||||
|
"<enter>"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "shell-local" {
|
||||||
|
script = "${local.locations.provisionning}/quid/update-playbook.sh"
|
||||||
|
env = {
|
||||||
|
"REPO_DEST": "${local.locations.provisionning}/quid/quid-ansible",
|
||||||
|
"REPO_URL": "ssh://git@forge.cadoles.com:2222/EFS/quid-ansible.git",
|
||||||
|
"REPO_REF": "master"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "shell" {
|
||||||
|
script = "${local.locations.provisionning}/${var.name}/${var.name}-${var.short_version}-install.sh"
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "shell" {
|
||||||
|
script = "${local.locations.provisionning}/letsencrypt.sh"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Store temporarily ansible vault password in local file
|
||||||
|
provisioner "shell-local" {
|
||||||
|
inline = ["echo '${var.quid_ansible_vault_passphrase}' > '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "ansible" {
|
||||||
|
playbook_file = "${local.locations.provisionning}/quid/quid-ansible/deploy.yml"
|
||||||
|
groups = ["quid_server"]
|
||||||
|
// Manjaro/Arch OpenSSH version compatibility mode
|
||||||
|
// See https://github.com/hashicorp/packer/issues/11783
|
||||||
|
extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--vault-password-file=${local.locations.provisionning}/quid/.ansible_vault_passphrase", "--extra-vars=@${local.locations.provisionning}/quid/ansible-vars.yml" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove ansible vault password file
|
||||||
|
provisioner "shell-local" {
|
||||||
|
inline = ["rm -f '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
|
||||||
|
}
|
||||||
|
|
||||||
|
post-processor "shell-local" {
|
||||||
|
inline = [
|
||||||
|
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
post-processor "manifest" {
|
||||||
|
keep_input_artifact = true
|
||||||
|
}
|
||||||
|
}
|
23
recipes/debian/readme.quid.md
Normal file
23
recipes/debian/readme.quid.md
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Flavor "Quid"
|
||||||
|
|
||||||
|
## Construction de l'image
|
||||||
|
|
||||||
|
1. Récupérer la phrase de passe pour les données chiffrées via `ansible-vault` dans le coffre-fort partagé (Section "Cadoles" -> "Kube").
|
||||||
|
|
||||||
|
2. Lancer la construction de l'image de la machine virtuelle
|
||||||
|
|
||||||
|
```
|
||||||
|
BUILDER="vmware-iso" QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" ./build start debian 12
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration de l'environnement Quid sur la machine virtuelle
|
||||||
|
|
||||||
|
1. Ajouter l'image de la machine sur votre environnement de virtualisation. Les fichiers sont normalement générés dans le répertoire `output/debian/12.2.0/quid`.
|
||||||
|
|
||||||
|
2. Démarrer la machine virtuelle. Le mot de passe par défaut du compte administrateur est `quid`.
|
||||||
|
|
||||||
|
3. Éditer le fichier `/etc/quid-ansible/config.yml` avec les valeurs correspondant à votre environnement de déploiement ([voir les valeurs par défaut](recipes/debian/provisionning/quid/quid-ansible/roles/quid-server/files/quid_ansible_default_config.yml))
|
||||||
|
|
||||||
|
4. Exécuter la commande `apply-config` pour mettre à jour la machine avec les valeurs présentes dans le fichier précédemment édité.
|
||||||
|
|
||||||
|
Pour plus d'informations voir la documentation du projet [`quid-ansible`](https://forge.cadoles.com/EFS/quid-ansible).
|
@ -39,7 +39,7 @@ source "vmware-iso" "debian" {
|
|||||||
memory = "${local.memory}"
|
memory = "${local.memory}"
|
||||||
vnc_bind_address = "0.0.0.0"
|
vnc_bind_address = "0.0.0.0"
|
||||||
|
|
||||||
headless = true
|
headless = false
|
||||||
|
|
||||||
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
|
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
|
||||||
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
|
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
|
||||||
@ -69,10 +69,9 @@ source "vmware-iso" "debian" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
source "vmware-vmx" "debian" {
|
source "vmware-vmx" "debian" {
|
||||||
disk_type_id = 0
|
|
||||||
vnc_bind_address = "0.0.0.0"
|
vnc_bind_address = "0.0.0.0"
|
||||||
|
|
||||||
headless = true
|
headless = false
|
||||||
|
|
||||||
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
|
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
|
||||||
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
|
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
|
||||||
|
@ -1,6 +0,0 @@
|
|||||||
# /etc/conf.d/chronyd
|
|
||||||
CFGFILE="/etc/chrony/chrony.conf"
|
|
||||||
FAST_STARTUP=yes
|
|
||||||
ARGS=""
|
|
||||||
# vrf e.g 'vrf-mgmt'
|
|
||||||
#vrf=""
