From d13e17ee102ced96d4167933d3c844a479f231bc Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 6 Dec 2022 15:44:25 +0100 Subject: [PATCH 1/8] First recipes --- README.md | 80 ++- build | 150 +++++ post-processors/sparsify.sh | 31 + recipes/alpine/3.16.pkrvars.hcl | 6 + recipes/alpine/3.17.pkrvars.hcl | 6 + recipes/alpine/base-onecontext.pkr.hcl | 39 ++ recipes/alpine/docker.pkr.hcl | 72 ++ recipes/alpine/k3s.pkr.hcl | 76 +++ recipes/alpine/kubernetes.pkr.hcl | 112 ++++ recipes/alpine/locals.builder.pkr.hcl | 6 + recipes/alpine/locals.docker.pkr.hcl | 34 + recipes/alpine/locals.globals.pkr.hcl | 7 + recipes/alpine/locals.k3s.pkr.hcl | 79 +++ recipes/alpine/locals.kubernetes.pkr.hcl | 90 +++ recipes/alpine/locals.matchbox.pkr.hcl | 120 ++++ recipes/alpine/locals.pkr.hcl | 24 + recipes/alpine/main.pkr.hcl | 66 ++ recipes/alpine/matchbox.pkr.hcl | 101 +++ recipes/alpine/plugins.pkr.hcl | 12 + recipes/alpine/post-processor/sparsify.sh | 31 + .../provisionning/alpine-3.16-install.sh | 15 + .../provisionning/alpine-3.16-postinstall.sh | 21 + .../provisionning/alpine-3.17-install.sh | 1 + .../provisionning/alpine-3.17-postinstall.sh | 1 + .../conf/kubernetes/initkubernetes.start | 181 +++++ .../conf/kubernetes/sharemetrics.start | 3 + .../conf/matchbox/initmatchbox.start | 25 + .../conf/matchbox/inittftp.start | 10 + .../conf/one-context/net-90-jenkins-slave | 13 + .../conf/one-context/net-96-gitlab-register | 31 + .../conf/one-context/net-96-templater | 80 +++ .../conf/one-context/net-97-k3s | 21 + recipes/alpine/provisionning/k3s.sh | 5 + recipes/alpine/provisionning/kubernetes.sh | 18 + recipes/alpine/provisionning/letsencrypt.sh | 26 + recipes/alpine/provisionning/matchbox.sh | 38 ++ recipes/alpine/provisionning/one-context.sh | 12 + .../one-context/net-96-templater | 102 +++ .../provisionning/one-context/net-97-k3s | 21 + .../alpine/provisionning/templater-install.sh | 23 + recipes/alpine/sources.pkr.hcl | 33 + recipes/alpine/templates/conf/conf.d/chronyd | 6 + .../templates/conf/install/awnsers.pktpl.hcl | 47 ++ .../templates/conf/k3s/k3s.conf.pkr.hcl | 8 + .../alpine/templates/conf/kubernetes/.flag | 0 .../matchbox/conf.d/matchbox.conf.pktpl.hcl | 1 + .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 4 + .../matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ++ .../conf/matchbox/init.d/matchbox.pktpl.hcl | 28 + recipes/alpine/templates/one/image/common.tpl | 7 + .../one/service/kubernetes-cluster.json | 48 ++ recipes/alpine/templates/one/vm/common.xml | 33 + recipes/alpine/templates/one/vm/k3s.xml | 32 + .../alpine/templates/one/vm/kubeleader.xml | 35 + .../alpine/templates/one/vm/kubemaster.xml | 42 ++ .../alpine/templates/one/vm/kubeworker.xml | 42 ++ recipes/alpine/templates/one/vm/matchbox.xml | 47 ++ recipes/alpine/variables.pkr.hcl | 54 ++ tools/one-templates | 628 ++++++++++++++++++ 59 files changed, 2943 insertions(+), 1 deletion(-) create mode 100755 build create mode 100755 post-processors/sparsify.sh create mode 100644 recipes/alpine/3.16.pkrvars.hcl create mode 100644 recipes/alpine/3.17.pkrvars.hcl create mode 100644 recipes/alpine/base-onecontext.pkr.hcl create mode 100644 recipes/alpine/docker.pkr.hcl create mode 100644 recipes/alpine/k3s.pkr.hcl create mode 100644 recipes/alpine/kubernetes.pkr.hcl create mode 100644 recipes/alpine/locals.builder.pkr.hcl create mode 100644 recipes/alpine/locals.docker.pkr.hcl create mode 100644 recipes/alpine/locals.globals.pkr.hcl create mode 100644 recipes/alpine/locals.k3s.pkr.hcl create mode 100644 recipes/alpine/locals.kubernetes.pkr.hcl create mode 100644 recipes/alpine/locals.matchbox.pkr.hcl create mode 100644 recipes/alpine/locals.pkr.hcl create mode 100644 recipes/alpine/main.pkr.hcl create mode 100644 recipes/alpine/matchbox.pkr.hcl create mode 100644 recipes/alpine/plugins.pkr.hcl create mode 100755 recipes/alpine/post-processor/sparsify.sh create mode 100644 recipes/alpine/provisionning/alpine-3.16-install.sh create mode 100644 recipes/alpine/provisionning/alpine-3.16-postinstall.sh create mode 120000 recipes/alpine/provisionning/alpine-3.17-install.sh create mode 120000 recipes/alpine/provisionning/alpine-3.17-postinstall.sh create mode 100644 recipes/alpine/provisionning/conf/kubernetes/initkubernetes.start create mode 100644 recipes/alpine/provisionning/conf/kubernetes/sharemetrics.start create mode 100644 recipes/alpine/provisionning/conf/matchbox/initmatchbox.start create mode 100644 recipes/alpine/provisionning/conf/matchbox/inittftp.start create mode 100644 recipes/alpine/provisionning/conf/one-context/net-90-jenkins-slave create mode 100644 recipes/alpine/provisionning/conf/one-context/net-96-gitlab-register create mode 100644 recipes/alpine/provisionning/conf/one-context/net-96-templater create mode 100644 recipes/alpine/provisionning/conf/one-context/net-97-k3s create mode 100644 recipes/alpine/provisionning/k3s.sh create mode 100644 recipes/alpine/provisionning/kubernetes.sh create mode 100644 recipes/alpine/provisionning/letsencrypt.sh create mode 100644 recipes/alpine/provisionning/matchbox.sh create mode 100644 recipes/alpine/provisionning/one-context.sh create mode 100644 recipes/alpine/provisionning/one-context/net-96-templater create mode 100644 recipes/alpine/provisionning/one-context/net-97-k3s create mode 100644 recipes/alpine/provisionning/templater-install.sh create mode 100644 recipes/alpine/sources.pkr.hcl create mode 100644 recipes/alpine/templates/conf/conf.d/chronyd create mode 100644 recipes/alpine/templates/conf/install/awnsers.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/k3s/k3s.conf.pkr.hcl create mode 100644 recipes/alpine/templates/conf/kubernetes/.flag create mode 100644 recipes/alpine/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/matchbox/init.d/matchbox.pktpl.hcl create mode 100644 recipes/alpine/templates/one/image/common.tpl create mode 100644 recipes/alpine/templates/one/service/kubernetes-cluster.json create mode 100644 recipes/alpine/templates/one/vm/common.xml create mode 100644 recipes/alpine/templates/one/vm/k3s.xml create mode 100644 recipes/alpine/templates/one/vm/kubeleader.xml create mode 100644 recipes/alpine/templates/one/vm/kubemaster.xml create mode 100644 recipes/alpine/templates/one/vm/kubeworker.xml create mode 100644 recipes/alpine/templates/one/vm/matchbox.xml create mode 100644 recipes/alpine/variables.pkr.hcl create mode 100755 tools/one-templates diff --git a/README.md b/README.md index a915a12..1aaf3ff 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,81 @@ # vms -Virtual machine image builder (based on EOLE3 builder) \ No newline at end of file +Virtual machine image builder (based on EOLE3 builder) + +## What do we have here ? + +### The "build" tool + +This is a simple wrapper to help you build and publish images with "packer" and "one-templates" + +### The "publisher" tool called "tools/one-templates" + +This is a simple script to create and manage OpenNebula "Templates", all kinds of templates: +* VMs +* Networks +* Images +* Services + +With this tool you can publish all the images and the necessary templates to actually use what you build in OpenNebula. + +## What you need ? + +* Packer >= 1.6.0 +* virt-sparsify (optional) +* Ruby +* These ruby gems: + * opennebula + * opennebula-cli + * opennebula-oca + * webrick +* An OpenNebula server or cluster >= 5.6 (with OpenNebula Flow and OneGate enabled) +* An account with the proper ACL on the OpenNebula server/cluster to: + * create/manage images + * create/manage vm templates + * create/manage services templates + * create/manage network templates + +## How to use the "build" tool ? + +First you need to create the "publisher" "tools/one-templates" configuration. +This configuration is located in "./tools/.one-templates.conf". +Note that you can use a different configuration file setting the TEMPLATER_CONFIG environment file before starting the build script. + +``` +$ cat ./tools/one-templates.conf +user: myOpenNebulaUser +token: myVerySecretOpenNebulaTemporaryToken +builder_addr: IP Address of the building machine (often your own local IP address) +endpoint: http://myOpenNebulaServerAddress... +flow_endpoint: http://myOpenNEbulaServerAddress/oneflow +datastore_id: TheDataStoreIDForMyImages +``` + +When this configuration is done you can use the "build" tool. + +The recipes are organised by OS, version and flavor, one OS contains various versions and flavors. +You can list the available OS and versions with this command: + +``` +$ ./build list +You can build : + * alpine : + - 3.16 +``` +To build all the flavors of a version you can run this command: + +``` +$ ./build start alpine 3.16 +``` + +To build only one flavor for one version you can run this command: + +``` +$ ./build run alpine 3.16 k3s +``` + +`!!! Make sure the "base" flavor is build before trying to build another flavor. !!!` + +``` +$ ./build run alpine 3.16 base +``` diff --git a/build b/build new file mode 100755 index 0000000..7ff618c --- /dev/null +++ b/build @@ -0,0 +1,150 @@ +#!/bin/bash + +# Simple build wrapper + +ACTION=${1} +OS=${2} +VERSION=${3} + +RCP_DIR="./recipes" +PACKER=${PACKER:-packer} + +# +# Init packer +# install plugins +# +initPacker() { + os=${1} + ${PACKER} init ${RCP_DIR}/${os} +} + +# +# Run the build +# First the "base" image then the provisionned ones +# +run() { + ${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.qemu.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.qemu.${OS}" "${RCP_DIR}/${OS}/." +} + +# +# Run a specific build +# +run_build() { + target=${4} + ${PACKER} build ${PACKER_OPTS} -force \ + -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" \ + -only="${target}.qemu.${OS}" \ + "${RCP_DIR}/${OS}/." +} + +# +# Run many builds for one OS +# +run_many() { + targets="${@:4}" + only="" + for target in ${targets};do + only="${only}-only=${target}.qemu.${OS} " + done + + ${PACKER} build ${PACKER_OPTS} -force \ + -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" \ + ${only} \ + "${RCP_DIR}/${OS}/." +} + +# +# List what you can build +# +list() { + echo "You can build : " + for os in "${RCP_DIR}"/*; do + echo " * $(basename "${os}") :" + cd "${os}" || exit 100 + for vfile in *.pkrvars.hcl; do + echo " - ${vfile}" | sed 's/\.pkrvars\.hcl$//' + done + cd - >/dev/null 2>&1 || exit 100 + done + exit 0 +} + +# +# Run all builds +# +run_all() { + versions="" + for os in "${RCP_DIR}"/*; do + cd "${os}" || exit 100 + for vfile in *.pkrvars.hcl; do + versions="${versions} $(echo "${vfile}" | sed 's/\.auto\.pkrvars\.hcl$//')" + done + OS=$(basename ${os}) + cd - >/dev/null 2>&1 || exit 100 + for ver in ${versions}; do + VERSION=${ver} + run + done + versions="" + done + set +x +} + +# +# Start only ONE build +# +start_build() { + if [ -z "${OS}" ]; then + echo "OS Name is missing !" + echo " Supported OS are :" + printf " " + ls ${RCP_DIR} + exit 1 + fi + + if [ -z "${VERSION}" ]; then + echo "OS Version is missing !" + echo " ex: ./build debian 10" + exit 2 + fi + run +} + +case "${ACTION}" in + + "list") + list + ;; + + "all") + initPacker "${2}" || exit 1 + run_all + exit ${?} + ;; + + "start") + initPacker "${2}" || exit 1 + start_build + ;; + + "run") + initPacker "${2}" || exit 1 + run_build $@ + ;; + + "mrun") + initPacker "${2}" || exit 1 + run_many $@ + ;; + + *) + echo "You need to provide a valid action!" + echo " Supported actions are:" + echo " - start " + echo " - list " + echo " - all" + echo " - run" + exit 1 + ;; +esac diff --git a/post-processors/sparsify.sh b/post-processors/sparsify.sh new file mode 100755 index 0000000..316265a --- /dev/null +++ b/post-processors/sparsify.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +if [ "${#}" -ne 2 ]; then + echo Missing arguments + exit 2 +fi + +WORKDIR=${1} +VERSION=${2} + +findImages() { + find ${1} -iname "*.img" +} + +sleep 5 + +for imageName in $(findImages ${WORKDIR} ${DOMAIN}); do + if [ $(which virt-sparsify) ]; then + newName=$(echo $imageName | sed "s/.img/_${VERSION}.img/g") + virt-sparsify --compress --tmp ./ --format qcow2 ${imageName} ${newName} + if [ "${?}" -eq 0 ]; then + rm -rf ${imageName} + cd ${WORKDIR} + ln -s $(basename ${newName}) $(basename ${imageName}) + echo ${newName} ${imageName} + cd - + fi + else + echo "Sparsify skipped 'virt-sparsify' command is missing" + fi +done diff --git a/recipes/alpine/3.16.pkrvars.hcl b/recipes/alpine/3.16.pkrvars.hcl new file mode 100644 index 0000000..45e5c01 --- /dev/null +++ b/recipes/alpine/3.16.pkrvars.hcl @@ -0,0 +1,6 @@ +name = "alpine" +version = "3.16.2" +short_version = "3.16" +arch = "x86_64" +source_url = "https://dl-cdn.alpinelinux.org/alpine" +iso_cd_checksum = "6c7cb998ec2c8925d5a1239410a4d224b771203f916a18f8015f31169dd767a2" \ No newline at end of file diff --git a/recipes/alpine/3.17.pkrvars.hcl b/recipes/alpine/3.17.pkrvars.hcl new file mode 100644 index 0000000..20169c1 --- /dev/null +++ b/recipes/alpine/3.17.pkrvars.hcl @@ -0,0 +1,6 @@ +name = "alpine" +version = "3.17.0" +short_version = "3.17" +arch = "x86_64" +source_url = "https://dl-cdn.alpinelinux.org/alpine" +iso_cd_checksum = "8d4d53bd34b2045e1e219b87887b0de8d217b6cd4a8b476a077429845a5582ba" \ No newline at end of file diff --git a/recipes/alpine/base-onecontext.pkr.hcl b/recipes/alpine/base-onecontext.pkr.hcl new file mode 100644 index 0000000..27042e4 --- /dev/null +++ b/recipes/alpine/base-onecontext.pkr.hcl @@ -0,0 +1,39 @@ +#Flavour base-onecontext +build { + name = "base-onecontext" + description = <" ] + ssh_clear_authorized_keys = true + } + + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${local.dirs.provisionning}/one-context.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/one-context ${var.image_version}", + "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${build.name} -c '${local.output_name}-${var.version} base image' --image-file ${var.output_dir}/${var.version}/provisionned/one-context/${local.output_name}-${var.version}-one-context.img", + "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${build.name} --image-name ${local.output_name}-${var.version}-${build.name}" + ] + } +} diff --git a/recipes/alpine/docker.pkr.hcl b/recipes/alpine/docker.pkr.hcl new file mode 100644 index 0000000..b6890aa --- /dev/null +++ b/recipes/alpine/docker.pkr.hcl @@ -0,0 +1,72 @@ +#Flavour docker +build { + name = "docker" + description = <" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.Docker)}" + } + + // Generate default configuration for docker + provisioner "shell" { + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + // Install OpenNebula context tool + provisioner "shell" { + script = "${local.dirs.provisionning}/one-context.sh" + } + + // Deploy the opennebula context script to manage configuration + provisioner "file" { + destination = "/etc/one-context.d/net-96-templater" + source = "${local.dirs.provisionning}/conf/one-context/net-96-templater" + } + + provisioner "shell" { + inline = [ "sh -cx 'chmod +x /etc/one-context.d/net-96-templater'" ] + } + post-processor "shell-local" { + inline = [ + "/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name} ${var.image_version}", + "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img", + "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}", + ] + } + +} diff --git a/recipes/alpine/k3s.pkr.hcl b/recipes/alpine/k3s.pkr.hcl new file mode 100644 index 0000000..7d82c44 --- /dev/null +++ b/recipes/alpine/k3s.pkr.hcl @@ -0,0 +1,76 @@ +#Flavour k3s +build { + name = "k3s" + description = <" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.K3S)}" + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${local.dirs.provisionning}/one-context.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'", + "sh -cx 'sh /tmp/${build.name}.sh'" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/k3s ${var.image_version}", + "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-k3s -c 'k3s base image' --image-file ${var.output_dir}/${var.version}/provisionned/k3s/${local.output_name}-${var.version}-k3s.img", + "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/k3s.xml -n ${local.output_name}-${var.version}-k3s --image-name ${local.output_name}-${var.version}-k3s" + ] + } + +} diff --git a/recipes/alpine/kubernetes.pkr.hcl b/recipes/alpine/kubernetes.pkr.hcl new file mode 100644 index 0000000..e9ba131 --- /dev/null +++ b/recipes/alpine/kubernetes.pkr.hcl @@ -0,0 +1,112 @@ +#Flavour kubernetes +build { + name = "kubernetes" + description = <" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.locations.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.locations.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.Kubernetes)}" + } + + // Copy Sharemetrics script + provisioner "file" { + destination = "/etc/local.d/sharemetrics.start" + source = "${local.locations.provisionning}/conf/${build.name}/sharemetrics.start" + } + + provisioner "file" { + destination = "/etc/local.d/initkubernetes.start" + source = "${local.locations.provisionning}/conf/${build.name}/initkubernetes.start" + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/sharemetrics.start", + "chmod +x /etc/local.d/initkubernetes.start" + ] + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + // Complete kubernetes install + provisioner "shell" { + expect_disconnect = true + max_retries = 6 + script = "${local.locations.provisionning}/${build.name}.sh" + } + + // Install OpenNebula context tool + provisioner "shell" { + script = "${local.locations.provisionning}/one-context.sh" + } + + // Deploy the opennebula context script to manage configuration + provisioner "file" { + destination = "/etc/one-context.d/net-96-templater" + source = "${local.locations.provisionning}/conf/one-context/net-96-templater" + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/one-context.d/net-96-templater" + ] + } + + provisioner "shell" { + inline = [ + "service docker start", + "service containerd start", + "sleep 5", + "kubeadm config images pull" ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Kubernetes.Name} ${var.image_version}", + "ruby ${local.locations.tools}/one-templates -t image -m 640 -T ${local.locations.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Kubernetes.Name} -c '${local.Kubernetes.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Kubernetes.Name}/${local.output_name}-${var.version}-${local.Kubernetes.Name}.img", + "ruby ${local.locations.tools}/one-templates -t vm -m 640 -T ${local.locations.templates}/one/vm/kubeleader.xml -n ${local.output_name}-${var.version}-${local.Kubernetes.Name}Leader --image-name ${local.output_name}-${var.version}-${local.Kubernetes.Name}", + "ruby ${local.locations.tools}/one-templates -t vm -m 640 -T ${local.locations.templates}/one/vm/kubemaster.xml -n ${local.output_name}-${var.version}-${local.Kubernetes.Name}Master --image-name ${local.output_name}-${var.version}-${local.Kubernetes.Name}", + "ruby ${local.locations.tools}/one-templates -t vm -m 640 -T ${local.locations.templates}/one/vm/kubeworker.xml -n ${local.output_name}-${var.version}-${local.Kubernetes.Name}Worker --image-name ${local.output_name}-${var.version}-${local.Kubernetes.Name}", + "ruby ${local.locations.tools}/one-templates -t service -m 640 -T ${local.locations.templates}/one/service/${build.name}-cluster.json -n ${build.name}-cluster-${local.output_name}-${var.version} --vm-name ${local.output_name}-${var.version}-${local.Kubernetes.Name}", + ] + } + +} diff --git a/recipes/alpine/locals.builder.pkr.hcl b/recipes/alpine/locals.builder.pkr.hcl new file mode 100644 index 0000000..9614d0e --- /dev/null +++ b/recipes/alpine/locals.builder.pkr.hcl @@ -0,0 +1,6 @@ + locals { + builder_config = { + TemplateDir = "/usr/share/builder/templates" + ValueDir = "/usr/share/builder/values" + } + } \ No newline at end of file diff --git a/recipes/alpine/locals.docker.pkr.hcl b/recipes/alpine/locals.docker.pkr.hcl new file mode 100644 index 0000000..4dacc91 --- /dev/null +++ b/recipes/alpine/locals.docker.pkr.hcl @@ -0,0 +1,34 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceDocker = { + ConfigFiles = [] + Repositories = {} + Packages = { + docker = { + name = "docker" + action = "install" + } + docker-compose = { + name = "docker-compose" + action = "install" + } + } + Daemons = { + docker = { + name = "docker" + type = "auto" + enabled = true + } + } + Vars = {} + Users = {} + } + + Docker = { + Name = "docker" + Globals = local.Globals + Services = { + Docker = local.ServiceDocker + } + } +} \ No newline at end of file diff --git a/recipes/alpine/locals.globals.pkr.hcl b/recipes/alpine/locals.globals.pkr.hcl new file mode 100644 index 0000000..f940e19 --- /dev/null +++ b/recipes/alpine/locals.globals.pkr.hcl @@ -0,0 +1,7 @@ +locals { + Globals = { + Vars = { + PrometheusPort = "9090" + } + } +} \ No newline at end of file diff --git a/recipes/alpine/locals.k3s.pkr.hcl b/recipes/alpine/locals.k3s.pkr.hcl new file mode 100644 index 0000000..94c1746 --- /dev/null +++ b/recipes/alpine/locals.k3s.pkr.hcl @@ -0,0 +1,79 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceK3S = { + ConfigFiles = [ + { + destination = "/etc/conf.d/k3s" + source = "k3s.conf.pkr.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = { + AlpineEdge = { + type = "apk" + name = "community" + url = "http://mirrors.ircam.fr/pub/alpine/edge/community" + enabled = true + } + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } + Packages = { + kubelet = { + name = "k3s" + action = "install" + } + kubeadm = { + name = "kubeadm" + action = "install" + } + kubectl = { + name = "kubectl" + action = "install" + } + uuidgen = { + name = "uuidgen" + action = "install" + } + } + Vars = { + ServerName = "kube" + ServerRole = "master" + DeployTraefik = false + } + Users = {} + Daemons = { + kubelet = { + name = "k3s" + type = "auto" + enabled = true + } + ntpd = { + name = "ntpd" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + K3S = { + Name = "k3s" + Globals = local.Globals + Services = { + Docker = local.ServiceDocker + K3S = local.ServiceK3S + } + } +} diff --git a/recipes/alpine/locals.kubernetes.pkr.hcl b/recipes/alpine/locals.kubernetes.pkr.hcl new file mode 100644 index 0000000..74b97be --- /dev/null +++ b/recipes/alpine/locals.kubernetes.pkr.hcl @@ -0,0 +1,90 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceKubernetes = { + ConfigFiles = [] + Repositories = { + AlpineEdge = { + type = "apk" + name = "community" + url = "http://mirrors.ircam.fr/pub/alpine/edge/community" + enabled = true + } + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } + Packages = { + cni-plugin-flannel = { + name = "cni-plugin-flannel" + action = "install" + } + cni-plugins = { + name = "cni-plugins" + action = "install" + } + flannel = { + name = "flannel" + action = "install" + } + flannel-contrib-cni = { + name = "flannel-contrib-cni" + action = "install" + } + cilium = { + name = "cilium-cli" + action = "install" + } + kubelet = { + name = "kubelet" + action = "install" + } + kubeadm = { + name = "kubeadm" + action = "install" + } + kubectl = { + name = "kubectl" + action = "install" + } + uuidgen = { + name = "uuidgen" + action = "install" + } + } + Vars = { + ServerName = "kube" + ServerRole = "master" + } + Users = {} + Daemons = { + kubelet = { + name = "kubelet" + type = "auto" + enabled = true + } + ntpd = { + name = "ntpd" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + Kubernetes = { + Name = "kubernetes" + Globals = local.Globals + Services = { + Docker = local.ServiceDocker + Kubernetes = local.ServiceKubernetes + } + } +} diff --git a/recipes/alpine/locals.matchbox.pkr.hcl b/recipes/alpine/locals.matchbox.pkr.hcl new file mode 100644 index 0000000..dbb67dc --- /dev/null +++ b/recipes/alpine/locals.matchbox.pkr.hcl @@ -0,0 +1,120 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceMatchBox = { + ConfigFiles = [ + { + destination = "/etc/dnsmasq.d/pxe.conf" + source = "dnsmasq.d/ipxe.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/dnsmasq-hosts.conf" + source = "dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl" + mode = "600" + owner = "dnsmasq" + group = "root" + }, + { + destination = "/etc/conf.d/matchbox" + source = "conf.d/matchbox.