CadolesKube/vms
7
0
Fork 0
Code Issues 2 Pull Requests 1 Projects Releases Wiki Activity

Compare commits

base: CadolesKube:d1e794c258f0f4699c633985470f684b719c3d83
Branches Tags
CadolesKube:master
CadolesKube:feat/first-recipes
CadolesKube:feat/debian-recipes
CadolesKube:develop
...
compare: CadolesKube:57a479db25baeb0733723c42141afc4ddc57df85
Branches Tags
CadolesKube:feat/first-recipes
CadolesKube:feat/debian-recipes
CadolesKube:develop
CadolesKube:master

4 Commits
d1e794c258 ... 57a479db25

Author SHA1 Message Date
William Petit
57a479db25 feat(hydra): add base recipe using ansible-role-sso 2023-10-27 12:35:00 +02:00
pcaseiro
41d457ed11 Merge pull request 'Recette de construction de l'image "Quid" basée sur Debian 12' (#6) from feat/efs-quid into feat/first-recipes 
Reviewed-on: #6
 2023-10-27 12:22:48 +02:00
William Petit
9429201d16 feat(quid): debian 12 based quid image 2023-10-26 11:06:36 +02:00
Philippe Caseiro
9f6a5866b1 adding more flavors and nuo recipes 2023-10-11 09:29:46 +02:00
107 changed files with 2798 additions and 355 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/output
/packer-manifest.json

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"ansible.python.interpreterPath": "/bin/python"
}

6
build
View File

@ -1,5 +1,7 @@
#!/bin/bash
set -eo pipefail
# Simple build wrapper
ACTION=${1}
@ -25,8 +27,8 @@ initPacker() {
# First the "base" image then the provisionned ones
#
run() {
${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/."
${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/."
${PACKER} build ${PACKER_OPTS} -on-error=abort -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.*.${OS}" "${RCP_DIR}/${OS}/."
${PACKER} build ${PACKER_OPTS} -on-error=abort -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.*.${OS}" "${RCP_DIR}/${OS}/."
}
#

97
recipes/alpine/kind.pkr.hcl Normal file
View File

@ -0,0 +1,97 @@
#Flavour kind
build {
name = "kind"
description = <<EOF
This builder builds a QEMU image from the base build output. The goal here is to install ${local.Kind.Name}
with it's provisionning.
EOF
source "source.qemu.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Kind.Name}"
vm_name = "${local.output_name}-${var.version}-${local.Kind.Name}.img"
iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img"
iso_checksum = "none"
disk_size = 20480
disk_image = true
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
source "source.vmware-vmx.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-harbor"
vm_name = "${local.output_name}-${var.version}-nuo-harbor.img"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
vmx_data_post = {
"memsize" = "8192",
"numvcpus" = "4",
}
}
// Install templater and bootstraper
provisioner "shell" {
script = "${local.locations.provisionning}/templater-install.sh"
}
// Copy configuration values on the image
provisioner "shell" {
inline = [
"sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'",
"sh -cx 'mkdir -p ${local.builder_config.ValueDir}'"
]
}
// Copy configuration templates to the image
provisioner "file" {
destination = "${local.builder_config.TemplateDir}/"
source = "${local.locations.templates}/conf/${build.name}/"
}
// Copy configuration values on the image
provisioner "file" {
destination = "${local.builder_config.ValueDir}/${build.name}.json"
content = "${jsonencode(local.Kind)}"
}
// Generate default configuration for kind
provisioner "shell" {
max_retries = 3
inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ]
}
// Complete kind install
provisioner "shell" {
expect_disconnect = true
max_retries = 6
script = "${local.locations.provisionning}/${build.name}.sh"
}
// Copy ssh Cadoles keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cadoles/"
}
// Copy CNOUS SSH keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cnous/"
}
provisioner "shell" {
inline = [
"sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'",
"sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'"
]
}
provisioner "shell" {
inline = [
"service docker start",
"service containerd start",
"sleep 5",
"kubeadm config images pull" ]
}
}

41
recipes/alpine/locals.kind.pkr.hcl Normal file
View File

@ -0,0 +1,41 @@
locals {
// Definition of the Kubernetes service (templater compatible)
ServiceKubernetes = {
ConfigFiles = []
Repositories = {}
Packages = {
kubeadm = {
name = "kind"
action = "install"
}
kubectl = {
name = "kubectl"
action = "install"
}
}
Vars = {}
Users = {}
Daemons = {
ntpd = {
name = "ntpd"
type = "auto"
enabled = true
}
local = {
name = "local"
type = "auto"
enabled = true
}
}
}
// Definition of the Kubernetes full configuration (with all the services)
Kind = {
Name = "kind"
Globals = local.Globals
Services = {
Docker = local.ServiceDocker
Kubernetes = local.ServiceKubernetes
}
}
}

2
recipes/alpine/provisionning/alpine-3.16-install.sh
View File

@ -2,7 +2,7 @@
#set -xeo pipefail
# Run the installer
yes | setup-alpine -e -f install.conf
yes | setup-alpine -e -f /root/install.conf
# Copy ssh keys
echo "Copy packer ssh key"

0
recipes/debian/templates/conf/kubernetes/.flag → recipes/alpine/provisionning/conf/kind/.flag
View File

26
recipes/alpine/templates/conf/cloud-init/user-data Normal file
View File

@ -0,0 +1,26 @@
#cloud-config
ssh_pwauth: True
user: ${user}
password: ${password}
chpasswd:
expire: False
ssh_authorized_keys:
%{ for sk in ssh_keys ~}
- ${sk}
%{ endfor ~}
%{ if write_files ~}
write_files:
%{ for fl in write_files ~}
- path: ${fl.path}
owner: ${fl.owner}:${fl.group}
permissions: 0o${fl.permissions}
defer: true
content: ${fl.content}
%{ endfor ~}
%{if runcmd ~}
# Work around network interface down after boot
runcmd:
%{ for cmd in runcmd ~}
- ${cmd}
%{ endfor ~}
%{ endif ~}

16
recipes/debian/11.pkrvars.hcl
View File

@ -1,16 +0,0 @@
name = "debian"
version = "11"
short_version = "11"
code_name = "bullseye"
arch = "amd64"
source_url = "https://cloud.debian.org/images/cloud/bullseye/latest"
iso_cd_checksum = "9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741"
image_dir_name= "latest"
boot_command = [ "<enter>" ]
# "<enter>",
# "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter>",
# "<wait>",
# "<wait1s>mkdir -p .ssh<enter>",
# "<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys<enter><wait1s>",
# "<wait1s>chmod 600 .ssh/authorized_keys<enter>",
#]

7
recipes/debian/12.pkrvars.hcl Normal file
View File

@ -0,0 +1,7 @@
name = "debian"
version = "12.2.0"
short_version = "12"
code_name = "bookworm"
arch = "amd64"
source_url = "https://cdimage.debian.org/cdimage/release/12.2.0"
image_dir_name= "latest"

40
recipes/debian/hydra.pkr.hcl Normal file
View File

@ -0,0 +1,40 @@
#Flavour base
build {
name = "hydra"
description = <<EOF
This builder build a Debian 12 image for Ory Hydra
EOF
source "hydra.vmware-vmx.debian" {
output_directory = "${var.output_dir}/${var.version}/hydra"
vm_name = "hydra-${local.output_name}-${var.version}"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
// Clone ansible-role-sso repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/hydra/clone-role-sso.yml"
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v" ]
}
// Run ansible-role-sso playbook from cloned repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/hydra/run-role-sso.yml"
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--extra-vars=@${local.locations.provisionning}/hydra/ansible-vars.yml", "--tags=hydra-only" ]
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/hydra ${var.image_version}",
]
}
post-processor "manifest" {
keep_input_artifact = true
}
}

4
recipes/debian/locals.globals.pkr.hcl
View File

@ -1,7 +1,5 @@
locals {
Globals = {
Vars = {
PrometheusPort = "9090"
}
Vars = {}
}
}

21
recipes/debian/locals.pkr.hcl
View File

@ -10,24 +10,11 @@ locals {
dirs = local.locations
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
output_name = "${var.name}"
source_checksum_url = "file:${var.source_url}/SHA512SUMS"
source_iso = "${var.source_url}/debian-${var.version}-generic-${var.arch}.qcow2"
source_checksum = "${var.iso_cd_checksum}"
source_iso = "${var.source_url}/${var.arch}/iso-cd/debian-${var.version}-${var.arch}-netinst.iso"
iso_cd_checksum = "file:${var.source_url}/${var.arch}/iso-cd/SHA256SUMS"
ssh_user = "root"
ssh_password = "PbkRc1vup7Wq5n4r"
ssh_password = "toor"
disk_size = 8000
memory = 512
instance_data = {
"instance-id": "${var.name}"
}
installOpts = {
hostname = var.name
user = "eole"
disk_device = "/dev/vda"
}
installOptsVMWare = {
hostname = var.name
user = "eole"
disk_device = "/dev/sda"
}
headless = var.headless
}

35
recipes/debian/main.pkr.hcl
View File

@ -7,38 +7,20 @@ EOF
source "vmware-iso.debian" {
output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}.img"
vm_name = "${local.output_name}-${var.version}"
disk_size = 10240
iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}"
guest_os_type = "ubuntu-64"
http_content = {
"/ssh-packer-pub.key" = data.sshkey.install.public_key
"/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare)
"/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local })
}
boot_command = var.boot_command
cd_label = "cidata"
}
source "qemu.debian" {
output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}.img"
iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}"
disk_image = true
disk_size = 10240
cd_content = {
"meta-data" = jsonencode(local.instance_data)
"user-data" = templatefile("${path.cwd}/recipes/debian/templates/conf/cloud-init/user-data",
{ user = local.ssh_user,
password = local.ssh_password,
runcmd = var.cloud_init_runcmd })
}
#http_content = {
# "/ssh-packer-pub.key" = data.sshkey.install.public_key
# "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts)
#}
cd_label = "cidata"
boot_command = var.boot_command
boot_command = [
"<esc><wait>",
"auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter><wait10s>",
"<enter>"
]
}
provisioner "shell" {
@ -49,7 +31,6 @@ EOF
script = "${local.locations.provisionning}/letsencrypt.sh"
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}",

6
recipes/debian/plugins.pkr.hcl
View File

@ -11,7 +11,11 @@ packer {
qemu = {
source = "github.com/hashicorp/qemu"
version = "~> 1"
}
}
ansible = {
version = "~> 1"
source = "github.com/hashicorp/ansible"
}
}
}