|
|
@ -1,6 +0,0 @@
|
|||||||
|
|
||||||
# Configuration file of Harbor
|
|
||||||
|
|
||||||
# The IP address or hostname to access admin UI and registry service.
|
|
||||||
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
|
||||||
hostname: ${Vars.RootlessDocker}
|
|
@ -1,3 +0,0 @@
|
|||||||
%{ if Vars.RootlessDocker }
|
|
||||||
docker:231072:65536
|
|
||||||
%{ endif }
|
|
@ -1,265 +0,0 @@
|
|||||||
# Configuration file of Harbor
|
|
||||||
|
|
||||||
# The IP address or hostname to access admin UI and registry service.
|
|
||||||
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
|
||||||
hostname: ${Vars.HarborDomain}
|
|
||||||
|
|
||||||
# http related config
|
|
||||||
http:
|
|
||||||
# port for http, default is 80. If https enabled, this port will redirect to https port
|
|
||||||
port: ${Vars.HarborHTTPPort}
|
|
||||||
|
|
||||||
# https related config
|
|
||||||
https:
|
|
||||||
# https port for harbor, default is 443
|
|
||||||
port: ${Vars.HarborHTTPSPort}
|
|
||||||
# The path of cert and key files for nginx
|
|
||||||
certificate: ${Vars.HarborSSLCert}
|
|
||||||
private_key: ${Vars.HarborSSLPrivKey}
|
|
||||||
|
|
||||||
# # Uncomment following will enable tls communication between all harbor components
|
|
||||||
# internal_tls:
|
|
||||||
# # set enabled to true means internal tls is enabled
|
|
||||||
# enabled: true
|
|
||||||
# # put your cert and key files on dir
|
|
||||||
# dir: /etc/harbor/tls/internal
|
|
||||||
|
|
||||||
# Uncomment external_url if you want to enable external proxy
|
|
||||||
# And when it enabled the hostname will no longer used
|
|
||||||
# external_url: https://reg.mydomain.com:8433
|
|
||||||
|
|
||||||
# The initial password of Harbor admin
|
|
||||||
# It only works in first time to install harbor
|
|
||||||
# Remember Change the admin password from UI after launching Harbor.
|
|
||||||
harbor_admin_password: ${Vars.HarborAdminPassword}
|
|
||||||
|
|
||||||
# Harbor DB configuration
|
|
||||||
database:
|
|
||||||
# The password for the root user of Harbor DB. Change this before any production use.
|
|
||||||
password: ${Vars.HarborDBPassword}
|
|
||||||
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
|
|
||||||
max_idle_conns: 50
|
|
||||||
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
|
|
||||||
# Note: the default number of connections is 100 for postgres.
|
|
||||||
max_open_conns: 200
|
|
||||||
|
|
||||||
# The default data volume
|
|
||||||
data_volume: /srv/harbor/data
|
|
||||||
|
|
||||||
# Harbor Storage settings by default is using /data dir on local filesystem
|
|
||||||
# Uncomment storage_service setting If you want to using external storage
|
|
||||||
# storage_service:
|
|
||||||
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
|
|
||||||
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
|
|
||||||
# ca_bundle:
|
|
||||||
|
|
||||||
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
|
|
||||||
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
|
|
||||||
# filesystem:
|
|
||||||
# maxthreads: 100
|
|
||||||
# # set disable to true when you want to disable registry redirect
|
|
||||||
# redirect:
|
|
||||||
# disabled: false
|
|
||||||
|
|
||||||
# Trivy configuration
|
|
||||||
#
|
|
||||||
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
|
|
||||||
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
|
|
||||||
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
|
|
||||||
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
|
|
||||||
# 12 hours and published as a new release to GitHub.
|
|
||||||
trivy:
|
|
||||||
# ignoreUnfixed The flag to display only fixed vulnerabilities
|
|
||||||
ignore_unfixed: false
|
|
||||||
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
|
|
||||||
#
|
|
||||||
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
|
|
||||||
# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
|
|
||||||
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
|
|
||||||
skip_update: false
|
|
||||||
#
|
|
||||||
# The offline_scan option prevents Trivy from sending API requests to identify dependencies.
|
|
||||||
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
|
|
||||||
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't
|
|
||||||
# exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode.
|
|
||||||
# It would work if all the dependencies are in local.
|
|
||||||
# This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment.
|
|
||||||
offline_scan: false
|
|
||||||
#
|
|
||||||
# insecure The flag to skip verifying registry certificate
|
|
||||||
insecure: false
|
|
||||||
# github_token The GitHub access token to download Trivy DB
|
|
||||||
#
|
|
||||||
# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
|
|
||||||
# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
|
|
||||||
# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
|
|
||||||
# https://developer.github.com/v3/#rate-limiting
|
|
||||||
#
|
|
||||||
# You can create a GitHub token by following the instructions in
|
|
||||||
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
|
|
||||||
#
|
|
||||||
# github_token: xxx
|
|
||||||
|
|
||||||
jobservice:
|
|
||||||
# Maximum number of job workers in job service
|
|
||||||
max_job_workers: 10
|
|
||||||
logger_sweeper_duration: 300
|
|
||||||
|
|
||||||
notification:
|
|
||||||
# Maximum retry count for webhook job
|
|
||||||
webhook_job_max_retry: 10
|
|
||||||
webhook_job_http_client_timeout: 300
|
|
||||||
|
|
||||||
chart:
|
|
||||||
# Change the value of absolute_url to enabled can enable absolute url in chart
|
|
||||||
absolute_url: disabled
|
|
||||||
|
|
||||||
# Log configurations
|
|
||||||
log:
|
|
||||||
# options are debug, info, warning, error, fatal
|
|
||||||
level: info
|
|
||||||
# configs for logs in local storage
|
|
||||||
local:
|
|
||||||
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
|
|
||||||
rotate_count: 50
|
|
||||||
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
|
|
||||||
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
|
|
||||||
# are all valid.
|
|
||||||
rotate_size: 200M
|
|
||||||
# The directory on your host that store log
|
|
||||||
location: /var/log/harbor
|
|
||||||
|
|
||||||
# Uncomment following lines to enable external syslog endpoint.
|
|
||||||
# external_endpoint:
|
|
||||||
# # protocol used to transmit log to external endpoint, options is tcp or udp
|
|
||||||
# protocol: tcp
|
|
||||||
# # The host of external endpoint
|
|
||||||
# host: localhost
|
|
||||||
# # Port of external endpoint
|
|
||||||
# port: 5140
|
|
||||||
|
|
||||||
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
|
|
||||||
_version: 2.6.0
|
|
||||||
|
|
||||||
# Uncomment external_database if using external database.
|
|
||||||
# external_database:
|
|
||||||
# harbor:
|
|
||||||
# host: harbor_db_host
|
|
||||||
# port: harbor_db_port
|
|
||||||
# db_name: harbor_db_name
|
|
||||||
# username: harbor_db_username
|
|
||||||
# password: harbor_db_password
|
|
||||||
# ssl_mode: disable
|
|
||||||
# max_idle_conns: 2
|
|
||||||
# max_open_conns: 0
|
|
||||||
# notary_signer:
|
|
||||||
# host: notary_signer_db_host
|
|
||||||
# port: notary_signer_db_port
|
|
||||||
# db_name: notary_signer_db_name
|
|
||||||
# username: notary_signer_db_username
|
|
||||||
# password: notary_signer_db_password
|
|
||||||
# ssl_mode: disable
|
|
||||||
# notary_server:
|
|
||||||
# host: notary_server_db_host
|
|
||||||
# port: notary_server_db_port
|
|
||||||
# db_name: notary_server_db_name
|
|
||||||
# username: notary_server_db_username
|
|
||||||
# password: notary_server_db_password
|
|
||||||
# ssl_mode: disable
|
|
||||||
|
|
||||||
# Uncomment external_redis if using external Redis server
|
|
||||||
# external_redis:
|
|
||||||
# # support redis, redis+sentinel
|
|
||||||
# # host for redis: <host_redis>:<port_redis>
|
|
||||||
# # host for redis+sentinel:
|
|
||||||
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
|
|
||||||
# host: redis:6379
|
|
||||||
# password:
|
|
||||||
# # sentinel_master_set must be set to support redis+sentinel
|
|
||||||
# #sentinel_master_set:
|
|
||||||
# # db_index 0 is for core, it's unchangeable
|
|
||||||
# registry_db_index: 1
|
|
||||||
# jobservice_db_index: 2
|
|
||||||
# chartmuseum_db_index: 3
|
|
||||||
# trivy_db_index: 5
|
|
||||||
# idle_timeout_seconds: 30
|
|
||||||
|
|
||||||
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
|
|
||||||
# uaa:
|
|
||||||
# ca_file: /path/to/ca
|
|
||||||
|
|
||||||
# Global proxy
|
|
||||||
# Config http proxy for components, e.g. http://my.proxy.com:3128
|
|
||||||
# Components doesn't need to connect to each others via http proxy.
|
|
||||||
# Remove component from `components` array if want disable proxy
|
|
||||||
# for it. If you want use proxy for replication, MUST enable proxy
|
|
||||||
# for core and jobservice, and set `http_proxy` and `https_proxy`.
|
|
||||||
# Add domain to the `no_proxy` field, when you want disable proxy
|
|
||||||
# for some special registry.
|
|
||||||
proxy:
|
|
||||||
http_proxy:
|
|
||||||
https_proxy:
|
|
||||||
no_proxy:
|
|
||||||
components:
|
|
||||||
- core
|
|
||||||
- jobservice
|
|
||||||
- notary
|
|
||||||
- trivy
|
|
||||||
|
|
||||||
metric:
|
|
||||||
enabled: false
|
|
||||||
port: 9090
|
|
||||||
path: /metrics
|
|
||||||
|
|
||||||
# Trace related config
|
|
||||||
# only can enable one trace provider(jaeger or otel) at the same time,
|
|
||||||
# and when using jaeger as provider, can only enable it with agent mode or collector mode.
|
|
||||||
# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed
|
|
||||||
# if using jaeger agetn mode uncomment agent_host and agent_port
|
|
||||||
# trace:
|
|
||||||
# enabled: true
|
|
||||||
# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth
|
|
||||||
# sample_rate: 1
|
|
||||||
# # # namespace used to differenciate different harbor services
|
|
||||||
# # namespace:
|
|
||||||
# # # attributes is a key value dict contains user defined attributes used to initialize trace provider
|
|
||||||
# # attributes:
|
|
||||||
# # application: harbor
|
|
||||||
# # # jaeger should be 1.26 or newer.
|
|
||||||
# # jaeger:
|
|
||||||
# # endpoint: http://hostname:14268/api/traces
|
|
||||||
# # username:
|
|
||||||
# # password:
|
|
||||||
# # agent_host: hostname
|
|
||||||
# # # export trace data by jaeger.thrift in compact mode
|
|
||||||
# # agent_port: 6831
|
|
||||||
# # otel:
|
|
||||||
# # endpoint: hostname:4318
|
|
||||||
# # url_path: /v1/traces
|
|
||||||
# # compression: false
|
|
||||||
# # insecure: true
|
|
||||||
# # timeout: 10s
|
|
||||||
|
|
||||||
# enable purge _upload directories
|
|
||||||
upload_purging:
|
|
||||||
enabled: true
|
|
||||||
# remove files in _upload directories which exist for a period of time, default is one week.
|
|
||||||
age: 168h
|
|
||||||
# the interval of the purge operations
|
|
||||||
interval: 24h
|
|
||||||
dryrun: false
|
|
||||||
|
|
||||||
# cache layer configurations
|
|
||||||
# If this feature enabled, harbor will cache the resource
|
|
||||||
# `project/project_metadata/repository/artifact/manifest` in the redis
|
|
||||||
# which can especially help to improve the performance of high concurrent
|
|
||||||
# manifest pulling.
|
|
||||||
# NOTICE
|
|
||||||
# If you are deploying Harbor in HA mode, make sure that all the harbor
|
|
||||||
# instances have the same behaviour, all with caching enabled or disabled,
|
|
||||||
# otherwise it can lead to potential data inconsistency.
|
|
||||||
cache:
|
|
||||||
# not enabled by default
|
|
||||||
enabled: false
|
|
||||||
# keep cache for one day by default
|
|
||||||
expire_hours: 24
|
|
@ -1,47 +0,0 @@
|
|||||||
|
|
||||||
# Example answer file for setup-alpine script
|
|
||||||
# If you don't want to use a certain option, then comment it out
|
|
||||||
|
|
||||||
# Use US layout with US variant
|
|
||||||
KEYMAPOPTS="fr fr"
|
|
||||||
|
|
||||||
# Set hostname to alpine-test
|
|
||||||
HOSTNAMEOPTS="-n ${hostname}"
|
|
||||||
|
|
||||||
# Contents of /etc/network/interfaces
|
|
||||||
INTERFACESOPTS="auto lo
|
|
||||||
iface lo inet loopback
|
|
||||||
|
|
||||||
auto eth0
|
|
||||||
iface eth0 inet dhcp
|
|
||||||
hostname ${hostname}
|
|
||||||
"
|
|
||||||
|
|
||||||
# Search domain of example.com, OpenDNS public nameserver
|
|
||||||
# ex: -d example.com 1.1.1.1"
|
|
||||||
DNSOPTS=""
|
|
||||||
|
|
||||||
# Set timezone to UTC
|
|
||||||
TIMEZONEOPTS="-z Europe/Paris"
|
|
||||||
|
|
||||||
# set http/ftp proxy
|
|
||||||
PROXYOPTS="none"
|
|
||||||
|
|
||||||
# Add a random mirror
|
|
||||||
APKREPOSOPTS="-r -c"
|
|
||||||
|
|
||||||
# Install Openssh
|
|
||||||
SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys"
|
|
||||||
|
|
||||||
# Use openntpd
|
|
||||||
NTPOPTS="-c openntpd"
|
|
||||||
|
|
||||||
# Use /dev/sda as a data disk
|
|
||||||
DISKOPTS="-L -m sys ${disk_device}"
|
|
||||||
|
|
||||||
USEROPTS="-a -g 'netdev' ${user}"
|
|
||||||
|
|
||||||
# Setup in /media/vda1
|
|
||||||
# LBUOPTS="/media/vda1"
|
|
||||||
# APKCACHEOPTS="/media/vda1/cache"
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
# k3s options
|
|
||||||
export PATH="/usr/libexec/cni/:$PATH"
|
|
||||||
K3S_EXEC="server"
|
|
||||||
%{ if Vars.DeployTraefik }
|
|
||||||
K3S_OPTS=""
|
|
||||||
%{ else }
|
|
||||||
K3S_OPTS="--disable traefik"
|
|
||||||
%{ endif }
|
|
@ -1 +0,0 @@
|
|||||||
command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}"
|
|
@ -1,4 +0,0 @@
|
|||||||
${Vars.NIC[0].IP} ${Vars.Set.Hostname}
|
|
||||||
%{ if Vars.MatchBox.Hostname != "" }
|
|
||||||
${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname}
|
|
||||||
%{ endif }
|
|
@ -1,60 +0,0 @@
|
|||||||
log-queries
|
|
||||||
log-dhcp
|
|
||||||
|
|
||||||
#port=0
|
|
||||||
listen-address=0.0.0.0
|
|
||||||
interface=${Vars.PXE.ListenInterface}
|
|
||||||
no-resolv
|
|
||||||
domain-needed
|
|
||||||
bogus-priv
|
|
||||||
expand-hosts
|
|
||||||
server=${Vars.ETH0.DNS}
|
|
||||||
strict-order
|
|
||||||
addn-hosts=/etc/dnsmasq-hosts.conf
|
|
||||||
domain=${Vars.PXE.DNSDomain}
|
|
||||||
local=/${Vars.PXE.DNSDomain}/
|
|
||||||
localise-queries
|
|
||||||
|
|
||||||
|
|
||||||
%{ if Vars.PXE.DHCPMode == "proxy" }
|
|
||||||
#dhcp-no-override
|
|
||||||
dhcp-range=${Vars.ETH0.IP},proxy
|
|
||||||
%{ else }
|
|
||||||
dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration}
|
|
||||||
dhcp-option=option:router,${Vars.ETH0.GATEWAY}
|
|
||||||
%{ endif }
|
|
||||||
|
|
||||||
dhcp-option=option:dns-server,${Vars.ETH0.IP}
|
|
||||||
dhcp-option=option:domain-name,${Vars.PXE.DNSDomain}
|
|
||||||
|
|
||||||
# TFTP Configuration
|
|
||||||
enable-tftp
|
|
||||||
tftp-root="${Vars.PXE.TFTPRoot}"
|
|
||||||
|
|
||||||
pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime}
|
|
||||||
|
|
||||||
# Based on logic in https://gist.github.com/robinsmidsrod/4008017
|
|
||||||
# iPXE sends a 175 option, checking suboptions
|
|
||||||
dhcp-match=set:ipxe-http,175,19
|
|
||||||
dhcp-match=set:ipxe-https,175,20
|
|
||||||
dhcp-match=set:ipxe-menu,175,39
|
|
||||||
# pcbios specific
|
|
||||||
dhcp-match=set:ipxe-pxe,175,33
|