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/init.d/matchbox" + source = "init.d/matchbox.pktpl.hcl" + mode = "700" + owner = "root" + group = "root" + } + ] + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } + Packages = { + dnsmasq = { + name = "dnsmasq" + action = "install" + } + terraform = { + name = "terraform" + action = "install" + } + git = { + name = "git" + action = "install" + } + kubectl = { + name = "kubectl" + action = "install" + } + gpg = { + name = "gpg" + action = "install" + } + } + Vars = { + PXE = { + DHCPMode = "proxy" + DNSDomain = "cadoles.com" + ListenInterface = "eth0" + GreetingMessage = "Cadoles PXE Boot Server" + DelayTime = "5" + BootingMessage = "Booting from network the Cadoles way" + DHCPRangeStart = "" + DHCPRangeEnd = "" + DHCPLeaseDuration = "1h" + TFTPRoot = "/var/lib/tftpboot" + } + MatchBox = { + Hostname = "mb.cadoles.com" + HTTPPort = "8080" + gRPCPort = "8081" + LogLevel = "info" + } + ETH0 = { + IP = "" + DNS = "" + GATEWAY = "" + } + Set = { + Hostname = "matchbox" + } + } + Users = {} + Daemons = { + matchbox = { + name = "matchbox" + type = "auto" + enabled = true + } + dnsmasq = { + name = "dnsmasq" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + MatchBox = { + Name = "matchbox" + Globals = local.Globals + Services = { + MatchBox = local.ServiceMatchBox + } + } +} \ No newline at end of file diff --git a/recipes/alpine/locals.pkr.hcl b/recipes/alpine/locals.pkr.hcl new file mode 100644 index 0000000..8a562ad --- /dev/null +++ b/recipes/alpine/locals.pkr.hcl @@ -0,0 +1,24 @@ +# "timestamp" template function replacement +locals { + locations = { + recipes = "${path.cwd}/recipes/${var.name}" + templates = "${path.cwd}/recipes/${var.name}/templates" + provisionning = "${path.cwd}/recipes/${var.name}/provisionning" + post-processors = "${path.cwd}/recipes/${var.name}/post-processor" + tools = "${path.cwd}/tools" + } + dirs = local.locations + timestamp = regex_replace(timestamp(), "[- TZ:]", "") + output_name = "${var.name}" + source_checksum_url = "file:${var.source_url}/${var.version}/${var.arch}/iso-cd/SHA256SUMS" + source_iso = "${var.source_url}/v${var.short_version}/releases/${var.arch}/alpine-virt-${var.version}-${var.arch}.iso" + source_checksum = "${var.iso_cd_checksum}" + ssh_user = "root" + ssh_password = "PbkRc1vup7Wq5n4r" + disk_size = 8000 + memory = 512 + installOpts = { + hostname = var.name + user = "eole" + } +} diff --git a/recipes/alpine/main.pkr.hcl b/recipes/alpine/main.pkr.hcl new file mode 100644 index 0000000..b7ddac4 --- /dev/null +++ b/recipes/alpine/main.pkr.hcl @@ -0,0 +1,66 @@ +#Flavour base +build { + name = "base" + description = <root", + "", + "setup-interfaces", + "ifup eth0", + "mkdir -p .ssh", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", + "chmod 600 .ssh/authorized_keys", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/install.conf", + "setup-sshd -c openssh -k .ssh/authorized_keys", + ] + } + + provisioner "shell" { + pause_before = "1s" + expect_disconnect = true # Because the previous step has rebooted the machine + script = "${local.locations.provisionning}/${var.name}-${var.short_version}-install.sh" + valid_exit_codes = [ 0, 141 ] + } + + provisioner "shell" { + pause_before = "1s" + inline = [ "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'" ] + } + + provisioner "shell" { + pause_before = "10s" + script = "${local.locations.provisionning}/${var.name}-${var.short_version}-postinstall.sh" + } + + provisioner "shell" { + script = "${local.locations.provisionning}/letsencrypt.sh" + } + + provisioner "file" { + destination = "/etc/conf.d/chronyd" + source = "${local.locations.templates}/conf/conf.d/" + } + + post-processor "manifest" { + keep_input_artifact = true + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}" + ] + } +} diff --git a/recipes/alpine/matchbox.pkr.hcl b/recipes/alpine/matchbox.pkr.hcl new file mode 100644 index 0000000..cece909 --- /dev/null +++ b/recipes/alpine/matchbox.pkr.hcl @@ -0,0 +1,101 @@ +#Flavour matchbox +build { + name = "matchbox" + description = <" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.MatchBox)}" + } + + // Copy matchbox boot provisionning script + provisioner "file" { + destination = "/etc/local.d/initmatchbox.start" + source = "${local.locations.provisionning}/conf/${build.name}/initmatchbox.start" + } + + // Copy tftp provisionning script + provisioner "file" { + destination = "/etc/local.d/inittftp.start" + source = "${local.locations.provisionning}/conf/${build.name}/inittftp.start" + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${local.dirs.provisionning}/one-context.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'", + "sh -cx 'sh /tmp/${build.name}.sh'" + ] + } + + provisioner "file" { + destination = "/etc/one-context.d/net-96-templater" + source = "${local.dirs.provisionning}/one-context/net-96-templater" + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/initmatchbox.start", + "chmod +x /etc/local.d/inittftp.start", + "chmod +x /etc/one-context.d/net-96-templater" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/matchbox ${var.image_version}", + "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-matchbox -c 'Matchbox base image' --image-file ${var.output_dir}/${var.version}/provisionned/matchbox/${local.output_name}-${var.version}-matchbox.img", + "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/matchbox.xml -n ${local.output_name}-${var.version}-matchbox --image-name ${local.output_name}-${var.version}-matchbox" + ] + } + +} diff --git a/recipes/alpine/plugins.pkr.hcl b/recipes/alpine/plugins.pkr.hcl new file mode 100644 index 0000000..676a4b4 --- /dev/null +++ b/recipes/alpine/plugins.pkr.hcl @@ -0,0 +1,12 @@ +packer { + required_plugins { + sshkey = { + version = ">= 1.0.1" + source = "github.com/ivoronin/sshkey" + } + } +} + +data "sshkey" "install" { + type = "ed25519" +} \ No newline at end of file diff --git a/recipes/alpine/post-processor/sparsify.sh b/recipes/alpine/post-processor/sparsify.sh new file mode 100755 index 0000000..316265a --- /dev/null +++ b/recipes/alpine/post-processor/sparsify.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +if [ "${#}" -ne 2 ]; then + echo Missing arguments + exit 2 +fi + +WORKDIR=${1} +VERSION=${2} + +findImages() { + find ${1} -iname "*.img" +} + +sleep 5 + +for imageName in $(findImages ${WORKDIR} ${DOMAIN}); do + if [ $(which virt-sparsify) ]; then + newName=$(echo $imageName | sed "s/.img/_${VERSION}.img/g") + virt-sparsify --compress --tmp ./ --format qcow2 ${imageName} ${newName} + if [ "${?}" -eq 0 ]; then + rm -rf ${imageName} + cd ${WORKDIR} + ln -s $(basename ${newName}) $(basename ${imageName}) + echo ${newName} ${imageName} + cd - + fi + else + echo "Sparsify skipped 'virt-sparsify' command is missing" + fi +done diff --git a/recipes/alpine/provisionning/alpine-3.16-install.sh b/recipes/alpine/provisionning/alpine-3.16-install.sh new file mode 100644 index 0000000..1bdc826 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.16-install.sh @@ -0,0 +1,15 @@ +#!/bin/sh +#set -xeo pipefail + +# Run the installer +yes | setup-alpine -e -f install.conf + +# Copy ssh keys +echo "Copy packer ssh key" +mount /dev/vg0/lv_root /mnt +cp -rp .ssh /mnt/root/ +sync +umount /mnt + +echo "Rebooting the host after install" +reboot -nf \ No newline at end of file diff --git a/recipes/alpine/provisionning/alpine-3.16-postinstall.sh b/recipes/alpine/provisionning/alpine-3.16-postinstall.sh new file mode 100644 index 0000000..9c3af99 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.16-postinstall.sh @@ -0,0 +1,21 @@ +#!/bin/sh +set -xeo pipefail + +apk add --no-cache wget curl jq haveged ca-certificates rsyslog + +rc-update add haveged boot +rc-update add rsyslog boot +rc-update add sshd boot + +# Generate root password +pass=$(openssl rand -base64 32 | tee -a .secret) +chmod 600 .secret +echo -e "${pass}\n${pass}" | passwd + +# Remove expect package + +# Prevent logs spamming like "process '/sbin/getty -L 0 ttyS0 vt100' (pid 2516) exited. Scheduling for restart." +# We don't need an access to ttyS0 +sed -i 's@^\(ttyS0::respawn.*\)@#\1@' /etc/inittab + +sync diff --git a/recipes/alpine/provisionning/alpine-3.17-install.sh b/recipes/alpine/provisionning/alpine-3.17-install.sh new file mode 120000 index 0000000..2d4ac84 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.17-install.sh @@ -0,0 +1 @@ +alpine-3.16-install.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/alpine-3.17-postinstall.sh b/recipes/alpine/provisionning/alpine-3.17-postinstall.sh new file mode 120000 index 0000000..db37049 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.17-postinstall.sh @@ -0,0 +1 @@ +alpine-3.16-postinstall.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/kubernetes/initkubernetes.start b/recipes/alpine/provisionning/conf/kubernetes/initkubernetes.start new file mode 100644 index 0000000..a0e0748 --- /dev/null +++ b/recipes/alpine/provisionning/conf/kubernetes/initkubernetes.start @@ -0,0 +1,181 @@ +#!/bin/sh + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} +LOG_FILE="/var/log/initkubernets.log" +FIRST_BOOT="/var/run/firstboot.flag" + +infoLog() { + echo "Info: $@" | tee -a ${LOG_FILE} +} + +errorLog() { + echo "Error: $@" | tee -a ${LOG_FILE} +} + +waitReadyState() { + local vmID="${1}" + local timeout="${2}" + + local tick=0 + while true ;do + local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY") + if [ "${ready}" = "YES" ];then + return 0 + elif [ "${timeout}" -eq "${tick}" ];then + return ${timeout} + else + sleep 1 + tick=$((tick+1)) + fi + done +} + +returnToken() { + infoLog "Returning tokens" + local caSecretKey="${1}" + local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1) + local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}') + local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf) + + if [ -n "${ONEGATE_ENDPOINT}" ];then + infoLog "Onegate detected" + data="READY=YES" + data="${data} MASTER_ADDR=${masterAddr}" + data="${data} MASTER_TOKEN=${kubeToken}" + data="${data} MASTER_CA_TOKEN=sha256:${caToken}" + data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}" + onegate vm update --data "${data}" + infoLog "Onegate data seted" + else + infoLog "Onegate is not present" + echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token + infoLog "Tokens are available at /root/kube.token" + fi +} + +joinCluster() { + local master="${MASTER_ADDR}" + local token="${MASTER_TOKEN}" + local caToken="${MASTER_CA_TOKEN}" + local caSecretKey="${MASTER_CA_SECRET_KEY}" + local sname="${SERVICE_NAME}" + + if [ -n "${ONEGATE_ENDPOINT}" ];then + local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id') + if [ "${?}" -eq 0 ]; then + waitReadyState ${masterID} 600 + if [ "${?}" -ne 0 ];then + errorLog "Master node is node ready after 600s" + return 3 + fi + local masterInfo=$(onegate vm show ${masterID} --json | \ + jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP") + master=$(echo ${masterInfo} | cut -d " " -f 1) + token=$(echo ${masterInfo} | cut -d " " -f 2) + caToken=$(echo ${masterInfo} | cut -d " " -f 3) + caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4) + masterIP=$(echo ${masterInfo} | cut -d " " -f 5) + sname=$(onegate service show --json | jq -cr ".SERVICE.name") + fi + + # Setting dns resolution for cluster + echo "${masterIP} ${sname}" >> /etc/hosts + onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts + fi + if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then + opts="--node-name $(hostname -f)" + opts="${opts} --token ${token}" + opts="${opts} --discovery-token-ca-cert-hash ${caToken}" + if [ -n "${1}" ];then + opts="${opts} --control-plane" + opts="${opts} --certificate-key ${caSecretKey}" + fi + opts="${opts} ${master}" + + kubeadm join ${opts} | tee -a "${LOG_FILE}" + else + errorLog "Something is missing, can't join the cluster:" + errorLog " Master addr: [${master}]" + errorLog " Master token: [${token}]" + errorLog " Master CA token: [${caToken}]" + return 3 + fi +} + +getServiceName() { + local sname=$(onegate service show --json | jq -cr ".SERVICE.name") + local tmout=30 + local tick=0 + while true ;do + if [ -z "${sname}" ];then + sname=$(onegate service show --json | jq -cr ".SERVICE.name") + else + echo ${sname} + return 0 + fi + sleep 1 + tick=$((tick+1)) + if [ ${tmout} -eq ${tick} ];then + hostname -f + return 3 + fi + done +} + +initLeader() { + sname="$(hostname -f)" + + if [ -n "${ONEGATE_ENDPOINT}" ];then + sname=$(getServiceName) + sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP") + echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts + onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts + fi + + caSecretKey=$(date | sha256sum | awk '{print $1}') + + infoLog "Kubernetes init started" + kubeadm init --pod-network-cidr=10.244.0.0/16 \ + --node-name="${SET_HOSTNAME}" \ + --control-plane-endpoint "${sname}:6443" \ + --upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}" + infoLog "Kubernetes init ended" + + infoLog "Configuring kubectl" + mkdir /root/.kube + ln -s /etc/kubernetes/admin.conf /root/.kube/config + infoLog "kubectl configured" + + infoLog "Installing cilium" + sleep 20 + kubectl config view --minify -o jsonpath='{.clusters[].name}' + sleep 20 + cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}" + infoLog "Cilium is installed" + + returnToken "${caSecretKey}" +} + +initKube() { + if [ "${SERVER_ROLE}" == "leader" ];then + initLeader + elif [ "${SERVER_ROLE}" == "worker" ];then + joinCluster + elif [ "${SERVER_ROLE}" == "master" ];then + joinCluster "${SERVER_ROLE}" + fi + touch ${FIRST_BOOT} + infoLog "Kubernetes cluster init is finished" +} + +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +if [ -f "${FIRST_BOOT}" ];then + exit 0 +else + uuidgen > /etc/machine-id + swapoff -a # Make sure swap is disabled + initKube & +fi \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/kubernetes/sharemetrics.start b/recipes/alpine/provisionning/conf/kubernetes/sharemetrics.start new file mode 100644 index 0000000..6876caf --- /dev/null +++ b/recipes/alpine/provisionning/conf/kubernetes/sharemetrics.start @@ -0,0 +1,3 @@ +#!/bin/sh + +mount --make-rshared / \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/matchbox/initmatchbox.start b/recipes/alpine/provisionning/conf/matchbox/initmatchbox.start new file mode 100644 index 0000000..9180b96 --- /dev/null +++ b/recipes/alpine/provisionning/conf/matchbox/initmatchbox.start @@ -0,0 +1,25 @@ +#!/bin/sh + +FL_VERSIONS="current 3374.2.0" +MATCHBOX_DIR="/var/lib/matchbox" +ASSETS_DIR="${MATCHBOX_DIR}/assets/" + +GPG_FNAME="Flatcar_Image_Signing_Key.asc" +GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/" + +cd /tmp +curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME} +gpg --import --keyid-format LONG ${GPG_FNAME} +cd - + +echo "Provisionning matchbox with flatcar images" +tout=30 +for version in ${FL_VERSIONS}; do + for i in $(seq 1 ${tout});do + echo " * ${FL_VERSIONS} stable image (try ${i})" + /usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR} + if [[ "${?}" -eq 0 ]]; then + break + fi + done +done diff --git a/recipes/alpine/provisionning/conf/matchbox/inittftp.start b/recipes/alpine/provisionning/conf/matchbox/inittftp.start new file mode 100644 index 0000000..e076de9 --- /dev/null +++ b/recipes/alpine/provisionning/conf/matchbox/inittftp.start @@ -0,0 +1,10 @@ +#!/bin/sh + +dest="${1}" + +ipxeEFISource="http://boot.ipxe.org/ipxe.efi" +kpxeSource="http://boot.ipxe.org/undionly.kpxe" + +cd "${dest}" +wget "${ipxeEFISource}" +wget "${kpxeSource}" \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/one-context/net-90-jenkins-slave b/recipes/alpine/provisionning/conf/one-context/net-90-jenkins-slave new file mode 100644 index 0000000..2540f0e --- /dev/null +++ b/recipes/alpine/provisionning/conf/one-context/net-90-jenkins-slave @@ -0,0 +1,13 @@ +#!/bin/sh + +CONF="/etc/conf.d/jenkins-slave" +if [ -e "/etc/jenkins-slave.conf" ]; then + CONF="/etc/jenkins-slave.conf" +fi + +TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }') +sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}" +sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}" +sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}" +sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}" +sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}" diff --git a/recipes/alpine/provisionning/conf/one-context/net-96-gitlab-register b/recipes/alpine/provisionning/conf/one-context/net-96-gitlab-register new file mode 100644 index 0000000..821d654 --- /dev/null +++ b/recipes/alpine/provisionning/conf/one-context/net-96-gitlab-register @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} + +# $TOKENTXT is available only through the env. file +# shellcheck disable=SC1090 +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +### + +if [ -n "${GITLAB_URL}" ]; then + if command -v gitlab-runner; then + if [ -n "${GITLAB_SHELL}" ]; then + opts="--shell=${GITLAB_SHELL}" + fi + # shellcheck disable=SC2086 + gitlab-runner register \ + --non-interactive \ + --url="${GITLAB_URL}" \ + --registration-token="${GITLAB_TOKEN}" \ + --executor="${GITLAB_EXECUTOR}" \ + --description="${GITLAB_RUNNER_NAME}" \ + --tag-list="${GITLAB_TAG_LIST}" \ + --locked=false \ + --access-level=not_protected \ + --run-untagged=false \ + "${opts}" + fi +fi diff --git a/recipes/alpine/provisionning/conf/one-context/net-96-templater b/recipes/alpine/provisionning/conf/one-context/net-96-templater new file mode 100644 index 0000000..f3f9257 --- /dev/null +++ b/recipes/alpine/provisionning/conf/one-context/net-96-templater @@ -0,0 +1,80 @@ +#!/usr/bin/env bash + +# +# Generate all the configuration files +# Get all the values from the VLS_DIR +# Process each template from the TPL_DIR with this values +# + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} +TPL_DIR="/usr/share/builder/templates" +VLS_DIR="/usr/share/builder/values" +CONFIG="" + +. ${ENV_FILE} + +BTR="$(command -v btr)" +if [ "${?}" -ne 0 ]; then + echo "Warning: Nothing to do the templater is not installed" + exit 0 +fi + +if [ ! -e "${TPL_DIR}" ]; then + echo "Error: The template dir is missing (${TPL_DIR})" + exit 1 +fi + +if [ ! -e "${VLS_DIR}" ]; then + echo "Error: The template dir is missing (${VLS_DIR})" + exit 1 +fi + +jsonQuery() { + local data="${1}" + local query="${2}" + echo "${data}" | jq -cr "${query}" +} + +# NAME: @jsonMerge +# AIM: Merge two json structures +# NOTES: +# The last one has de last word +# if you have the same key in A and B +# this keeps the value of the B structure. +# PARAMS: +# $1: original JSON Structure +# $2: updated JSON Structure +jsonMerge() { + local data="${1}" + local data2="${2}" + + echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]" +} + +getValues() { + + local values="" + + for file in $(find ${VLS_DIR} -name "*.json"); do + values="${values}$(cat ${file})" + done + + if [ -n "${RAW_CONFIG}" ]; then + values="$(jsonMerge ${values} ${RAW_CONFIG})" + fi + + for key in $(echo ${values} | jq -cr '.|keys[]'); do + ukey=${key^^} + if [ -n "${!ukey}" ]; then + values="$(jsonMerge "${values}" "{\"${key}\":\"${!ukey}\"}")" + fi + done + echo ${values} +} + +processTemplates() { + ${BTR} -t ${TPL_DIR} -c "${1}" +} +VALUES=$(getValues) +echo ${VALUES} +processTemplates "${VALUES}" diff --git a/recipes/alpine/provisionning/conf/one-context/net-97-k3s b/recipes/alpine/provisionning/conf/one-context/net-97-k3s new file mode 100644 index 0000000..77bd98a --- /dev/null +++ b/recipes/alpine/provisionning/conf/one-context/net-97-k3s @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} + +# $TOKENTXT is available only through the env. file +# shellcheck disable=SC1090 +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +### + +if [ -n "${K3S_ROLE}" ]; then + if [ "${K3S_ROLE}" = "server" ]; then + rc-update add dnsmasq default + service dnsmasq start + + rc-update add k3s default + service k3s start + fi +fi diff --git a/recipes/alpine/provisionning/k3s.sh b/recipes/alpine/provisionning/k3s.sh new file mode 100644 index 0000000..62af7f2 --- /dev/null +++ b/recipes/alpine/provisionning/k3s.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +echo "export KUBECONFIG=/etc/rancher/k3s/k3s.yaml" >> /root/.profile + +exit 0 \ No newline at end of file diff --git a/recipes/alpine/provisionning/kubernetes.sh b/recipes/alpine/provisionning/kubernetes.sh new file mode 100644 index 0000000..f37f832 --- /dev/null +++ b/recipes/alpine/provisionning/kubernetes.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +mount --make-rshared / + +modprobe br_netfilter + +uuidgen > /etc/machine-id + +sysctl -w net.bridge.bridge-nf-call-iptables=1 + +# Remove swap +cat /etc/fstab | grep -v swap > temp.fstab +cat temp.fstab > /etc/fstab +rm temp.fstab +swapoff -a + +#lvremove -y /dev/vg0/lv_swap +#lvextend -y -r -l +100%FREE /dev/vg0/lv_root diff --git a/recipes/alpine/provisionning/letsencrypt.sh b/recipes/alpine/provisionning/letsencrypt.sh new file mode 100644 index 0000000..4ae1968 --- /dev/null +++ b/recipes/alpine/provisionning/letsencrypt.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +set -eo pipefail + +DESTDIR=/usr/local/share/ca-certificates +UPDATE_CERTS_CMD=update-ca-certificates +CERTS="$(cat < "${file}" +processTemplates "${file}" +rm -rf "${file}" diff --git a/recipes/alpine/provisionning/one-context/net-97-k3s b/recipes/alpine/provisionning/one-context/net-97-k3s new file mode 100644 index 0000000..77bd98a --- /dev/null +++ b/recipes/alpine/provisionning/one-context/net-97-k3s @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} + +# $TOKENTXT is available only through the env. file +# shellcheck disable=SC1090 +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +### + +if [ -n "${K3S_ROLE}" ]; then + if [ "${K3S_ROLE}" = "server" ]; then + rc-update add dnsmasq default + service dnsmasq start + + rc-update add k3s default + service k3s start + fi +fi diff --git a/recipes/alpine/provisionning/templater-install.sh b/recipes/alpine/provisionning/templater-install.sh new file mode 100644 index 0000000..091bbdb --- /dev/null +++ b/recipes/alpine/provisionning/templater-install.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +set -ex + +TOOL_DIR="${1:-/usr/local/bin}" +TOOL_USER="${2:-root}" +TOOL_GROUP="${3:-root}" +ATTACHMENT_URL="https://forge.cadoles.com/attachments/" + +installTool() { + NAME="${1}" + URL="${2}" + + curl -k -o ${TOOL_DIR}/${NAME} ${URL} + chmod +x ${TOOL_DIR}/${NAME} +} + +apk add curl + +# Install templater +installTool "tpr" "https://forge.cadoles.com/attachments/242b3cba-8d07-4b89-80ab-7c12253a8524" +# Install bootstraper +installTool "btr" "https://forge.cadoles.com/attachments/e8442b2a-2065-4282-b4a4-648681fa044c" diff --git a/recipes/alpine/sources.pkr.hcl b/recipes/alpine/sources.pkr.hcl new file mode 100644 index 0000000..4f76ed7 --- /dev/null +++ b/recipes/alpine/sources.pkr.hcl @@ -0,0 +1,33 @@ +source qemu "alpine" { + cpus = 1 + memory = "${local.memory}" + accelerator = "kvm" + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + host_port_min = 2222 + host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + disk_compression = true + disk_discard = "unmap" + skip_compaction = false + disk_detect_zeroes = "unmap" + + format = "qcow2" + + boot_wait = "5s" +} diff --git a/recipes/alpine/templates/conf/conf.d/chronyd b/recipes/alpine/templates/conf/conf.d/chronyd new file mode 100644 index 0000000..e692251 --- /dev/null +++ b/recipes/alpine/templates/conf/conf.d/chronyd @@ -0,0 +1,6 @@ +# /etc/conf.d/chronyd +CFGFILE="/etc/chrony/chrony.conf" +FAST_STARTUP=yes +ARGS="" +# vrf e.g 'vrf-mgmt' +#vrf="" diff --git a/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl b/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl new file mode 100644 index 0000000..1ba7461 --- /dev/null +++ b/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl @@ -0,0 +1,47 @@ + +# Example answer file for setup-alpine script +# If you don't want to use a certain option, then comment it out + +# Use US layout with US variant +KEYMAPOPTS="fr fr" + +# Set hostname to alpine-test +HOSTNAMEOPTS="-n ${hostname}" + +# Contents of /etc/network/interfaces +INTERFACESOPTS="auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp + hostname ${hostname} +" + +# Search domain of example.com, OpenDNS public nameserver +# ex: -d example.com 1.1.1.1" +DNSOPTS="" + +# Set timezone to UTC +TIMEZONEOPTS="-z Europe/Paris" + +# set http/ftp proxy +PROXYOPTS="none" + +# Add a random mirror +APKREPOSOPTS="-r -c" + +# Install Openssh +SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys" + +# Use openntpd +NTPOPTS="-c openntpd" + +# Use /dev/sda as a data disk +DISKOPTS="-L -m sys /dev/vda" + +USEROPTS="-a -g 'netdev' ${user}" + +# Setup in /media/vda1 +# LBUOPTS="/media/vda1" +# APKCACHEOPTS="/media/vda1/cache" + diff --git a/recipes/alpine/templates/conf/k3s/k3s.conf.pkr.hcl b/recipes/alpine/templates/conf/k3s/k3s.conf.pkr.hcl new file mode 100644 index 0000000..3fa8501 --- /dev/null +++ b/recipes/alpine/templates/conf/k3s/k3s.conf.pkr.hcl @@ -0,0 +1,8 @@ +# k3s options +export PATH="/usr/libexec/cni/:$PATH" +K3S_EXEC="server" +%{ if Vars.DeployTraefik } +K3S_OPTS="" +%{ else } +K3S_OPTS="--disable traefik" +%{ endif } diff --git a/recipes/alpine/templates/conf/kubernetes/.flag b/recipes/alpine/templates/conf/kubernetes/.flag new file mode 100644 index 0000000..e69de29 diff --git a/recipes/alpine/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/alpine/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl new file mode 100644 index 0000000..b8432f0 --- /dev/null +++ b/recipes/alpine/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl @@ -0,0 +1 @@ +command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl new file mode 100644 index 0000000..d99d357 --- /dev/null +++ b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -0,0 +1,4 @@ +${Vars.ETH0.IP} ${Vars.Set.Hostname} +%{ if Vars.MatchBox.Hostname != "" } +${Vars.ETH0.IP} ${Vars.MatchBox.Hostname} +%{ endif } \ No newline at end of file diff --git a/recipes/alpine/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl new file mode 100644 index 0000000..8d08dac --- /dev/null +++ b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl @@ -0,0 +1,60 @@ +log-queries +log-dhcp + +#port=0 +listen-address=0.0.0.0 +interface=${Vars.PXE.ListenInterface} +no-resolv +domain-needed +bogus-priv +expand-hosts +server=${Vars.ETH0.DNS} +strict-order +addn-hosts=/etc/dnsmasq-hosts.conf +domain=${Vars.PXE.DNSDomain} +local=/${Vars.PXE.DNSDomain}/ +localise-queries + + +%{ if Vars.PXE.DHCPMode == "proxy" } +#dhcp-no-override +dhcp-range=${Vars.ETH0.IP},proxy +%{ else } +dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} +dhcp-option=option:router,${Vars.ETH0.GATEWAY} +%{ endif } + +dhcp-option=option:dns-server,${Vars.ETH0.IP} +dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} + +# TFTP Configuration +enable-tftp +tftp-root="${Vars.PXE.TFTPRoot}" + +pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} + +# Based on logic in https://gist.github.com/robinsmidsrod/4008017 +# iPXE sends a 175 option, checking suboptions +dhcp-match=set:ipxe-http,175,19 +dhcp-match=set:ipxe-https,175,20 +dhcp-match=set:ipxe-menu,175,39 +# pcbios specific +dhcp-match=set:ipxe-pxe,175,33 +dhcp-match=set:ipxe-bzimage,175,24 +dhcp-match=set:ipxe-iscsi,175,17 +# efi specific +dhcp-match=set:ipxe-efi,175,36 +# combination +# set ipxe-ok tag if we have correct combination +# http && menu && iscsi ((pxe && bzimage) || efi) +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi + + +## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) +pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe +pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi +pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP} diff --git a/recipes/alpine/templates/conf/matchbox/init.d/matchbox.pktpl.hcl b/recipes/alpine/templates/conf/matchbox/init.d/matchbox.pktpl.hcl new file mode 100644 index 0000000..6652098 --- /dev/null +++ b/recipes/alpine/templates/conf/matchbox/init.d/matchbox.pktpl.hcl @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/$RC_SVCNAME" +command_user="$RC_SVCNAME" +pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" +start_stop_daemon_args="--start -b" +command_args="$command_args" +command_background="yes" + +depend() { + need net +} + +start_pre() { + checkpath --directory --owner $command_user:$command_user --mode 0775 \ + /run/$RC_SVCNAME /var/log/$RC_SVCNAME + if [ ! -f "/etc/matchbox/server.crt" ]; then + cd /root/tls + export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}" + ./cert-gen + mkdir -p /etc/matchbox + cp ca.crt server.crt server.key /etc/matchbox + chown -R matchbox:matchbox /etc/matchbox + mkdir -p /root/.matchbox + cp client.crt client.key ca.crt /root/.matchbox/ + fi +} \ No newline at end of file diff --git a/recipes/alpine/templates/one/image/common.tpl b/recipes/alpine/templates/one/image/common.tpl new file mode 100644 index 0000000..d422fb1 --- /dev/null +++ b/recipes/alpine/templates/one/image/common.tpl @@ -0,0 +1,7 @@ +NAME = <%= image_name %> +PATH = <%= image_source %> +TYPE = OS +PERSISTENT = No +DESCRIPTION = "<%= image_comment %>" +DEV_PREFIX = vd +FORMAT = qcow2 \ No newline at end of file diff --git a/recipes/alpine/templates/one/service/kubernetes-cluster.json b/recipes/alpine/templates/one/service/kubernetes-cluster.json new file mode 100644 index 0000000..635b8d2 --- /dev/null +++ b/recipes/alpine/templates/one/service/kubernetes-cluster.json @@ -0,0 +1,48 @@ +{ + "name": "<%= template_name %>", + "deployment": "straight", + "description": "Cluster Kubernetes (k8s)", + "roles": [ + { + "name": "leader", + "cardinality": 1, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + }, + { + "name": "master", + "cardinality": 2, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + }, + { + "name": "worker", + "cardinality": 4, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "parents": [ + "leader" + ], + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + } + ], + "networks": { + "main": "M|network|Main network| |id:", + "internal": "M|network|Internal network| |id:" + }, + "custom_attrs": { + "KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local", + "INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |", + "LE_EMAIL": "M|text|Email | |" + }, + "shutdown_action": "terminate", + "ready_status_gate": true + } diff --git a/recipes/alpine/templates/one/vm/common.xml b/recipes/alpine/templates/one/vm/common.xml new file mode 100644 index 0000000..fdb5be4 --- /dev/null +++ b/recipes/alpine/templates/one/vm/common.xml @@ -0,0 +1,33 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "Alpine basic image" +DISK = [ + DEV_PREFIX = "vd", + DRIVER = "qcow2", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/linux.png" +MEMORY = "512" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "2" diff --git a/recipes/alpine/templates/one/vm/k3s.xml b/recipes/alpine/templates/one/vm/k3s.xml new file mode 100644 index 0000000..6c515f2 --- /dev/null +++ b/recipes/alpine/templates/one/vm/k3s.xml @@ -0,0 +1,32 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "K3S Ready VM" +DISK = [ + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "2" diff --git a/recipes/alpine/templates/one/vm/kubeleader.xml b/recipes/alpine/templates/one/vm/kubeleader.xml new file mode 100644 index 0000000..c68faa5 --- /dev/null +++ b/recipes/alpine/templates/one/vm/kubeleader.xml @@ -0,0 +1,35 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "leader", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes master or Docker VM (check the name)" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/alpine/templates/one/vm/kubemaster.xml b/recipes/alpine/templates/one/vm/kubemaster.xml new file mode 100644 index 0000000..e0fe33d --- /dev/null +++ b/recipes/alpine/templates/one/vm/kubemaster.xml @@ -0,0 +1,42 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "master", + MASTER_ADDR = "$MASTER_ADDR", + MASTER_TOKEN = "$MASTER_TOKEN", + MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes worker VM" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + MASTER_ADDR = "O|text|Master address (for workers only)", + MASTER_TOKEN = "O|text|Master Token (for workers only)", + MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/alpine/templates/one/vm/kubeworker.xml b/recipes/alpine/templates/one/vm/kubeworker.xml new file mode 100644 index 0000000..9aa3f0a --- /dev/null +++ b/recipes/alpine/templates/one/vm/kubeworker.xml @@ -0,0 +1,42 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "worker", + MASTER_ADDR = "$MASTER_ADDR", + MASTER_TOKEN = "$MASTER_TOKEN", + MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes worker VM" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "4096" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + MASTER_ADDR = "O|text|Master address (for workers only)", + MASTER_TOKEN = "O|text|Master Token (for workers only)", + MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/alpine/templates/one/vm/matchbox.xml b/recipes/alpine/templates/one/vm/matchbox.xml new file mode 100644 index 0000000..794ab44 --- /dev/null +++ b/recipes/alpine/templates/one/vm/matchbox.xml @@ -0,0 +1,47 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + MATCHBOX_URL = "http://$NAME", + NETWORK = "YES", + PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION", + PXE_DHCPMODE = "$ADHCPMODE", + PXE_DNSDOMAIN = "$BDNSDOMAIN", + PXE_DHCPRANGESTART = "$CDHCPRANGESTART", + PXE_DHCPRANGEEND = "$DDHCPRANGEEND", + PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION", + MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "Matchbox Ready VM" +DISK = [ + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy", + BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)", + CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP", + DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP", + EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h", + FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ] +VCPU = "2" diff --git a/recipes/alpine/variables.pkr.hcl b/recipes/alpine/variables.pkr.hcl new file mode 100644 index 0000000..28100fb --- /dev/null +++ b/recipes/alpine/variables.pkr.hcl @@ -0,0 +1,54 @@ +variable "name" { + type = string + default = "alpine" +} + +variable "version" { + type = string + default = "3.14.2" +} + +variable "short_version" { + type = string + default = "3.14" +} + +variable "arch" { + type = string + default = "x86_64" +} + +variable "output_dir" { + type = string + default = "output/alpine/" +} + +variable "source_url" { + type = string + default = "https://cdimage.debian.org/cdimage/release" +} + +variable "iso_cd_checksum" { + type = string + default = "sha256:ae6d563d2444665316901fe7091059ac34b8f67ba30f9159f7cef7d2fdc5bf8a" +} + +variable "image_version" { + type = string + default = "0.0.1" +} + +variable "one_user" { + type = string + default = env("ONE_USER") +} + +variable "one_token" { + type = string + default = env("ONE_TOKEN") +} + +variable "boot_command" { + type = list(string) + default = [] +} diff --git a/tools/one-templates b/tools/one-templates new file mode 100755 index 0000000..4acd96c --- /dev/null +++ b/tools/one-templates @@ -0,0 +1,628 @@ +#!/usr/bin/env ruby + +############################################################################ +# Environment Configuration +############################################################################ +ONE_LOCATION = ENV['ONE_LOCATION'] + +if !ONE_LOCATION + RUBY_LIB_LOCATION = '/usr/lib/one/ruby' + ONEFLOW_LOCATION = '/usr/lib/one/oneflow/lib' + GEMS_LOCATION = '/usr/share/one/gems' +else + RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' + ONEFLOW_LOCATION = ONE_LOCATION + '/lib/oneflow/lib' + GEMS_LOCATION = ONE_LOCATION + '/share/gems' +end + +warn_level = $VERBOSE +$VERBOSE = nil +if File.directory?(GEMS_LOCATION) + real_gems_path = File.realpath(GEMS_LOCATION) + if !defined?(Gem) || Gem.path != [real_gems_path] + $LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ } + require 'rubygems' + Gem.use_paths(real_gems_path) + end +end +$VERBOSE = warn_level + +$LOAD_PATH << RUBY_LIB_LOCATION + +############################################################################ +# Required libraries +############################################################################ +require 'erb' +require 'yaml' +require 'json' +require 'socket' +require 'webrick' +require 'pathname' +require 'optparse' +require 'opennebula' +require 'opennebula/oneflow_client' + + +def getServiceID(response) + rsp = JSON.parse(response) + return rsp["DOCUMENT"]["ID"] +end + +def chmodService(sv, path, id, mode) + uri = "#{path}/service_template/#{id}/action" + + params = {} + params["octet"] = mode + params["recursive"] = "all" + action = Service.build_json_action('chmod', params) + + resp = sv.post(uri, action) + if CloudClient.is_error?(resp) + raise Exception.new("Service template chmod failed with error : #{resp}") + end +end + +def getServiceTemplateByName(name, owner, sv, path) + resp = sv.get("#{path}/service_template") + if CloudClient.is_error?(resp) + raise Exception.new(resp) + return nil + else + tpls = JSON.parse(resp.body) + end + + if tpls["DOCUMENT_POOL"].size != 0 + tpls["DOCUMENT_POOL"]["DOCUMENT"].each do |doc| + if name == doc["NAME"] and owner == doc["UNAME"] + return doc + end + end + end + return nil +end + +def publishService(sv, path, template, mode, owner) + tpl = JSON.parse(template) + + svr = getServiceTemplateByName(tpl['name'], owner, sv, path) + if ! svr + resp = sv.post("#{path}/service_template", template) + if CloudClient.is_error?(resp) + raise Exception.new("Service template creation failed with error : #{resp}") + else + id = getServiceID(resp.body) + begin + chmodService(sv, path, id, mode) + rescue => e + raise e + end + return("created [id: #{id}]") + end + else + # Keep registration_time + if svr['TEMPLATE']['BODY'].key?("registration_time") + tpl["registration_time"] = svr['TEMPLATE']['BODY']['registration_time'] + template = tpl.to_json + end + + resp = sv.put("#{path}/service_template/#{svr["ID"]}", template) + if CloudClient.is_error?(resp) + raise Exception.new("Service template tupdate failed with error : #{resp}") + else + id = getServiceID(resp.body) + begin + chmodService(sv, path, id, mode) + rescue => e + raise e + end + return("updated [id: #{id}]") + end + end + return 0 +end + +def getTemplateByName(cli, name) + tpl_pool = OpenNebula::TemplatePool.new(cli, OpenNebula::Pool::INFO_MINE) + rc = tpl_pool.info + if OpenNebula.is_error?(rc) + puts rc.message + return nil + end + tpl_pool.each do |tpl| + if tpl.name == name + return tpl + end + end + return nil +end + +def publishImage(image_name, image_comment, image_file, external_url, template, mode) + image_source = '' + root = File.expand_path(File.dirname(image_file)) + filename = File.basename(File.expand_path(image_file)) + + # Starting a very simple HTTP server to make the image available for ONE. + http_port = nil + t1 = Thread.new do + server = WEBrick::HTTPServer.new(Port: 0, + DocumentRoot: root, + Logger: WEBrick::Log.new('/dev/null'), + AccessLog: []) + http_port = server.config[:Port] + server.start + end + + # rubocop:disable Metrics/BlockLength + # Image creation and cleanup old ones + t2 = Thread.new do + begin + client = OpenNebula::Client.new(CREDENTIALS, ENDPOINT) + img_pool = OpenNebula::ImagePool.new(client, OpenNebula::Pool::INFO_MINE) + + rc = img_pool.info + raise Exception, rc.message if OpenNebula.is_error?(rc) + + img_pool.each do |image| + if image.name =~ /.*_tbr/ + warn("Trying to delete #{image.name}") + rc = image.delete + end + next unless image.name == image_name + + rc = image.delete + if OpenNebula.is_error?(rc) + rc = image.rename("#{image_name}_#{Time.now.strftime('%Y%m%d-%H%M%S')}_tbr") + raise Exception, rc.message if OpenNebula.is_error?(rc) + end + sleep(5) + end + + image_source = if external_url + # We have a reverse proxy in front of us + "#{external_url}/#{HTTP_ADDR}/#{http_port}/#{filename}" + else + "http://#{HTTP_ADDR}:#{http_port}/#{filename}" + end + + tmpl = if template + ERB.new(template).result(binding) + else + <<~TEMPLATE + NAME = #{image_name} + PATH = #{image_source} + TYPE = OS + PERSISTENT = No + DESCRIPTION = "#{image_comment} (default template)" + DEV_PREFIX = vd + FORMAT = qcow2 + TEMPLATE + end + + xml = OpenNebula::Image.build_xml + img = OpenNebula::Image.new(xml, client) + rc = img.allocate(tmpl, DS_ID) + raise Exception, rc.message if OpenNebula.is_error?(rc) + + tout = 300 + while img.short_state_str != 'rdy' + sleep(1) + img.info + tout -= 1 + break if tout.zero? + end + img.chmod_octet(mode) + warn("\nOneNebula template publication:\n") + warn("\tImage template:\n") + warn("\t Image #{image_name} published") + warn("\t * description: #{image_comment}\n") + warn("\t * source: #{image_source}\n") + warn("\t * file: #{image_file}\n") + warn("\t * mode: #{mode}\n") + rescue Exception => e + warn(e.message) + Thread.kill(t1) + exit(-1) + end + Thread.kill(t1) + end + # rubocop:enable Metrics/BlockLength + + t1.join + t2.join +end + +def publishVM(oneCli, template_name, template, mode) + xml = OpenNebula::Template.build_xml + tpl = nil + + rc = nil + print("\tVM template #{template_name} :",) + tpl = getTemplateByName(oneCli, template_name) + if tpl + rc = tpl.update(template) + print(" update ") + else + tpl = OpenNebula::Template.new(xml, oneCli) + rc = tpl.allocate(template) + print(" create ") + end + + if OpenNebula.is_error?(rc) + puts("[KO]") + STDERR.puts rc.message + exit(-1) + end + print("\n\tSet VM template #{template_name} permission to #{mode}") + tpl.chmod_octet(mode) + puts ("[OK]") + return 0 +end + + +options = {} + +OptionParser.new do |opts| + opts.banner = "Usage: onte-templates [options]" + + opts.on("-cFILE", "--config=FILE", "Configuration file to use (default ./.one-templates.conf)") do |c| + options[:config_file] = c + end + + opts.on("-tTYPE", "--type=TYPE", "Set what do you want to publish (vm for a vm_template, service for a service_template)") do |t| + options[:type] = t + end + + opts.on("-nNAME", "--name=NAME", "Name of the template to publish") do |n| + options[:name] = n + end + + opts.on("-TTEMPLATE", "--template=TEMPLATE", "The template to publish (file or raw template)") do |tp| + options[:template] = tp + end + + opts.on("-dDIRECTORY", "--directory=DIRECTORY", "Template directory") do |d| + options[:directory] = d + end + + opts.on("-uUSER", "--user=USER", "OpenNebula user") do |u| + options[:user] = u + end + + opts.on("-pTOKEN", "--password=TOKEN", "OpenNebula user token or password") do |t| + options[:token] = t + end + + opts.on("-eENDPOINT", "--end-point=ENDPOINT", "OpenNebula cluster API end point") do |e| + options[:endpoint] = e + end + + opts.on("-fFLOWENDPOINT", "--flow-end-point=FLOWENDPOINT", "OneFlow API end point") do |f| + options[:flow_endpoint] = f + end + + opts.on("-mMODE", "--mode=MODE", "Permissions for the template (ex: 644)") do |m| + options[:mode] = m + end + + opts.on("-bBUILDER_ADDR","--builder-addr=BUILDER_ADDR", "Builder IP address") do |b| + options[:builder_addr] = b + end + + opts.on("-xEXTERNAL", "--external-url=EXTERNAL", "External URL (reverse proxy)") do |x| + options[:external_url] = x + end + + opts.on("-sDATASTORE_ID", "--datasore-id=DATASTORE_ID", "Images datastore ID") do |s| + options[:datastore_id] = s + end + + opts.on("-iIMAGE_ROOT", "--image-root=IMAGE_ROOT", "Directory containing the images") do |i| + options[:image_root] = i + end + + opts.on("-cCOMMENT", "--comment=COMMENT", "Image comment/description") do |c| + options[:image_comment] = c + end + + opts.on("-IIMAGE", "--image-file=IMAGE", "Image file do publish") do |img| + options[:image_file] = img + end + + opts.on("-VIMAGE_NAME", "--image-name=IMAGE_NAME", "Image name for vm template") do |img| + options[:image_name] = img + end + + opts.on("-vVM_NAME", "--vm-name=IMAGE_NAME", "VM Template name") do |vm| + options[:vm_name] = vm + end + + opts.on("-h", "--help", "Prints this help") do + puts opts + exit + end +end.parse! + +config_file = if ENV.has_key?("TEMPLATER_CONFIG") + ENV["TEMPLATER_CONFIG"] + elsif options.key?(:config_file) + options[:config_file] + else + "#{File.dirname(__FILE__)}/.one-templates.conf" + end + +config = if File.readable?(config_file) + YAML.load_file(config_file) + else + {} + end + +# OpenNebula credentials +user = "" +token = "" + +if options.key?(:user) and options.key?(:token) + user = options[:user] + token = options[:token] +elsif ENV.has_key?("ONE_USER") and ENV.has_key?("ONE_TOKEN") + user = ENV["ONE_USER"] + token = ENV["ONE_TOKEN"] +elsif config.key?("user") and config.key?("token") + user = config["user"] + token = config["token"] +elsif File.file?("~/.one/one_auth") + creds = File.read("~/.one/one_auth").chomp.split(':') + user = creds[0] + token = creds[1] +else + raise Exception.new("OpenNebula user or token or both are missing, provide this informations in configuration or in environement") +end + +template_type = if options.key?(:type) + options[:type] + elsif ENV.has_key?("TEMPLATE_TYPE") + ENV["TEMPLATE_TYPE"] + else + raise Exception.new("Publishing type is not defined, use --type or TYPE environement variable.") + end +if (template_type != "service") && (template_type != "vm") && (template_type != 'image') + raise Exception.new("Type #{template_type} not supported. Type has to be 'image', 'vm' or 'service'") +end + +template_dir = "" +if options.key?(:directory) + template_dir = options[:directory] +elsif ENV.has_key?("SERVICE_TEMPLATE_DIR") + template_dir = ENV["SERVICE_TEMPLATE_DIR"] +elsif config.key?("template_dir") + template_dir = config[:template_dir] +else + if template_type == "service" + template_dir = "#{File.dirname(__FILE__)}/../templates/one/service_template" + elsif template_type == "vm" + template_dir = "#{File.dirname(__FILE__)}/../templates/one/vm" + elsif template_type == "image" + template_dir = "#{File.dirname(__FILE__)}/../templates/one/image" + end +end + +template = if options.key?(:template) + if File.readable?(options[:template]) + File.read(options[:template]) + else + options[:template] + end + elsif ENV.has_key?("TEMPLATE") + ENV("TEMPLATE") + else + nil + end + +template_name = if options[:name] + options[:name] + elsif ENV.has_key?("TEMPLATE_NAME") + ENV["TEMPLATE_NAME"] + end + +template_file = nil + +tplExt = "json" +if template_type == "vm" + tplExt = "xml" +elsif template_type == "image" + tplExt = "tpl" +end + + +# XML_RPC endpoint where OpenNebula is listening +end_point = nil +if options[:endpoint] + end_point = options[:endpoint] +elsif ENV.has_key?("ONE_XMLRPC") + end_point = ENV["ONE_XMLRPC"] +elsif config.key?("endpoint") + end_point = config["endpoint"] +end + +flow_endpoint = nil +if template_type == "service" + if options[:flow_endpoint] + flow_end_point = URI.parse(options[:flow_endpoint]) + elsif ENV.has_key?("ONE_FLOW_ENDPOINT") + flow_end_point = URI.parse(ENV["ONE_FLOW_ENDPOINT"]) + elsif config.key?("flow_endpoint") + flow_end_point = URI.parse(config["flow_endpoint"]) + end + if ! flow_end_point + raise Exception.new("OneFlow API endpoint is missing, use --flow-end-point option or ONE_FLOW_ENDPOINT environement variable") + end + + flow_path = flow_end_point.path +end + +if ! end_point + raise Exception.new("API endpoint is missing, use --end-point option or ONE_XMLRPC environement variable") +end + + +mode = nil +if options[:mode] + mode = options[:mode] +elsif ENV.has_key?("MODE") + mode = ENV["MODE"] +else + mode = "600" +end + +external_url = if options[:external_url] + options[:external_url] + elsif ENV.key?('EXTERNAL_URL') + ENV['EXTERNAL_URL'] + elsif config.key?("external_url") + config["external_url"] + end + +builder_addr = if options[:builder_addr] + options[:buider_addr] + elsif ENV.key?('BUILDER_ADDR') + ENV['BUILDER_ADDR'] + elsif config.key?("builder_addr") + config["builder_addr"] + else + # Get first IP address + Socket.getifaddrs.detect do |addr_info| + addr_info.name != 'lo' && addr_info.addr && addr_info.addr.ipv4? + end.addr.ip_address + end + +datastore_id = if options[:datastore_id] + options[:datastore_id] + elsif ENV.key?('DATASTORE_ID') + ENV['DATASTORE_ID'].to_i + elsif config.key?("datastore_id") + config["datastore_id"].to_i + else + 1 + end + +image_root = if options[:image_root] + options[:image_root] + elsif ENV.key?('IMAGE_ROOT') + ENV['IMAGE_ROOT'] + elsif config[:image_root] + config['image_root'] + else + "#{File.dirname(__FILE__)}/../output" + end + +image_comment = if options[:image_comment] + options[:image_comment] + elsif ENV.key?('IMAGE_COMMENT') + ENV['IMAGE_COMMENT'] + elsif config[:image_comment] + config['image_comment'] + else + "#{template_name}" + end + +image_file = if options[:image_file] + options[:image_file] + elsif ENV.key?('IMAGE_FILE') + ENV['IMAGE_FILE'] + elsif config.key?(:image_file) + config['image_file'] + else + nil + end + +image_name = if options[:image_name] + options[:image_name] + elsif ENV.key?('IMAGE_NAME') + ENV['IMAGE_NAME'] + elsif config.key?(:image_name) + config[:image_name] + else + nil + end + +vm_name = if options[:vm_name] + options[:vm_name] + elsif ENV.key?('VM_NAME') + ENV['VM_NAME'] + elsif config.key?(:vm_name) + config[:vm_name] + else + nil + end + +CREDENTIALS = "#{user}:#{token}" +ENDPOINT = end_point +DS_ID = datastore_id +HTTP_ADDR = builder_addr + +oneCli = OpenNebula::Client.new(CREDENTIALS, ENDPOINT) + +# Template management +# the template can be an ERB template +# if you provide a template we use it as raw template +# if you provide a file name we read it first +# + +tpl_content = nil +if template + if File.readable?(template) + tpl_content = File.read(template) + else + tpl_content = template + end +else + if template_name + fname = "#{template_dir}/#{template_name}.#{tplExt}" + if File.readable?(fname) + tpl_content = File.read(fname) + elsif template_type != "image" + raise Exception.new("No service or vm named #{template_name}, file #{fname} is missing !") + end + else + raise Exception.new("No template provided, template name is missing, please provide a service name with option --name") + end +end + +# Process the ERB template. +# For the images the template is processed later during publishing +if template_type != "image" + tpl = if File.readable?(tpl_content) + ERB.new(File.read(tpl_content)) + else + ERB.new(tpl_content) + end + template = tpl.result(binding) +end + +if template_type == "service" + sv = Service::Client.new( + :username => user, + :password => token, + :url => flow_end_point.to_s, + :user_agent => 'CLI') + begin + puts("OpenNebula template publication:") + res = publishService(sv, flow_path, template, mode, user) + puts("\tService template #{template_name} #{res}") + rescue => err + puts(err) + end +elsif template_type == "vm" + begin + puts("OpenNebula template publication:") + publishVM(oneCli, template_name, template, mode) + rescue => err + puts(err) + end + +elsif template_type == "image" + if ! image_file + raise Exception.new("No image file provided, use --image-file option or IMAGE_FILE environement variable.") + exit(-1) + end + publishImage(template_name, image_comment, image_file, external_url, template, mode) +end -- 2.17.1 From 3e7d5c028ba6586b422261fdf7a8dd385b6daf89 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 27 Jun 2023 15:25:30 +0200 Subject: [PATCH 2/8] feat(recipes): adding nuo specific recipes --- build | 15 +- recipes/alpine/3.18.pkrvars.hcl | 6 + recipes/alpine/docker.pkr.hcl | 25 +- recipes/alpine/emissary.hcl | 76 +++++ recipes/alpine/harbor.pkr.hcl | 97 +++++++ recipes/alpine/locals.docker.pkr.hcl | 59 +++- recipes/alpine/locals.harbor.pkr.hcl | 22 ++ recipes/alpine/locals.matchbox.pkr.hcl | 8 +- recipes/alpine/locals.nuo-harbor.pkr.hcl | 89 ++++++ recipes/alpine/locals.nuo-matchbox.pkr.hcl | 176 ++++++++++++ recipes/alpine/locals.pkr.hcl | 6 + recipes/alpine/main.pkr.hcl | 23 ++ recipes/alpine/matchbox.pkr.hcl | 4 +- recipes/alpine/nuo-harbor.pkr.hcl | 136 +++++++++ recipes/alpine/nuo-matchbox.pkr.hcl | 120 ++++++++ recipes/alpine/plugins.pkr.hcl | 4 + .../provisionning/alpine-3.16-install.sh | 1 + .../provisionning/alpine-3.16-postinstall.sh | 4 +- .../provisionning/alpine-3.18-install.sh | 1 + .../provisionning/alpine-3.18-postinstall.sh | 1 + .../provisionning/conf/common/templater.start | 104 +++++++ .../provisionning/conf/harbor/init.d/harbor | 64 +++++ recipes/alpine/provisionning/conf/nuo-harbor | 1 + .../alpine/provisionning/conf/nuo-matchbox | 1 + recipes/alpine/provisionning/harbor.sh | 38 +++ recipes/alpine/provisionning/matchbox.sh | 9 +- recipes/alpine/provisionning/nuo-harbor.sh | 1 + recipes/alpine/provisionning/nuo-matchbox.sh | 1 + .../provisionning/ssh/cadoles/pcaseiro.pub | 1 + .../provisionning/ssh/cadoles/vfebvre.pub | 1 + .../alpine/provisionning/ssh/cnous/nmelin.pub | 1 + .../provisionning/ssh/cnous/operrot.pub | 1 + .../provisionning/tools/additionnal-disk | 27 ++ recipes/alpine/sources.pkr.hcl | 66 +++++ .../templates/conf/docker/subgid.pktpl.hcl | 6 + .../templates/conf/docker/subuid.pktpl.hcl | 3 + .../conf/harbor/harbor.yml.pktpl.hcl | 265 ++++++++++++++++++ .../templates/conf/install/awnsers.pktpl.hcl | 2 +- .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 4 +- recipes/alpine/templates/conf/nuo-harbor | 1 + .../conf.d/matchbox.conf.pktpl.hcl | 1 + .