181
recipes/debian/provisionning/conf/kubernetes/initkubernetes.start
View File

@ -1,181 +0,0 @@
#!/bin/sh
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
LOG_FILE="/var/log/initkubernets.log"
FIRST_BOOT="/var/run/firstboot.flag"
infoLog() {
echo "Info: $@" | tee -a ${LOG_FILE}
}
errorLog() {
echo "Error: $@" | tee -a ${LOG_FILE}
}
waitReadyState() {
local vmID="${1}"
local timeout="${2}"
local tick=0
while true ;do
local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY")
if [ "${ready}" = "YES" ];then
return 0
elif [ "${timeout}" -eq "${tick}" ];then
return ${timeout}
else
sleep 1
tick=$((tick+1))
fi
done
}
returnToken() {
infoLog "Returning tokens"
local caSecretKey="${1}"
local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1)
local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}')
local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf)
if [ -n "${ONEGATE_ENDPOINT}" ];then
infoLog "Onegate detected"
data="READY=YES"
data="${data} MASTER_ADDR=${masterAddr}"
data="${data} MASTER_TOKEN=${kubeToken}"
data="${data} MASTER_CA_TOKEN=sha256:${caToken}"
data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}"
onegate vm update --data "${data}"
infoLog "Onegate data seted"
else
infoLog "Onegate is not present"
echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token
infoLog "Tokens are available at /root/kube.token"
fi
}
joinCluster() {
local master="${MASTER_ADDR}"
local token="${MASTER_TOKEN}"
local caToken="${MASTER_CA_TOKEN}"
local caSecretKey="${MASTER_CA_SECRET_KEY}"
local sname="${SERVICE_NAME}"
if [ -n "${ONEGATE_ENDPOINT}" ];then
local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id')
if [ "${?}" -eq 0 ]; then
waitReadyState ${masterID} 600
if [ "${?}" -ne 0 ];then
errorLog "Master node is node ready after 600s"
return 3
fi
local masterInfo=$(onegate vm show ${masterID} --json | \
jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP")
master=$(echo ${masterInfo} | cut -d " " -f 1)
token=$(echo ${masterInfo} | cut -d " " -f 2)
caToken=$(echo ${masterInfo} | cut -d " " -f 3)
caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4)
masterIP=$(echo ${masterInfo} | cut -d " " -f 5)
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
fi
# Setting dns resolution for cluster
echo "${masterIP} ${sname}" >> /etc/hosts
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
fi
if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then
opts="--node-name $(hostname -f)"
opts="${opts} --token ${token}"
opts="${opts} --discovery-token-ca-cert-hash ${caToken}"
if [ -n "${1}" ];then
opts="${opts} --control-plane"
opts="${opts} --certificate-key ${caSecretKey}"
fi
opts="${opts} ${master}"
kubeadm join ${opts} | tee -a "${LOG_FILE}"
else
errorLog "Something is missing, can't join the cluster:"
errorLog " Master addr: [${master}]"
errorLog " Master token: [${token}]"
errorLog " Master CA token: [${caToken}]"
return 3
fi
}
getServiceName() {
local sname=$(onegate service show --json | jq -cr ".SERVICE.name")
local tmout=30
local tick=0
while true ;do
if [ -z "${sname}" ];then
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
else
echo ${sname}
return 0
fi
sleep 1
tick=$((tick+1))
if [ ${tmout} -eq ${tick} ];then
hostname -f
return 3
fi
done
}
initLeader() {
sname="$(hostname -f)"
if [ -n "${ONEGATE_ENDPOINT}" ];then
sname=$(getServiceName)
sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP")
echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
fi
caSecretKey=$(date | sha256sum | awk '{print $1}')
infoLog "Kubernetes init started"
kubeadm init --pod-network-cidr=10.244.0.0/16 \
--node-name="${SET_HOSTNAME}" \
--control-plane-endpoint "${sname}:6443" \
--upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}"
infoLog "Kubernetes init ended"
infoLog "Configuring kubectl"
mkdir /root/.kube
ln -s /etc/kubernetes/admin.conf /root/.kube/config
infoLog "kubectl configured"
infoLog "Installing cilium"
sleep 20
kubectl config view --minify -o jsonpath='{.clusters[].name}'
sleep 20
cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}"
infoLog "Cilium is installed"
returnToken "${caSecretKey}"
}
initKube() {
if [ "${SERVER_ROLE}" == "leader" ];then
initLeader
elif [ "${SERVER_ROLE}" == "worker" ];then
joinCluster
elif [ "${SERVER_ROLE}" == "master" ];then
joinCluster "${SERVER_ROLE}"
fi
touch ${FIRST_BOOT}
infoLog "Kubernetes cluster init is finished"
}
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
if [ -f "${FIRST_BOOT}" ];then
exit 0
else
uuidgen > /etc/machine-id
swapoff -a # Make sure swap is disabled
initKube &
fi

3
recipes/debian/provisionning/conf/kubernetes/sharemetrics.start
View File

@ -1,3 +0,0 @@
#!/bin/sh
mount --make-rshared /

1
recipes/debian/provisionning/conf/nuo-matchbox
View File

@ -1 +0,0 @@
matchbox

13
recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave
View File

@ -1,13 +0,0 @@
#!/bin/sh
CONF="/etc/conf.d/jenkins-slave"
if [ -e "/etc/jenkins-slave.conf" ]; then
CONF="/etc/jenkins-slave.conf"
fi
TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }')
sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}"
sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}"
sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}"
sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}"
sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}"

31
recipes/debian/provisionning/conf/one-context/net-96-gitlab-register
View File

@ -1,31 +0,0 @@
#!/usr/bin/env bash
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
# $TOKENTXT is available only through the env. file
# shellcheck disable=SC1090
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
###
if [ -n "${GITLAB_URL}" ]; then
if command -v gitlab-runner; then
if [ -n "${GITLAB_SHELL}" ]; then
opts="--shell=${GITLAB_SHELL}"
fi
# shellcheck disable=SC2086
gitlab-runner register \
--non-interactive \
--url="${GITLAB_URL}" \
--registration-token="${GITLAB_TOKEN}" \
--executor="${GITLAB_EXECUTOR}" \
--description="${GITLAB_RUNNER_NAME}" \
--tag-list="${GITLAB_TAG_LIST}" \
--locked=false \
--access-level=not_protected \
--run-untagged=false \
"${opts}"
fi
fi

9
recipes/debian/provisionning/debian/debian-11-install.sh
View File

@ -1,9 +0,0 @@
#!/bin/sh
echo "${1}" >/etc/hostname
apt-get update
apt-get -y dist-upgrade
apt-get install wget curl -y
touch /etc/cloud/cloud-init.disabled

11
recipes/debian/provisionning/debian/debian-12-install.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
echo "${1}" >/etc/hostname
apt-get update
apt-get -y dist-upgrade
apt-get install wget curl open-vm-tools -y
systemctl enable --now open-vm-tools.service
touch /etc/cloud/cloud-init.disabled

22
recipes/debian/provisionning/debian/http/preseed.cfg → recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl
View File

@ -37,10 +37,14 @@ d-i finish-install/reboot_in_progress note
# Bootloader options
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string /dev/vda
d-i grub-installer/bootdev string /dev/sda
# Set the keyboard layout
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/variant select France
d-i keyboard-configuration/xkb-keymap select fr
d-i console-keymaps-at/keymap select fr-latin9
d-i debian-installer/keymap string fr-latin9
# Mirror from which packages will be downloaded
d-i mirror/country string manual
@ -65,15 +69,19 @@ d-i partman/confirm_write_new_label boolean true
# User configuration
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
d-i passwd/root-password password ${local.ssh_password}
d-i passwd/root-password-again password ${local.ssh_password}
d-i passwd/user-fullname string packer
d-i passwd/user-uid string 1000
d-i passwd/username string packer
d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
d-i passwd/user-password password ${local.ssh_password}
d-i passwd/user-password-again password ${local.ssh_password}
# Extra packages to be installed
d-i pkgsel/include string sudo
d-i pkgsel/include string openssh-server build-essential
d-i pkgsel/include string openssh-server
d-i pkgsel/include string wget
d-i pkgsel/include string cloud-init
d-i pkgsel/install-language-support boolean false
d-i pkgsel/update-policy select none
@ -102,6 +110,6 @@ popularity-contest popularity-contest/participate boolean false
# Select base install
tasksel tasksel/first multiselect standard, ssh-server
# Setup passwordless sudo for packer user
d-i preseed/late_command string \
echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer
d-i preseed/late_command string in-target mkdir -p /root/.ssh; \
in-target /bin/sh -c "echo '${data.sshkey.install.public_key}' >> /root/.ssh/authorized_keys"; \
in-target chown -R root:root /root/.ssh/

1
recipes/debian/provisionning/hydra/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/role-sso

11
recipes/debian/provisionning/hydra/ansible-vars.yml Normal file
View File

@ -0,0 +1,11 @@
---
hydra_use_external_database: true
enable_hydra_dispatcher: false
enable_hydra_passwordless: false
enable_hydra_saml: false
enable_hydra_oidc: false
enable_hydra_ldap: false
enable_oidc_test_app: false
install_only: true

10
recipes/debian/provisionning/hydra/clone-role-sso.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Ciblage de la machine locale
hosts: localhost
connection: local
tasks:
- name: Clonage du projet "Cadoles/ansible-role-sso"
ansible.builtin.git:
repo: "ssh://git@forge.cadoles.com:2222/Cadoles/ansible-role-sso.git"
dest: "role-sso"
version: "master"

3
recipes/debian/provisionning/hydra/run-role-sso.yml Normal file
View File

@ -0,0 +1,3 @@
---
- hosts: all
roles: [ role-sso ]

4
recipes/debian/provisionning/letsencrypt.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
set -eo pipefail
@ -20,7 +20,7 @@ for cert in $CERTS; do
echo "Downloading '$cert'..."
filename=$(basename "$cert")
wget --tries=10 --timeout=30 -O "$filename" "$cert"
#openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
done
$UPDATE_CERTS_CMD

2
recipes/debian/provisionning/one-context.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
set -e

21
recipes/debian/provisionning/one-context/net-97-k3s
View File

@ -1,21 +0,0 @@
#!/usr/bin/env bash
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
# $TOKENTXT is available only through the env. file
# shellcheck disable=SC1090
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
###
if [ -n "${K3S_ROLE}" ]; then
if [ "${K3S_ROLE}" = "server" ]; then
rc-update add dnsmasq default
service dnsmasq start
rc-update add k3s default
service k3s start
fi
fi

2
recipes/debian/provisionning/quid/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/quid-ansible
/.ansible_vault_passphrase