|
||||||
dhcp-match=set:ipxe-bzimage,175,24
|
|
||||||
dhcp-match=set:ipxe-iscsi,175,17
|
|
||||||
# efi specific
|
|
||||||
dhcp-match=set:ipxe-efi,175,36
|
|
||||||
# combination
|
|
||||||
# set ipxe-ok tag if we have correct combination
|
|
||||||
# http && menu && iscsi ((pxe && bzimage) || efi)
|
|
||||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
|
|
||||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi
|
|
||||||
|
|
||||||
|
|
||||||
## Load different PXE boot image depending on client architecture (when running as a proxy DHCP)
|
|
||||||
pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe
|
|
||||||
pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi
|
|
||||||
pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi
|
|
||||||
|
|
||||||
dhcp-userclass=set:ipxe,iPXE
|
|
||||||
dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP}
|
|
@ -1,28 +0,0 @@
|
|||||||
#!/sbin/openrc-run
|
|
||||||
|
|
||||||
name=$RC_SVCNAME
|
|
||||||
command="/usr/local/bin/$RC_SVCNAME"
|
|
||||||
command_user="$RC_SVCNAME"
|
|
||||||
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
|
|
||||||
start_stop_daemon_args="--start -b"
|
|
||||||
command_args="$command_args"
|
|
||||||
command_background="yes"
|
|
||||||
|
|
||||||
depend() {
|
|
||||||
need net
|
|
||||||
}
|
|
||||||
|
|
||||||
start_pre() {
|
|
||||||
checkpath --directory --owner $command_user:$command_user --mode 0775 \
|
|
||||||
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
|
|
||||||
if [ ! -f "/etc/matchbox/server.crt" ]; then
|
|
||||||
cd /root/tls
|
|
||||||
export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}"
|
|
||||||
./cert-gen
|
|
||||||
mkdir -p /etc/matchbox
|
|
||||||
cp ca.crt server.crt server.key /etc/matchbox
|
|
||||||
chown -R matchbox:matchbox /etc/matchbox
|
|
||||||
mkdir -p /root/.matchbox
|
|
||||||
cp client.crt client.key ca.crt /root/.matchbox/
|
|
||||||
fi
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
harbor
|
|
@ -1 +0,0 @@
|
|||||||
command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}"
|
|
@ -1,7 +0,0 @@
|
|||||||
${Vars.NIC[0].IP} ${Vars.Set.Hostname}
|
|
||||||
%{ if Vars.MatchBox.Hostname != "" }
|
|
||||||
${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname}
|
|
||||||
%{ endif }
|
|
||||||
%{ for host in Vars.DNSMasq.Hosts }
|
|
||||||
${host.IP} ${host.Name}
|
|
||||||
%{ endfor }
|
|
@ -1,60 +0,0 @@
|
|||||||
log-queries
|
|
||||||
log-dhcp
|
|
||||||
|
|
||||||
#port=0
|
|
||||||
listen-address=0.0.0.0
|
|
||||||
interface=${Vars.PXE.ListenInterface}
|
|
||||||
no-resolv
|
|
||||||
domain-needed
|
|
||||||
bogus-priv
|
|
||||||
expand-hosts
|
|
||||||
server=${Vars.DNS[0]}
|
|
||||||
strict-order
|
|
||||||
addn-hosts=/etc/dnsmasq-hosts.conf
|
|
||||||
domain=${Vars.PXE.DNSDomain}
|
|
||||||
local=/${Vars.PXE.DNSDomain}/
|
|
||||||
localise-queries
|
|
||||||
|
|
||||||
|
|
||||||
%{ if Vars.PXE.DHCPMode == "proxy" }
|
|
||||||
#dhcp-no-override
|
|
||||||
dhcp-range=${Vars.NIC[0].IP},proxy
|
|
||||||
%{ else }
|
|
||||||
dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration}
|
|
||||||
dhcp-option=option:router,${Vars.NIC[0].Gateway}
|
|
||||||
%{ endif }
|
|
||||||
|
|
||||||
dhcp-option=option:dns-server,${Vars.NIC[0].IP}
|
|
||||||
dhcp-option=option:domain-name,${Vars.PXE.DNSDomain}
|
|
||||||
|
|
||||||
# TFTP Configuration
|
|
||||||
enable-tftp
|
|
||||||
tftp-root="${Vars.PXE.TFTPRoot}"
|
|
||||||
|
|
||||||
pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime}
|
|
||||||
|
|
||||||
# Based on logic in https://gist.github.com/robinsmidsrod/4008017
|
|
||||||
# iPXE sends a 175 option, checking suboptions
|
|
||||||
dhcp-match=set:ipxe-http,175,19
|
|
||||||
dhcp-match=set:ipxe-https,175,20
|
|
||||||
dhcp-match=set:ipxe-menu,175,39
|
|
||||||
# pcbios specific
|
|
||||||
dhcp-match=set:ipxe-pxe,175,33
|
|
||||||
dhcp-match=set:ipxe-bzimage,175,24
|
|
||||||
dhcp-match=set:ipxe-iscsi,175,17
|
|
||||||
# efi specific
|
|
||||||
dhcp-match=set:ipxe-efi,175,36
|
|
||||||
# combination
|
|
||||||
# set ipxe-ok tag if we have correct combination
|
|
||||||
# http && menu && iscsi ((pxe && bzimage) || efi)
|
|
||||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
|
|
||||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi
|
|
||||||
|
|
||||||
|
|
||||||
## Load different PXE boot image depending on client architecture (when running as a proxy DHCP)
|
|
||||||
pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe
|
|
||||||
pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi
|
|
||||||
pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi
|
|
||||||
|
|
||||||
dhcp-userclass=set:ipxe,iPXE
|
|
||||||
dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP}
|
|
@ -1 +0,0 @@
|
|||||||
${Vars.Set.Hostname}
|
|
@ -1,28 +0,0 @@
|
|||||||
#!/sbin/openrc-run
|
|
||||||
|
|
||||||
name=$RC_SVCNAME
|
|
||||||
command="/usr/local/bin/$RC_SVCNAME"
|
|
||||||
command_user="$RC_SVCNAME"
|
|
||||||
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
|
|
||||||
start_stop_daemon_args="--start -b"
|
|
||||||
command_args="$command_args"
|
|
||||||
command_background="yes"
|
|
||||||
|
|
||||||
depend() {
|
|
||||||
need net
|
|
||||||
}
|
|
||||||
|
|
||||||
start_pre() {
|
|
||||||
checkpath --directory --owner $command_user:$command_user --mode 0775 \
|
|
||||||
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
|
|
||||||
if [ ! -f "/etc/matchbox/server.crt" ]; then
|
|
||||||
cd /root/tls
|
|
||||||
export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}"
|
|
||||||
./cert-gen
|
|
||||||
mkdir -p /etc/matchbox
|
|
||||||
cp ca.crt server.crt server.key /etc/matchbox
|
|
||||||
chown -R matchbox:matchbox /etc/matchbox
|
|
||||||
mkdir -p /root/.matchbox
|
|
||||||
cp client.crt client.key ca.crt /root/.matchbox/
|
|
||||||
fi
|
|
||||||
}
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
%{ for iface in Vars.NIC }
|
|
||||||
auto ${iface.Name}
|
|
||||||
|
|
||||||
iface ${iface.Name} inet static
|
|
||||||
address ${iface.IP}
|
|
||||||
netmask ${iface.Mask}
|
|
||||||
gateway ${iface.Gateway}
|
|
||||||
%{ endfor ~}
|
|
@ -1,4 +0,0 @@
|
|||||||
|
|
||||||
%{ for dns in Vars.DNS }
|
|
||||||
nameserver ${dns}
|
|
||||||
%{ endfor ~}
|
|
@ -1,7 +0,0 @@
|
|||||||
NAME = <%= image_name %>
|
|
||||||
PATH = <%= image_source %>
|
|
||||||
TYPE = OS
|
|
||||||
PERSISTENT = No
|
|
||||||
DESCRIPTION = "<%= image_comment %>"
|
|
||||||
DEV_PREFIX = vd
|
|
||||||
FORMAT = qcow2
|
|
@ -1,48 +0,0 @@
|
|||||||
{
|
|
||||||
"name": "<%= template_name %>",
|
|
||||||
"deployment": "straight",
|
|
||||||
"description": "Cluster Kubernetes (k8s)",
|
|
||||||
"roles": [
|
|
||||||
{
|
|
||||||
"name": "leader",
|
|
||||||
"cardinality": 1,
|
|
||||||
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
|
|
||||||
"shutdown_action": "terminate",
|
|
||||||
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
|
|
||||||
"elasticity_policies": [],
|
|
||||||
"scheduled_policies": []
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "master",
|
|
||||||
"cardinality": 2,
|
|
||||||
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
|
|
||||||
"shutdown_action": "terminate",
|
|
||||||
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
|
|
||||||
"elasticity_policies": [],
|
|
||||||
"scheduled_policies": []
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "worker",
|
|
||||||
"cardinality": 4,
|
|
||||||
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
|
|
||||||
"shutdown_action": "terminate",
|
|
||||||
"parents": [
|
|
||||||
"leader"
|
|
||||||
],
|
|
||||||
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
|
|
||||||
"elasticity_policies": [],
|
|
||||||
"scheduled_policies": []
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"networks": {
|
|
||||||
"main": "M|network|Main network| |id:",
|
|
||||||
"internal": "M|network|Internal network| |id:"
|
|
||||||
},
|
|
||||||
"custom_attrs": {
|
|
||||||
"KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local",
|
|
||||||
"INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |",
|
|
||||||
"LE_EMAIL": "M|text|Email | |"
|
|
||||||
},
|
|
||||||
"shutdown_action": "terminate",
|
|
||||||
"ready_status_gate": true
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
NAME = "<%= template_name %>"
|
|
||||||
CONTEXT = [
|
|
||||||
NETWORK = "YES",
|
|
||||||
REPORT_READY = "YES",
|
|
||||||
SET_HOSTNAME = "$NAME",
|
|
||||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
|
|
||||||
TOKEN = "YES" ]
|
|
||||||
CPU = "0.2"
|
|
||||||
DESCRIPTION = "Alpine basic image"
|
|
||||||
DISK = [
|
|
||||||
DEV_PREFIX = "vd",
|
|
||||||
DRIVER = "qcow2",
|
|
||||||
IMAGE = "<%= image_name %>",
|
|
||||||
IMAGE_UNAME = "<%= user %>" ]
|
|
||||||
GRAPHICS = [
|
|
||||||
KEYMAP = "fr",
|
|
||||||
LISTEN = "0.0.0.0",
|
|
||||||
TYPE = "VNC" ]
|
|
||||||
HYPERVISOR = "kvm"
|
|
||||||
INPUT = [
|