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 7 + .../dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ++++ .../conf/nuo-matchbox/hostname.pktpl.hcl | 1 + .../nuo-matchbox/init.d/matchbox.pktpl.hcl | 28 ++ .../nuo-matchbox/network/interfaces.pktpl.hcl | 9 + .../conf/nuo-matchbox/resolv.conf.pktpl.hcl | 4 + 47 files changed, 1557 insertions(+), 23 deletions(-) create mode 100644 recipes/alpine/3.18.pkrvars.hcl create mode 100644 recipes/alpine/emissary.hcl create mode 100644 recipes/alpine/harbor.pkr.hcl create mode 100644 recipes/alpine/locals.harbor.pkr.hcl create mode 100644 recipes/alpine/locals.nuo-harbor.pkr.hcl create mode 100644 recipes/alpine/locals.nuo-matchbox.pkr.hcl create mode 100644 recipes/alpine/nuo-harbor.pkr.hcl create mode 100644 recipes/alpine/nuo-matchbox.pkr.hcl create mode 120000 recipes/alpine/provisionning/alpine-3.18-install.sh create mode 120000 recipes/alpine/provisionning/alpine-3.18-postinstall.sh create mode 100644 recipes/alpine/provisionning/conf/common/templater.start create mode 100755 recipes/alpine/provisionning/conf/harbor/init.d/harbor create mode 120000 recipes/alpine/provisionning/conf/nuo-harbor create mode 120000 recipes/alpine/provisionning/conf/nuo-matchbox create mode 100644 recipes/alpine/provisionning/harbor.sh create mode 120000 recipes/alpine/provisionning/nuo-harbor.sh create mode 120000 recipes/alpine/provisionning/nuo-matchbox.sh create mode 100644 recipes/alpine/provisionning/ssh/cadoles/pcaseiro.pub create mode 100644 recipes/alpine/provisionning/ssh/cadoles/vfebvre.pub create mode 100644 recipes/alpine/provisionning/ssh/cnous/nmelin.pub create mode 100644 recipes/alpine/provisionning/ssh/cnous/operrot.pub create mode 100644 recipes/alpine/provisionning/tools/additionnal-disk create mode 100644 recipes/alpine/templates/conf/docker/subgid.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/docker/subuid.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/harbor/harbor.yml.pktpl.hcl create mode 120000 recipes/alpine/templates/conf/nuo-harbor create mode 100644 recipes/alpine/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/nuo-matchbox/hostname.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl create mode 100644 recipes/alpine/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl diff --git a/build b/build index 7ff618c..ef5af55 100755 --- a/build +++ b/build @@ -9,6 +9,8 @@ VERSION=${3} RCP_DIR="./recipes" PACKER=${PACKER:-packer} +BUILDER=${BUILDER:-qemu} + # # Init packer # install plugins @@ -23,8 +25,8 @@ initPacker() { # First the "base" image then the provisionned ones # run() { - ${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.qemu.${OS}" "${RCP_DIR}/${OS}/." - ${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.qemu.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/." } # @@ -34,7 +36,7 @@ run_build() { target=${4} ${PACKER} build ${PACKER_OPTS} -force \ -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" \ - -only="${target}.qemu.${OS}" \ + -only="${target}.${BUILDER}.${OS}" \ "${RCP_DIR}/${OS}/." } @@ -45,7 +47,7 @@ run_many() { targets="${@:4}" only="" for target in ${targets};do - only="${only}-only=${target}.qemu.${OS} " + only="${only}-only=${target}.${BUILDER}.${OS} " done ${PACKER} build ${PACKER_OPTS} -force \ @@ -132,6 +134,11 @@ case "${ACTION}" in initPacker "${2}" || exit 1 run_build $@ ;; + + "runVMW") + initPacker "${2}" || exit 1 + run_build $@ + ;; "mrun") initPacker "${2}" || exit 1 diff --git a/recipes/alpine/3.18.pkrvars.hcl b/recipes/alpine/3.18.pkrvars.hcl new file mode 100644 index 0000000..bdbee73 --- /dev/null +++ b/recipes/alpine/3.18.pkrvars.hcl @@ -0,0 +1,6 @@ +name = "alpine" +version = "3.18.2" +short_version = "3.18" +arch = "x86_64" +source_url = "https://dl-cdn.alpinelinux.org/alpine" +iso_cd_checksum = "6bc7ff54f5249bfb67082e1cf261aaa6f307d05f64089d3909e18b2b0481467f" \ No newline at end of file diff --git a/recipes/alpine/docker.pkr.hcl b/recipes/alpine/docker.pkr.hcl index b6890aa..e580c91 100644 --- a/recipes/alpine/docker.pkr.hcl +++ b/recipes/alpine/docker.pkr.hcl @@ -6,6 +6,14 @@ This builder builds a QEMU image from the base build output. The goal here is to with it's provisionning. EOF + source "source.vmware-vmx.alpine" { + output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/docker" + vm_name = "${local.output_name}-${var.version}-docker.img" + source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx" + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + source "source.qemu.alpine" { output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}" vm_name = "${local.output_name}-${var.version}-${local.Docker.Name}.img" @@ -17,6 +25,19 @@ EOF ssh_clear_authorized_keys = true } + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + // Install templater and bootstraper provisioner "shell" { script = "${local.dirs.provisionning}/templater-install.sh" @@ -64,8 +85,8 @@ EOF post-processor "shell-local" { inline = [ "/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name} ${var.image_version}", - "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img", - "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}", + //"ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img", + //"ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}", ] } diff --git a/recipes/alpine/emissary.hcl b/recipes/alpine/emissary.hcl new file mode 100644 index 0000000..8e0c128 --- /dev/null +++ b/recipes/alpine/emissary.hcl @@ -0,0 +1,76 @@ +#Flavour emissary +build { + name = "emissary" + description = <" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.emissary)}" + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${local.dirs.provisionning}/one-context.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'", + "sh -cx 'sh /tmp/${build.name}.sh'" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/emissary ${var.image_version}", + "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-emissary -c 'Emissary base image' --image-file ${var.output_dir}/${var.version}/provisionned/emissary/${local.output_name}-${var.version}-emissary.img", + "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/emissary.xml -n ${local.output_name}-${var.version}-emissary --image-name ${local.output_name}-${var.version}-emissary" + ] + } + +} diff --git a/recipes/alpine/harbor.pkr.hcl b/recipes/alpine/harbor.pkr.hcl new file mode 100644 index 0000000..f6df9e5 --- /dev/null +++ b/recipes/alpine/harbor.pkr.hcl @@ -0,0 +1,97 @@ +#Flavour ${build.name} +build { + name = "${local.Harbor.Name}" + description = <" ] + ssh_clear_authorized_keys = true + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${path.cwd}/provisionning/${var.name}/${build.name}.sh" + } + + provisioner "file" { + destination = "/tmp/install-${build.name}.sh" + source = "${path.cwd}/provisionning/${build.name}/install.sh" + } + + provisioner "file" { + destination = "/tmp/install-templater.sh" + source = "${path.cwd}/provisionning/templater/install.sh" + } + + // Install OpenNebula context tool + provisioner "file" { + destination = "/tmp/one-context.sh" + source = "${path.cwd}/provisionning/${var.name}/one-context.sh" + } + + // Deploy the opennebula context script to manage configuration + provisioner "file" { + destination = "/tmp/net-96-templater" + source = "${path.cwd}/provisionning/one-context/net-96-templater" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/one-context.sh'", + "sh -cx 'sh /tmp/${build.name}.sh'", + "sh -cx 'sh /tmp/install-templater.sh'", + "sh -cx 'sh /tmp/install-${build.name}.sh'", + "sh -cx 'cp /tmp/net-96-templater /etc/one-context.d/net-96-templater'", + "sh -cx 'chmod +x /etc/one-context.d/net-96-templater'" + ] + } + + provisioner "file" { + name = "templater" + destination = "${local.Config.ConfigFiles[0].destination}" + content = templatefile("${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}", local.Config) + } + + + // Create Builder directories on the image. + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}/${build.name}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.TemplateDir}/${build.name}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}/${build.name}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.ValueDir}/${build.name}'", + "sh -cx 'mkdir -p ${local.Config.StorageRoot}'", + "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.Config.StorageRoot}'" ] + } + + // Copy configuration template on the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/${build.name}/${local.Config.ConfigFiles[0].source}" + source = "${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}/values.json" + content = "${jsonencode(local.Config)}" + } + + post-processor "shell-local" { + name = "publish" + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${build.name} ${var.image_version}", + "ruby ${path.cwd}/tools/one-templates -t image -T ${path.cwd}/templates/one/image/common.tpl -n ${local.output_name}-${var.version}-${build.name} -c '${build.name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${build.name}/${local.output_name}-${var.version}-${build.name}.img", + "ruby ${path.cwd}/tools/one-templates -t vm -T ${path.cwd}/templates/one/vm/${build.name}.xml -n ${local.output_name}-${var.version}-${build.name} --image-name ${local.output_name}-${var.version}-${build.name}", + ] + } + +} \ No newline at end of file diff --git a/recipes/alpine/locals.docker.pkr.hcl b/recipes/alpine/locals.docker.pkr.hcl index 4dacc91..2d46ebb 100644 --- a/recipes/alpine/locals.docker.pkr.hcl +++ b/recipes/alpine/locals.docker.pkr.hcl @@ -1,27 +1,76 @@ locals { // Definition of the Kubernetes service (templater compatible) ServiceDocker = { - ConfigFiles = [] - Repositories = {} + ConfigFiles = [ + { + destination = "/etc/subuid" + source = "subuid.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/subgid" + source = "subgid.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } Packages = { docker = { name = "docker" action = "install" } + docker-rootless-extras = { + name = "docker-rootless-extras" + action = "install" + } docker-compose = { name = "docker-compose" action = "install" } + gpg = { + name = "gpg" + action = "install" + } } Daemons = { - docker = { + docker = { name = "docker" type = "auto" enabled = true } + cgroups = { + name = "cgroups" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + Vars = { + RootlessDocker = "true" + } + Users = { + dock = { + username = "dock" + group = "dock" + home = "/srv/dock" + shell = "/bin/nologin" + } } - Vars = {} - Users = {} } Docker = { diff --git a/recipes/alpine/locals.harbor.pkr.hcl b/recipes/alpine/locals.harbor.pkr.hcl new file mode 100644 index 0000000..4f1e99a --- /dev/null +++ b/recipes/alpine/locals.harbor.pkr.hcl @@ -0,0 +1,22 @@ +locals { + ServiceHarbor = { + ConfigFiles = [ + { + destination = "/etc/harbor/harbor.yaml" + source = "habor.yaml.pktpl.hcl" + mod = "600" + } + ] + AuthEnabled = false + User = "harbor" + Group = "harbor" + HarborDomain = "reg.cadoles.com" + } + Harbor = { + Name = "harbor" + Globals = local.Globals + Services = { + Harbor = local.ServiceHarbor + } + } +} \ No newline at end of file diff --git a/recipes/alpine/locals.matchbox.pkr.hcl b/recipes/alpine/locals.matchbox.pkr.hcl index dbb67dc..9951e58 100644 --- a/recipes/alpine/locals.matchbox.pkr.hcl +++ b/recipes/alpine/locals.matchbox.pkr.hcl @@ -38,6 +38,12 @@ locals { url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" enabled = true } + AlpineEdgeCommunity = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/community" + enabled = true + } } Packages = { dnsmasq = { @@ -117,4 +123,4 @@ locals { MatchBox = local.ServiceMatchBox } } -} \ No newline at end of file +} diff --git a/recipes/alpine/locals.nuo-harbor.pkr.hcl b/recipes/alpine/locals.nuo-harbor.pkr.hcl new file mode 100644 index 0000000..0bcc742 --- /dev/null +++ b/recipes/alpine/locals.nuo-harbor.pkr.hcl @@ -0,0 +1,89 @@ +locals { + ServiceNuoHarbor = { + ConfigFiles = [ + { + destination = "/etc/harbor/harbor.yml" + source = "harbor.yml.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Vars = { + AuthEnabled = false + User = "harbor" + Group = "harbor" + HarborHTTPPort = "80" + HarborHTTPSPort = "443" + HarborSSLCert = "/etc/ssl/certs/harbor.crt" + HarborSSLPrivKey = "/etc/ssl/certs/harbor.key" + HarborDomain = "reg.k8s.in.nuonet.fr" + HarborAdminPassword = "ChangeMeAsSoonAsPossible" + HarborDBPassword = "WeNeedToBeAbleToManagePasswords" + NIC = [ + { + Name = "eth0" + IP = "192.168.160.10" + Mask = "255.255.254.0" + Gateway = "192.168.160.1" + } + ] + DNS = [ "192.168.160.10" ] + Set = { Hostname = "reg.k8s.in.nuonet.fr" } + } + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } + Packages = { + vmtools = { + name = "open-vm-tools" + action = "install" + }, + mkcert = { + name = "mkcert" + action = "install" + }, + gpg-agent = { + name = "gpg-agent" + action = "install" + } + ncurses = { + name = "ncurses" + action = "install" + } + } + Daemons = { + vm-tools = { + name = "open-vm-tools" + type = "auto" + enabled = true + } + harbor = { + name = "harbor" + type = "auto" + enabled = true + } + } + Users = { + harbor = { + username = "harbor" + group = "harbor" + home = "/srv/harbor" + shell = "/bin/nologin" + } + } + } + NuoHarbor = { + Name = "nuo-harbor" + Globals = local.Globals + Services = { + Docker = local.ServiceDocker + Harbor = local.ServiceNuoHarbor + } + } +} \ No newline at end of file diff --git a/recipes/alpine/locals.nuo-matchbox.pkr.hcl b/recipes/alpine/locals.nuo-matchbox.pkr.hcl new file mode 100644 index 0000000..de336e7 --- /dev/null +++ b/recipes/alpine/locals.nuo-matchbox.pkr.hcl @@ -0,0 +1,176 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceNuoMatchBox = { + ConfigFiles = [ + { + destination = "/etc/dnsmasq.d/pxe.conf" + source = "dnsmasq.d/ipxe.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/dnsmasq-hosts.conf" + source = "dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl" + mode = "600" + owner = "dnsmasq" + group = "root" + }, + { + destination = "/etc/conf.d/matchbox" + source = "conf.d/matchbox.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/init.d/matchbox" + source = "init.d/matchbox.pktpl.hcl" + mode = "700" + owner = "root" + group = "root" + }, + { + destination = "/etc/network/interfaces" + source = "network/interfaces.pktpl.hcl" + mode = "700" + owner = "root" + group = "root" + }, + { + destination = "/etc/resolv.conf" + source = "resolv.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/hostname" + source = "hostname.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + AlpineEdgeCommunity = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/community" + enabled = true + } + } + Packages = { + dnsmasq = { + name = "dnsmasq" + action = "install" + } + terraform = { + name = "terraform" + action = "install" + } + git = { + name = "git" + action = "install" + } + kubectl = { + name = "kubectl" + action = "install" + } + gpg = { + name = "gpg" + action = "install" + } + vmtools = { + name = "open-vm-tools" + action = "install" + } + bash = { + name = "bash" + action = "install" + } + } + Vars = { + PXE = { + DHCPMode = "standalone" + DNSDomain = "k8s.in.nuonet.fr" + ListenInterface = "eth0" + GreetingMessage = "Nuo PXE Boot Server" + DelayTime = "5" + BootingMessage = "Booting from network the Nuo way" + DHCPRangeStart = "192.168.160.20" + DHCPRangeEnd = "192.168.160.60" + DHCPLeaseDuration = "48h" + TFTPRoot = "/var/lib/tftpboot" + } + DNSMasq = { + Hosts = [ + { + Name = "reg.k8s.in.nuonet.fr" + IP = "192.168.160.11" + } + ] + } + MatchBox = { + Hostname = "mb.k8s.in.nuonet.fr" + HTTPPort = "8080" + gRPCPort = "8081" + LogLevel = "info" + } + NIC = [ + { + Name = "eth0" + IP = "192.168.160.10" + Mask = "255.255.254.0" + Gateway = "192.168.160.1" + } + ] + DNS = [ "10.253.50.105" ] + Hosts = [ + { + Name = "harbor.k8s.in.nuonet.fr" + IP = "192.168.160.11" + } + ] + Set = { Hostname = "mb.k8s.in.nuonet.fr" } + } + Users = {} + Daemons = { + vm-tools = { + name = "open-vm-tools" + type = "auto" + enabled = true + } + matchbox = { + name = "matchbox" + type = "auto" + enabled = true + } + dnsmasq = { + name = "dnsmasq" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + NuoMatchBox = { + Name = "nuo-matchbox" + Globals = local.Globals + Services = { + NuoMatchBox = local.ServiceNuoMatchBox + } + } +} diff --git a/recipes/alpine/locals.pkr.hcl b/recipes/alpine/locals.pkr.hcl index 8a562ad..d6bd5e2 100644 --- a/recipes/alpine/locals.pkr.hcl +++ b/recipes/alpine/locals.pkr.hcl @@ -20,5 +20,11 @@ locals { installOpts = { hostname = var.name user = "eole" + disk_device = "/dev/vda" + } + installOptsVMWare = { + hostname = var.name + user = "eole" + disk_device = "/dev/sda" } } diff --git a/recipes/alpine/main.pkr.hcl b/recipes/alpine/main.pkr.hcl index b7ddac4..87e81e1 100644 --- a/recipes/alpine/main.pkr.hcl +++ b/recipes/alpine/main.pkr.hcl @@ -5,6 +5,29 @@ build { This builder builds a QEMU image from an Alpine "virt" CD ISO file. EOF + source "vmware-iso.alpine" { + output_directory = "${var.output_dir}/${var.version}/base" + vm_name = "${local.output_name}-${var.version}.img" + disk_size = 8000 + iso_url = "${local.source_iso}" + iso_checksum = "${var.iso_cd_checksum}" + http_content = { + "/ssh-packer-pub.key" = data.sshkey.install.public_key + "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare) + } + boot_command = [ + "root", + "", + "setup-interfaces", + "ifup eth0", + "mkdir -p .ssh", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", + "chmod 600 .ssh/authorized_keys", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/install.conf", + "setup-sshd -c openssh -k .ssh/authorized_keys", + ] + } + source "qemu.alpine" { output_directory = "${var.output_dir}/${var.version}/base" vm_name = "${local.output_name}-${var.version}.img" diff --git a/recipes/alpine/matchbox.pkr.hcl b/recipes/alpine/matchbox.pkr.hcl index cece909..358f8d1 100644 --- a/recipes/alpine/matchbox.pkr.hcl +++ b/recipes/alpine/matchbox.pkr.hcl @@ -92,9 +92,7 @@ EOF post-processor "shell-local" { inline = [ - "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/matchbox ${var.image_version}", - "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-matchbox -c 'Matchbox base image' --image-file ${var.output_dir}/${var.version}/provisionned/matchbox/${local.output_name}-${var.version}-matchbox.img", - "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/matchbox.xml -n ${local.output_name}-${var.version}-matchbox --image-name ${local.output_name}-${var.version}-matchbox" + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/matchbox ${var.image_version}" ] } diff --git a/recipes/alpine/nuo-harbor.pkr.hcl b/recipes/alpine/nuo-harbor.pkr.hcl new file mode 100644 index 0000000..8608da3 --- /dev/null +++ b/recipes/alpine/nuo-harbor.pkr.hcl @@ -0,0 +1,136 @@ +#Flavour ${build.name} +build { + name = "nuo-harbor" + description = <" ] + ssh_clear_authorized_keys = true + vmx_data = { + "scsi1.pcislotnumber" = "16" + "scsi1.present" = "TRUE" + "scsi1.virtualdev" = "lsilogic" + "scsi1:0.filename" = "disk-1.vmdk" + "scsi1:0.present" = "TRUE" + "scsi1:0.redo" = "" + } + vmx_data_post = { + "memsize" = "4096", + "numvcpus" = "2", + } + } + + source "source.qemu.alpine" { + output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Config.Name}" + vm_name = "${local.output_name}-${var.version}-${local.Config.Name}.img" + iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" + iso_checksum = "none" + disk_size = 81920 + disk_image = true + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + + provisioner "shell" { + script = "${local.dirs.provisionning}/tools/additionnal-disk" + environment_vars = [ + "PV_DEVICE=/dev/sdb", + "VG_NAME=data", + "LV_NAME=harbor-data", + "LV_MTP=/srv/harbor", + "LV_FS=ext4" + ] + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy static configurations to /etc + provisioner "file" { + destination = "/etc" + source = "${local.dirs.provisionning}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + // Copy Docker configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/docker/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.NuoHarbor)}" + } + + provisioner "file" { + destination = "/etc/local.d/templater.start" + source = "${local.locations.provisionning}/conf/common/templater.start" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + // Generate default configuration for the server + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "shell" { + environment_vars = [ + "HARBOR_SSL_CERT=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLCert}", + "HARBOR_SSL_KEY=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLPrivKey}", + "HARBOR_DOMAIN=${local.NuoHarbor.Services.Harbor.Vars.HarborDomain}" + ] + script = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/templater.start" + ] + } + +} + diff --git a/recipes/alpine/nuo-matchbox.pkr.hcl b/recipes/alpine/nuo-matchbox.pkr.hcl new file mode 100644 index 0000000..bc65ac8 --- /dev/null +++ b/recipes/alpine/nuo-matchbox.pkr.hcl @@ -0,0 +1,120 @@ +#Flavour nuo-matchbox +build { + name = "nuo-matchbox" + description = <" ] + ssh_clear_authorized_keys = true + } + + source "source.qemu.alpine" { + output_directory = "${var.output_dir}/${var.version}/provisionned/nuo-matchbox" + vm_name = "${local.output_name}-${var.version}-nuo-matchbox.img" + iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" + iso_checksum = "none" + disk_size = 40960 + disk_image = true + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.NuoMatchBox)}" + } + + // Copy nuo-matchbox boot provisionning script + provisioner "file" { + destination = "/etc/local.d/initmatchbox.start" + source = "${local.locations.provisionning}/conf/${build.name}/initmatchbox.start" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + provisioner "file" { + destination = "/etc/local.d/templater.start" + source = "${local.locations.provisionning}/conf/common/templater.start" + } + + // Copy tftp provisionning script + provisioner "file" { + destination = "/etc/local.d/inittftp.start" + source = "${local.locations.provisionning}/conf/${build.name}/inittftp.start" + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/${build.name}.sh'" + ] + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/initmatchbox.start", + "chmod +x /etc/local.d/templater.start", + "chmod +x /etc/local.d/inittftp.start" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/nuo-matchbox ${var.image_version}" + ] + } + +} diff --git a/recipes/alpine/plugins.pkr.hcl b/recipes/alpine/plugins.pkr.hcl index 676a4b4..889b389 100644 --- a/recipes/alpine/plugins.pkr.hcl +++ b/recipes/alpine/plugins.pkr.hcl @@ -4,6 +4,10 @@ packer { version = ">= 1.0.1" source = "github.com/ivoronin/sshkey" } + vmware = { + version = ">= 1.0.8" + source = "github.com/hashicorp/vmware" + } } } diff --git a/recipes/alpine/provisionning/alpine-3.16-install.sh b/recipes/alpine/provisionning/alpine-3.16-install.sh index 1bdc826..256fa92 100644 --- a/recipes/alpine/provisionning/alpine-3.16-install.sh +++ b/recipes/alpine/provisionning/alpine-3.16-install.sh @@ -11,5 +11,6 @@ cp -rp .ssh /mnt/root/ sync umount /mnt + echo "Rebooting the host after install" reboot -nf \ No newline at end of file diff --git a/recipes/alpine/provisionning/alpine-3.16-postinstall.sh b/recipes/alpine/provisionning/alpine-3.16-postinstall.sh index 9c3af99..181f501 100644 --- a/recipes/alpine/provisionning/alpine-3.16-postinstall.sh +++ b/recipes/alpine/provisionning/alpine-3.16-postinstall.sh @@ -1,7 +1,7 @@ #!/bin/sh set -xeo pipefail -apk add --no-cache wget curl jq haveged ca-certificates rsyslog +apk add --no-cache wget curl jq haveged ca-certificates rsyslog bash shadow rc-update add haveged boot rc-update add rsyslog boot @@ -18,4 +18,6 @@ echo -e "${pass}\n${pass}" | passwd # We don't need an access to ttyS0 sed -i 's@^\(ttyS0::respawn.*\)@#\1@' /etc/inittab +usermod --password $( echo "Cadoles;21" | openssl passwd -1 -stdin) root + sync diff --git a/recipes/alpine/provisionning/alpine-3.18-install.sh b/recipes/alpine/provisionning/alpine-3.18-install.sh new file mode 120000 index 0000000..2d4ac84 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.18-install.sh @@ -0,0 +1 @@ +alpine-3.16-install.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/alpine-3.18-postinstall.sh b/recipes/alpine/provisionning/alpine-3.18-postinstall.sh new file mode 120000 index 0000000..db37049 --- /dev/null +++ b/recipes/alpine/provisionning/alpine-3.18-postinstall.sh @@ -0,0 +1 @@ +alpine-3.16-postinstall.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/common/templater.start b/recipes/alpine/provisionning/conf/common/templater.start new file mode 100644 index 0000000..f4f253d --- /dev/null +++ b/recipes/alpine/provisionning/conf/common/templater.start @@ -0,0 +1,104 @@ +#!/usr/bin/env bash + +# +# Generate all the configuration files +# Get all the values from the VLS_DIR +# Process each template from the TPL_DIR with this values +# + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} +TPL_DIR="/usr/share/builder/templates" +VLS_DIR="/usr/share/builder/values" +CONFIG="" + +if [ -f "${ENV_FILE}" ]; then +. ${ENV_FILE} +fi + +BTR="$(command -v btr)" +if [ "${?}" -ne 0 ]; then + echo "Warning: Nothing to do the templater is not installed" + exit 0 +fi + +if [ ! -e "${TPL_DIR}" ]; then + echo "Error: The template dir is missing (${TPL_DIR})" + exit 1 +fi + +if [ ! -e "${VLS_DIR}" ]; then + echo "Error: The template dir is missing (${VLS_DIR})" + exit 1 +fi + +jsonQuery() { + local data="${1}" + local query="${2}" + echo "${data}" | jq -cr "${query}" +} + +# NAME: @jsonMerge +# AIM: Merge two json structures +# NOTES: +# The last one has de last word +# if you have the same key in A and B +# this keeps the value of the B structure. +# PARAMS: +# $1: original JSON Structure +# $2: updated JSON Structure +jsonMerge() { + local data="${1}" + local data2="${2}" + + echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]" +} + +jsonUpdateVal() { + local json="${1}" + local key="${2}" + local value="${3}" + + echo "${json}" | jq --arg a "${value}" "${key} = \$a" +} + +getValues() { + + local values="" + + for file in $(find ${VLS_DIR} -name "*.json"); do + values="${values}$(cat ${file})" + done + + if [ -n "${RAW_CONFIG}" ]; then + values="$(jsonMerge ${values} ${RAW_CONFIG})" + fi + + for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do + for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do + ukey=${key^^} + vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")" + if [ ${?