137
recipes/debian/provisionning/quid/ansible-vars.yml Normal file
View File

@ -0,0 +1,137 @@
---
quid_ansible_repo_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
63356330363932313165663737383634623039383935333233316532643433643930663630663337
3938373061393535383638356438396264363132333939320a616463333939643036396266653435
32373265633439633663306433393037376235323965343530333239356633326266336333333961
6663613239393639370a663135333562663264376533336166323062656333613636393263356233
66653132386131613436356364636432336166353938373837333036393931343063343632613832
32303862623536356638396337373661623666393839303861653837393032666366396334383466
66373866366662353062653939393631373535666261323965666465383566343064653838313237
64396466393834373538613430636134663463313331336330393238636561663566343535663537
35643434313030636139326362613832346536333166613061653136346439653231336239626363
33376362383034303033343539306134313033386434366534633033306564636661386530306431
34656461323164656135303931626536643330653338656162386262633033393030363333336534
31343732636363623061303238386137316464333030343733316262646639366531633566383635
64653166393134623835363865326639613732353562303665643331663431333034373337653336
65313563333439613938396264626464393037396264646237303034356638323139373665613265
62623933623064333332313265326431333931643332393166373765383962333639643033393736
39666365666662396334316666323933306561343032386436613932396666653330653936656635
64353361366539363034316434306239646463336564643939353238393264633235633737656365
31313130396532313839613764393636656365303636323437643939313030373464353636363037
35376439383531633265613734383463643562333763646131643134383262313736613261346237
36633839323833316165393439386136343161306266666331396163363464343132393936313231
35663530633132386633313138333835346630383265666638373836663737623933376661633936
31623863396439623661396135633537306132306435303430613433346362333934383033656434
31363437626463383039336438666662316664353536393139383236323835333738393332623138
30343264633964393461616633313837353632373935623462326461663965363962306337396231
36623661333934616237306137663130316533613461616136306334666138656534383539393331
32623464333030653930393563343031383362383233373235623433643037636463656638386334
38316362643736313038366339396165626164336230663538303166316332633337396231646663
35303130666135313632326162643632356534646630383163653966346365646334396532313335
38353539383630663936313939613638346536623739366164313132636463353666636338353562
65336663333937353630636565396537366261646464626163623465313962353039623432653335
39653662366335646437366639303736653434623137613633353664336534373965616436643837
37396239633533616136636165396333366162313736666366396363303536373235656234393332
34663330653738643931373465313939313236363935316237303566363234346330303534353736
35336639313233346437666236653931366331393530363432303065323234376436373830346664
30613335333062633563643565383065663361613737343537396230353339656234613264666232
36393831663264393437316362653734356236333165666361623134626438653536303862653965
62636431643738393437663762376261653231633038343365666361626466653634353030356566
65333436353939623233623964393833363461356133653564633164366630303034633237653138
64343230383036336430306164636134623930656532366232353561656237306435353839396661
36633861363830633964376165633339376264363735613965376437303666326665303839363566
36306239376230303463663836653931656231353531383561353838383565356363376134343334
33363430613935643839316137333765383537326231343734643766373865306262336166313763
33666530633938636537663539616334643933396232653665373335663964343631623233366430
63306361383332323936343461313231343730373333346337656461346136656531326332613537
39323335313061376439343034336466643934306538333030616139353564323432376531663464
35613462396430346533383061636132323961303938613365306531386462313730326639363461
36313839336232373938353537356663363034356238383264303462396534343035633461336334
38613737373430396132313465366363386365303265396261303434653463623265323237393734
38616262326461383739353235353835316638653263383938653233326336633532323561656433
34326634623130336135333931633635316464383139393639353731636432613832633265376332
32346161396332356530316365316362393130643833633264643136623733313963326161333535
61623835643931613461333033643636386339323137306663366563393463383266356433306362
32626430316137336536663232633061396232313935656562346437653238313130383837336361
61323865646637333037336335656462303065616237356463616631663539633433613263623932
61333236653836653436616161666330616239393331393139333231626464326339666433663461
33343539356634613363616662333562653162366532396337643163373738363637313738386362
30356634626536336264616263313438366336373962636438303634333130626433366536366436
33393461386337663366663132336136343930623464663062663930363663333566323734336631
63643866643262333735386433386662303263323038613862653563363230643065356439663264
36323666323331613663626533366130663766643036366430643734303561393234623539646463
38376132653234346633363238303265376431653663363861653037323436393037306436623962
66376536343032303863323138326334626166363930323530353161333737616261346631326364
36343239373365306266323832303531313037316234353537383436363866326533663437373537
31353038326439303839353139303362613264386434303236363336386665303861663438626135
39633361656130316335333965643966616263303563326639653534653931343261356133616461
63353664633636343438303936636632393963343235323537393064646138623934633237646139
33366664636664373135316366316163343266646435626636366534343061323464633464666430
36653231633565346334333362343734613861313465366530376266653939656163323236613139
31363165646134343236326663343534383031323431323162343566353938666365323265663931
62396466333730363261626465366431316332626236346364396536636165653330653531306330
63633564613330323637633761613066623135396132316636303130663534306562326535363733
31636639643632633232383938363563643732623364303732663133386434326236353635326439
37656138663166616231383264353763623066646337656363663839376536633235353838373465
37343237376138326337623565306137363833333165383166343233373438373261306433653734
65376361633165383034666337623832336262393831313831626564346231376561393365633437
65383236633036616538623861656439323866633864666434643262346632343865643462393237
36386463393936376437643065356461306235656233373561393965613461643035356634626335
38633664323265303563363636613130383236393339333330613239633765636232326265653864
31346361346364396166663930663435313230366631623363306136353833346138346433373730
36326536323166396562303733353835663234636136383539356139623433316537343039623761
66373231353639623533323837386339323462366137376363373030333762323830623535626433
36636162396439363436343330636162383864383837663236626237396562333032383162636165
36663833343062613362663739303639396139376166376234646663316239306261356561396535
30316331656464333137313333396132656636653932363834336336303635633865313165316434
63376461333137343164333634333139336539613839393237343336646261643038643833303461
30663763653864626133356439646664663331613666616133383830346331636438656639633065
38346562343531633166666436643138366235373562386137326535333936383832313962313233
65613265313538626565666339643866393165316363663664373066623962303435663635653738
65363262633236333339633636363233333232333332643837326163633061656135653763663539
39346365356266353336316461613336343039656330306530303961346133343765363036633734
65643563633631373133633031343532356461633461616430313331306335336131333062643230
33623331313566646130373833373137333733343534383239306630396335383539373736613862
39323265393438376437386261636162303535346638316464366431316439643463623237323563
31326633373964626266356435376231333933646139666166663232633132323832353034626132
37316235376265633762613536323735653134616233396439326239323933623465613932363332
61663862613330366134633534653632343865666562376438386563653066363635666136613534
62356433653861666634653536353163306539613061373936346538306134326561323564353936
62666139646238663230376132613334323138313261336338666433613231323633623636333938
31356334613334383839396535643764393938303931613835643037626530333534323063646164
33346363366334333063363564663638306461613838616564643938396234373961613130373738
32636533653666626261336138326335623366643737633763353066643263663161396239663432
66646233303739623032313439643763656464623865353963333330653833323763633362303434
61343530613530336461363038383731646663343764383262393534623530613033636665656233
38666162336332376436363335626365666134646532356534346264316465613336653664326461
66626537643465326661636164313166393761343231643831366362386431323664633134303062
37623863616165633236643139633736336537326533636632646666633466336230653165666333
39326566326665366364636631646237663534393631646633316231303835343837303233333565
65663163646566306331343766636461326333306662633337356135663938383166303532313566
31393932333037366237663465626434643564663036336139316636313163646439643934343436
65343462393337333161323236303233376532363963616433343133383631643937333662363063
39646536373865626230633466616162613333623462616139386166316662343034393761343339
63313263316662626563343130633837303932383134656432383232626163323634636462343662
62326665366431656239663564663838653631396366313861323935623364633266333739383861
63326264333236373333313566323937336232326461343839616533633639346435333162313237
38646638373735663163623231313463326263656531373536393934626632326433363634616337
61303035356263366166656565393565343733626439376533316266343038366366656538663830
61656661323936633964333433306165613334306436343832666561363565343631383538643631
35623839643133376335393331643962386532346437313933366133336364326533373436613833
66326237386161623332323130333839336363373330313435636634663532346130626230393333
61323361646537623235376135363033636261343365343735623963643066373631343235356536
39653136376661353837383839663965643334393861373235353035356235396235613562363061
33353339663165656432383230663033363861343032326663373632346634303231346462663836
65313963373139383765303838666634666431343734313532626438373961393839656236646263
32623264636434636531663138373466663032333463373232353333363534336435353664353238
66663562653238396637613463636133656133386163376637353439626133373032373762623465
63316335336662623039633837613666363766363931343865313330316362316561626438626533
65383465396536306562363163653132343263636363613434333966346166326263373038653266
62353734326365616361303135303561313131633637633461636539636666363162646238343265
32363065326330303666336638333439356135633764643830353135346139306366353831613564
36303763363031613531623336656637393337323035343532623239623735383932626463643866
30363138313964643664653834363861616565393065633231623961353532623434623832343930
66666330633633653030613237383063353064373661393965373333323565336434653837616336
32613737623064316233613434363031623238326132653434646237306234663538616463643230
3261376331343330613739346434313636613561626230656334

10
recipes/debian/provisionning/quid/clone-quid-ansible.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Ciblage de la machine locale
hosts: localhost
connection: local
tasks:
- name: Clonage du projet "EFS/quid-ansible"
ansible.builtin.git:
repo: "ssh://git@forge.cadoles.com:2222/EFS/quid-ansible.git"
dest: "quid-ansible"
version: "master"

2
recipes/debian/provisionning/quid/run-quid-ansible.yml Normal file
View File

@ -0,0 +1,2 @@
---
- import_playbook: quid-ansible/deploy.yml

2
recipes/debian/provisionning/templater-install.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
set -ex

74
recipes/debian/quid.pkr.hcl Normal file
View File

@ -0,0 +1,74 @@
#Flavour base
build {
name = "quid"
description = <<EOF
This builder builds a QEMU image from a Debian cloud image.
EOF
source "vmware-vmx.debian" {
output_directory = "${var.output_dir}/${var.version}/quid"
vm_name = "quid-${local.output_name}-${var.version}"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
disk_additional_size = [ 102400 ]
vmx_data = {
"scsi1.pcislotnumber" = "16"
"scsi1.present" = "TRUE"
"scsi1.virtualdev" = "lsilogic"
"scsi1:0.filename" = "disk-1.vmdk"
"scsi1:0.present" = "TRUE"
"scsi1:0.redo" = ""
}
vmx_data_post = {
"memsize" = "4096",
"numvcpus" = "2",
}
}
// Extend root logical volume with additional disk space
provisioner "shell" {
inline = [
"pvcreate /dev/sdb",
"vgextend debian-vg /dev/sdb",
"lvextend -l +100%FREE /dev/debian-vg/root",
"resize2fs /dev/debian-vg/root"
]
}
// Store temporarily ansible vault password in local file
provisioner "shell-local" {
inline = ["echo '${var.quid_ansible_vault_passphrase}' > '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
}
// Clone quid-ansible repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/quid/clone-quid-ansible.yml"
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v" ]
}
// Run quid-ansible playbook from cloned repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/quid/run-quid-ansible.yml"
groups = ["quid_server"]
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--vault-password-file=${local.locations.provisionning}/quid/.ansible_vault_passphrase", "--extra-vars=@${local.locations.provisionning}/quid/ansible-vars.yml" ]
}
// Remove ansible vault password file
provisioner "shell-local" {
inline = ["rm -f '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/quid ${var.image_version}",
]
}
post-processor "manifest" {
keep_input_artifact = true
}
}

23
recipes/debian/readme.hydra.md Normal file
View File

@ -0,0 +1,23 @@
# Flavor "Hydra"
## Construction de l'image
1. Lancer la construction de l'image de la machine virtuelle
```
PACKER_OPTS="-var headless=false" ./build start debian 12
```
ou si l'image Debian de base est déjà construite:
```
BUILDER="vmware-vmx" PACKER_OPTS="-var headless=false" ./build run debian 12 hydra
```
> **Tip** Le paramètre `PACKER_OPTS="-var headless=false"` n'est nécessaire que dans le cas où vous souhaitez l'exécuteur VMWare avec son interface graphique.
## Générer le fichier OVF à partir de l'OVA
```
ovftool output/debian/12.2.0/hydra/hydra-debian-12.2.0.ova output/debian/12.2.0/hydra/hydra-debian-12.2.0.ovf
```

37
recipes/debian/readme.quid.md Normal file
View File

@ -0,0 +1,37 @@
# Flavor "Quid"
## Construction de l'image
1. Récupérer la phrase de passe pour les données chiffrées via `ansible-vault` dans le coffre-fort partagé (Section "Cadoles" -> "Kube").
2. Lancer la construction de l'image de la machine virtuelle
```
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" ./build start debian 12
```
ou si l'image Debian de base est déjà construite
```
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" BUILDER="vmware-vmx" ./build run debian 12 quid
```
> **Tip** Le paramètre `PACKER_OPTS="-var headless=false"` n'est nécessaire que dans le cas où vous souhaitez l'exécuteur VMWare avec son interface graphique.
## Générer le fichier OVF à partir de l'OVA
```
ovftool output/debian/12.2.0/quid/quid-debian-12.2.0.ova output/debian/12.2.0/quid/quid-debian-12.2.0.ovf
```
## Configuration de l'environnement Quid sur la machine virtuelle
1. Ajouter l'image de la machine sur votre environnement de virtualisation. Les fichiers sont normalement générés dans le répertoire `output/debian/12.2.0/quid`.
2. Démarrer la machine virtuelle. Le mot de passe par défaut du compte administrateur est `toor`.
3. Éditer le fichier `/etc/quid-ansible/config.yml` avec les valeurs correspondant à votre environnement de déploiement ([voir les valeurs par défaut](https://forge.cadoles.com/EFS/quid-ansible/src/branch/master/roles/quid-server/files/quid_ansible_default_config.yml))
4. Exécuter la commande `apply-config` pour mettre à jour la machine avec les valeurs présentes dans le fichier précédemment édité.
Pour plus d'informations voir la documentation du projet [`quid-ansible`](https://forge.cadoles.com/EFS/quid-ansible).

11
recipes/debian/sources.pkr.hcl
View File

@ -4,7 +4,7 @@ source qemu "debian" {
accelerator = "kvm"
vnc_bind_address = "0.0.0.0"
headless = false
headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
@ -39,7 +39,7 @@ source "vmware-iso" "debian" {
memory = "${local.memory}"
vnc_bind_address = "0.0.0.0"
headless = true
headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
@ -69,10 +69,9 @@ source "vmware-iso" "debian" {
}
source "vmware-vmx" "debian" {
disk_type_id = 0
vnc_bind_address = "0.0.0.0"
headless = true
headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
@ -99,4 +98,4 @@ source "vmware-vmx" "debian" {
format = "ova"
boot_wait = "5s"
}
}

6
recipes/debian/templates/conf/docker/subgid.pktpl.hcl
View File

@ -1,6 +0,0 @@
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: ${Vars.RootlessDocker}

1
recipes/debian/templates/conf/nuo-harbor
View File

@ -1 +0,0 @@
harbor

15
recipes/debian/variables.pkr.hcl
View File

@ -5,17 +5,17 @@ variable "name" {
variable "version" {
type = string
default = "11"
default = "12.2.0"
}
variable "short_version" {
type = string
default = "11"
default = "12"
}
variable "arch" {
type = string
default = "amd6464"
default = "amd64"
}
variable "output_dir" {
@ -25,12 +25,12 @@ variable "output_dir" {
variable "source_url" {
type = string
default = "https://cdimage.debian.org/cdimage/release"
default = "https://cdimage.debian.org/cdimage/release/12.2.0"
}
variable "iso_cd_checksum" {
type = string
default = "sha256:9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741"
default = "file:https://cdimage.debian.org/cdimage/release/12.2.0/amd64/iso-cd/SHA256SUMS"
}
variable "image_version" {
@ -57,3 +57,8 @@ variable "cloud_init_runcmd" {
type = list(string)
default = [ "uname" ]
}
variable "headless" {
type = bool
default = true
}