|
||||||
BUS = "usb",
|
|
||||||
TYPE = "tablet" ]
|
|
||||||
INPUTS_ORDER = ""
|
|
||||||
LOGO = "images/logos/linux.png"
|
|
||||||
MEMORY = "512"
|
|
||||||
MEMORY_UNIT_COST = "MB"
|
|
||||||
NIC_DEFAULT = [
|
|
||||||
MODEL = "virtio" ]
|
|
||||||
OS = [
|
|
||||||
ARCH = "x86_64",
|
|
||||||
BOOT = "",
|
|
||||||
SD_DISK_BUS = "scsi" ]
|
|
||||||
VCPU = "2"
|
|
@ -1,32 +0,0 @@
|
|||||||
NAME = "<%= template_name %>"
|
|
||||||
CONTEXT = [
|
|
||||||
NETWORK = "YES",
|
|
||||||
REPORT_READY = "YES",
|
|
||||||
SET_HOSTNAME = "$NAME",
|
|
||||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
|
|
||||||
TOKEN = "YES" ]
|
|
||||||
CPU = "0.2"
|
|
||||||
DESCRIPTION = "K3S Ready VM"
|
|
||||||
DISK = [
|
|
||||||
IMAGE = "<%= image_name %>",
|
|
||||||
IMAGE_UNAME = "<%= user %>",
|
|
||||||
DRIVER = "qcow2" ]
|
|
||||||
GRAPHICS = [
|
|
||||||
KEYMAP = "fr",
|
|
||||||
LISTEN = "0.0.0.0",
|
|
||||||
TYPE = "VNC" ]
|
|
||||||
HYPERVISOR = "kvm"
|
|
||||||
INPUT = [
|
|
||||||
BUS = "usb",
|
|
||||||
TYPE = "tablet" ]
|
|
||||||
INPUTS_ORDER = ""
|
|
||||||
LOGO = "images/logos/alpine.png"
|
|
||||||
MEMORY = "2048"
|
|
||||||
MEMORY_UNIT_COST = "MB"
|
|
||||||
NIC_DEFAULT = [
|
|
||||||
MODEL = "virtio" ]
|
|
||||||
OS = [
|
|
||||||
ARCH = "x86_64",
|
|
||||||
BOOT = "",
|
|
||||||
SD_DISK_BUS = "scsi" ]
|
|
||||||
VCPU = "2"
|
|
@ -1,35 +0,0 @@
|
|||||||
NAME = "<%= template_name %>"
|
|
||||||
CONTEXT = [
|
|
||||||
NETWORK = "YES",
|
|
||||||
REPORT_READY = "YES",
|
|
||||||
SET_HOSTNAME = "$NAME",
|
|
||||||
SERVER_ROLE = "leader",
|
|
||||||
TOKEN = "YES",
|
|
||||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
|
|
||||||
]
|
|
||||||
CPU = "0.8"
|
|
||||||
DESCRIPTION = "Kubernetes master or Docker VM (check the name)"
|
|
||||||
DISK = [
|
|
||||||
DEV_PREFIX = "vd",
|
|
||||||
IMAGE = "<%= image_name %>",
|
|
||||||
IMAGE_UNAME = "<%= user %>",
|
|
||||||
DRIVER = "qcow2" ]
|
|
||||||
GRAPHICS = [
|
|
||||||
LISTEN = "0.0.0.0",
|
|
||||||
KEYMAP = "fr",
|
|
||||||
TYPE = "VNC" ]
|
|
||||||
HYPERVISOR = "kvm"
|
|
||||||
INPUT = [
|
|
||||||
BUS = "usb",
|
|
||||||
TYPE = "tablet" ]
|
|
||||||
INPUTS_ORDER = ""
|
|
||||||
LOGO = "images/logos/alpine.png"
|
|
||||||
MEMORY = "2048"
|
|
||||||
MEMORY_UNIT_COST = "MB"
|
|
||||||
NIC_DEFAULT = [
|
|
||||||
MODEL = "virtio" ]
|
|
||||||
OS = [
|
|
||||||
ARCH = "x86_64",
|
|
||||||
BOOT = "",
|
|
||||||
SD_DISK_BUS = "scsi" ]
|
|
||||||
VCPU = "4"
|
|
@ -1,42 +0,0 @@
|
|||||||
NAME = "<%= template_name %>"
|
|
||||||
CONTEXT = [
|
|
||||||
NETWORK = "YES",
|
|
||||||
REPORT_READY = "YES",
|
|
||||||
SET_HOSTNAME = "$NAME",
|
|
||||||
SERVER_ROLE = "master",
|
|
||||||
MASTER_ADDR = "$MASTER_ADDR",
|
|
||||||
MASTER_TOKEN = "$MASTER_TOKEN",
|
|
||||||
MASTER_CA_TOKEN = "$MASTER_CA_TOKEN",
|
|
||||||
TOKEN = "YES",
|
|
||||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
|
|
||||||
]
|
|
||||||
CPU = "0.8"
|
|
||||||
DESCRIPTION = "Kubernetes worker VM"
|
|
||||||
DISK = [
|
|
||||||
DEV_PREFIX = "vd",
|
|
||||||
IMAGE = "<%= image_name %>",
|
|
||||||
IMAGE_UNAME = "<%= user %>",
|
|
||||||
DRIVER = "qcow2" ]
|
|
||||||
GRAPHICS = [
|
|
||||||
LISTEN = "0.0.0.0",
|
|
||||||
KEYMAP = "fr",
|
|
||||||
TYPE = "VNC" ]
|
|
||||||
HYPERVISOR = "kvm"
|
|
||||||
INPUT = [
|
|
||||||
BUS = "usb",
|
|
||||||
TYPE = "tablet" ]
|
|
||||||
INPUTS_ORDER = ""
|
|
||||||
LOGO = "images/logos/alpine.png"
|
|
||||||
MEMORY = "2048"
|
|
||||||
MEMORY_UNIT_COST = "MB"
|
|
||||||
NIC_DEFAULT = [
|
|
||||||
MODEL = "virtio" ]
|
|
||||||
OS = [
|
|
||||||
ARCH = "x86_64",
|
|
||||||
BOOT = "",
|
|
||||||
SD_DISK_BUS = "scsi" ]
|
|
||||||
USER_INPUTS = [
|
|
||||||
MASTER_ADDR = "O|text|Master address (for workers only)",
|
|
||||||
MASTER_TOKEN = "O|text|Master Token (for workers only)",
|
|
||||||
MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ]
|
|
||||||
VCPU = "4"
|
|
@ -1,42 +0,0 @@
|
|||||||
NAME = "<%= template_name %>"
|
|
||||||
CONTEXT = [
|
|
||||||
NETWORK = "YES",
|
|
||||||
REPORT_READY = "YES",
|
|
||||||
SET_HOSTNAME = "$NAME",
|
|
||||||
SERVER_ROLE = "worker",
|
|
||||||
MASTER_ADDR = "$MASTER_ADDR",
|
|
||||||
MASTER_TOKEN = "$MASTER_TOKEN",
|
|
||||||
MASTER_CA_TOKEN = "$MASTER_CA_TOKEN",
|
|
||||||
TOKEN = "YES",
|
|
||||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
|
|
||||||
]
|
|
||||||
CPU = "0.8"
|
|
||||||
DESCRIPTION = "Kubernetes worker VM"
|
|
||||||
DISK = [
|
|
||||||
DEV_PREFIX = "vd",