} -eq 0 ]; then + for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do + uvar=${var^^} + val=$(eval echo "\$${ukey}_${uvar}") + if [ -n "${val}" ]; then + values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}") + fi + done + else + values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}") + fi + done + done + echo ${values} +} + +processTemplates() { + ${BTR} -t ${TPL_DIR} -c "${1}" +} + +VALUES=$(getValues) +file=$(mktemp) +echo "${VALUES}" > "${file}" +processTemplates "${file}" +rm -rf "${file}" diff --git a/recipes/alpine/provisionning/conf/harbor/init.d/harbor b/recipes/alpine/provisionning/conf/harbor/init.d/harbor new file mode 100755 index 0000000..86a2255 --- /dev/null +++ b/recipes/alpine/provisionning/conf/harbor/init.d/harbor @@ -0,0 +1,64 @@ +#!/sbin/openrc-run + +: ${SUBCFGDIR:=/srv} +DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"} + +SUBSVC="${SVCNAME#*.}" +[ -z "${SUBSVC}" ] && exit 1 +: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"} +DOCOCMD="/usr/bin/docker-compose" +export COMPOSE_HTTP_TIMEOUT=300 + +description="Manage docker services defined in ${SUBCFG}" +extra_commands="configtest build" +description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\"" +description_build="Run \"docker-compose -f ${SUBCFG} build\"" + +depend() { + need localmount net docker + use dns + after docker +} + +configtest() { + if ! [ -f "${SUBCFG}" ]; then + eerror "The config file ${SUBCFG} does not exist!" + return 1 + fi + if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then + einfo "config: ok" + else + eerror "config: error" + return 1 + fi +} + +build() { + configtest || return 1 + ebegin "Building dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" build + eend $? +} + +start() { + configtest || return 1 + ebegin "Starting dockerservice ${SUBSVC}" + sleep 5 + "${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS} + eend $? +} + +stop() { + ebegin "Stopping dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300 + eend $? +} + +status() { + if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then + einfo "status: started" + else + einfo "status: stopped" + return 3 + fi +} diff --git a/recipes/alpine/provisionning/conf/nuo-harbor b/recipes/alpine/provisionning/conf/nuo-harbor new file mode 120000 index 0000000..8b35999 --- /dev/null +++ b/recipes/alpine/provisionning/conf/nuo-harbor @@ -0,0 +1 @@ +harbor \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/nuo-matchbox b/recipes/alpine/provisionning/conf/nuo-matchbox new file mode 120000 index 0000000..ed5a219 --- /dev/null +++ b/recipes/alpine/provisionning/conf/nuo-matchbox @@ -0,0 +1 @@ +matchbox \ No newline at end of file diff --git a/recipes/alpine/provisionning/harbor.sh b/recipes/alpine/provisionning/harbor.sh new file mode 100644 index 0000000..35068b3 --- /dev/null +++ b/recipes/alpine/provisionning/harbor.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +HARBOR_VERSION="2.8.2" +HARBOR_SOURCE_URL="https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/" +HARBOR_INSTALLER="harbor-offline-installer-v${HARBOR_VERSION}.tgz" +HARBOR_INSTALLER_ASC="${HARBOR_INSTALLER}.asc" +export TERM=xterm + + +gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C + +cd /srv + +wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} +wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER_ASC} + +gpg -v --keyserver hkps://keyserver.ubuntu.com --verify ${HARBOR_INSTALLER}.asc +if [ $? -ne 0 ]; then + echo "Harbor sources ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} are corrupt" + exit 3 +fi + +tar xzvf ${HARBOR_INSTALLER} + +if [ ! -f ${HARBOR_SSL_CERT} ];then + mkcert -install + mkcert -cert-file ${HARBOR_SSL_CERT} -key-file ${HARBOR_SSL_KEY} ${HARBOR_DOMAIN} +fi + +cd harbor + +ln -s /etc/harbor/harbor.yml . + +service docker start +sleep 5 + +./prepare +./install.sh --with-notary --with-trivy \ No newline at end of file diff --git a/recipes/alpine/provisionning/matchbox.sh b/recipes/alpine/provisionning/matchbox.sh index d8b42c9..a57e4a5 100644 --- a/recipes/alpine/provisionning/matchbox.sh +++ b/recipes/alpine/provisionning/matchbox.sh @@ -1,12 +1,13 @@ #!/bin/sh -VERSION=0.9.1 +VERSION=0.10.0 ARCH=amd64 BIN="matchbox" FILENAME="matchbox-v${VERSION}-linux-${ARCH}.tar.gz" URL="https://github.com/poseidon/matchbox/releases/download/v${VERSION}/${FILENAME}" MATCHBOX_DIR="/var/lib/matchbox" ASSETS_DIR="${MATCHBOX_DIR}/assets/" +TFTP_DIR="/var/lib/tftpboot" MATCHBOX_USER="matchbox" FL_VERSIONS="current 3374.2.0" @@ -25,14 +26,14 @@ echo "Installing get-flatcar" cp ./scripts/get-flatcar /usr/local/bin chmod +x /usr/local/bin/get-flatcar -useradd -U "${MATCHBOX_USER}" +adduser "${MATCHBOX_USER}" mkdir -p "${ASSETS_DIR}" +mkdir -p "${TFTP_DIR}" chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${MATCHBOX_DIR}" chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${ASSETS_DIR}" - chown -R "${MATCHBOX_USER}:${MATCHBOX_USER}" "${ASSETS_DIR}" ls -lhaR ${ASSETS_DIR} cp -rp ./scripts/tls /root -exit "${?}" \ No newline at end of file +exit "${?}" diff --git a/recipes/alpine/provisionning/nuo-harbor.sh b/recipes/alpine/provisionning/nuo-harbor.sh new file mode 120000 index 0000000..9fd9a39 --- /dev/null +++ b/recipes/alpine/provisionning/nuo-harbor.sh @@ -0,0 +1 @@ +harbor.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/nuo-matchbox.sh b/recipes/alpine/provisionning/nuo-matchbox.sh new file mode 120000 index 0000000..673230a --- /dev/null +++ b/recipes/alpine/provisionning/nuo-matchbox.sh @@ -0,0 +1 @@ +matchbox.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/ssh/cadoles/pcaseiro.pub b/recipes/alpine/provisionning/ssh/cadoles/pcaseiro.pub new file mode 100644 index 0000000..9ac0828 --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cadoles/pcaseiro.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDph3zh6ojSvH44k13z9B6xj+Hargo3uzkxnYv5s5NI4yagNuBXEc3aS++KdocND+FtVfLK+iVE8qHo2bvmpMmVkqU6WU2apN7DfIP0QGLlSGeo+UOZ9hGeEDlgVO4AOnZKZ5kPGBEPZ84JXuE9CmhKfwEVCK8w3B8XQttA8alFl4A4/4F14x2w4njsSLY1H3b0qah7hgYKU5zHIGLg8Lxx+1BxGIF0l5n5m5rqAskRNaF+aYbs0CcWHv49bPK0sJJ0qPV2r2sq8BlzuZFHExnZRIxpsIXdce4Bm4rdlGi7tBmmurLk4OOtDkwvhD0LMaNJf10k6QLSmRUTVzgsYz/dmGxopbMtwwIXkwi014uSZgi8wAuznXx5I4j2TUGPZHOVf+1iw/yaxWlgTVOSoX7ZxyhDgW5cCgZZGNzU5UWe0vUuVTB+hfSMj50/Q6+Vi92/mDMbPhm4nBoVzD5DT15mB+yGyN45Ej61m0JzVUyZexfvVaffEug1/u5dnwilP0WGKr4i2OXxOXtvSdAs5rlZjvppZk6IxRCwXIcPwEFL97ZrQZAxlVS5Nh+ZnlSwTe3zfQhzHj1ao0AdCAHFPUEdoUPJhSb0OjyCvZ9XZ1KCkXhuhuN/3IUhuoWl4soNCeC3KmU/USx1wda438Exj0hM1mTyBZScDPGyD9nw78DGw== Philippe Caseiro diff --git a/recipes/alpine/provisionning/ssh/cadoles/vfebvre.pub b/recipes/alpine/provisionning/ssh/cadoles/vfebvre.pub new file mode 100644 index 0000000..648c129 --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cadoles/vfebvre.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZxr8C81Dm5Zl2AtDzTVa8hFs04aV1z8ANrXYVHnLf7gEG4c1BI9iWbm94gVCQT4IvoKR5oZxjxGnx1a7VaX6h6dt33+p/s2IJiwG+9/DykPnImw+ALTcnMcyrwOYh68jnQIOGkYzK/VaHRzrvFNuoVWIU+FqfN+sW+bLQWi9v/K5oiup83xQBze6kjMEL2PT48bJwT/dQgP5cnTTEYwcOK/Yes1Cmb+VqjAs5B3uiHDoch10fy4b4duuALozPGhgoOfTLqe9Ekbt8PdIhUzGxFCw79W7IBA9vw79tYBy4B2et8Zb9sf+sMmxPINDkouYmfSnU0PjNjida7Tii2IEWbrb/qbSkRNcyIBmpGKz6VnSIvomv4FA9dGkOLYRyvTjAM6Shy5aiGV8F7T9hMxm3zGDjiVseyPVtMdSjM2SCx95uPCH5oSrj8M1OIjC2D+w3DsmTPFvTjA1gmKEYnXfFj82DvO+wDcbb6/DF2qS6y5rNpdnPWDb57iBqKeZISQ5x+h8arV0U3yItHoi7z4Cb51V29pdBE0xgFx5DE5akuPO3RC+BP0CK242HBdb94YXQCfmoQ1dV59mvu0ObAhP4CH/efOqONHXjTG9eurQyJWUr8yYO9DI7HkQHwvYDS7xuEO9yvs7gizm22FOTcxBPc4M/KFhPfnUs7Nyfw6I0Nw== vfebvre@cadoles.com diff --git a/recipes/alpine/provisionning/ssh/cnous/nmelin.pub b/recipes/alpine/provisionning/ssh/cnous/nmelin.pub new file mode 100644 index 0000000..a4e15ee --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cnous/nmelin.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr diff --git a/recipes/alpine/provisionning/ssh/cnous/operrot.pub b/recipes/alpine/provisionning/ssh/cnous/operrot.pub new file mode 100644 index 0000000..f68677c --- /dev/null +++ b/recipes/alpine/provisionning/ssh/cnous/operrot.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr diff --git a/recipes/alpine/provisionning/tools/additionnal-disk b/recipes/alpine/provisionning/tools/additionnal-disk new file mode 100644 index 0000000..7dd4786 --- /dev/null +++ b/recipes/alpine/provisionning/tools/additionnal-disk @@ -0,0 +1,27 @@ +#!/bin/sh + +# +# Quick and dirty script to add disk space +# It creates a new PV (with the additionnal disk), +# a new VG and a new LV with 100% disk space +# The names and devices are provided with env variables: +# - PV_DEVICE : The /dev/xxx device +# - VG_NAME: The new vg name +# - LV_NAME: Then new lv name +# - LV_MTP: The mount point for the FS created on the LV +# - LV_FS: The fstype of the new FS +# +if [ -e ${PV_DEVICE} ]; then + pvcreate ${PV_DEVICE} + vgcreate ${VG_NAME} ${PV_DEVICE} + lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME} + mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME} + if [ ! -d ${LV_MTP} ]; then + mkdir -p ${LV_MTP} + fi + mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP} + echo "/dev/${VG_NAME}/${LV_NAME} ${LV_MTP} ${LV_FS} rw,relatime 0 1" >> /etc/fstab +else + echo "${PV_DEVICE} is missing" + exit 3 +fi \ No newline at end of file diff --git a/recipes/alpine/sources.pkr.hcl b/recipes/alpine/sources.pkr.hcl index 4f76ed7..bba83a3 100644 --- a/recipes/alpine/sources.pkr.hcl +++ b/recipes/alpine/sources.pkr.hcl @@ -31,3 +31,69 @@ source qemu "alpine" { boot_wait = "5s" } + +source "vmware-iso" "alpine" { + cpus = 1 + disk_type_id = 0 + memory = "${local.memory}" + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} + +source "vmware-vmx" "alpine" { + disk_type_id = 0 + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} diff --git a/recipes/alpine/templates/conf/docker/subgid.pktpl.hcl b/recipes/alpine/templates/conf/docker/subgid.pktpl.hcl new file mode 100644 index 0000000..6187cff --- /dev/null +++ b/recipes/alpine/templates/conf/docker/subgid.pktpl.hcl @@ -0,0 +1,6 @@ + +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: ${Vars.RootlessDocker} diff --git a/recipes/alpine/templates/conf/docker/subuid.pktpl.hcl b/recipes/alpine/templates/conf/docker/subuid.pktpl.hcl new file mode 100644 index 0000000..c512a70 --- /dev/null +++ b/recipes/alpine/templates/conf/docker/subuid.pktpl.hcl @@ -0,0 +1,3 @@ +%{ if Vars.RootlessDocker } +docker:231072:65536 +%{ endif } \ No newline at end of file diff --git a/recipes/alpine/templates/conf/harbor/harbor.yml.pktpl.hcl b/recipes/alpine/templates/conf/harbor/harbor.yml.pktpl.hcl new file mode 100644 index 0000000..24a94cf --- /dev/null +++ b/recipes/alpine/templates/conf/harbor/harbor.yml.pktpl.hcl @@ -0,0 +1,265 @@ +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: ${Vars.HarborDomain} + +# http related config +http: + # port for http, default is 80. If https enabled, this port will redirect to https port + port: ${Vars.HarborHTTPPort} + +# https related config +https: + # https port for harbor, default is 443 + port: ${Vars.HarborHTTPSPort} + # The path of cert and key files for nginx + certificate: ${Vars.HarborSSLCert} + private_key: ${Vars.HarborSSLPrivKey} + +# # Uncomment following will enable tls communication between all harbor components +# internal_tls: +# # set enabled to true means internal tls is enabled +# enabled: true +# # put your cert and key files on dir +# dir: /etc/harbor/tls/internal + +# Uncomment external_url if you want to enable external proxy +# And when it enabled the hostname will no longer used +# external_url: https://reg.mydomain.com:8433 + +# The initial password of Harbor admin +# It only works in first time to install harbor +# Remember Change the admin password from UI after launching Harbor. +harbor_admin_password: ${Vars.HarborAdminPassword} + +# Harbor DB configuration +database: + # The password for the root user of Harbor DB. Change this before any production use. + password: ${Vars.HarborDBPassword} + # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. + max_idle_conns: 50 + # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. + # Note: the default number of connections is 100 for postgres. + max_open_conns: 200 + +# The default data volume +data_volume: /srv/harbor/data + +# Harbor Storage settings by default is using /data dir on local filesystem +# Uncomment storage_service setting If you want to using external storage +# storage_service: +# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore +# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. +# ca_bundle: + +# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss +# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ +# filesystem: +# maxthreads: 100 +# # set disable to true when you want to disable registry redirect +# redirect: +# disabled: false + +# Trivy configuration +# +# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. +# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached +# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it +# should download a newer version from the Internet or use the cached one. Currently, the database is updated every +# 12 hours and published as a new release to GitHub. +trivy: + # ignoreUnfixed The flag to display only fixed vulnerabilities + ignore_unfixed: false + # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub + # + # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. + # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and + # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. + skip_update: false + # + # The offline_scan option prevents Trivy from sending API requests to identify dependencies. + # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. + # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't + # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode. + # It would work if all the dependencies are in local. + # This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment. + offline_scan: false + # + # insecure The flag to skip verifying registry certificate + insecure: false + # github_token The GitHub access token to download Trivy DB + # + # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough + # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 + # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult + # https://developer.github.com/v3/#rate-limiting + # + # You can create a GitHub token by following the instructions in + # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line + # + # github_token: xxx + +jobservice: + # Maximum number of job workers in job service + max_job_workers: 10 + logger_sweeper_duration: 300 + +notification: + # Maximum retry count for webhook job + webhook_job_max_retry: 10 + webhook_job_http_client_timeout: 300 + +chart: + # Change the value of absolute_url to enabled can enable absolute url in chart + absolute_url: disabled + +# Log configurations +log: + # options are debug, info, warning, error, fatal + level: info + # configs for logs in local storage + local: + # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. + rotate_count: 50 + # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. + # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G + # are all valid. + rotate_size: 200M + # The directory on your host that store log + location: /var/log/harbor + + # Uncomment following lines to enable external syslog endpoint. + # external_endpoint: + # # protocol used to transmit log to external endpoint, options is tcp or udp + # protocol: tcp + # # The host of external endpoint + # host: localhost + # # Port of external endpoint + # port: 5140 + +#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! +_version: 2.6.0 + +# Uncomment external_database if using external database. +# external_database: +# harbor: +# host: harbor_db_host +# port: harbor_db_port +# db_name: harbor_db_name +# username: harbor_db_username +# password: harbor_db_password +# ssl_mode: disable +# max_idle_conns: 2 +# max_open_conns: 0 +# notary_signer: +# host: notary_signer_db_host +# port: notary_signer_db_port +# db_name: notary_signer_db_name +# username: notary_signer_db_username +# password: notary_signer_db_password +# ssl_mode: disable +# notary_server: +# host: notary_server_db_host +# port: notary_server_db_port +# db_name: notary_server_db_name +# username: notary_server_db_username +# password: notary_server_db_password +# ssl_mode: disable + +# Uncomment external_redis if using external Redis server +# external_redis: +# # support redis, redis+sentinel +# # host for redis: : +# # host for redis+sentinel: +# # :,:,: +# host: redis:6379 +# password: +# # sentinel_master_set must be set to support redis+sentinel +# #sentinel_master_set: +# # db_index 0 is for core, it's unchangeable +# registry_db_index: 1 +# jobservice_db_index: 2 +# chartmuseum_db_index: 3 +# trivy_db_index: 5 +# idle_timeout_seconds: 30 + +# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. +# uaa: +# ca_file: /path/to/ca + +# Global proxy +# Config http proxy for components, e.g. http://my.proxy.com:3128 +# Components doesn't need to connect to each others via http proxy. +# Remove component from `components` array if want disable proxy +# for it. If you want use proxy for replication, MUST enable proxy +# for core and jobservice, and set `http_proxy` and `https_proxy`. +# Add domain to the `no_proxy` field, when you want disable proxy +# for some special registry. +proxy: + http_proxy: + https_proxy: + no_proxy: + components: + - core + - jobservice + - notary + - trivy + +metric: + enabled: false + port: 9090 + path: /metrics + +# Trace related config +# only can enable one trace provider(jaeger or otel) at the same time, +# and when using jaeger as provider, can only enable it with agent mode or collector mode. +# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed +# if using jaeger agetn mode uncomment agent_host and agent_port +# trace: +# enabled: true +# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth +# sample_rate: 1 +# # # namespace used to differenciate different harbor services +# # namespace: +# # # attributes is a key value dict contains user defined attributes used to initialize trace provider +# # attributes: +# # application: harbor +# # # jaeger should be 1.26 or newer. +# # jaeger: +# # endpoint: http://hostname:14268/api/traces +# # username: +# # password: +# # agent_host: hostname +# # # export trace data by jaeger.thrift in compact mode +# # agent_port: 6831 +# # otel: +# # endpoint: hostname:4318 +# # url_path: /v1/traces +# # compression: false +# # insecure: true +# # timeout: 10s + +# enable purge _upload directories +upload_purging: + enabled: true + # remove files in _upload directories which exist for a period of time, default is one week. + age: 168h + # the interval of the purge operations + interval: 24h + dryrun: false + +# cache layer configurations +# If this feature enabled, harbor will cache the resource +# `project/project_metadata/repository/artifact/manifest` in the redis +# which can especially help to improve the performance of high concurrent +# manifest pulling. +# NOTICE +# If you are deploying Harbor in HA mode, make sure that all the harbor +# instances have the same behaviour, all with caching enabled or disabled, +# otherwise it can lead to potential data inconsistency. +cache: + # not enabled by default + enabled: false + # keep cache for one day by default + expire_hours: 24 diff --git a/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl b/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl index 1ba7461..33d05d0 100644 --- a/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl +++ b/recipes/alpine/templates/conf/install/awnsers.pktpl.hcl @@ -37,7 +37,7 @@ SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys" NTPOPTS="-c openntpd" # Use /dev/sda as a data disk -DISKOPTS="-L -m sys /dev/vda" +DISKOPTS="-L -m sys ${disk_device}" USEROPTS="-a -g 'netdev' ${user}" diff --git a/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl index d99d357..489b338 100644 --- a/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl +++ b/recipes/alpine/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -1,4 +1,4 @@ -${Vars.ETH0.IP} ${Vars.Set.Hostname} +${Vars.NIC[0].IP} ${Vars.Set.Hostname} %{ if Vars.MatchBox.Hostname != "" } -${Vars.ETH0.IP} ${Vars.MatchBox.Hostname} +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} %{ endif } \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-harbor b/recipes/alpine/templates/conf/nuo-harbor new file mode 120000 index 0000000..8b35999 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-harbor @@ -0,0 +1 @@ +harbor \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl new file mode 100644 index 0000000..b8432f0 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl @@ -0,0 +1 @@ +command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl new file mode 100644 index 0000000..0809dc3 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -0,0 +1,7 @@ +${Vars.NIC[0].IP} ${Vars.Set.Hostname} +%{ if Vars.MatchBox.Hostname != "" } +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} +%{ endif } +%{ for host in Vars.DNSMasq.Hosts } +${host.IP} ${host.Name} +%{ endfor } \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl new file mode 100644 index 0000000..afbef7f --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl @@ -0,0 +1,60 @@ +log-queries +log-dhcp + +#port=0 +listen-address=0.0.0.0 +interface=${Vars.PXE.ListenInterface} +no-resolv +domain-needed +bogus-priv +expand-hosts +server=${Vars.DNS[0]} +strict-order +addn-hosts=/etc/dnsmasq-hosts.conf +domain=${Vars.PXE.DNSDomain} +local=/${Vars.PXE.DNSDomain}/ +localise-queries + + +%{ if Vars.PXE.DHCPMode == "proxy" } +#dhcp-no-override +dhcp-range=${Vars.NIC[0].IP},proxy +%{ else } +dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} +dhcp-option=option:router,${Vars.NIC[0].Gateway} +%{ endif } + +dhcp-option=option:dns-server,${Vars.NIC[0].IP} +dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} + +# TFTP Configuration +enable-tftp +tftp-root="${Vars.PXE.TFTPRoot}" + +pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} + +# Based on logic in https://gist.github.com/robinsmidsrod/4008017 +# iPXE sends a 175 option, checking suboptions +dhcp-match=set:ipxe-http,175,19 +dhcp-match=set:ipxe-https,175,20 +dhcp-match=set:ipxe-menu,175,39 +# pcbios specific +dhcp-match=set:ipxe-pxe,175,33 +dhcp-match=set:ipxe-bzimage,175,24 +dhcp-match=set:ipxe-iscsi,175,17 +# efi specific +dhcp-match=set:ipxe-efi,175,36 +# combination +# set ipxe-ok tag if we have correct combination +# http && menu && iscsi ((pxe && bzimage) || efi) +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi + + +## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) +pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe +pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi +pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP} diff --git a/recipes/alpine/templates/conf/nuo-matchbox/hostname.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/hostname.pktpl.hcl new file mode 100644 index 0000000..f9a48de --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/hostname.pktpl.hcl @@ -0,0 +1 @@ +${Vars.Set.Hostname} \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl new file mode 100644 index 0000000..2128aa2 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/$RC_SVCNAME" +command_user="$RC_SVCNAME" +pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" +start_stop_daemon_args="--start -b" +command_args="$command_args" +command_background="yes" + +depend() { + need net +} + +start_pre() { + checkpath --directory --owner $command_user:$command_user --mode 0775 \ + /run/$RC_SVCNAME /var/log/$RC_SVCNAME + if [ ! -f "/etc/matchbox/server.crt" ]; then + cd /root/tls + export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}" + ./cert-gen + mkdir -p /etc/matchbox + cp ca.crt server.crt server.key /etc/matchbox + chown -R matchbox:matchbox /etc/matchbox + mkdir -p /root/.matchbox + cp client.crt client.key ca.crt /root/.matchbox/ + fi +} \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl new file mode 100644 index 0000000..ab21faa --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl @@ -0,0 +1,9 @@ + +%{ for iface in Vars.NIC } +auto ${iface.Name} + +iface ${iface.Name} inet static + address ${iface.IP} + netmask ${iface.Mask} + gateway ${iface.Gateway} +%{ endfor ~} \ No newline at end of file diff --git a/recipes/alpine/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl b/recipes/alpine/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl new file mode 100644 index 0000000..9a677a5 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl @@ -0,0 +1,4 @@ + +%{ for dns in Vars.DNS } +nameserver ${dns} +%{ endfor ~} \ No newline at end of file -- 2.17.1 From c7bb64c67150f1ff113545a2edfdb26b5a1113f9 Mon Sep 17 00:00:00 2001 From: vfebvre Date: Thu, 28 Sep 2023 16:34:53 +0200 Subject: [PATCH 3/8] debian recipe --- recipes/debian/11.pkrvars.hcl | 16 ++ recipes/debian/locals.builder.pkr.hcl | 6 + recipes/debian/locals.globals.pkr.hcl | 7 + recipes/debian/locals.pkr.hcl | 33 +++ recipes/debian/main.pkr.hcl | 62 ++++ recipes/debian/plugins.pkr.hcl | 20 ++ recipes/debian/post-processor/sparsify.sh | 31 ++ .../provisionning/conf/common/templater.start | 104 +++++++ .../provisionning/conf/harbor/init.d/harbor | 64 +++++ .../conf/kubernetes/initkubernetes.start | 181 ++++++++++++ .../conf/kubernetes/sharemetrics.start | 3 + .../conf/matchbox/initmatchbox.start | 25 ++ .../conf/matchbox/inittftp.start | 10 + recipes/debian/provisionning/conf/nuo-harbor | 1 + .../debian/provisionning/conf/nuo-matchbox | 1 + .../conf/one-context/net-90-jenkins-slave | 13 + .../conf/one-context/net-96-gitlab-register | 31 ++ .../conf/one-context/net-96-templater | 80 ++++++ .../conf/one-context/net-97-k3s | 21 ++ .../provisionning/debian/cloud-init/meta-data | 3 + .../provisionning/debian/debian-11-install.sh | 9 + .../provisionning/debian/http/preseed.cfg | 107 +++++++ recipes/debian/provisionning/letsencrypt.sh | 26 ++ recipes/debian/provisionning/one-context.sh | 12 + .../one-context/net-96-templater | 102 +++++++ .../provisionning/one-context/net-97-k3s | 21 ++ .../provisionning/ssh/cadoles/pcaseiro.pub | 1 + .../provisionning/ssh/cadoles/vfebvre.pub | 1 + .../debian/provisionning/ssh/cnous/nmelin.pub | 1 + .../provisionning/ssh/cnous/operrot.pub | 1 + .../debian/provisionning/templater-install.sh | 23 ++ .../provisionning/tools/additionnal-disk | 27 ++ recipes/debian/sources.pkr.hcl | 102 +++++++ .../templates/conf/cloud-init/user-data | 12 + recipes/debian/templates/conf/conf.d/chronyd | 6 + .../templates/conf/docker/subgid.pktpl.hcl | 6 + .../templates/conf/docker/subuid.pktpl.hcl | 3 + .../conf/harbor/harbor.yml.pktpl.hcl | 265 ++++++++++++++++++ .../templates/conf/install/awnsers.pktpl.hcl | 47 ++++ .../templates/conf/k3s/k3s.conf.pkr.hcl | 8 + .../debian/templates/conf/kubernetes/.flag | 0 .../matchbox/conf.d/matchbox.conf.pktpl.hcl | 1 + .