6
recipes/debian/variables.quid.pkr.hcl Normal file
View File

@ -0,0 +1,6 @@
variable "quid_ansible_vault_passphrase" {
type = string
default = env("QUID_ANSIBLE_VAULT_PASSPHRASE")
sensitive = true
}

6
recipes/nuo/3.18.pkrvars.hcl Normal file
View File

@ -0,0 +1,6 @@
name = "nuo"
version = "3.18.2"
short_version = "3.18"
arch = "x86_64"
source_url = "https://dl-cdn.alpinelinux.org/alpine"
iso_cd_checksum = "6bc7ff54f5249bfb67082e1cf261aaa6f307d05f64089d3909e18b2b0481467f"

93
recipes/nuo/docker.pkr.hcl Normal file
View File

@ -0,0 +1,93 @@
#Flavour docker
build {
name = "docker"
description = <<EOF
This builder builds a QEMU image from the base build output. The goal here is to install ${local.Docker.Name}
with it's provisionning.
EOF
source "source.vmware-vmx.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/docker"
vm_name = "${local.output_name}-${var.version}-docker.img"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
source "source.qemu.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}"
vm_name = "${local.output_name}-${var.version}-${local.Docker.Name}.img"
iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img"
iso_checksum = "none"
disk_size = 20480
disk_image = true
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
// Copy ssh Cadoles keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cadoles/"
}
provisioner "shell" {
inline = [
"sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'",
"sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'"
]
}
// Install templater and bootstraper
provisioner "shell" {
script = "${local.dirs.provisionning}/templater-install.sh"
}
// Copy configuration values on the image
provisioner "shell" {
inline = [
"sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'",
"sh -cx 'mkdir -p ${local.builder_config.ValueDir}'"
]
}
// Copy configuration templates to the image
provisioner "file" {
destination = "${local.builder_config.TemplateDir}/"
source = "${local.dirs.templates}/conf/${build.name}/"
}
// Copy configuration values on the image
provisioner "file" {
destination = "${local.builder_config.ValueDir}/${build.name}.json"
content = "${jsonencode(local.Docker)}"
}
// Generate default configuration for docker
provisioner "shell" {
inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ]
}
// Install OpenNebula context tool
provisioner "shell" {
script = "${local.dirs.provisionning}/one-context.sh"
}
// Deploy the opennebula context script to manage configuration
provisioner "file" {
destination = "/etc/one-context.d/net-96-templater"
source = "${local.dirs.provisionning}/conf/one-context/net-96-templater"
}
provisioner "shell" {
inline = [ "sh -cx 'chmod +x /etc/one-context.d/net-96-templater'" ]
}
post-processor "shell-local" {
inline = [
"/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name} ${var.image_version}",
//"ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img",
//"ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}",
]
}
}

136
recipes/nuo/harbor.pkr.hcl Normal file
View File

@ -0,0 +1,136 @@
#Flavour ${build.name}
build {
name = "harbor"
description = <<EOF
This builder builds a QEMU image from the base build output. The goal here is to install loki
with it's provisionning.
EOF
source "source.vmware-vmx.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-harbor"
vm_name = "${local.output_name}-${var.version}-nuo-harbor.img"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
// BUG https://github.com/hashicorp/packer-plugin-vmware/issues/119
disk_additional_size = [ 81920 ]
//
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
vmx_data = {
"scsi1.pcislotnumber" = "16"
"scsi1.present" = "TRUE"
"scsi1.virtualdev" = "lsilogic"
"scsi1:0.filename" = "disk-1.vmdk"
"scsi1:0.present" = "TRUE"
"scsi1:0.redo" = ""
}
vmx_data_post = {
"memsize" = "4096",
"numvcpus" = "2",
}
}
source "source.qemu.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Config.Name}"
vm_name = "${local.output_name}-${var.version}-${local.Config.Name}.img"
iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img"
iso_checksum = "none"
disk_size = 81920
disk_image = true
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
provisioner "shell" {
script = "${local.dirs.provisionning}/tools/additionnal-disk"
environment_vars = [
"PV_DEVICE=/dev/sdb",
"VG_NAME=data",
"LV_NAME=harbor-data",
"LV_MTP=/srv/harbor",
"LV_FS=ext4"
]
}
// Install templater and bootstraper
provisioner "shell" {
script = "${local.dirs.provisionning}/templater-install.sh"
}
// Copy static configurations to /etc
provisioner "file" {
destination = "/etc"
source = "${local.dirs.provisionning}/conf/${build.name}/"
}
// Copy configuration values on the image
provisioner "shell" {
inline = [
"sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'",
"sh -cx 'mkdir -p ${local.builder_config.ValueDir}'"
]
}
// Copy configuration templates to the image
provisioner "file" {
destination = "${local.builder_config.TemplateDir}/"
source = "${local.dirs.templates}/conf/${build.name}/"
}
// Copy Docker configuration templates to the image
provisioner "file" {
destination = "${local.builder_config.TemplateDir}/"
source = "${local.dirs.templates}/conf/docker/"
}
// Copy configuration values on the image
provisioner "file" {
destination = "${local.builder_config.ValueDir}/${build.name}.json"
content = "${jsonencode(local.NuoHarbor)}"
}
provisioner "file" {
destination = "/etc/local.d/templater.start"
source = "${local.locations.provisionning}/conf/common/templater.start"
}
// Copy ssh Cadoles keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cadoles/"
}
// Copy CNOUS SSH keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cnous/"
}
provisioner "shell" {
inline = [
"sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'",
"sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'"
]
}
// Generate default configuration for the server
provisioner "shell" {
max_retries = 3
inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ]
}
provisioner "shell" {
environment_vars = [
"HARBOR_SSL_CERT=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLCert}",
"HARBOR_SSL_KEY=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLPrivKey}",
"HARBOR_DOMAIN=${local.NuoHarbor.Services.Harbor.Vars.HarborDomain}"
]
script = "${local.dirs.provisionning}/${build.name}.sh"
}
provisioner "shell" {
inline = [
"chmod +x /etc/local.d/templater.start"
]
}
}

103
recipes/nuo/kind.pkr.hcl Normal file
View File

@ -0,0 +1,103 @@
#Flavour kind
build {
name = "kind"
description = <<EOF
This builder builds a QEMU image from the base build output. The goal here is to install ${local.Kind.Name}
with it's provisionning.
EOF
source "source.qemu.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Kind.Name}"
vm_name = "${local.output_name}-${var.version}-${local.Kind.Name}.img"
iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img"
iso_checksum = "none"
disk_size = 20480
disk_image = true
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
source "source.vmware-vmx.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-kind"
vm_name = "${local.output_name}-${var.version}-nuo-kind.img"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
vmx_data_post = {
"memsize" = "8192",
"numvcpus" = "4",
}
}
// Install templater and bootstraper
provisioner "shell" {
script = "${local.locations.provisionning}/templater-install.sh"
}
// Copy configuration values on the image
provisioner "shell" {
inline = [
"sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'",
"sh -cx 'mkdir -p ${local.builder_config.ValueDir}'"
]
}
// Copy configuration templates to the image
provisioner "file" {
destination = "${local.builder_config.TemplateDir}/"
source = "${local.locations.templates}/conf/${build.name}/"
}
// Copy configuration values on the image
provisioner "file" {
destination = "${local.builder_config.ValueDir}/${build.name}.json"
content = "${jsonencode(local.Kind)}"
}
// Generate default configuration for kind
provisioner "shell" {
max_retries = 3
inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ]
}
// Complete kind install
provisioner "shell" {
expect_disconnect = true
max_retries = 6
script = "${local.locations.provisionning}/${build.name}.sh"
}
// Copy ssh Cadoles keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cadoles/"
}
// Copy CNOUS SSH keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cnous/"
}
provisioner "file" {
destination = "/etc/local.d/init${build.name}.start"
source = "${local.locations.provisionning}/conf/${build.name}/init${build.name}.start"
}
provisioner "shell" {
inline = [
"sh -cx 'chmod +x /etc/local.d/init${build.name}.start'",
"sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'",
"sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'"
]
}
provisioner "shell" {
inline = [
"service podman start",
//"service containerd start",
//"sleep 10",
//"kind create cluster --config /etc/cluster.yaml ",
"sleep 10"]
}
}

6
recipes/nuo/locals.builder.pkr.hcl Normal file
View File

@ -0,0 +1,6 @@
locals {
builder_config = {
TemplateDir = "/usr/share/builder/templates"
ValueDir = "/usr/share/builder/values"
}
}

65
recipes/nuo/locals.docker.pkr.hcl Normal file
View File

@ -0,0 +1,65 @@
locals {
// Definition of the Kubernetes service (templater compatible)
ServiceDocker = {
ConfigFiles = [
{
destination = "/etc/rc.conf"
source = "rc.conf.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
}
]
Repositories = {}
Packages = {
docker = {
name = "docker"
action = "install"
}
docker-compose = {
name = "docker-compose"
action = "install"
}
gpg = {
name = "gpg"
action = "install"
}
}
Daemons = {
docker = {
name = "docker"
type = "auto"
enabled = true
}
cgroups = {
name = "cgroups"
type = "auto"
enabled = true
}
local = {
name = "local"
type = "auto"
enabled = true
}
}
Vars = {
RootlessDocker = "true"
}
Users = {
dock = {
username = "dock"
group = "dock"
home = "/srv/dock"
shell = "/bin/nologin"
}
}
}
Docker = {
Name = "docker"
Globals = local.Globals
Services = {
Docker = local.ServiceDocker
}
}
}

7
recipes/nuo/locals.globals.pkr.hcl Normal file
View File

@ -0,0 +1,7 @@
locals {
Globals = {
Vars = {
PrometheusPort = "9090"
}
}
}

89
recipes/nuo/locals.harbor.pkr.hcl Normal file
View File

@ -0,0 +1,89 @@
locals {
ServiceNuoHarbor = {
ConfigFiles = [
{
destination = "/etc/harbor/harbor.yml"
source = "harbor.yml.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
}
]
Vars = {
AuthEnabled = false
User = "harbor"
Group = "harbor"
HarborHTTPPort = "80"
HarborHTTPSPort = "443"
HarborSSLCert = "/etc/ssl/certs/harbor.crt"
HarborSSLPrivKey = "/etc/ssl/certs/harbor.key"
HarborDomain = "reg.k8s.in.nuonet.fr"
HarborAdminPassword = "ChangeMeAsSoonAsPossible"
HarborDBPassword = "WeNeedToBeAbleToManagePasswords"
NIC = [
{
Name = "eth0"
IP = "192.168.160.10"
Mask = "255.255.254.0"
Gateway = "192.168.160.1"
}
]
DNS = [ "192.168.160.10" ]
Set = { Hostname = "reg.k8s.in.nuonet.fr" }
}
Repositories = {
AlpineEdgeTesting = {
type = "apk"
name = "testing"
url = "http://mirrors.ircam.fr/pub/alpine/edge/testing"
enabled = true
}
}
Packages = {
vmtools = {
name = "open-vm-tools"
action = "install"
},
mkcert = {
name = "mkcert"
action = "install"
},
gpg-agent = {
name = "gpg-agent"
action = "install"
}
ncurses = {
name = "ncurses"
action = "install"
}
}
Daemons = {
vm-tools = {
name = "open-vm-tools"
type = "auto"
enabled = true
}
harbor = {
name = "harbor"
type = "auto"
enabled = true
}
}
Users = {
harbor = {
username = "harbor"
group = "harbor"
home = "/srv/harbor"
shell = "/bin/nologin"
}
}
}
NuoHarbor = {
Name = "nuo-harbor"
Globals = local.Globals
Services = {
Docker = local.ServiceDocker
Harbor = local.ServiceNuoHarbor
}
}
}