|
|
||||||
IMAGE = "<%= image_name %>",
|
|
||||||
IMAGE_UNAME = "<%= user %>",
|
|
||||||
DRIVER = "qcow2" ]
|
|
||||||
GRAPHICS = [
|
|
||||||
LISTEN = "0.0.0.0",
|
|
||||||
KEYMAP = "fr",
|
|
||||||
TYPE = "VNC" ]
|
|
||||||
HYPERVISOR = "kvm"
|
|
||||||
INPUT = [
|
|
||||||
BUS = "usb",
|
|
||||||
TYPE = "tablet" ]
|
|
||||||
INPUTS_ORDER = ""
|
|
||||||
LOGO = "images/logos/alpine.png"
|
|
||||||
MEMORY = "4096"
|
|
||||||
MEMORY_UNIT_COST = "MB"
|
|
||||||
NIC_DEFAULT = [
|
|
||||||
MODEL = "virtio" ]
|
|
||||||
OS = [
|
|
||||||
ARCH = "x86_64",
|
|
||||||
BOOT = "",
|
|
||||||
SD_DISK_BUS = "scsi" ]
|
|
||||||
USER_INPUTS = [
|
|
||||||
MASTER_ADDR = "O|text|Master address (for workers only)",
|
|
||||||
MASTER_TOKEN = "O|text|Master Token (for workers only)",
|
|
||||||
MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ]
|
|
||||||
VCPU = "4"
|
|
@ -1,47 +0,0 @@
|
|||||||
NAME = "<%= template_name %>"
|
|
||||||
CONTEXT = [
|
|
||||||
MATCHBOX_URL = "http://$NAME",
|
|
||||||
NETWORK = "YES",
|
|
||||||
PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION",
|
|
||||||
PXE_DHCPMODE = "$ADHCPMODE",
|
|
||||||
PXE_DNSDOMAIN = "$BDNSDOMAIN",
|
|
||||||
PXE_DHCPRANGESTART = "$CDHCPRANGESTART",
|
|
||||||
PXE_DHCPRANGEEND = "$DDHCPRANGEEND",
|
|
||||||
PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION",
|
|
||||||
MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME",
|
|
||||||
REPORT_READY = "YES",
|
|
||||||
SET_HOSTNAME = "$NAME",
|
|
||||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
|
|
||||||
TOKEN = "YES" ]
|
|
||||||
CPU = "0.2"
|
|
||||||
DESCRIPTION = "Matchbox Ready VM"
|
|
||||||
DISK = [
|
|
||||||
IMAGE = "<%= image_name %>",
|
|
||||||
IMAGE_UNAME = "<%= user %>",
|
|
||||||
DRIVER = "qcow2" ]
|
|
||||||
GRAPHICS = [
|
|
||||||
KEYMAP = "fr",
|
|
||||||
LISTEN = "0.0.0.0",
|
|
||||||
TYPE = "VNC" ]
|
|
||||||
HYPERVISOR = "kvm"
|
|
||||||
INPUT = [
|
|
||||||
BUS = "usb",
|
|
||||||
TYPE = "tablet" ]
|
|
||||||
INPUTS_ORDER = ""
|
|
||||||
LOGO = "images/logos/alpine.png"
|
|
||||||
MEMORY = "2048"
|
|
||||||
MEMORY_UNIT_COST = "MB"
|
|
||||||
NIC_DEFAULT = [
|
|
||||||
MODEL = "virtio" ]
|
|
||||||
OS = [
|
|
||||||
ARCH = "x86_64",
|
|
||||||
BOOT = "",
|
|
||||||
SD_DISK_BUS = "scsi" ]
|
|
||||||
USER_INPUTS = [
|
|
||||||
ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy",
|
|
||||||
BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)",
|
|
||||||
CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP",
|
|
||||||
DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP",
|
|
||||||
EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h",
|
|
||||||
FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ]
|
|
||||||
VCPU = "2"
|
|
@ -5,17 +5,17 @@ variable "name" {
|
|||||||
|
|
||||||
variable "version" {
|
variable "version" {
|
||||||
type = string
|
type = string
|
||||||
default = "11"
|
default = "12.2.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "short_version" {
|
variable "short_version" {
|
||||||
type = string
|
type = string
|
||||||
default = "11"
|
default = "12"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "arch" {
|
variable "arch" {
|
||||||
type = string
|
type = string
|
||||||
default = "amd6464"
|
default = "amd64"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "output_dir" {
|
variable "output_dir" {
|
||||||
@ -25,12 +25,12 @@ variable "output_dir" {
|
|||||||
|
|
||||||
variable "source_url" {
|
variable "source_url" {
|
||||||
type = string
|
type = string
|
||||||
default = "https://cdimage.debian.org/cdimage/release"
|
default = "https://cdimage.debian.org/cdimage/release/12.2.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "iso_cd_checksum" {
|
variable "iso_cd_checksum" {
|
||||||
type = string
|
type = string
|
||||||
default = "sha256:9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741"
|
default = "file:https://cdimage.debian.org/cdimage/release/12.2.0/amd64/iso-cd/SHA256SUMS"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "image_version" {
|
variable "image_version" {
|
||||||
|
6
recipes/debian/variables.quid.pkr.hcl
Normal file
6
recipes/debian/variables.quid.pkr.hcl
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
|
||||||
|
variable "quid_ansible_vault_passphrase" {
|
||||||
|
type = string
|
||||||
|
default = env("QUID_ANSIBLE_VAULT_PASSPHRASE")
|
||||||
|
sensitive = true
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user