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 4 + .../matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ++++ .../conf/matchbox/init.d/matchbox.pktpl.hcl | 28 ++ recipes/debian/templates/conf/nuo-harbor | 1 + .../conf.d/matchbox.conf.pktpl.hcl | 1 + .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 7 + .../dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ++++ .../conf/nuo-matchbox/hostname.pktpl.hcl | 1 + .../nuo-matchbox/init.d/matchbox.pktpl.hcl | 28 ++ .../nuo-matchbox/network/interfaces.pktpl.hcl | 9 + .../conf/nuo-matchbox/resolv.conf.pktpl.hcl | 4 + recipes/debian/templates/one/image/common.tpl | 7 + .../one/service/kubernetes-cluster.json | 48 ++++ recipes/debian/templates/one/vm/common.xml | 33 +++ recipes/debian/templates/one/vm/k3s.xml | 32 +++ .../debian/templates/one/vm/kubeleader.xml | 35 +++ .../debian/templates/one/vm/kubemaster.xml | 42 +++ .../debian/templates/one/vm/kubeworker.xml | 42 +++ recipes/debian/templates/one/vm/matchbox.xml | 47 ++++ recipes/debian/variables.pkr.hcl | 59 ++++ 62 files changed, 2041 insertions(+) create mode 100644 recipes/debian/11.pkrvars.hcl create mode 100644 recipes/debian/locals.builder.pkr.hcl create mode 100644 recipes/debian/locals.globals.pkr.hcl create mode 100644 recipes/debian/locals.pkr.hcl create mode 100644 recipes/debian/main.pkr.hcl create mode 100644 recipes/debian/plugins.pkr.hcl create mode 100755 recipes/debian/post-processor/sparsify.sh create mode 100644 recipes/debian/provisionning/conf/common/templater.start create mode 100755 recipes/debian/provisionning/conf/harbor/init.d/harbor create mode 100644 recipes/debian/provisionning/conf/kubernetes/initkubernetes.start create mode 100644 recipes/debian/provisionning/conf/kubernetes/sharemetrics.start create mode 100644 recipes/debian/provisionning/conf/matchbox/initmatchbox.start create mode 100644 recipes/debian/provisionning/conf/matchbox/inittftp.start create mode 120000 recipes/debian/provisionning/conf/nuo-harbor create mode 120000 recipes/debian/provisionning/conf/nuo-matchbox create mode 100644 recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave create mode 100644 recipes/debian/provisionning/conf/one-context/net-96-gitlab-register create mode 100644 recipes/debian/provisionning/conf/one-context/net-96-templater create mode 100644 recipes/debian/provisionning/conf/one-context/net-97-k3s create mode 100644 recipes/debian/provisionning/debian/cloud-init/meta-data create mode 100644 recipes/debian/provisionning/debian/debian-11-install.sh create mode 100644 recipes/debian/provisionning/debian/http/preseed.cfg create mode 100644 recipes/debian/provisionning/letsencrypt.sh create mode 100644 recipes/debian/provisionning/one-context.sh create mode 100644 recipes/debian/provisionning/one-context/net-96-templater create mode 100644 recipes/debian/provisionning/one-context/net-97-k3s create mode 100644 recipes/debian/provisionning/ssh/cadoles/pcaseiro.pub create mode 100644 recipes/debian/provisionning/ssh/cadoles/vfebvre.pub create mode 100644 recipes/debian/provisionning/ssh/cnous/nmelin.pub create mode 100644 recipes/debian/provisionning/ssh/cnous/operrot.pub create mode 100644 recipes/debian/provisionning/templater-install.sh create mode 100644 recipes/debian/provisionning/tools/additionnal-disk create mode 100644 recipes/debian/sources.pkr.hcl create mode 100644 recipes/debian/templates/conf/cloud-init/user-data create mode 100644 recipes/debian/templates/conf/conf.d/chronyd create mode 100644 recipes/debian/templates/conf/docker/subgid.pktpl.hcl create mode 100644 recipes/debian/templates/conf/docker/subuid.pktpl.hcl create mode 100644 recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl create mode 100644 recipes/debian/templates/conf/install/awnsers.pktpl.hcl create mode 100644 recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl create mode 100644 recipes/debian/templates/conf/kubernetes/.flag create mode 100644 recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl create mode 100644 recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl create mode 100644 recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl create mode 100644 recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl create mode 120000 recipes/debian/templates/conf/nuo-harbor create mode 100644 recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl create mode 100644 recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl create mode 100644 recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl create mode 100644 recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl create mode 100644 recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl create mode 100644 recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl create mode 100644 recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl create mode 100644 recipes/debian/templates/one/image/common.tpl create mode 100644 recipes/debian/templates/one/service/kubernetes-cluster.json create mode 100644 recipes/debian/templates/one/vm/common.xml create mode 100644 recipes/debian/templates/one/vm/k3s.xml create mode 100644 recipes/debian/templates/one/vm/kubeleader.xml create mode 100644 recipes/debian/templates/one/vm/kubemaster.xml create mode 100644 recipes/debian/templates/one/vm/kubeworker.xml create mode 100644 recipes/debian/templates/one/vm/matchbox.xml create mode 100644 recipes/debian/variables.pkr.hcl diff --git a/recipes/debian/11.pkrvars.hcl b/recipes/debian/11.pkrvars.hcl new file mode 100644 index 0000000..b0a6e6f --- /dev/null +++ b/recipes/debian/11.pkrvars.hcl @@ -0,0 +1,16 @@ +name = "debian" +version = "11" +short_version = "11" +code_name = "bullseye" +arch = "amd64" +source_url = "https://cloud.debian.org/images/cloud/bullseye/latest" +iso_cd_checksum = "9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741" +image_dir_name= "latest" +boot_command = [ "" ] +# "", +# "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg", +# "", +# "mkdir -p .ssh", +# "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", +# "chmod 600 .ssh/authorized_keys", +#] diff --git a/recipes/debian/locals.builder.pkr.hcl b/recipes/debian/locals.builder.pkr.hcl new file mode 100644 index 0000000..9614d0e --- /dev/null +++ b/recipes/debian/locals.builder.pkr.hcl @@ -0,0 +1,6 @@ + locals { + builder_config = { + TemplateDir = "/usr/share/builder/templates" + ValueDir = "/usr/share/builder/values" + } + } \ No newline at end of file diff --git a/recipes/debian/locals.globals.pkr.hcl b/recipes/debian/locals.globals.pkr.hcl new file mode 100644 index 0000000..f940e19 --- /dev/null +++ b/recipes/debian/locals.globals.pkr.hcl @@ -0,0 +1,7 @@ +locals { + Globals = { + Vars = { + PrometheusPort = "9090" + } + } +} \ No newline at end of file diff --git a/recipes/debian/locals.pkr.hcl b/recipes/debian/locals.pkr.hcl new file mode 100644 index 0000000..0d290d3 --- /dev/null +++ b/recipes/debian/locals.pkr.hcl @@ -0,0 +1,33 @@ +# "timestamp" template function replacement +locals { + locations = { + recipes = "${path.cwd}/recipes/${var.name}" + templates = "${path.cwd}/recipes/${var.name}/templates" + provisionning = "${path.cwd}/recipes/${var.name}/provisionning" + post-processors = "${path.cwd}/recipes/${var.name}/post-processor" + tools = "${path.cwd}/tools" + } + dirs = local.locations + timestamp = regex_replace(timestamp(), "[- TZ:]", "") + output_name = "${var.name}" + source_checksum_url = "file:${var.source_url}/SHA512SUMS" + source_iso = "${var.source_url}/debian-${var.version}-generic-${var.arch}.qcow2" + source_checksum = "${var.iso_cd_checksum}" + ssh_user = "root" + ssh_password = "PbkRc1vup7Wq5n4r" + disk_size = 8000 + memory = 512 + instance_data = { + "instance-id": "${var.name}" + } + installOpts = { + hostname = var.name + user = "eole" + disk_device = "/dev/vda" + } + installOptsVMWare = { + hostname = var.name + user = "eole" + disk_device = "/dev/sda" + } +} diff --git a/recipes/debian/main.pkr.hcl b/recipes/debian/main.pkr.hcl new file mode 100644 index 0000000..89271fc --- /dev/null +++ b/recipes/debian/main.pkr.hcl @@ -0,0 +1,62 @@ +#Flavour base +build { + name = "base" + description = < "${file}" +processTemplates "${file}" +rm -rf "${file}" diff --git a/recipes/debian/provisionning/conf/harbor/init.d/harbor b/recipes/debian/provisionning/conf/harbor/init.d/harbor new file mode 100755 index 0000000..86a2255 --- /dev/null +++ b/recipes/debian/provisionning/conf/harbor/init.d/harbor @@ -0,0 +1,64 @@ +#!/sbin/openrc-run + +: ${SUBCFGDIR:=/srv} +DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"} + +SUBSVC="${SVCNAME#*.}" +[ -z "${SUBSVC}" ] && exit 1 +: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"} +DOCOCMD="/usr/bin/docker-compose" +export COMPOSE_HTTP_TIMEOUT=300 + +description="Manage docker services defined in ${SUBCFG}" +extra_commands="configtest build" +description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\"" +description_build="Run \"docker-compose -f ${SUBCFG} build\"" + +depend() { + need localmount net docker + use dns + after docker +} + +configtest() { + if ! [ -f "${SUBCFG}" ]; then + eerror "The config file ${SUBCFG} does not exist!" + return 1 + fi + if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then + einfo "config: ok" + else + eerror "config: error" + return 1 + fi +} + +build() { + configtest || return 1 + ebegin "Building dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" build + eend $? +} + +start() { + configtest || return 1 + ebegin "Starting dockerservice ${SUBSVC}" + sleep 5 + "${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS} + eend $? +} + +stop() { + ebegin "Stopping dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300 + eend $? +} + +status() { + if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then + einfo "status: started" + else + einfo "status: stopped" + return 3 + fi +} diff --git a/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start b/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start new file mode 100644 index 0000000..a0e0748 --- /dev/null +++ b/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start @@ -0,0 +1,181 @@ +#!/bin/sh + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} +LOG_FILE="/var/log/initkubernets.log" +FIRST_BOOT="/var/run/firstboot.flag" + +infoLog() { + echo "Info: $@" | tee -a ${LOG_FILE} +} + +errorLog() { + echo "Error: $@" | tee -a ${LOG_FILE} +} + +waitReadyState() { + local vmID="${1}" + local timeout="${2}" + + local tick=0 + while true ;do + local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY") + if [ "${ready}" = "YES" ];then + return 0 + elif [ "${timeout}" -eq "${tick}" ];then + return ${timeout} + else + sleep 1 + tick=$((tick+1)) + fi + done +} + +returnToken() { + infoLog "Returning tokens" + local caSecretKey="${1}" + local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1) + local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}') + local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf) + + if [ -n "${ONEGATE_ENDPOINT}" ];then + infoLog "Onegate detected" + data="READY=YES" + data="${data} MASTER_ADDR=${masterAddr}" + data="${data} MASTER_TOKEN=${kubeToken}" + data="${data} MASTER_CA_TOKEN=sha256:${caToken}" + data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}" + onegate vm update --data "${data}" + infoLog "Onegate data seted" + else + infoLog "Onegate is not present" + echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token + infoLog "Tokens are available at /root/kube.token" + fi +} + +joinCluster() { + local master="${MASTER_ADDR}" + local token="${MASTER_TOKEN}" + local caToken="${MASTER_CA_TOKEN}" + local caSecretKey="${MASTER_CA_SECRET_KEY}" + local sname="${SERVICE_NAME}" + + if [ -n "${ONEGATE_ENDPOINT}" ];then + local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id') + if [ "${?}" -eq 0 ]; then + waitReadyState ${masterID} 600 + if [ "${?}" -ne 0 ];then + errorLog "Master node is node ready after 600s" + return 3 + fi + local masterInfo=$(onegate vm show ${masterID} --json | \ + jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP") + master=$(echo ${masterInfo} | cut -d " " -f 1) + token=$(echo ${masterInfo} | cut -d " " -f 2) + caToken=$(echo ${masterInfo} | cut -d " " -f 3) + caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4) + masterIP=$(echo ${masterInfo} | cut -d " " -f 5) + sname=$(onegate service show --json | jq -cr ".SERVICE.name") + fi + + # Setting dns resolution for cluster + echo "${masterIP} ${sname}" >> /etc/hosts + onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts + fi + if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then + opts="--node-name $(hostname -f)" + opts="${opts} --token ${token}" + opts="${opts} --discovery-token-ca-cert-hash ${caToken}" + if [ -n "${1}" ];then + opts="${opts} --control-plane" + opts="${opts} --certificate-key ${caSecretKey}" + fi + opts="${opts} ${master}" + + kubeadm join ${opts} | tee -a "${LOG_FILE}" + else + errorLog "Something is missing, can't join the cluster:" + errorLog " Master addr: [${master}]" + errorLog " Master token: [${token}]" + errorLog " Master CA token: [${caToken}]" + return 3 + fi +} + +getServiceName() { + local sname=$(onegate service show --json | jq -cr ".SERVICE.name") + local tmout=30 + local tick=0 + while true ;do + if [ -z "${sname}" ];then + sname=$(onegate service show --json | jq -cr ".SERVICE.name") + else + echo ${sname} + return 0 + fi + sleep 1 + tick=$((tick+1)) + if [ ${tmout} -eq ${tick} ];then + hostname -f + return 3 + fi + done +} + +initLeader() { + sname="$(hostname -f)" + + if [ -n "${ONEGATE_ENDPOINT}" ];then + sname=$(getServiceName) + sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP") + echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts + onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts + fi + + caSecretKey=$(date | sha256sum | awk '{print $1}') + + infoLog "Kubernetes init started" + kubeadm init --pod-network-cidr=10.244.0.0/16 \ + --node-name="${SET_HOSTNAME}" \ + --control-plane-endpoint "${sname}:6443" \ + --upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}" + infoLog "Kubernetes init ended" + + infoLog "Configuring kubectl" + mkdir /root/.kube + ln -s /etc/kubernetes/admin.conf /root/.kube/config + infoLog "kubectl configured" + + infoLog "Installing cilium" + sleep 20 + kubectl config view --minify -o jsonpath='{.clusters[].name}' + sleep 20 + cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}" + infoLog "Cilium is installed" + + returnToken "${caSecretKey}" +} + +initKube() { + if [ "${SERVER_ROLE}" == "leader" ];then + initLeader + elif [ "${SERVER_ROLE}" == "worker" ];then + joinCluster + elif [ "${SERVER_ROLE}" == "master" ];then + joinCluster "${SERVER_ROLE}" + fi + touch ${FIRST_BOOT} + infoLog "Kubernetes cluster init is finished" +} + +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +if [ -f "${FIRST_BOOT}" ];then + exit 0 +else + uuidgen > /etc/machine-id + swapoff -a # Make sure swap is disabled + initKube & +fi \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start b/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start new file mode 100644 index 0000000..6876caf --- /dev/null +++ b/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start @@ -0,0 +1,3 @@ +#!/bin/sh + +mount --make-rshared / \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/matchbox/initmatchbox.start b/recipes/debian/provisionning/conf/matchbox/initmatchbox.start new file mode 100644 index 0000000..9180b96 --- /dev/null +++ b/recipes/debian/provisionning/conf/matchbox/initmatchbox.start @@ -0,0 +1,25 @@ +#!/bin/sh + +FL_VERSIONS="current 3374.2.0" +MATCHBOX_DIR="/var/lib/matchbox" +ASSETS_DIR="${MATCHBOX_DIR}/assets/" + +GPG_FNAME="Flatcar_Image_Signing_Key.asc" +GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/" + +cd /tmp +curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME} +gpg --import --keyid-format LONG ${GPG_FNAME} +cd - + +echo "Provisionning matchbox with flatcar images" +tout=30 +for version in ${FL_VERSIONS}; do + for i in $(seq 1 ${tout});do + echo " * ${FL_VERSIONS} stable image (try ${i})" + /usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR} + if [[ "${?}" -eq 0 ]]; then + break + fi + done +done diff --git a/recipes/debian/provisionning/conf/matchbox/inittftp.start b/recipes/debian/provisionning/conf/matchbox/inittftp.start new file mode 100644 index 0000000..e076de9 --- /dev/null +++ b/recipes/debian/provisionning/conf/matchbox/inittftp.start @@ -0,0 +1,10 @@ +#!/bin/sh + +dest="${1}" + +ipxeEFISource="http://boot.ipxe.org/ipxe.efi" +kpxeSource="http://boot.ipxe.org/undionly.kpxe" + +cd "${dest}" +wget "${ipxeEFISource}" +wget "${kpxeSource}" \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/nuo-harbor b/recipes/debian/provisionning/conf/nuo-harbor new file mode 120000 index 0000000..8b35999 --- /dev/null +++ b/recipes/debian/provisionning/conf/nuo-harbor @@ -0,0 +1 @@ +harbor \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/nuo-matchbox b/recipes/debian/provisionning/conf/nuo-matchbox new file mode 120000 index 0000000..ed5a219 --- /dev/null +++ b/recipes/debian/provisionning/conf/nuo-matchbox @@ -0,0 +1 @@ +matchbox \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave b/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave new file mode 100644 index 0000000..2540f0e --- /dev/null +++ b/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave @@ -0,0 +1,13 @@ +#!/bin/sh + +CONF="/etc/conf.d/jenkins-slave" +if [ -e "/etc/jenkins-slave.conf" ]; then + CONF="/etc/jenkins-slave.conf" +fi + +TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }') +sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}" +sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}" +sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}" +sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}" +sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}" diff --git a/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register b/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register new file mode 100644 index 0000000..821d654 --- /dev/null +++ b/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} + +# $TOKENTXT is available only through the env. file +# shellcheck disable=SC1090 +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +### + +if [ -n "${GITLAB_URL}" ]; then + if command -v gitlab-runner; then + if [ -n "${GITLAB_SHELL}" ]; then + opts="--shell=${GITLAB_SHELL}" + fi + # shellcheck disable=SC2086 + gitlab-runner register \ + --non-interactive \ + --url="${GITLAB_URL}" \ + --registration-token="${GITLAB_TOKEN}" \ + --executor="${GITLAB_EXECUTOR}" \ + --description="${GITLAB_RUNNER_NAME}" \ + --tag-list="${GITLAB_TAG_LIST}" \ + --locked=false \ + --access-level=not_protected \ + --run-untagged=false \ + "${opts}" + fi +fi diff --git a/recipes/debian/provisionning/conf/one-context/net-96-templater b/recipes/debian/provisionning/conf/one-context/net-96-templater new file mode 100644 index 0000000..f3f9257 --- /dev/null +++ b/recipes/debian/provisionning/conf/one-context/net-96-templater @@ -0,0 +1,80 @@ +#!/usr/bin/env bash + +# +# Generate all the configuration files +# Get all the values from the VLS_DIR +# Process each template from the TPL_DIR with this values +# + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} +TPL_DIR="/usr/share/builder/templates" +VLS_DIR="/usr/share/builder/values" +CONFIG="" + +. ${ENV_FILE} + +BTR="$(command -v btr)" +if [ "${?}" -ne 0 ]; then + echo "Warning: Nothing to do the templater is not installed" + exit 0 +fi + +if [ ! -e "${TPL_DIR}" ]; then + echo "Error: The template dir is missing (${TPL_DIR})" + exit 1 +fi + +if [ ! -e "${VLS_DIR}" ]; then + echo "Error: The template dir is missing (${VLS_DIR})" + exit 1 +fi + +jsonQuery() { + local data="${1}" + local query="${2}" + echo "${data}" | jq -cr "${query}" +} + +# NAME: @jsonMerge +# AIM: Merge two json structures +# NOTES: +# The last one has de last word +# if you have the same key in A and B +# this keeps the value of the B structure. +# PARAMS: +# $1: original JSON Structure +# $2: updated JSON Structure +jsonMerge() { + local data="${1}" + local data2="${2}" + + echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]" +} + +getValues() { + + local values="" + + for file in $(find ${VLS_DIR} -name "*.json"); do + values="${values}$(cat ${file})" + done + + if [ -n "${RAW_CONFIG}" ]; then + values="$(jsonMerge ${values} ${RAW_CONFIG})" + fi + + for key in $(echo ${values} | jq -cr '.|keys[]'); do + ukey=${key^^} + if [ -n "${!ukey}" ]; then + values="$(jsonMerge "${values}" "{\"${key}\":\"${!ukey}\"}")" + fi + done + echo ${values} +} + +processTemplates() { + ${BTR} -t ${TPL_DIR} -c "${1}" +} +VALUES=$(getValues) +echo ${VALUES} +processTemplates "${VALUES}" diff --git a/recipes/debian/provisionning/conf/one-context/net-97-k3s b/recipes/debian/provisionning/conf/one-context/net-97-k3s new file mode 100644 index 0000000..77bd98a --- /dev/null +++ b/recipes/debian/provisionning/conf/one-context/net-97-k3s @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} + +# $TOKENTXT is available only through the env. file +# shellcheck disable=SC1090 +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +### + +if [ -n "${K3S_ROLE}" ]; then + if [ "${K3S_ROLE}" = "server" ]; then + rc-update add dnsmasq default + service dnsmasq start + + rc-update add k3s default + service k3s start + fi +fi diff --git a/recipes/debian/provisionning/debian/cloud-init/meta-data b/recipes/debian/provisionning/debian/cloud-init/meta-data new file mode 100644 index 0000000..58ef52e --- /dev/null +++ b/recipes/debian/provisionning/debian/cloud-init/meta-data @@ -0,0 +1,3 @@ +{ +"instance-id": "iid-local01" +} diff --git a/recipes/debian/provisionning/debian/debian-11-install.sh b/recipes/debian/provisionning/debian/debian-11-install.sh new file mode 100644 index 0000000..695b527 --- /dev/null +++ b/recipes/debian/provisionning/debian/debian-11-install.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +echo "${1}" >/etc/hostname + +apt-get update +apt-get -y dist-upgrade +apt-get install wget curl -y + +touch /etc/cloud/cloud-init.disabled \ No newline at end of file diff --git a/recipes/debian/provisionning/debian/http/preseed.cfg b/recipes/debian/provisionning/debian/http/preseed.cfg new file mode 100644 index 0000000..88788c9 --- /dev/null +++ b/recipes/debian/provisionning/debian/http/preseed.cfg @@ -0,0 +1,107 @@ +# To see all available options execute this command once the install is done: +# sudo less /var/log/installer/cdebconf/questions.dat +# If you need information about an option use the command below (example for keymap): +# grep -A 4 "keyboard-configuration/xkb-keymap" /var/log/installer/cdebconf/templates.dat + +# Use network mirror for package installation +# d-i apt-setup/use_mirror boolean true + +# Automatic installation +d-i auto-install/enable boolean true + +# "linux-server" is substituted by "linux-image-amd64" +# Possible options : "linux-image-amd64"(default) or "linux-image-rt-amd64" +d-i base-installer/kernel/override-image string linux-server + +# Configure hardware clock +d-i clock-setup/utc boolean true +d-i clock-setup/utc-auto boolean true + +d-i netcfg/choose_interface select auto +d-i netcfg/use_dhcp boolean true + +# d-i console-setup/ask_detect boolean false + +# d-i debconf/frontend select noninteractive + +# Set OS locale +d-i debian-installer/language string fr +d-i debian-installer/country string FR +d-i debian-installer/locale string fr_FR.UTF-8 + +# d-i debian-installer/framebuffer boolean false + +# Reboot once the install is done +d-i finish-install/reboot_in_progress note + +# Bootloader options +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i grub-installer/bootdev string /dev/vda + +# Set the keyboard layout +d-i keyboard-configuration/xkb-keymap select fr + +# Mirror from which packages will be downloaded +d-i mirror/country string manual +d-i mirror/http/directory string /debian +d-i mirror/http/hostname string httpredir.debian.org + +# Configure http proxy if needed "http://[[user][:pass]@]host[:port]/" +d-i mirror/http/proxy string + +# Disk configuration +d-i partman-efi/non_efi_system boolean true +d-i partman-auto-lvm/guided_size string max +d-i partman-auto/choose_recipe select atomic +d-i partman-auto/method string lvm +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman-lvm/device_remove_lvm boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman/confirm_write_new_label boolean true + +# User configuration +d-i passwd/root-login boolean true +d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 +d-i passwd/user-fullname string packer +d-i passwd/user-uid string 1000 +d-i passwd/username string packer +d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 + +# Extra packages to be installed +d-i pkgsel/include string sudo +d-i pkgsel/include string openssh-server build-essential + +d-i pkgsel/install-language-support boolean false +d-i pkgsel/update-policy select none + +# Whether to upgrade packages after debootstrap +d-i pkgsel/upgrade select full-upgrade + +# Set timezone +d-i time/zone string Europe/Paris + +# Allow weak user password +d-i user-setup/allow-password-weak boolean true + +# Home folder encryption +d-i user-setup/encrypt-home boolean false + +# Do not scan additional CDs +apt-cdrom-setup apt-setup/cdrom/set-first boolean false + +# Use network mirror +apt-mirror-setup apt-setup/use_mirror boolean true + +# Disable polularity contest +popularity-contest popularity-contest/participate boolean false + +# Select base install +tasksel tasksel/first multiselect standard, ssh-server + +# Setup passwordless sudo for packer user +d-i preseed/late_command string \ + echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer \ No newline at end of file diff --git a/recipes/debian/provisionning/letsencrypt.sh b/recipes/debian/provisionning/letsencrypt.sh new file mode 100644 index 0000000..4ae1968 --- /dev/null +++ b/recipes/debian/provisionning/letsencrypt.