132
recipes/nuo/locals.kind.pkr.hcl Normal file
View File

@ -0,0 +1,132 @@
locals {
// Definition of the Kubernetes service (templater compatible)
ServiceKubernetes = {
ConfigFiles = [
{
destination = "/etc/cluster.yaml"
source = "cluster.yaml.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
},
{
destination = "/etc/rc.conf"
source = "rc.conf.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
}
]
Repositories = {}
Packages = {
docker = {
name = "docker"
action = "install"
}
docker-compose = {
name = "docker-compose"
action = "install"
}
gpg = {
name = "gpg"
action = "install"
}
kubeadm = {
name = "kind"
action = "install"
}
vmtools = {
name = "open-vm-tools"
action = "install"
}
vmtools-rc = {
name = "open-vm-tools-openrc"
action = "install"
}
}
Vars = {
RootlessDocker = "true"
Cluster = {
Name = "nuo"
IngressReady = true
PodSubNet = "10.110.0.0/16"
ServieSubNet = "10.115.0.0/16"
Version = "1.27.2"
Nodes = [
{
Role = "control-plane"
Ports = [
{
containerPort = 31000
hostPort = 31000
listenAddress = "0.0.0.0"
},
{
containerPort = 80
hostPort = 8080
listenAddress = "0.0.0.0"
},
{
containerPort = 443
hostPort = 8443
listenAddress = "0.0.0.0"
}
]
},
{ Role = "worker" },
{ Role = "worker" },
{ Role = "worker" }
]
}
}
Users = {
dock = {
username = "dock"
group = "dock"
home = "/srv/dock"
shell = "/bin/nologin"
}
}
Daemons = {
vm-tools = {
name = "open-vm-tools"
type = "auto"
enabled = true
}
docker = {
name = "docker"
type = "auto"
enabled = true
}
cgroups = {
name = "cgroups"
type = "auto"
enabled = true
}
local = {
name = "local"
type = "auto"
enabled = true
}
ntpd = {
name = "ntpd"
type = "auto"
enabled = true
}
local = {
name = "local"
type = "auto"
enabled = true
}
}
}
// Definition of the Kubernetes full configuration (with all the services)
Kind = {
Name = "kind"
Globals = local.Globals
Services = {
Kubernetes = local.ServiceKubernetes
}
}
}

176
recipes/nuo/locals.matchbox.pkr.hcl Normal file
View File

@ -0,0 +1,176 @@
locals {
// Definition of the Kubernetes service (templater compatible)
ServiceNuoMatchBox = {
ConfigFiles = [
{
destination = "/etc/dnsmasq.d/pxe.conf"
source = "dnsmasq.d/ipxe.conf.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
},
{
destination = "/etc/dnsmasq-hosts.conf"
source = "dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl"
mode = "600"
owner = "dnsmasq"
group = "root"
},
{
destination = "/etc/conf.d/matchbox"
source = "conf.d/matchbox.conf.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
},
{
destination = "/etc/init.d/matchbox"
source = "init.d/matchbox.pktpl.hcl"
mode = "700"
owner = "root"
group = "root"
},
{
destination = "/etc/network/interfaces"
source = "network/interfaces.pktpl.hcl"
mode = "700"
owner = "root"
group = "root"
},
{
destination = "/etc/resolv.conf"
source = "resolv.conf.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
},
{
destination = "/etc/hostname"
source = "hostname.pktpl.hcl"
mode = "600"
owner = "root"
group = "root"
}
]
Repositories = {
AlpineEdgeTesting = {
type = "apk"
name = "testing"
url = "http://mirrors.ircam.fr/pub/alpine/edge/testing"
enabled = true
}
AlpineEdgeCommunity = {
type = "apk"
name = "testing"
url = "http://mirrors.ircam.fr/pub/alpine/edge/community"
enabled = true
}
}
Packages = {
dnsmasq = {
name = "dnsmasq"
action = "install"
}
terraform = {
name = "terraform"
action = "install"
}
git = {
name = "git"
action = "install"
}
kubectl = {
name = "kubectl"
action = "install"
}
gpg = {
name = "gpg"
action = "install"
}
vmtools = {
name = "open-vm-tools"
action = "install"
}
bash = {
name = "bash"
action = "install"
}
}
Vars = {
PXE = {
DHCPMode = "standalone"
DNSDomain = "k8s.in.nuonet.fr"
ListenInterface = "eth0"
GreetingMessage = "Nuo PXE Boot Server"
DelayTime = "5"
BootingMessage = "Booting from network the Nuo way"
DHCPRangeStart = "192.168.160.20"
DHCPRangeEnd = "192.168.160.60"
DHCPLeaseDuration = "48h"
TFTPRoot = "/var/lib/tftpboot"
}
DNSMasq = {
Hosts = [
{
Name = "reg.k8s.in.nuonet.fr"
IP = "192.168.160.11"
}
]
}
MatchBox = {
Hostname = "mb.k8s.in.nuonet.fr"
HTTPPort = "8080"
gRPCPort = "8081"
LogLevel = "info"
}
NIC = [
{
Name = "eth0"
IP = "192.168.160.10"
Mask = "255.255.254.0"
Gateway = "192.168.160.1"
}
]
DNS = [ "10.253.50.105" ]
Hosts = [
{
Name = "harbor.k8s.in.nuonet.fr"
IP = "192.168.160.11"
}
]
Set = { Hostname = "mb.k8s.in.nuonet.fr" }
}
Users = {}
Daemons = {
vm-tools = {
name = "open-vm-tools"
type = "auto"
enabled = true
}
matchbox = {
name = "matchbox"
type = "auto"
enabled = true
}
dnsmasq = {
name = "dnsmasq"
type = "auto"
enabled = true
}
local = {
name = "local"
type = "auto"
enabled = true
}
}
}
// Definition of the Kubernetes full configuration (with all the services)
NuoMatchBox = {
Name = "nuo-matchbox"
Globals = local.Globals
Services = {
NuoMatchBox = local.ServiceNuoMatchBox
}
}
}

37
recipes/nuo/locals.pkr.hcl Normal file
View File

@ -0,0 +1,37 @@
# "timestamp" template function replacement
locals {
locations = {
recipes = "${path.cwd}/recipes/${var.name}"
templates = "${path.cwd}/recipes/${var.name}/templates"
provisionning = "${path.cwd}/recipes/${var.name}/provisionning"
post-processors = "${path.cwd}/recipes/${var.name}/post-processor"
tools = "${path.cwd}/tools"
}
dirs = local.locations
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
output_name = "${var.name}"
source_checksum_url = "file:${var.source_url}/${var.version}/${var.arch}/iso-cd/SHA256SUMS"
source_iso = "${var.source_url}/v${var.short_version}/releases/${var.arch}/alpine-virt-${var.version}-${var.arch}.iso"
source_checksum = "${var.iso_cd_checksum}"
ssh_user = "root"
ssh_password = "PbkRc1vup7Wq5n4r"
disk_size = 8000
memory = 512
installOpts = {
hostname = var.name
user = "eole"
disk_device = "/dev/vda"
}
installOptsVMWare = {
hostname = var.name
user = "eole"
disk_device = "/dev/sda"
}
installOptsVirtualBox = {
hostname = var.name
user = "eole"
disk_device = "/dev/sda"
}
instance_data = { "instance-id": "${var.name}" }
}

136
recipes/nuo/main.pkr.hcl Normal file
View File

@ -0,0 +1,136 @@
#Flavour base
build {
name = "base"
description = <<EOF
This builder builds a QEMU image from an nuo "virt" CD ISO file.
EOF
source "vmware-iso.nuo" {
output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}.img"
disk_size = 10240
iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}"
http_content = {
"/ssh-packer-pub.key" = data.sshkey.install.public_key
"/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare)
}
boot_command = [
"<wait10s>root<enter>",
"<wait1s><enter>",
"<wait1s>setup-interfaces<enter><wait1s><enter><wait1s><enter><wait1s><enter>",
"<wait1s>ifup eth0<enter>",
"<wait1s>mkdir -p .ssh<enter>",
"<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys<enter><wait1s>",
"<wait1s>chmod 600 .ssh/authorized_keys<enter>",
"<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/install.conf<enter><wait1s>",
"<wait1s>setup-sshd -c openssh -k .ssh/authorized_keys<enter><wait1s>",
]
}
source "qemu.nuo" {
output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}.img"
disk_size = 8000
iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}"
http_content = {
"/ssh-packer-pub.key" = data.sshkey.install.public_key
"/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts)
}
boot_command = [
"<wait5s>root<enter>",
"<wait1s><enter>",
"<wait1s>setup-interfaces<enter><wait1s><enter><wait1s><enter><wait1s><enter>",
"<wait1s>ifup eth0<enter>",
"<wait1s>mkdir -p .ssh<enter>",
"<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys<enter><wait1s>",
"<wait1s>chmod 600 .ssh/authorized_keys<enter>",
"<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/install.conf<enter><wait1s>",
"<wait1s>setup-sshd -c openssh -k .ssh/authorized_keys<enter><wait1s>",
]
}
source "virtualbox-iso.nuo" {
output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}.img"
disk_size = 10240
iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}"
guest_os_type = "Linux_64"
cd_label = "cidata"
cd_content = {
"meta-data" = jsonencode(local.instance_data)
"user-data" = templatefile("${local.locations.templates}/conf/cloud-init/user-data",
{
user = local.ssh_user,
password = local.ssh_password,
root_password = local.ssh_password,
runcmd = []
ssh_keys = [ data.sshkey.install.public_key ]
files = [
{
path = "/root/install.conf"
owner = "root"
group = "root"
permissions = "600"
content = [ "KEYMAPOPTS=\"fr fr\"",
"HOSTNAMEOPTS=\"-n nuo\"",
"INTERFACESOPTS=\"auto lo",
"iface lo inet loopback",
"auto eth0",
"iface eth0 inet dhcp",
" hostname nuo\"",
"DNSOPTS=\"\"",
"TIMEZONEOPTS=\"-z Europe/Paris\"",
"PROXYOPTS=\"none\"",
"APKREPOSOPTS=\"-r -c\"",
"SSHDOPTS=\"-c openssh -k /root/.ssh/authorized_keys\"",
"NTPOPTS=\"-c openntpd\"",
"DISKOPTS=\"-L -m sys /dev/sda\""]
}
]
}
)
}
boot_command = []
}
provisioner "shell" {
pause_before = "1s"
expect_disconnect = true # Because the previous step has rebooted the machine
script = "${local.locations.provisionning}/${var.name}-${var.short_version}-install.sh"
valid_exit_codes = [ 0, 141 ]
}
provisioner "shell" {
pause_before = "1s"
inline = [ "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'" ]
}
provisioner "shell" {
pause_before = "10s"
script = "${local.locations.provisionning}/${var.name}-${var.short_version}-postinstall.sh"
}
provisioner "shell" {
script = "${local.locations.provisionning}/letsencrypt.sh"
}
provisioner "file" {
destination = "/etc/conf.d/chronyd"
source = "${local.locations.templates}/conf/conf.d/"
}
post-processor "manifest" {
keep_input_artifact = true
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}"
]
}
}

120
recipes/nuo/matchbox.pkr.hcl Normal file
View File

@ -0,0 +1,120 @@
#Flavour nuo-matchbox
build {
name = "matchbox"
description = <<EOF
This builder builds a QEMU image from the base build output. The goal here is to install nuo-matchbox
with it's provisionning.
EOF
source "source.vmware-vmx.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-matchbox"
vm_name = "${local.output_name}-${var.version}-nuo-matchbox.img"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
source "source.qemu.nuo" {
output_directory = "${var.output_dir}/${var.version}/provisionned/nuo-matchbox"
vm_name = "${local.output_name}-${var.version}-nuo-matchbox.img"
iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img"
iso_checksum = "none"
disk_size = 40960
disk_image = true
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
}
// Install templater and bootstraper
provisioner "shell" {
script = "${local.dirs.provisionning}/templater-install.sh"
}
// Copy configuration values on the image
provisioner "shell" {
inline = [
"sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'",
"sh -cx 'mkdir -p ${local.builder_config.ValueDir}'"
]
}
// Copy configuration templates to the image
provisioner "file" {
destination = "${local.builder_config.TemplateDir}/"
source = "${local.dirs.templates}/conf/${build.name}/"
}
// Copy configuration values on the image
provisioner "file" {
destination = "${local.builder_config.ValueDir}/${build.name}.json"
content = "${jsonencode(local.NuoMatchBox)}"
}
// Copy nuo-matchbox boot provisionning script
provisioner "file" {
destination = "/etc/local.d/initmatchbox.start"
source = "${local.locations.provisionning}/conf/${build.name}/initmatchbox.start"
}
// Copy ssh Cadoles keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cadoles/"
}
// Copy CNOUS SSH keys
provisioner "file" {
destination = "/tmp"
source = "${local.locations.provisionning}/ssh/cnous/"
}
provisioner "shell" {
inline = [
"sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'",
"sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'"
]
}
provisioner "file" {
destination = "/etc/local.d/templater.start"
source = "${local.locations.provisionning}/conf/common/templater.start"
}
// Copy tftp provisionning script
provisioner "file" {
destination = "/etc/local.d/inittftp.start"
source = "${local.locations.provisionning}/conf/${build.name}/inittftp.start"
}
// Generate default configuration for kubernetes
provisioner "shell" {
max_retries = 3
inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ]
}
provisioner "file" {
destination = "/tmp/${build.name}.sh"
source = "${local.dirs.provisionning}/${build.name}.sh"
}
provisioner "shell" {
inline = [
"sh -cx 'sh /tmp/${build.name}.sh'"
]
}
provisioner "shell" {
inline = [
"chmod +x /etc/local.d/initmatchbox.start",
"chmod +x /etc/local.d/templater.start",
"chmod +x /etc/local.d/inittftp.start"
]
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/nuo-matchbox ${var.image_version}"
]
}
}

24
recipes/nuo/plugins.pkr.hcl Normal file
View File

@ -0,0 +1,24 @@
packer {
required_plugins {
sshkey = {
version = ">= 1.0.1"
source = "github.com/ivoronin/sshkey"
}
vmware = {
version = ">= 1.0.8"
source = "github.com/hashicorp/vmware"
}
qemu = {
source = "github.com/hashicorp/qemu"
version = "~> 1"
}
virtualbox = {
source = "github.com/hashicorp/virtualbox"
version = "~> 1"
}
}
}
data "sshkey" "install" {
type = "ed25519"
}

31
recipes/nuo/post-processor/sparsify.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
if [ "${#}" -ne 2 ]; then
echo Missing arguments
exit 2
fi
WORKDIR=${1}
VERSION=${2}
findImages() {
find ${1} -iname "*.img"
}
sleep 5
for imageName in $(findImages ${WORKDIR} ${DOMAIN}); do
if [ $(which virt-sparsify) ]; then
newName=$(echo $imageName | sed "s/.img/_${VERSION}.img/g")
virt-sparsify --compress --tmp ./ --format qcow2 ${imageName} ${newName}
if [ "${?}" -eq 0 ]; then
rm -rf ${imageName}
cd ${WORKDIR}
ln -s $(basename ${newName}) $(basename ${imageName})
echo ${newName} ${imageName}
cd -
fi
else
echo "Sparsify skipped 'virt-sparsify' command is missing"
fi
done

104
recipes/nuo/provisionning/conf/common/templater.start Normal file
View File

@ -0,0 +1,104 @@
#!/usr/bin/env bash
#
# Generate all the configuration files
# Get all the values from the VLS_DIR
# Process each template from the TPL_DIR with this values
#
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
TPL_DIR="/usr/share/builder/templates"
VLS_DIR="/usr/share/builder/values"
CONFIG=""
if [ -f "${ENV_FILE}" ]; then
. ${ENV_FILE}
fi
BTR="$(command -v btr)"
if [ "${?}" -ne 0 ]; then
echo "Warning: Nothing to do the templater is not installed"
exit 0
fi
if [ ! -e "${TPL_DIR}" ]; then
echo "Error: The template dir is missing (${TPL_DIR})"
exit 1
fi
if [ ! -e "${VLS_DIR}" ]; then
echo "Error: The template dir is missing (${VLS_DIR})"
exit 1
fi
jsonQuery() {
local data="${1}"
local query="${2}"
echo "${data}" | jq -cr "${query}"
}
# NAME: @jsonMerge
# AIM: Merge two json structures
# NOTES:
# The last one has de last word
# if you have the same key in A and B
# this keeps the value of the B structure.
# PARAMS:
# $1: original JSON Structure
# $2: updated JSON Structure
jsonMerge() {
local data="${1}"
local data2="${2}"
echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
}
jsonUpdateVal() {
local json="${1}"
local key="${2}"
local value="${3}"
echo "${json}" | jq --arg a "${value}" "${key} = \$a"
}
getValues() {
local values=""
for file in $(find ${VLS_DIR} -name "*.json"); do
values="${values}$(cat ${file})"
done
if [ -n "${RAW_CONFIG}" ]; then
values="$(jsonMerge ${values} ${RAW_CONFIG})"
fi
for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do
for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do
ukey=${key^^}
vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")"
if [ ${?} -eq 0 ]; then
for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do
uvar=${var^^}
val=$(eval echo "\$${ukey}_${uvar}")
if [ -n "${val}" ]; then
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}")
fi
done
else
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}")
fi
done
done
echo ${values}
}
processTemplates() {
${BTR} -t ${TPL_DIR} -c "${1}"
}
VALUES=$(getValues)
file=$(mktemp)
echo "${VALUES}" > "${file}"
processTemplates "${file}"
rm -rf "${file}"

0
recipes/debian/provisionning/conf/harbor/init.d/harbor → recipes/nuo/provisionning/conf/harbor/init.d/harbor
View File

13
recipes/nuo/provisionning/conf/kind/initkind.start Normal file
View File

@ -0,0 +1,13 @@
#!/bin/sh
CLUSTER_NAME="nuo"
if [ $(kind get clusters -q | grep "${CLUSTER_NAME}") ];then
podman start -f name="^${CLUSTER_NAME}"
else
kind create cluster --config /etc/cluster.yaml | tee -a /var/log/kind-init.log
fi
if [ ! $(which kubectl) ];then
apk add kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
fi

0
recipes/debian/provisionning/conf/matchbox/initmatchbox.start → recipes/nuo/provisionning/conf/matchbox/initmatchbox.start
View File

0
recipes/debian/provisionning/conf/matchbox/inittftp.start → recipes/nuo/provisionning/conf/matchbox/inittftp.start
View File

38
recipes/nuo/provisionning/harbor.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/sh
HARBOR_VERSION="2.8.2"
HARBOR_SOURCE_URL="https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/"
HARBOR_INSTALLER="harbor-offline-installer-v${HARBOR_VERSION}.tgz"
HARBOR_INSTALLER_ASC="${HARBOR_INSTALLER}.asc"
export TERM=xterm
gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C
cd /srv
wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER}
wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER_ASC}
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify ${HARBOR_INSTALLER}.asc
if [ $? -ne 0 ]; then
echo "Harbor sources ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} are corrupt"
exit 3
fi
tar xzvf ${HARBOR_INSTALLER}
if [ ! -f ${HARBOR_SSL_CERT} ];then
mkcert -install
mkcert -cert-file ${HARBOR_SSL_CERT} -key-file ${HARBOR_SSL_KEY} ${HARBOR_DOMAIN}
fi
cd harbor
ln -s /etc/harbor/harbor.yml .
service docker start
sleep 5
./prepare
./install.sh --with-notary --with-trivy

10
recipes/nuo/provisionning/kind.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
# Remove swap
cat /etc/fstab | grep -v swap > temp.fstab
cat temp.fstab > /etc/fstab
rm temp.fstab
swapoff -a
#lvremove -y /dev/vg0/lv_swap
#lvextend -y -r -l +100%FREE /dev/vg0/lv_root

26
recipes/nuo/provisionning/letsencrypt.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
set -eo pipefail
DESTDIR=/usr/local/share/ca-certificates
UPDATE_CERTS_CMD=update-ca-certificates
CERTS="$(cat <<EOF
https://letsencrypt.org/certs/isrgrootx1.pem
https://letsencrypt.org/certs/isrg-root-x2.pem
https://letsencrypt.org/certs/lets-encrypt-r3.pem
https://letsencrypt.org/certs/lets-encrypt-e1.pem
https://letsencrypt.org/certs/lets-encrypt-r4.pem
https://letsencrypt.org/certs/lets-encrypt-e2.pem
EOF
)"
cd "$DESTDIR"
for cert in $CERTS; do
echo "Downloading '$cert'..."
filename=$(basename "$cert")
wget --tries=10 --timeout=30 -O "$filename" "$cert"
#openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
done
$UPDATE_CERTS_CMD

39
recipes/nuo/provisionning/matchbox.sh Normal file
View File

@ -0,0 +1,39 @@
#!/bin/sh
VERSION=0.10.0
ARCH=amd64
BIN="matchbox"
FILENAME="matchbox-v${VERSION}-linux-${ARCH}.tar.gz"
URL="https://github.com/poseidon/matchbox/releases/download/v${VERSION}/${FILENAME}"
MATCHBOX_DIR="/var/lib/matchbox"
ASSETS_DIR="${MATCHBOX_DIR}/assets/"
TFTP_DIR="/var/lib/tftpboot"
MATCHBOX_USER="matchbox"
FL_VERSIONS="current 3374.2.0"
apk add wget
echo "Downloading matchbox"
cd /tmp
wget -q --show-progress "${URL}"
tar -xzvf "${FILENAME}"
cd ./matchbox-v${VERSION}-linux-${ARCH}
echo "Installing matchbox"
cp ${BIN} /usr/local/bin
echo "Installing get-flatcar"
cp ./scripts/get-flatcar /usr/local/bin
chmod +x /usr/local/bin/get-flatcar
adduser "${MATCHBOX_USER}"
mkdir -p "${ASSETS_DIR}"
mkdir -p "${TFTP_DIR}"
chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${MATCHBOX_DIR}"
chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${ASSETS_DIR}"
chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${ASSETS_DIR}"
ls -lhaR ${ASSETS_DIR}
cp -rp ./scripts/tls /root
exit "${?}"

17
recipes/nuo/provisionning/nuo-3.18-install.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/sh
#set -xeo pipefail
# Run the installer
setup-alpine -q
#yes | setup-alpine -e -f /root/install.conf
# Copy ssh keys
echo "Copy packer ssh key"
mount /dev/vg0/lv_root /mnt
cp -rp .ssh /mnt/root/
sync
umount /mnt
echo "Rebooting the host after install"
reboot -nf

23
recipes/nuo/provisionning/nuo-3.18-postinstall.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
set -xeo pipefail
apk add --no-cache wget curl jq haveged ca-certificates rsyslog bash shadow
rc-update add haveged boot
rc-update add rsyslog boot
rc-update add sshd boot
# Generate root password
pass=$(openssl rand -base64 32 | tee -a .secret)
chmod 600 .secret
echo -e "${pass}\n${pass}" | passwd
# Remove expect package
# Prevent logs spamming like "process '/sbin/getty -L 0 ttyS0 vt100' (pid 2516) exited. Scheduling for restart."
# We don't need an access to ttyS0
sed -i 's@^\(ttyS0::respawn.*\)@#\1@' /etc/inittab
usermod --password $( echo "Cadoles;21" | openssl passwd -1 -stdin) root
sync

102
recipes/nuo/provisionning/one-context/net-96-templater Normal file
View File

@ -0,0 +1,102 @@
#!/usr/bin/env bash
#
# Generate all the configuration files
# Get all the values from the VLS_DIR
# Process each template from the TPL_DIR with this values
#
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
TPL_DIR="/usr/share/builder/templates"
VLS_DIR="/usr/share/builder/values"
CONFIG=""
. ${ENV_FILE}
BTR="$(command -v btr)"
if [ "${?}" -ne 0 ]; then
echo "Warning: Nothing to do the templater is not installed"
exit 0
fi
if [ ! -e "${TPL_DIR}" ]; then
echo "Error: The template dir is missing (${TPL_DIR})"
exit 1
fi
if [ ! -e "${VLS_DIR}" ]; then
echo "Error: The template dir is missing (${VLS_DIR})"
exit 1
fi
jsonQuery() {
local data="${1}"
local query="${2}"
echo "${data}" | jq -cr "${query}"
}
# NAME: @jsonMerge
# AIM: Merge two json structures
# NOTES:
# The last one has de last word
# if you have the same key in A and B
# this keeps the value of the B structure.
# PARAMS:
# $1: original JSON Structure
# $2: updated JSON Structure
jsonMerge() {
local data="${1}"
local data2="${2}"
echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
}
jsonUpdateVal() {
local json="${1}"
local key="${2}"
local value="${3}"
echo "${json}" | jq --arg a "${value}" "${key} = \$a"
}
getValues() {
local values=""
for file in $(find ${VLS_DIR} -name "*.json"); do
values="${values}$(cat ${file})"
done
if [ -n "${RAW_CONFIG}" ]; then
values="$(jsonMerge ${values} ${RAW_CONFIG})"
fi
for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do
for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do
ukey=${key^^}
vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")"
if [ ${?} -eq 0 ]; then
for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do
uvar=${var^^}
val=$(eval echo "\$${ukey}_${uvar}")
if [ -n "${val}" ]; then
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}")
fi
done
else
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}")
fi
done
done
echo ${values}
}
processTemplates() {
${BTR} -t ${TPL_DIR} -c "${1}"
}
VALUES=$(getValues)
file=$(mktemp)
echo "${VALUES}" > "${file}"
processTemplates "${file}"
rm -rf "${file}"

0
recipes/debian/provisionning/conf/one-context/net-97-k3s → recipes/nuo/provisionning/one-context/net-97-k3s
View File

1
recipes/nuo/provisionning/ssh/cadoles/pcaseiro.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDph3zh6ojSvH44k13z9B6xj+Hargo3uzkxnYv5s5NI4yagNuBXEc3aS++KdocND+FtVfLK+iVE8qHo2bvmpMmVkqU6WU2apN7DfIP0QGLlSGeo+UOZ9hGeEDlgVO4AOnZKZ5kPGBEPZ84JXuE9CmhKfwEVCK8w3B8XQttA8alFl4A4/4F14x2w4njsSLY1H3b0qah7hgYKU5zHIGLg8Lxx+1BxGIF0l5n5m5rqAskRNaF+aYbs0CcWHv49bPK0sJJ0qPV2r2sq8BlzuZFHExnZRIxpsIXdce4Bm4rdlGi7tBmmurLk4OOtDkwvhD0LMaNJf10k6QLSmRUTVzgsYz/dmGxopbMtwwIXkwi014uSZgi8wAuznXx5I4j2TUGPZHOVf+1iw/yaxWlgTVOSoX7ZxyhDgW5cCgZZGNzU5UWe0vUuVTB+hfSMj50/Q6+Vi92/mDMbPhm4nBoVzD5DT15mB+yGyN45Ej61m0JzVUyZexfvVaffEug1/u5dnwilP0WGKr4i2OXxOXtvSdAs5rlZjvppZk6IxRCwXIcPwEFL97ZrQZAxlVS5Nh+ZnlSwTe3zfQhzHj1ao0AdCAHFPUEdoUPJhSb0OjyCvZ9XZ1KCkXhuhuN/3IUhuoWl4soNCeC3KmU/USx1wda438Exj0hM1mTyBZScDPGyD9nw78DGw== Philippe Caseiro

1
recipes/nuo/provisionning/ssh/cadoles/vfebvre.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZxr8C81Dm5Zl2AtDzTVa8hFs04aV1z8ANrXYVHnLf7gEG4c1BI9iWbm94gVCQT4IvoKR5oZxjxGnx1a7VaX6h6dt33+p/s2IJiwG+9/DykPnImw+ALTcnMcyrwOYh68jnQIOGkYzK/VaHRzrvFNuoVWIU+FqfN+sW+bLQWi9v/K5oiup83xQBze6kjMEL2PT48bJwT/dQgP5cnTTEYwcOK/Yes1Cmb+VqjAs5B3uiHDoch10fy4b4duuALozPGhgoOfTLqe9Ekbt8PdIhUzGxFCw79W7IBA9vw79tYBy4B2et8Zb9sf+sMmxPINDkouYmfSnU0PjNjida7Tii2IEWbrb/qbSkRNcyIBmpGKz6VnSIvomv4FA9dGkOLYRyvTjAM6Shy5aiGV8F7T9hMxm3zGDjiVseyPVtMdSjM2SCx95uPCH5oSrj8M1OIjC2D+w3DsmTPFvTjA1gmKEYnXfFj82DvO+wDcbb6/DF2qS6y5rNpdnPWDb57iBqKeZISQ5x+h8arV0U3yItHoi7z4Cb51V29pdBE0xgFx5DE5akuPO3RC+BP0CK242HBdb94YXQCfmoQ1dV59mvu0ObAhP4CH/efOqONHXjTG9eurQyJWUr8yYO9DI7HkQHwvYDS7xuEO9yvs7gizm22FOTcxBPc4M/KFhPfnUs7Nyfw6I0Nw== vfebvre@cadoles.com

0
recipes/debian/provisionning/ssh/cnous/nmelin.pub → recipes/nuo/provisionning/ssh/cnous/nmelin.pub
View File

0
recipes/debian/provisionning/ssh/cnous/operrot.pub → recipes/nuo/provisionning/ssh/cnous/operrot.pub
View File

23
recipes/nuo/provisionning/templater-install.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
set -ex
TOOL_DIR="${1:-/usr/local/bin}"
TOOL_USER="${2:-root}"
TOOL_GROUP="${3:-root}"
ATTACHMENT_URL="https://forge.cadoles.com/attachments/"
installTool() {
NAME="${1}"
URL="${2}"
curl -k -o ${TOOL_DIR}/${NAME} ${URL}
chmod +x ${TOOL_DIR}/${NAME}
}
apk add curl
# Install templater
installTool "tpr" "https://forge.cadoles.com/attachments/242b3cba-8d07-4b89-80ab-7c12253a8524"
# Install bootstraper
installTool "btr" "https://forge.cadoles.com/attachments/e8442b2a-2065-4282-b4a4-648681fa044c"

27
recipes/nuo/provisionning/tools/additionnal-disk Normal file
View File

@ -0,0 +1,27 @@
#!/bin/sh
#
# Quick and dirty script to add disk space
# It creates a new PV (with the additionnal disk),
# a new VG and a new LV with 100% disk space
# The names and devices are provided with env variables:
# - PV_DEVICE : The /dev/xxx device
# - VG_NAME: The new vg name
# - LV_NAME: Then new lv name
# - LV_MTP: The mount point for the FS created on the LV
# - LV_FS: The fstype of the new FS
#
if [ -e ${PV_DEVICE} ]; then
pvcreate ${PV_DEVICE}
vgcreate ${VG_NAME} ${PV_DEVICE}
lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME}
mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME}
if [ ! -d ${LV_MTP} ]; then
mkdir -p ${LV_MTP}
fi
mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP}
echo "/dev/${VG_NAME}/${LV_NAME} ${LV_MTP} ${LV_FS} rw,relatime 0 1" >> /etc/fstab
else
echo "${PV_DEVICE} is missing"
exit 3
fi

135
recipes/nuo/sources.pkr.hcl Normal file
View File

@ -0,0 +1,135 @@
source qemu "nuo" {
cpus = 1
memory = "${local.memory}"
accelerator = "kvm"
vnc_bind_address = "0.0.0.0"
headless = true
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
http_port_min = 9990
http_port_max = 9999
# SSH ports to redirect to the VM being built
host_port_min = 2222
host_port_max = 2229
# This user is configured in the preseed file.
ssh_username = "${local.ssh_user}"
ssh_private_key_file = data.sshkey.install.private_key_path
ssh_wait_timeout = "1000s"
shutdown_command = "/sbin/poweroff"
# Builds a compact image
disk_compression = true
disk_discard = "unmap"
skip_compaction = false
disk_detect_zeroes = "unmap"
format = "qcow2"
boot_wait = "5s"
}
source "vmware-iso" "nuo" {
cpus = 1
disk_type_id = 0
memory = "${local.memory}"
vnc_bind_address = "0.0.0.0"
headless = true
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
http_port_min = 9990
http_port_max = 9999
# SSH ports to redirect to the VM being built
#host_port_min = 2222
#host_port_max = 2229
# This user is configured in the preseed file.
ssh_username = "${local.ssh_user}"
ssh_private_key_file = data.sshkey.install.private_key_path
ssh_wait_timeout = "1000s"
shutdown_command = "/sbin/poweroff"
# Builds a compact image
#disk_compression = true
#disk_discard = "unmap"
skip_compaction = false
#disk_detect_zeroes = "unmap"
format = "ova"
boot_wait = "5s"
}
source "vmware-vmx" "nuo" {
disk_type_id = 0
vnc_bind_address = "0.0.0.0"
headless = true
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
http_port_min = 9990
http_port_max = 9999
# SSH ports to redirect to the VM being built
#host_port_min = 2222
#host_port_max = 2229
# This user is configured in the preseed file.
ssh_username = "${local.ssh_user}"
ssh_private_key_file = data.sshkey.install.private_key_path
ssh_wait_timeout = "1000s"
shutdown_command = "/sbin/poweroff"
# Builds a compact image
#disk_compression = true
#disk_discard = "unmap"
skip_compaction = false
#disk_detect_zeroes = "unmap"
format = "ova"
boot_wait = "5s"
}
source "virtualbox-iso" "nuo" {
cpus = 1
memory = "${local.memory}"
vrdp_bind_address = "0.0.0.0"
nic_type = "virtio"
headless = false
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
http_bind_address = "0.0.0.0"
http_port_min = 9290
http_port_max = 9299
# SSH ports to redirect to the VM being built
#host_port_min = 2222
#host_port_max = 2229
# This user is configured in the preseed file.
ssh_username = "${local.ssh_user}"
ssh_private_key_file = data.sshkey.install.private_key_path
ssh_wait_timeout = "1000s"
ssh_file_transfer_method = "sftp"
shutdown_command = "/sbin/poweroff"
# Builds a compact image
#disk_compression = true
#disk_discard = "unmap"
#skip_compaction = false
#disk_detect_zeroes = "unmap"
format = "ova"
boot_wait = "5s"
}

47
recipes/nuo/templates/conf/cloud-init/user-data Normal file
View File

@ -0,0 +1,47 @@
#alpine-config
user:
name: ${user}
password: ${password}
chpasswd:
expire: False
apk:
repositories:
- base_url: https://mirrors.ircam.fr/pub/alpine/
repos: [ "main", "community" ]
package_update: true
packages:
- tmux
- vim
- openssh-server
- openssh-sftp-server
users:
- name: root
lock-passwd: false
passwd: ${root_password}
ssh_authorized_keys:
%{ for sk in ssh_keys ~}
- ${sk}
%{ endfor ~}
ssh_authorized_keys:
%{ for sk in ssh_keys ~}
- ${sk}
%{ endfor ~}
%{ if files != [] ~}
write_files:
%{ for fl in files ~}
- path: ${fl.path}
owner: ${fl.owner}:${fl.group}
permissions: '0${fl.permissions}'
content: |
%{ for li in fl.content ~}
${li}
%{ endfor ~}
%{ endfor ~}
%{ endif ~}
%{ if runcmd != [] ~}
# Work around network interface down after boot
runcmd:
%{ for cmd in runcmd ~}
- ${cmd}
%{ endfor ~}
%{ endif ~}

0
recipes/debian/templates/conf/conf.d/chronyd → recipes/nuo/templates/conf/conf.d/chronyd
View File

337
recipes/nuo/templates/conf/docker/rc.conf.pktpl.hcl Normal file
View File

@ -0,0 +1,337 @@
# Global OpenRC configuration settings
# ${Vars.RootlessDocker}
# Set to "YES" if you want the rc system to try and start services
# in parallel for a slight speed improvement. When running in parallel we
# prefix the service output with its name as the output will get
# jumbled up.
# WARNING: whilst we have improved parallel, it can still potentially lock
# the boot process. Don't file bugs about this unless you can supply
# patches that fix it without breaking other things!
#rc_parallel="NO"
# Set rc_interactive to "YES" and you'll be able to press the I key during
# boot so you can choose to start specific services. Set to "NO" to disable
# this feature. This feature is automatically disabled if rc_parallel is
# set to YES.
#rc_interactive="YES"
# If we need to drop to a shell, you can specify it here.
# If not specified we use $SHELL, otherwise the one specified in /etc/passwd,
# otherwise /bin/sh
# Linux users could specify /sbin/sulogin
#rc_shell=/bin/sh
# Do we allow any started service in the runlevel to satisfy the dependency
# or do we want all of them regardless of state? For example, if net.eth0
# and net.eth1 are in the default runlevel then with rc_depend_strict="NO"
# both will be started, but services that depend on 'net' will work if either
# one comes up. With rc_depend_strict="YES" we would require them both to
# come up.
#rc_depend_strict="YES"
# rc_hotplug controls which services we allow to be hotplugged.
# A hotplugged service is one started by a dynamic dev manager when a matching
# hardware device is found.
# Hotplugged services appear in the "hotplugged" runlevel.
# If rc_hotplug is set to any value, we compare the name of this service
# to every pattern in the value, from left to right, and we allow the
# service to be hotplugged if it matches a pattern, or if it matches no
# patterns. Patterns can include shell wildcards.
# To disable services from being hotplugged, prefix patterns with "!".
#If rc_hotplug is not set or is empty, all hotplugging is disabled.
# Example - rc_hotplug="net.wlan !net.*"
# This allows net.wlan and any service not matching net.* to be hotplugged.
# Example - rc_hotplug="!net.*"
# This allows services that do not match "net.*" to be hotplugged.
# rc_logger launches a logging daemon to log the entire rc process to
# /var/log/rc.log
# NOTE: Linux systems require the devfs service to be started before
# logging can take place and as such cannot log the sysinit runlevel.
#rc_logger="NO"
# Through rc_log_path you can specify a custom log file.
# The default value is: /var/log/rc.log
#rc_log_path="/var/log/rc.log"
# If you want verbose output for OpenRC, set this to yes. If you want
# verbose output for service foo only, set it to yes in /etc/conf.d/foo.
#rc_verbose=no
# By default we filter the environment for our running scripts. To allow other
# variables through, add them here. Use a * to allow all variables through.
#rc_env_allow="VAR1 VAR2"
# By default we assume that all daemons will start correctly.
# However, some do not - a classic example is that they fork and return 0 AND
# then child barfs on a configuration error. Or the daemon has a bug and the
# child crashes. You can set the number of milliseconds start-stop-daemon
# waits to check that the daemon is still running after starting here.
# The default is 0 - no checking.
#rc_start_wait=100
# rc_nostop is a list of services which will not stop when changing runlevels.
# This still allows the service itself to be stopped when called directly.
#rc_nostop=""
# rc will attempt to start crashed services by default.
# However, it will not stop them by default as that could bring down other
# critical services.
#rc_crashed_stop=NO
#rc_crashed_start=YES
# Set rc_nocolor to yes if you do not want colors displayed in OpenRC
# output.
#rc_nocolor=NO
##############################################################################
# MISC CONFIGURATION VARIABLES
# There variables are shared between many init scripts
# Set unicode to NO to turn off unicode support for keyboards and screens.
#unicode="YES"
# This is how long fuser should wait for a remote server to respond. The
# default is 60 seconds, but it can be adjusted here.
#rc_fuser_timeout=60
# Below is the default list of network fstypes.
#
# afs ceph cifs coda davfs fuse fuse.glusterfs fuse.sshfs gfs glusterfs lustre
# ncpfs nfs nfs4 ocfs2 shfs smbfs
#
# If you would like to add to this list, you can do so by adding your
# own fstypes to the following variable.
#extra_net_fs_list=""
##############################################################################
# SERVICE CONFIGURATION VARIABLES
# These variables are documented here, but should be configured in
# /etc/conf.d/foo for service foo and NOT enabled here unless you
# really want them to work on a global basis.
# If your service has characters in its name which are not legal in
# shell variable names and you configure the variables for it in this
# file, those characters should be replaced with underscores in the
# variable names as shown below.
# Some daemons are started and stopped via start-stop-daemon.
# We can set some things on a per service basis, like the nicelevel.
# These need to be exported
#export SSD_NICELEVEL="0"
# Or the ionice level. The format is class[:data] , just like the
# --ionice start-stop-daemon parameter.
#export SSD_IONICELEVEL="0:0"
# Or the OOM score adjustment.
#export SSD_OOM_SCORE_ADJ="0"
# Pass ulimit parameters
# If you are using bash in POSIX mode for your shell, note that the
# ulimit command uses a block size of 512 bytes for the -c and -f
# options
#rc_ulimit="-u 30"
# It's possible to define extra dependencies for services like so
#rc_config="/etc/foo"
#rc_need="openvpn"
#rc_use="net.eth0"
#rc_after="clock"
#rc_before="local"
#rc_provide="!net"
# You can also enable the above commands here for each service. Below is an
# example for service foo.
#rc_foo_config="/etc/foo"
#rc_foo_need="openvpn"
#rc_foo_after="clock"
# Below is an example for service foo-bar. Note that the '-' is illegal
# in a shell variable name, so we convert it to an underscore.
# example for service foo-bar.
#rc_foo_bar_config="/etc/foo-bar"
#rc_foo_bar_need="openvpn"
#rc_foo_bar_after="clock"
# You can also remove dependencies.
# This is mainly used for saying which services do NOT provide net.
#rc_net_tap0_provide="!net"
# This is the subsystem type.
# It is used to match against keywords set by the keyword call in the
# depend function of service scripts.
#
# It should be set to the value representing the environment this file is
# PRESENTLY in, not the virtualization the environment is capable of.
# If it is commented out, automatic detection will be used.
#
# The list below shows all possible settings as well as the host
# operating systems where they can be used and autodetected.
#
# "" - nothing special
# "docker" - Docker container manager (Linux)
# "jail" - Jail (DragonflyBSD or FreeBSD)
# "lxc" - Linux Containers
# "openvz" - Linux OpenVZ
# "prefix" - Prefix
# "rkt" - CoreOS container management system (Linux)
# "subhurd" - Hurd subhurds (to be checked)
# "systemd-nspawn" - Container created by systemd-nspawn (Linux)
# "uml" - Usermode Linux
# "vserver" - Linux vserver
# "xen0" - Xen0 Domain (Linux and NetBSD)
# "xenU" - XenU Domain (Linux and NetBSD)
#rc_sys=""
# if you use openrc-init, which is currently only available on Linux,
# this is the default runlevel to activate after "sysinit" and "boot"
# when booting.
#rc_default_runlevel="default"
# on Linux and Hurd, this is the number of ttys allocated for logins
# It is used in the consolefont, keymaps, numlock and termencoding
# service scripts.
rc_tty_number=12
##############################################################################
# LINUX CGROUPS RESOURCE MANAGEMENT
# This sets the mode used to mount cgroups.
# "hybrid" mounts cgroups version 2 on /sys/fs/cgroup/unified and
# cgroups version 1 on /sys/fs/cgroup.
# "legacy" mounts cgroups version 1 on /sys/fs/cgroup
# "unified" mounts cgroups version 2 on /sys/fs/cgroup
rc_cgroup_mode="hybrid"
# This is a list of controllers which should be enabled for cgroups version 2
# when hybrid mode is being used.
# Controllers listed here will not be available for cgroups version 1.
rc_cgroup_controllers="cpuset cpu io memory hugelb openrc pids"
# This variable contains the cgroups version 2 settings for your services.
# If this is set in this file, the settings will apply to all services.
# If you want different settings for each service, place the settings in
# /etc/conf.d/foo for service foo.
# The format is to specify the setting and value followed by a newline.
# Multiple settings and values can be specified.
# For example, you would use this to set the maximum memory and maximum
# number of pids for a service.
#rc_cgroup_settings="
#memory.max 10485760
#pids.max max
#"
#
# For more information about the adjustments that can be made with
# cgroups version 2, see Documentation/cgroups-v2.txt in the linux kernel
# source tree.
#rc_cgroup_settings=""
# This switch controls whether or not cgroups version 1 controllers are
# individually mounted under
# /sys/fs/cgroup in hybrid or legacy mode.
rc_controller_cgroups="YES"
# The following setting turns on the memory.use_hierarchy setting in the
# root memory cgroup for cgroups v1.
# It must be set to yes in this file if you want this functionality.
#rc_cgroup_memory_use_hierarchy="NO"
# The following settings allow you to set up values for the cgroups version 1
# controllers for your services.
# They can be set in this file;, however, if you do this, the settings
# will apply to all of your services.
# If you want different settings for each service, place the settings in
# /etc/conf.d/foo for service foo.
# The format is to specify the names of the settings followed by their
# values. Each variable can hold multiple settings.
# For example, you would use this to set the cpu.shares setting in the
# cpu controller to 512 for your service.
# rc_cgroup_cpu="
# cpu.shares 512
# "
#
# For more information about the adjustments that can be made with
# cgroups version 1, see Documentation/cgroups-v1/* in the linux kernel
# source tree.
# Set the blkio controller settings for this service.
#rc_cgroup_blkio=""
# Set the cpu controller settings for this service.
#rc_cgroup_cpu=""
# Add this service to the cpuacct controller (any value means yes).
#rc_cgroup_cpuacct=""
# Set the cpuset controller settings for this service.
#rc_cgroup_cpuset=""
# Set the devices controller settings for this service.
#rc_cgroup_devices=""
# Set the hugetlb controller settings for this service.
#rc_cgroup_hugetlb=""
# Set the memory controller settings for this service.
#rc_cgroup_memory=""
# Set the net_cls controller settings for this service.
#rc_cgroup_net_cls=""
# Set the net_prio controller settings for this service.
#rc_cgroup_net_prio=""
# Set the pids controller settings for this service.
#rc_cgroup_pids=""
# Set this to YES if you want all of the processes in a service's cgroup
# killed when the service is stopped or restarted.
# Be aware that setting this to yes means all of a service's
# child processes will be killed. Keep this in mind if you set this to
# yes here instead of for the individual services in
# /etc/conf.d/<service>.
# To perform this cleanup manually for a stopped service, you can
# execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or
# rc-service <service> cgroup_cleanup.
# If the kernel includes support for cgroup2's cgroup.kill, this is used
# to reliably teardown the cgroup.
# If this fails, the process followed in this cleanup is the following:
# 1. send stopsig (sigterm if it isn't set) to all processes left in the
# cgroup immediately followed by sigcont.
# 2. Send sighup to all processes in the cgroup if rc_send_sighup is
# yes.
# 3. delay for rc_timeout_stopsec seconds.
# 4. send sigkill to all processes in the cgroup unless disabled by
# setting rc_send_sigkill to no.
# rc_cgroup_cleanup="NO"
# If this is yes, we will send sighup to the processes in the cgroup
# immediately after stopsig and sigcont.
#rc_send_sighup="NO"
# This is the amount of time in seconds that we delay after sending sigcont
# and optionally sighup, before we optionally send sigkill to all
# processes in the # cgroup.
# The default is 90 seconds.
#rc_timeout_stopsec="90"
# If this is set to no, we do not send sigkill to all processes in the
# cgroup.
#rc_send_sigkill="YES"
##############################################################################
# SUPERVISE DAEMON CONFIGURATION VARIABLES
# These variables sets more reasonable defaults for supervise-daemon(8).
# They may be overriden on a per service basis.
# Wait this number of seconds before restarting a daemon after it crashes.
respawn_delay=2
# Sets the maximum number of times a daemon will be respawned during a respawn
# period. If a daemon dies more than this number of times during a respawn
# period, supervise-daemon(8) will give up trying to respawn it and exit.
# 0 means unlimited.
respawn_max=5
# Sets the length in seconds of a respawn period.
respawn_period=1800

0
recipes/debian/templates/conf/docker/subuid.pktpl.hcl → recipes/nuo/templates/conf/docker/subuid.pktpl.hcl
View File

0
recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl → recipes/nuo/templates/conf/harbor/harbor.yml.pktpl.hcl
View File

0
recipes/debian/templates/conf/install/awnsers.pktpl.hcl → recipes/nuo/templates/conf/install/awnsers.pktpl.hcl
View File

0
recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl → recipes/nuo/templates/conf/k3s/k3s.conf.pkr.hcl
View File

40
recipes/nuo/templates/conf/kind/cluster.yaml.pktpl.hcl Normal file
View File

@ -0,0 +1,40 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: ${Vars.Cluster.Name}
networking:
podSubnet: "${Vars.Cluster.PodSubNet}"
serviceSubnet: "${Vars.Cluster.ServieSubNet}"
nodes:
%{ for nd in Vars.Cluster.Nodes }
- role: ${nd.Role}
image: kindest/node:v${Vars.Cluster.Version}
%{ if nd.Role == "control-plane"}
kubeadmConfigPatches:
- |
kind: InitConfiguration
%{ if Vars.Cluster.IngressReady }
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
%{ endif }
extraPortMappings:
- containerPort: 31000
hostPort: 31000
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
- containerPort: 80
hostPort: 8080
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
%{ if Vars.Cluster.IngressReady }
labels:
ingress-ready: true
%{ endif }
%{ endif }
%{ if nd.Role == "worker" }
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
%{ endif }
%{ endfor ~}

0
recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl → recipes/nuo/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl
View File

0
recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl → recipes/nuo/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl
View File

0
recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl → recipes/nuo/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl
View File

0
recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl → recipes/nuo/templates/conf/matchbox/init.d/matchbox.pktpl.hcl
View File

0
recipes/debian/provisionning/conf/nuo-harbor → recipes/nuo/templates/conf/nuo-harbor
View File

0
recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl → recipes/nuo/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl
View File

0
recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl → recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl
View File

0
recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl → recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl
View File

0
recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl → recipes/nuo/templates/conf/nuo-matchbox/hostname.pktpl.hcl
View File

0
recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl → recipes/nuo/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl
View File

0
recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl → recipes/nuo/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl
View File

0
recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl → recipes/nuo/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl
View File

0
recipes/debian/templates/one/image/common.tpl → recipes/nuo/templates/one/image/common.tpl
View File

0
recipes/debian/templates/one/service/kubernetes-cluster.json → recipes/nuo/templates/one/service/kubernetes-cluster.json
View File

Some files were not shown because too many files have changed in this diff Show More