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +set -eo pipefail + +DESTDIR=/usr/local/share/ca-certificates +UPDATE_CERTS_CMD=update-ca-certificates +CERTS="$(cat < "${file}" +processTemplates "${file}" +rm -rf "${file}" diff --git a/recipes/debian/provisionning/one-context/net-97-k3s b/recipes/debian/provisionning/one-context/net-97-k3s new file mode 100644 index 0000000..77bd98a --- /dev/null +++ b/recipes/debian/provisionning/one-context/net-97-k3s @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} + +# $TOKENTXT is available only through the env. file +# shellcheck disable=SC1090 +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +### + +if [ -n "${K3S_ROLE}" ]; then + if [ "${K3S_ROLE}" = "server" ]; then + rc-update add dnsmasq default + service dnsmasq start + + rc-update add k3s default + service k3s start + fi +fi diff --git a/recipes/debian/provisionning/ssh/cadoles/pcaseiro.pub b/recipes/debian/provisionning/ssh/cadoles/pcaseiro.pub new file mode 100644 index 0000000..9ac0828 --- /dev/null +++ b/recipes/debian/provisionning/ssh/cadoles/pcaseiro.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDph3zh6ojSvH44k13z9B6xj+Hargo3uzkxnYv5s5NI4yagNuBXEc3aS++KdocND+FtVfLK+iVE8qHo2bvmpMmVkqU6WU2apN7DfIP0QGLlSGeo+UOZ9hGeEDlgVO4AOnZKZ5kPGBEPZ84JXuE9CmhKfwEVCK8w3B8XQttA8alFl4A4/4F14x2w4njsSLY1H3b0qah7hgYKU5zHIGLg8Lxx+1BxGIF0l5n5m5rqAskRNaF+aYbs0CcWHv49bPK0sJJ0qPV2r2sq8BlzuZFHExnZRIxpsIXdce4Bm4rdlGi7tBmmurLk4OOtDkwvhD0LMaNJf10k6QLSmRUTVzgsYz/dmGxopbMtwwIXkwi014uSZgi8wAuznXx5I4j2TUGPZHOVf+1iw/yaxWlgTVOSoX7ZxyhDgW5cCgZZGNzU5UWe0vUuVTB+hfSMj50/Q6+Vi92/mDMbPhm4nBoVzD5DT15mB+yGyN45Ej61m0JzVUyZexfvVaffEug1/u5dnwilP0WGKr4i2OXxOXtvSdAs5rlZjvppZk6IxRCwXIcPwEFL97ZrQZAxlVS5Nh+ZnlSwTe3zfQhzHj1ao0AdCAHFPUEdoUPJhSb0OjyCvZ9XZ1KCkXhuhuN/3IUhuoWl4soNCeC3KmU/USx1wda438Exj0hM1mTyBZScDPGyD9nw78DGw== Philippe Caseiro diff --git a/recipes/debian/provisionning/ssh/cadoles/vfebvre.pub b/recipes/debian/provisionning/ssh/cadoles/vfebvre.pub new file mode 100644 index 0000000..648c129 --- /dev/null +++ b/recipes/debian/provisionning/ssh/cadoles/vfebvre.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZxr8C81Dm5Zl2AtDzTVa8hFs04aV1z8ANrXYVHnLf7gEG4c1BI9iWbm94gVCQT4IvoKR5oZxjxGnx1a7VaX6h6dt33+p/s2IJiwG+9/DykPnImw+ALTcnMcyrwOYh68jnQIOGkYzK/VaHRzrvFNuoVWIU+FqfN+sW+bLQWi9v/K5oiup83xQBze6kjMEL2PT48bJwT/dQgP5cnTTEYwcOK/Yes1Cmb+VqjAs5B3uiHDoch10fy4b4duuALozPGhgoOfTLqe9Ekbt8PdIhUzGxFCw79W7IBA9vw79tYBy4B2et8Zb9sf+sMmxPINDkouYmfSnU0PjNjida7Tii2IEWbrb/qbSkRNcyIBmpGKz6VnSIvomv4FA9dGkOLYRyvTjAM6Shy5aiGV8F7T9hMxm3zGDjiVseyPVtMdSjM2SCx95uPCH5oSrj8M1OIjC2D+w3DsmTPFvTjA1gmKEYnXfFj82DvO+wDcbb6/DF2qS6y5rNpdnPWDb57iBqKeZISQ5x+h8arV0U3yItHoi7z4Cb51V29pdBE0xgFx5DE5akuPO3RC+BP0CK242HBdb94YXQCfmoQ1dV59mvu0ObAhP4CH/efOqONHXjTG9eurQyJWUr8yYO9DI7HkQHwvYDS7xuEO9yvs7gizm22FOTcxBPc4M/KFhPfnUs7Nyfw6I0Nw== vfebvre@cadoles.com diff --git a/recipes/debian/provisionning/ssh/cnous/nmelin.pub b/recipes/debian/provisionning/ssh/cnous/nmelin.pub new file mode 100644 index 0000000..a4e15ee --- /dev/null +++ b/recipes/debian/provisionning/ssh/cnous/nmelin.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr diff --git a/recipes/debian/provisionning/ssh/cnous/operrot.pub b/recipes/debian/provisionning/ssh/cnous/operrot.pub new file mode 100644 index 0000000..f68677c --- /dev/null +++ b/recipes/debian/provisionning/ssh/cnous/operrot.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr diff --git a/recipes/debian/provisionning/templater-install.sh b/recipes/debian/provisionning/templater-install.sh new file mode 100644 index 0000000..091bbdb --- /dev/null +++ b/recipes/debian/provisionning/templater-install.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +set -ex + +TOOL_DIR="${1:-/usr/local/bin}" +TOOL_USER="${2:-root}" +TOOL_GROUP="${3:-root}" +ATTACHMENT_URL="https://forge.cadoles.com/attachments/" + +installTool() { + NAME="${1}" + URL="${2}" + + curl -k -o ${TOOL_DIR}/${NAME} ${URL} + chmod +x ${TOOL_DIR}/${NAME} +} + +apk add curl + +# Install templater +installTool "tpr" "https://forge.cadoles.com/attachments/242b3cba-8d07-4b89-80ab-7c12253a8524" +# Install bootstraper +installTool "btr" "https://forge.cadoles.com/attachments/e8442b2a-2065-4282-b4a4-648681fa044c" diff --git a/recipes/debian/provisionning/tools/additionnal-disk b/recipes/debian/provisionning/tools/additionnal-disk new file mode 100644 index 0000000..7dd4786 --- /dev/null +++ b/recipes/debian/provisionning/tools/additionnal-disk @@ -0,0 +1,27 @@ +#!/bin/sh + +# +# Quick and dirty script to add disk space +# It creates a new PV (with the additionnal disk), +# a new VG and a new LV with 100% disk space +# The names and devices are provided with env variables: +# - PV_DEVICE : The /dev/xxx device +# - VG_NAME: The new vg name +# - LV_NAME: Then new lv name +# - LV_MTP: The mount point for the FS created on the LV +# - LV_FS: The fstype of the new FS +# +if [ -e ${PV_DEVICE} ]; then + pvcreate ${PV_DEVICE} + vgcreate ${VG_NAME} ${PV_DEVICE} + lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME} + mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME} + if [ ! -d ${LV_MTP} ]; then + mkdir -p ${LV_MTP} + fi + mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP} + echo "/dev/${VG_NAME}/${LV_NAME} ${LV_MTP} ${LV_FS} rw,relatime 0 1" >> /etc/fstab +else + echo "${PV_DEVICE} is missing" + exit 3 +fi \ No newline at end of file diff --git a/recipes/debian/sources.pkr.hcl b/recipes/debian/sources.pkr.hcl new file mode 100644 index 0000000..353ce0b --- /dev/null +++ b/recipes/debian/sources.pkr.hcl @@ -0,0 +1,102 @@ +source qemu "debian" { + cpus = 1 + memory = "${local.memory}" + accelerator = "kvm" + vnc_bind_address = "0.0.0.0" + + headless = false + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + host_port_min = 2222 + host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + disk_compression = true + disk_discard = "unmap" + skip_compaction = false + disk_detect_zeroes = "unmap" + + format = "qcow2" + + boot_wait = "5s" +} + +source "vmware-iso" "debian" { + cpus = 1 + disk_type_id = 0 + memory = "${local.memory}" + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} + +source "vmware-vmx" "debian" { + disk_type_id = 0 + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} diff --git a/recipes/debian/templates/conf/cloud-init/user-data b/recipes/debian/templates/conf/cloud-init/user-data new file mode 100644 index 0000000..5b28fe4 --- /dev/null +++ b/recipes/debian/templates/conf/cloud-init/user-data @@ -0,0 +1,12 @@ +#cloud-config +ssh_pwauth: True +user: ${user} +password: ${password} +chpasswd: + expire: False + +# Work around network interface down after boot +runcmd: +%{ for cmd in runcmd ~} + - ${cmd} +%{ endfor ~} diff --git a/recipes/debian/templates/conf/conf.d/chronyd b/recipes/debian/templates/conf/conf.d/chronyd new file mode 100644 index 0000000..e692251 --- /dev/null +++ b/recipes/debian/templates/conf/conf.d/chronyd @@ -0,0 +1,6 @@ +# /etc/conf.d/chronyd +CFGFILE="/etc/chrony/chrony.conf" +FAST_STARTUP=yes +ARGS="" +# vrf e.g 'vrf-mgmt' +#vrf="" diff --git a/recipes/debian/templates/conf/docker/subgid.pktpl.hcl b/recipes/debian/templates/conf/docker/subgid.pktpl.hcl new file mode 100644 index 0000000..6187cff --- /dev/null +++ b/recipes/debian/templates/conf/docker/subgid.pktpl.hcl @@ -0,0 +1,6 @@ + +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: ${Vars.RootlessDocker} diff --git a/recipes/debian/templates/conf/docker/subuid.pktpl.hcl b/recipes/debian/templates/conf/docker/subuid.pktpl.hcl new file mode 100644 index 0000000..c512a70 --- /dev/null +++ b/recipes/debian/templates/conf/docker/subuid.pktpl.hcl @@ -0,0 +1,3 @@ +%{ if Vars.RootlessDocker } +docker:231072:65536 +%{ endif } \ No newline at end of file diff --git a/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl b/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl new file mode 100644 index 0000000..24a94cf --- /dev/null +++ b/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl @@ -0,0 +1,265 @@ +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: ${Vars.HarborDomain} + +# http related config +http: + # port for http, default is 80. If https enabled, this port will redirect to https port + port: ${Vars.HarborHTTPPort} + +# https related config +https: + # https port for harbor, default is 443 + port: ${Vars.HarborHTTPSPort} + # The path of cert and key files for nginx + certificate: ${Vars.HarborSSLCert} + private_key: ${Vars.HarborSSLPrivKey} + +# # Uncomment following will enable tls communication between all harbor components +# internal_tls: +# # set enabled to true means internal tls is enabled +# enabled: true +# # put your cert and key files on dir +# dir: /etc/harbor/tls/internal + +# Uncomment external_url if you want to enable external proxy +# And when it enabled the hostname will no longer used +# external_url: https://reg.mydomain.com:8433 + +# The initial password of Harbor admin +# It only works in first time to install harbor +# Remember Change the admin password from UI after launching Harbor. +harbor_admin_password: ${Vars.HarborAdminPassword} + +# Harbor DB configuration +database: + # The password for the root user of Harbor DB. Change this before any production use. + password: ${Vars.HarborDBPassword} + # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. + max_idle_conns: 50 + # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. + # Note: the default number of connections is 100 for postgres. + max_open_conns: 200 + +# The default data volume +data_volume: /srv/harbor/data + +# Harbor Storage settings by default is using /data dir on local filesystem +# Uncomment storage_service setting If you want to using external storage +# storage_service: +# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore +# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. +# ca_bundle: + +# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss +# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ +# filesystem: +# maxthreads: 100 +# # set disable to true when you want to disable registry redirect +# redirect: +# disabled: false + +# Trivy configuration +# +# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. +# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached +# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it +# should download a newer version from the Internet or use the cached one. Currently, the database is updated every +# 12 hours and published as a new release to GitHub. +trivy: + # ignoreUnfixed The flag to display only fixed vulnerabilities + ignore_unfixed: false + # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub + # + # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. + # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and + # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. + skip_update: false + # + # The offline_scan option prevents Trivy from sending API requests to identify dependencies. + # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. + # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't + # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode. + # It would work if all the dependencies are in local. + # This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment. + offline_scan: false + # + # insecure The flag to skip verifying registry certificate + insecure: false + # github_token The GitHub access token to download Trivy DB + # + # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough + # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 + # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult + # https://developer.github.com/v3/#rate-limiting + # + # You can create a GitHub token by following the instructions in + # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line + # + # github_token: xxx + +jobservice: + # Maximum number of job workers in job service + max_job_workers: 10 + logger_sweeper_duration: 300 + +notification: + # Maximum retry count for webhook job + webhook_job_max_retry: 10 + webhook_job_http_client_timeout: 300 + +chart: + # Change the value of absolute_url to enabled can enable absolute url in chart + absolute_url: disabled + +# Log configurations +log: + # options are debug, info, warning, error, fatal + level: info + # configs for logs in local storage + local: + # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. + rotate_count: 50 + # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. + # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G + # are all valid. + rotate_size: 200M + # The directory on your host that store log + location: /var/log/harbor + + # Uncomment following lines to enable external syslog endpoint. + # external_endpoint: + # # protocol used to transmit log to external endpoint, options is tcp or udp + # protocol: tcp + # # The host of external endpoint + # host: localhost + # # Port of external endpoint + # port: 5140 + +#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! +_version: 2.6.0 + +# Uncomment external_database if using external database. +# external_database: +# harbor: +# host: harbor_db_host +# port: harbor_db_port +# db_name: harbor_db_name +# username: harbor_db_username +# password: harbor_db_password +# ssl_mode: disable +# max_idle_conns: 2 +# max_open_conns: 0 +# notary_signer: +# host: notary_signer_db_host +# port: notary_signer_db_port +# db_name: notary_signer_db_name +# username: notary_signer_db_username +# password: notary_signer_db_password +# ssl_mode: disable +# notary_server: +# host: notary_server_db_host +# port: notary_server_db_port +# db_name: notary_server_db_name +# username: notary_server_db_username +# password: notary_server_db_password +# ssl_mode: disable + +# Uncomment external_redis if using external Redis server +# external_redis: +# # support redis, redis+sentinel +# # host for redis: : +# # host for redis+sentinel: +# # :,:,: +# host: redis:6379 +# password: +# # sentinel_master_set must be set to support redis+sentinel +# #sentinel_master_set: +# # db_index 0 is for core, it's unchangeable +# registry_db_index: 1 +# jobservice_db_index: 2 +# chartmuseum_db_index: 3 +# trivy_db_index: 5 +# idle_timeout_seconds: 30 + +# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. +# uaa: +# ca_file: /path/to/ca + +# Global proxy +# Config http proxy for components, e.g. http://my.proxy.com:3128 +# Components doesn't need to connect to each others via http proxy. +# Remove component from `components` array if want disable proxy +# for it. If you want use proxy for replication, MUST enable proxy +# for core and jobservice, and set `http_proxy` and `https_proxy`. +# Add domain to the `no_proxy` field, when you want disable proxy +# for some special registry. +proxy: + http_proxy: + https_proxy: + no_proxy: + components: + - core + - jobservice + - notary + - trivy + +metric: + enabled: false + port: 9090 + path: /metrics + +# Trace related config +# only can enable one trace provider(jaeger or otel) at the same time, +# and when using jaeger as provider, can only enable it with agent mode or collector mode. +# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed +# if using jaeger agetn mode uncomment agent_host and agent_port +# trace: +# enabled: true +# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth +# sample_rate: 1 +# # # namespace used to differenciate different harbor services +# # namespace: +# # # attributes is a key value dict contains user defined attributes used to initialize trace provider +# # attributes: +# # application: harbor +# # # jaeger should be 1.26 or newer. +# # jaeger: +# # endpoint: http://hostname:14268/api/traces +# # username: +# # password: +# # agent_host: hostname +# # # export trace data by jaeger.thrift in compact mode +# # agent_port: 6831 +# # otel: +# # endpoint: hostname:4318 +# # url_path: /v1/traces +# # compression: false +# # insecure: true +# # timeout: 10s + +# enable purge _upload directories +upload_purging: + enabled: true + # remove files in _upload directories which exist for a period of time, default is one week. + age: 168h + # the interval of the purge operations + interval: 24h + dryrun: false + +# cache layer configurations +# If this feature enabled, harbor will cache the resource +# `project/project_metadata/repository/artifact/manifest` in the redis +# which can especially help to improve the performance of high concurrent +# manifest pulling. +# NOTICE +# If you are deploying Harbor in HA mode, make sure that all the harbor +# instances have the same behaviour, all with caching enabled or disabled, +# otherwise it can lead to potential data inconsistency. +cache: + # not enabled by default + enabled: false + # keep cache for one day by default + expire_hours: 24 diff --git a/recipes/debian/templates/conf/install/awnsers.pktpl.hcl b/recipes/debian/templates/conf/install/awnsers.pktpl.hcl new file mode 100644 index 0000000..33d05d0 --- /dev/null +++ b/recipes/debian/templates/conf/install/awnsers.pktpl.hcl @@ -0,0 +1,47 @@ + +# Example answer file for setup-alpine script +# If you don't want to use a certain option, then comment it out + +# Use US layout with US variant +KEYMAPOPTS="fr fr" + +# Set hostname to alpine-test +HOSTNAMEOPTS="-n ${hostname}" + +# Contents of /etc/network/interfaces +INTERFACESOPTS="auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp + hostname ${hostname} +" + +# Search domain of example.com, OpenDNS public nameserver +# ex: -d example.com 1.1.1.1" +DNSOPTS="" + +# Set timezone to UTC +TIMEZONEOPTS="-z Europe/Paris" + +# set http/ftp proxy +PROXYOPTS="none" + +# Add a random mirror +APKREPOSOPTS="-r -c" + +# Install Openssh +SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys" + +# Use openntpd +NTPOPTS="-c openntpd" + +# Use /dev/sda as a data disk +DISKOPTS="-L -m sys ${disk_device}" + +USEROPTS="-a -g 'netdev' ${user}" + +# Setup in /media/vda1 +# LBUOPTS="/media/vda1" +# APKCACHEOPTS="/media/vda1/cache" + diff --git a/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl b/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl new file mode 100644 index 0000000..3fa8501 --- /dev/null +++ b/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl @@ -0,0 +1,8 @@ +# k3s options +export PATH="/usr/libexec/cni/:$PATH" +K3S_EXEC="server" +%{ if Vars.DeployTraefik } +K3S_OPTS="" +%{ else } +K3S_OPTS="--disable traefik" +%{ endif } diff --git a/recipes/debian/templates/conf/kubernetes/.flag b/recipes/debian/templates/conf/kubernetes/.flag new file mode 100644 index 0000000..e69de29 diff --git a/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl new file mode 100644 index 0000000..b8432f0 --- /dev/null +++ b/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl @@ -0,0 +1 @@ +command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl new file mode 100644 index 0000000..489b338 --- /dev/null +++ b/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -0,0 +1,4 @@ +${Vars.NIC[0].IP} ${Vars.Set.Hostname} +%{ if Vars.MatchBox.Hostname != "" } +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} +%{ endif } \ No newline at end of file diff --git a/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl new file mode 100644 index 0000000..8d08dac --- /dev/null +++ b/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl @@ -0,0 +1,60 @@ +log-queries +log-dhcp + +#port=0 +listen-address=0.0.0.0 +interface=${Vars.PXE.ListenInterface} +no-resolv +domain-needed +bogus-priv +expand-hosts +server=${Vars.ETH0.DNS} +strict-order +addn-hosts=/etc/dnsmasq-hosts.conf +domain=${Vars.PXE.DNSDomain} +local=/${Vars.PXE.DNSDomain}/ +localise-queries + + +%{ if Vars.PXE.DHCPMode == "proxy" } +#dhcp-no-override +dhcp-range=${Vars.ETH0.IP},proxy +%{ else } +dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} +dhcp-option=option:router,${Vars.ETH0.GATEWAY} +%{ endif } + +dhcp-option=option:dns-server,${Vars.ETH0.IP} +dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} + +# TFTP Configuration +enable-tftp +tftp-root="${Vars.PXE.TFTPRoot}" + +pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} + +# Based on logic in https://gist.github.com/robinsmidsrod/4008017 +# iPXE sends a 175 option, checking suboptions +dhcp-match=set:ipxe-http,175,19 +dhcp-match=set:ipxe-https,175,20 +dhcp-match=set:ipxe-menu,175,39 +# pcbios specific +dhcp-match=set:ipxe-pxe,175,33 +dhcp-match=set:ipxe-bzimage,175,24 +dhcp-match=set:ipxe-iscsi,175,17 +# efi specific +dhcp-match=set:ipxe-efi,175,36 +# combination +# set ipxe-ok tag if we have correct combination +# http && menu && iscsi ((pxe && bzimage) || efi) +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi + + +## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) +pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe +pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi +pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP} diff --git a/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl b/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl new file mode 100644 index 0000000..6652098 --- /dev/null +++ b/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/$RC_SVCNAME" +command_user="$RC_SVCNAME" +pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" +start_stop_daemon_args="--start -b" +command_args="$command_args" +command_background="yes" + +depend() { + need net +} + +start_pre() { + checkpath --directory --owner $command_user:$command_user --mode 0775 \ + /run/$RC_SVCNAME /var/log/$RC_SVCNAME + if [ ! -f "/etc/matchbox/server.crt" ]; then + cd /root/tls + export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}" + ./cert-gen + mkdir -p /etc/matchbox + cp ca.crt server.crt server.key /etc/matchbox + chown -R matchbox:matchbox /etc/matchbox + mkdir -p /root/.matchbox + cp client.crt client.key ca.crt /root/.matchbox/ + fi +} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-harbor b/recipes/debian/templates/conf/nuo-harbor new file mode 120000 index 0000000..8b35999 --- /dev/null +++ b/recipes/debian/templates/conf/nuo-harbor @@ -0,0 +1 @@ +harbor \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl new file mode 100644 index 0000000..b8432f0 --- /dev/null +++ b/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl @@ -0,0 +1 @@ +command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl new file mode 100644 index 0000000..0809dc3 --- /dev/null +++ b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -0,0 +1,7 @@ +${Vars.NIC[0].IP} ${Vars.Set.Hostname} +%{ if Vars.MatchBox.Hostname != "" } +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} +%{ endif } +%{ for host in Vars.DNSMasq.Hosts } +${host.IP} ${host.Name} +%{ endfor } \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl new file mode 100644 index 0000000..afbef7f --- /dev/null +++ b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl @@ -0,0 +1,60 @@ +log-queries +log-dhcp + +#port=0 +listen-address=0.0.0.0 +interface=${Vars.PXE.ListenInterface} +no-resolv +domain-needed +bogus-priv +expand-hosts +server=${Vars.DNS[0]} +strict-order +addn-hosts=/etc/dnsmasq-hosts.conf +domain=${Vars.PXE.DNSDomain} +local=/${Vars.PXE.DNSDomain}/ +localise-queries + + +%{ if Vars.PXE.DHCPMode == "proxy" } +#dhcp-no-override +dhcp-range=${Vars.NIC[0].IP},proxy +%{ else } +dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} +dhcp-option=option:router,${Vars.NIC[0].Gateway} +%{ endif } + +dhcp-option=option:dns-server,${Vars.NIC[0].IP} +dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} + +# TFTP Configuration +enable-tftp +tftp-root="${Vars.PXE.TFTPRoot}" + +pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} + +# Based on logic in https://gist.github.com/robinsmidsrod/4008017 +# iPXE sends a 175 option, checking suboptions +dhcp-match=set:ipxe-http,175,19 +dhcp-match=set:ipxe-https,175,20 +dhcp-match=set:ipxe-menu,175,39 +# pcbios specific +dhcp-match=set:ipxe-pxe,175,33 +dhcp-match=set:ipxe-bzimage,175,24 +dhcp-match=set:ipxe-iscsi,175,17 +# efi specific +dhcp-match=set:ipxe-efi,175,36 +# combination +# set ipxe-ok tag if we have correct combination +# http && menu && iscsi ((pxe && bzimage) || efi) +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi + + +## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) +pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe +pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi +pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP} diff --git a/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl new file mode 100644 index 0000000..f9a48de --- /dev/null +++ b/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl @@ -0,0 +1 @@ +${Vars.Set.Hostname} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl new file mode 100644 index 0000000..2128aa2 --- /dev/null +++ b/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/$RC_SVCNAME" +command_user="$RC_SVCNAME" +pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" +start_stop_daemon_args="--start -b" +command_args="$command_args" +command_background="yes" + +depend() { + need net +} + +start_pre() { + checkpath --directory --owner $command_user:$command_user --mode 0775 \ + /run/$RC_SVCNAME /var/log/$RC_SVCNAME + if [ ! -f "/etc/matchbox/server.crt" ]; then + cd /root/tls + export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}" + ./cert-gen + mkdir -p /etc/matchbox + cp ca.crt server.crt server.key /etc/matchbox + chown -R matchbox:matchbox /etc/matchbox + mkdir -p /root/.matchbox + cp client.crt client.key ca.crt /root/.matchbox/ + fi +} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl new file mode 100644 index 0000000..ab21faa --- /dev/null +++ b/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl @@ -0,0 +1,9 @@ + +%{ for iface in Vars.NIC } +auto ${iface.Name} + +iface ${iface.Name} inet static + address ${iface.IP} + netmask ${iface.Mask} + gateway ${iface.Gateway} +%{ endfor ~} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl new file mode 100644 index 0000000..9a677a5 --- /dev/null +++ b/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl @@ -0,0 +1,4 @@ + +%{ for dns in Vars.DNS } +nameserver ${dns} +%{ endfor ~} \ No newline at end of file diff --git a/recipes/debian/templates/one/image/common.tpl b/recipes/debian/templates/one/image/common.tpl new file mode 100644 index 0000000..d422fb1 --- /dev/null +++ b/recipes/debian/templates/one/image/common.tpl @@ -0,0 +1,7 @@ +NAME = <%= image_name %> +PATH = <%= image_source %> +TYPE = OS +PERSISTENT = No +DESCRIPTION = "<%= image_comment %>" +DEV_PREFIX = vd +FORMAT = qcow2 \ No newline at end of file diff --git a/recipes/debian/templates/one/service/kubernetes-cluster.json b/recipes/debian/templates/one/service/kubernetes-cluster.json new file mode 100644 index 0000000..635b8d2 --- /dev/null +++ b/recipes/debian/templates/one/service/kubernetes-cluster.json @@ -0,0 +1,48 @@ +{ + "name": "<%= template_name %>", + "deployment": "straight", + "description": "Cluster Kubernetes (k8s)", + "roles": [ + { + "name": "leader", + "cardinality": 1, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + }, + { + "name": "master", + "cardinality": 2, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + }, + { + "name": "worker", + "cardinality": 4, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "parents": [ + "leader" + ], + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + } + ], + "networks": { + "main": "M|network|Main network| |id:", + "internal": "M|network|Internal network| |id:" + }, + "custom_attrs": { + "KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local", + "INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |", + "LE_EMAIL": "M|text|Email | |" + }, + "shutdown_action": "terminate", + "ready_status_gate": true + } diff --git a/recipes/debian/templates/one/vm/common.xml b/recipes/debian/templates/one/vm/common.xml new file mode 100644 index 0000000..fdb5be4 --- /dev/null +++ b/recipes/debian/templates/one/vm/common.xml @@ -0,0 +1,33 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "Alpine basic image" +DISK = [ + DEV_PREFIX = "vd", + DRIVER = "qcow2", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/linux.png" +MEMORY = "512" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "2" diff --git a/recipes/debian/templates/one/vm/k3s.xml b/recipes/debian/templates/one/vm/k3s.xml new file mode 100644 index 0000000..6c515f2 --- /dev/null +++ b/recipes/debian/templates/one/vm/k3s.xml @@ -0,0 +1,32 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "K3S Ready VM" +DISK = [ + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "2" diff --git a/recipes/debian/templates/one/vm/kubeleader.xml b/recipes/debian/templates/one/vm/kubeleader.xml new file mode 100644 index 0000000..c68faa5 --- /dev/null +++ b/recipes/debian/templates/one/vm/kubeleader.xml @@ -0,0 +1,35 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "leader", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes master or Docker VM (check the name)" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/kubemaster.xml b/recipes/debian/templates/one/vm/kubemaster.xml new file mode 100644 index 0000000..e0fe33d --- /dev/null +++ b/recipes/debian/templates/one/vm/kubemaster.xml @@ -0,0 +1,42 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "master", + MASTER_ADDR = "$MASTER_ADDR", + MASTER_TOKEN = "$MASTER_TOKEN", + MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes worker VM" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + MASTER_ADDR = "O|text|Master address (for workers only)", + MASTER_TOKEN = "O|text|Master Token (for workers only)", + MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/kubeworker.xml b/recipes/debian/templates/one/vm/kubeworker.xml new file mode 100644 index 0000000..9aa3f0a --- /dev/null +++ b/recipes/debian/templates/one/vm/kubeworker.xml @@ -0,0 +1,42 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "worker", + MASTER_ADDR = "$MASTER_ADDR", + MASTER_TOKEN = "$MASTER_TOKEN", + MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes worker VM" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "4096" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + MASTER_ADDR = "O|text|Master address (for workers only)", + MASTER_TOKEN = "O|text|Master Token (for workers only)", + MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/matchbox.xml b/recipes/debian/templates/one/vm/matchbox.xml new file mode 100644 index 0000000..794ab44 --- /dev/null +++ b/recipes/debian/templates/one/vm/matchbox.xml @@ -0,0 +1,47 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + MATCHBOX_URL = "http://$NAME", + NETWORK = "YES", + PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION", + PXE_DHCPMODE = "$ADHCPMODE", + PXE_DNSDOMAIN = "$BDNSDOMAIN", + PXE_DHCPRANGESTART = "$CDHCPRANGESTART", + PXE_DHCPRANGEEND = "$DDHCPRANGEEND", + PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION", + MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "Matchbox Ready VM" +DISK = [ + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy", + BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)", + CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP", + DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP", + EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h", + FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ] +VCPU = "2" diff --git a/recipes/debian/variables.pkr.hcl b/recipes/debian/variables.pkr.hcl new file mode 100644 index 0000000..20d31cd --- /dev/null +++ b/recipes/debian/variables.pkr.hcl @@ -0,0 +1,59 @@ +variable "name" { + type = string + default = "debian" +} + +variable "version" { + type = string + default = "11" +} + +variable "short_version" { + type = string + default = "11" +} + +variable "arch" { + type = string + default = "amd6464" +} + +variable "output_dir" { + type = string + default = "output/debian/" +} + +variable "source_url" { + type = string + default = "https://cdimage.debian.org/cdimage/release" +} + +variable "iso_cd_checksum" { + type = string + default = "sha256:9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741" +} + +variable "image_version" { + type = string + default = "0.0.1" +} + +variable "one_user" { + type = string + default = env("ONE_USER") +} + +variable "one_token" { + type = string + default = env("ONE_TOKEN") +} + +variable "boot_command" { + type = list(string) + default = [] +} + +variable "cloud_init_runcmd" { + type = list(string) + default = [ "uname" ] +} -- 2.17.1 From 9f6a5866b15abf7f0e191193e96a2465ad2c089e Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 11 Oct 2023 09:29:46 +0200 Subject: [PATCH 4/8] adding more flavors and nuo recipes --- recipes/alpine/kind.pkr.hcl | 97 +++++ recipes/alpine/locals.kind.pkr.hcl | 41 +++ .../provisionning/alpine-3.16-install.sh | 2 +- recipes/alpine/provisionning/conf/kind/.flag | 0 .../templates/conf/cloud-init/user-data | 26 ++ recipes/nuo/3.18.pkrvars.hcl | 6 + recipes/nuo/docker.pkr.hcl | 93 +++++ recipes/nuo/harbor.pkr.hcl | 136 +++++++ recipes/nuo/kind.pkr.hcl | 103 ++++++ recipes/nuo/locals.builder.pkr.hcl | 6 + recipes/nuo/locals.docker.pkr.hcl | 65 ++++ recipes/nuo/locals.globals.pkr.hcl | 7 + recipes/nuo/locals.harbor.pkr.hcl | 89 +++++ recipes/nuo/locals.kind.pkr.hcl | 132 +++++++ recipes/nuo/locals.matchbox.pkr.hcl | 176 +++++++++ recipes/nuo/locals.pkr.hcl | 37 ++ recipes/nuo/main.pkr.hcl | 136 +++++++ recipes/nuo/matchbox.pkr.hcl | 120 +++++++ recipes/nuo/plugins.pkr.hcl | 24 ++ recipes/nuo/post-processor/sparsify.sh | 31 ++ .../provisionning/conf/common/templater.start | 104 ++++++ .../provisionning/conf/harbor/init.d/harbor | 64 ++++ .../provisionning/conf/kind/initkind.start | 13 + .../conf/matchbox/initmatchbox.start | 25 ++ .../conf/matchbox/inittftp.start | 10 + recipes/nuo/provisionning/harbor.sh | 38 ++ recipes/nuo/provisionning/kind.sh | 10 + recipes/nuo/provisionning/letsencrypt.sh | 26 ++ recipes/nuo/provisionning/matchbox.sh | 39 ++ recipes/nuo/provisionning/nuo-3.18-install.sh | 17 + .../nuo/provisionning/nuo-3.18-postinstall.sh | 23 ++ .../one-context/net-96-templater | 102 ++++++ .../nuo/provisionning/one-context/net-97-k3s | 21 ++ .../provisionning/ssh/cadoles/pcaseiro.pub | 1 + .../nuo/provisionning/ssh/cadoles/vfebvre.pub | 1 + .../nuo/provisionning/ssh/cnous/nmelin.pub | 1 + .../nuo/provisionning/ssh/cnous/operrot.pub | 1 + .../nuo/provisionning/templater-install.sh | 23 ++ .../nuo/provisionning/tools/additionnal-disk | 27 ++ recipes/nuo/sources.pkr.hcl | 135 +++++++ .../nuo/templates/conf/cloud-init/user-data | 47 +++ recipes/nuo/templates/conf/conf.d/chronyd | 6 + .../templates/conf/docker/rc.conf.pktpl.hcl | 337 ++++++++++++++++++ .../templates/conf/docker/subuid.pktpl.hcl | 3 + .../conf/harbor/harbor.yml.pktpl.hcl | 265 ++++++++++++++ .../templates/conf/install/awnsers.pktpl.hcl | 47 +++ .../nuo/templates/conf/k3s/k3s.conf.pkr.hcl | 8 + .../conf/kind/cluster.yaml.pktpl.hcl | 40 +++ .../matchbox/conf.d/matchbox.conf.pktpl.hcl | 1 + .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 4 + .../matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ++++ .../conf/matchbox/init.d/matchbox.pktpl.hcl | 28 ++ recipes/nuo/templates/conf/nuo-harbor | 1 + .../conf.d/matchbox.conf.pktpl.hcl | 1 + .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 7 + .../dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ++++ .../conf/nuo-matchbox/hostname.pktpl.hcl | 1 + .../nuo-matchbox/init.d/matchbox.pktpl.hcl | 28 ++ .../nuo-matchbox/network/interfaces.pktpl.hcl | 9 + .../conf/nuo-matchbox/resolv.conf.pktpl.hcl | 4 + recipes/nuo/templates/one/image/common.tpl | 7 + .../one/service/kubernetes-cluster.json | 48 +++ recipes/nuo/templates/one/vm/common.xml | 33 ++ recipes/nuo/templates/one/vm/k3s.xml | 32 ++ recipes/nuo/templates/one/vm/kubeleader.xml | 35 ++ recipes/nuo/templates/one/vm/kubemaster.xml | 42 +++ recipes/nuo/templates/one/vm/kubeworker.xml | 42 +++ recipes/nuo/templates/one/vm/matchbox.xml | 47 +++ recipes/nuo/variables.pkr.hcl | 54 +++ 69 files changed, 3304 insertions(+), 1 deletion(-) create mode 100644 recipes/alpine/kind.pkr.hcl create mode 100644 recipes/alpine/locals.kind.pkr.hcl create mode 100644 recipes/alpine/provisionning/conf/kind/.flag create mode 100644 recipes/alpine/templates/conf/cloud-init/user-data create mode 100644 recipes/nuo/3.18.pkrvars.hcl create mode 100644 recipes/nuo/docker.pkr.hcl create mode 100644 recipes/nuo/harbor.pkr.hcl create mode 100644 recipes/nuo/kind.pkr.hcl create mode 100644 recipes/nuo/locals.builder.pkr.hcl create mode 100644 recipes/nuo/locals.docker.pkr.hcl create mode 100644 recipes/nuo/locals.globals.pkr.hcl create mode 100644 recipes/nuo/locals.harbor.pkr.hcl create mode 100644 recipes/nuo/locals.kind.pkr.hcl create mode 100644 recipes/nuo/locals.matchbox.pkr.hcl create mode 100644 recipes/nuo/locals.pkr.hcl create mode 100644 recipes/nuo/main.pkr.hcl create mode 100644 recipes/nuo/matchbox.pkr.hcl create mode 100644 recipes/nuo/plugins.pkr.hcl create mode 100755 recipes/nuo/post-processor/sparsify.sh create mode 100644 recipes/nuo/provisionning/conf/common/templater.start create mode 100755 recipes/nuo/provisionning/conf/harbor/init.d/harbor create mode 100644 recipes/nuo/provisionning/conf/kind/initkind.start create mode 100644 recipes/nuo/provisionning/conf/matchbox/initmatchbox.start create mode 100644 recipes/nuo/provisionning/conf/matchbox/inittftp.start create mode 100644 recipes/nuo/provisionning/harbor.sh create mode 100644 recipes/nuo/provisionning/kind.sh create mode 100644 recipes/nuo/provisionning/letsencrypt.sh create mode 100644 recipes/nuo/provisionning/matchbox.sh create mode 100644 recipes/nuo/provisionning/nuo-3.18-install.sh create mode 100644 recipes/nuo/provisionning/nuo-3.18-postinstall.sh create mode 100644 recipes/nuo/provisionning/one-context/net-96-templater create mode 100644 recipes/nuo/provisionning/one-context/net-97-k3s create mode 100644 recipes/nuo/provisionning/ssh/cadoles/pcaseiro.pub create mode 100644 recipes/nuo/provisionning/ssh/cadoles/vfebvre.pub create mode 100644 recipes/nuo/provisionning/ssh/cnous/nmelin.pub create mode 100644 recipes/nuo/provisionning/ssh/cnous/operrot.pub create mode 100644 recipes/nuo/provisionning/templater-install.sh create mode 100644 recipes/nuo/provisionning/tools/additionnal-disk create mode 100644 recipes/nuo/sources.pkr.hcl create mode 100644 recipes/nuo/templates/conf/cloud-init/user-data create mode 100644 recipes/nuo/templates/conf/conf.d/chronyd create mode 100644 recipes/nuo/templates/conf/docker/rc.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/docker/subuid.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/harbor/harbor.yml.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/install/awnsers.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/k3s/k3s.conf.pkr.hcl create mode 100644 recipes/nuo/templates/conf/kind/cluster.yaml.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/matchbox/init.d/matchbox.pktpl.hcl create mode 120000 recipes/nuo/templates/conf/nuo-harbor create mode 100644 recipes/nuo/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/nuo-matchbox/hostname.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl create mode 100644 recipes/nuo/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl create mode 100644 recipes/nuo/templates/one/image/common.tpl create mode 100644 recipes/nuo/templates/one/service/kubernetes-cluster.json create mode 100644 recipes/nuo/templates/one/vm/common.xml create mode 100644 recipes/nuo/templates/one/vm/k3s.xml create mode 100644 recipes/nuo/templates/one/vm/kubeleader.xml create mode 100644 recipes/nuo/templates/one/vm/kubemaster.xml create mode 100644 recipes/nuo/templates/one/vm/kubeworker.xml create mode 100644 recipes/nuo/templates/one/vm/matchbox.xml create mode 100644 recipes/nuo/variables.pkr.hcl diff --git a/recipes/alpine/kind.pkr.hcl b/recipes/alpine/kind.pkr.hcl new file mode 100644 index 0000000..f6fdafc --- /dev/null +++ b/recipes/alpine/kind.pkr.hcl @@ -0,0 +1,97 @@ +#Flavour kind +build { + name = "kind" + description = <" ] + ssh_clear_authorized_keys = true + } + + source "source.vmware-vmx.nuo" { + output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-harbor" + vm_name = "${local.output_name}-${var.version}-nuo-harbor.img" + source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx" + boot_command = [ "" ] + ssh_clear_authorized_keys = true + vmx_data_post = { + "memsize" = "8192", + "numvcpus" = "4", + } + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.locations.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.locations.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.Kind)}" + } + + // Generate default configuration for kind + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + // Complete kind install + provisioner "shell" { + expect_disconnect = true + max_retries = 6 + script = "${local.locations.provisionning}/${build.name}.sh" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + + provisioner "shell" { + inline = [ + "service docker start", + "service containerd start", + "sleep 5", + "kubeadm config images pull" ] + } +} diff --git a/recipes/alpine/locals.kind.pkr.hcl b/recipes/alpine/locals.kind.pkr.hcl new file mode 100644 index 0000000..2fc6fe3 --- /dev/null +++ b/recipes/alpine/locals.kind.pkr.hcl @@ -0,0 +1,41 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceKubernetes = { + ConfigFiles = [] + Repositories = {} + Packages = { + kubeadm = { + name = "kind" + action = "install" + } + kubectl = { + name = "kubectl" + action = "install" + } + } + Vars = {} + Users = {} + Daemons = { + ntpd = { + name = "ntpd" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + Kind = { + Name = "kind" + Globals = local.Globals + Services = { + Docker = local.ServiceDocker + Kubernetes = local.ServiceKubernetes + } + } +} diff --git a/recipes/alpine/provisionning/alpine-3.16-install.sh b/recipes/alpine/provisionning/alpine-3.16-install.sh index 256fa92..89d72a1 100644 --- a/recipes/alpine/provisionning/alpine-3.16-install.sh +++ b/recipes/alpine/provisionning/alpine-3.16-install.sh @@ -2,7 +2,7 @@ #set -xeo pipefail # Run the installer -yes | setup-alpine -e -f install.conf +yes | setup-alpine -e -f /root/install.conf # Copy ssh keys echo "Copy packer ssh key" diff --git a/recipes/alpine/provisionning/conf/kind/.flag b/recipes/alpine/provisionning/conf/kind/.flag new file mode 100644 index 0000000..e69de29 diff --git a/recipes/alpine/templates/conf/cloud-init/user-data b/recipes/alpine/templates/conf/cloud-init/user-data new file mode 100644 index 0000000..a96e8c1 --- /dev/null +++ b/recipes/alpine/templates/conf/cloud-init/user-data @@ -0,0 +1,26 @@ +#cloud-config +ssh_pwauth: True +user: ${user} +password: ${password} +chpasswd: + expire: False +ssh_authorized_keys: +%{ for sk in ssh_keys ~} + - ${sk} +%{ endfor ~} +%{ if write_files ~} +write_files: +%{ for fl in write_files ~} + - path: ${fl.path} + owner: ${fl.owner}:${fl.group} + permissions: 0o${fl.permissions} + defer: true + content: ${fl.content} +%{ endfor ~} +%{if runcmd ~} +# Work around network interface down after boot +runcmd: +%{ for cmd in runcmd ~} + - ${cmd} +%{ endfor ~} +%{ endif ~} \ No newline at end of file diff --git a/recipes/nuo/3.18.pkrvars.hcl b/recipes/nuo/3.18.pkrvars.hcl new file mode 100644 index 0000000..696e14c --- /dev/null +++ b/recipes/nuo/3.18.pkrvars.hcl @@ -0,0 +1,6 @@ +name = "nuo" +version = "3.18.2" +short_version = "3.18" +arch = "x86_64" +source_url = "https://dl-cdn.alpinelinux.org/alpine" +iso_cd_checksum = "6bc7ff54f5249bfb67082e1cf261aaa6f307d05f64089d3909e18b2b0481467f" \ No newline at end of file diff --git a/recipes/nuo/docker.pkr.hcl b/recipes/nuo/docker.pkr.hcl new file mode 100644 index 0000000..2c23fdb --- /dev/null +++ b/recipes/nuo/docker.pkr.hcl @@ -0,0 +1,93 @@ +#Flavour docker +build { + name = "docker" + description = <" ] + ssh_clear_authorized_keys = true + } + + source "source.qemu.nuo" { + output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}" + vm_name = "${local.output_name}-${var.version}-${local.Docker.Name}.img" + iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" + iso_checksum = "none" + disk_size = 20480 + disk_image = true + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.Docker)}" + } + + // Generate default configuration for docker + provisioner "shell" { + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + // Install OpenNebula context tool + provisioner "shell" { + script = "${local.dirs.provisionning}/one-context.sh" + } + + // Deploy the opennebula context script to manage configuration + provisioner "file" { + destination = "/etc/one-context.d/net-96-templater" + source = "${local.dirs.provisionning}/conf/one-context/net-96-templater" + } + + provisioner "shell" { + inline = [ "sh -cx 'chmod +x /etc/one-context.d/net-96-templater'" ] + } + post-processor "shell-local" { + inline = [ + "/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name} ${var.image_version}", + //"ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img", + //"ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}", + ] + } + +} diff --git a/recipes/nuo/harbor.pkr.hcl b/recipes/nuo/harbor.pkr.hcl new file mode 100644 index 0000000..21fb83e --- /dev/null +++ b/recipes/nuo/harbor.pkr.hcl @@ -0,0 +1,136 @@ +#Flavour ${build.name} +build { + name = "harbor" + description = <" ] + ssh_clear_authorized_keys = true + vmx_data = { + "scsi1.pcislotnumber" = "16" + "scsi1.present" = "TRUE" + "scsi1.virtualdev" = "lsilogic" + "scsi1:0.filename" = "disk-1.vmdk" + "scsi1:0.present" = "TRUE" + "scsi1:0.redo" = "" + } + vmx_data_post = { + "memsize" = "4096", + "numvcpus" = "2", + } + } + + source "source.qemu.nuo" { + output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Config.Name}" + vm_name = "${local.output_name}-${var.version}-${local.Config.Name}.img" + iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" + iso_checksum = "none" + disk_size = 81920 + disk_image = true + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + + provisioner "shell" { + script = "${local.dirs.provisionning}/tools/additionnal-disk" + environment_vars = [ + "PV_DEVICE=/dev/sdb", + "VG_NAME=data", + "LV_NAME=harbor-data", + "LV_MTP=/srv/harbor", + "LV_FS=ext4" + ] + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy static configurations to /etc + provisioner "file" { + destination = "/etc" + source = "${local.dirs.provisionning}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + // Copy Docker configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/docker/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.NuoHarbor)}" + } + + provisioner "file" { + destination = "/etc/local.d/templater.start" + source = "${local.locations.provisionning}/conf/common/templater.start" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + // Generate default configuration for the server + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "shell" { + environment_vars = [ + "HARBOR_SSL_CERT=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLCert}", + "HARBOR_SSL_KEY=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLPrivKey}", + "HARBOR_DOMAIN=${local.NuoHarbor.Services.Harbor.Vars.HarborDomain}" + ] + script = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/templater.start" + ] + } + +} + diff --git a/recipes/nuo/kind.pkr.hcl b/recipes/nuo/kind.pkr.hcl new file mode 100644 index 0000000..d3d57b7 --- /dev/null +++ b/recipes/nuo/kind.pkr.hcl @@ -0,0 +1,103 @@ +#Flavour kind +build { + name = "kind" + description = <" ] + ssh_clear_authorized_keys = true + } + + source "source.vmware-vmx.nuo" { + output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-kind" + vm_name = "${local.output_name}-${var.version}-nuo-kind.img" + source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx" + boot_command = [ "" ] + ssh_clear_authorized_keys = true + vmx_data_post = { + "memsize" = "8192", + "numvcpus" = "4", + } + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.locations.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.locations.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.Kind)}" + } + + // Generate default configuration for kind + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + // Complete kind install + provisioner "shell" { + expect_disconnect = true + max_retries = 6 + script = "${local.locations.provisionning}/${build.name}.sh" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "file" { + destination = "/etc/local.d/init${build.name}.start" + source = "${local.locations.provisionning}/conf/${build.name}/init${build.name}.start" + } + + provisioner "shell" { + inline = [ + "sh -cx 'chmod +x /etc/local.d/init${build.name}.start'", + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + provisioner "shell" { + inline = [ + "service podman start", + //"service containerd start", + //"sleep 10", + //"kind create cluster --config /etc/cluster.yaml ", + "sleep 10"] + } +} diff --git a/recipes/nuo/locals.builder.pkr.hcl b/recipes/nuo/locals.builder.pkr.hcl new file mode 100644 index 0000000..9614d0e --- /dev/null +++ b/recipes/nuo/locals.builder.pkr.hcl @@ -0,0 +1,6 @@ + locals { + builder_config = { + TemplateDir = "/usr/share/builder/templates" + ValueDir = "/usr/share/builder/values" + } + } \ No newline at end of file diff --git a/recipes/nuo/locals.docker.pkr.hcl b/recipes/nuo/locals.docker.pkr.hcl new file mode 100644 index 0000000..c14124d --- /dev/null +++ b/recipes/nuo/locals.docker.pkr.hcl @@ -0,0 +1,65 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceDocker = { + ConfigFiles = [ + { + destination = "/etc/rc.conf" + source = "rc.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = {} + Packages = { + docker = { + name = "docker" + action = "install" + } + docker-compose = { + name = "docker-compose" + action = "install" + } + gpg = { + name = "gpg" + action = "install" + } + } + Daemons = { + docker = { + name = "docker" + type = "auto" + enabled = true + } + cgroups = { + name = "cgroups" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + Vars = { + RootlessDocker = "true" + } + Users = { + dock = { + username = "dock" + group = "dock" + home = "/srv/dock" + shell = "/bin/nologin" + } + } + } + + Docker = { + Name = "docker" + Globals = local.Globals + Services = { + Docker = local.ServiceDocker + } + } +} \ No newline at end of file diff --git a/recipes/nuo/locals.globals.pkr.hcl b/recipes/nuo/locals.globals.pkr.hcl new file mode 100644 index 0000000..f940e19 --- /dev/null +++ b/recipes/nuo/locals.globals.pkr.hcl @@ -0,0 +1,7 @@ +locals { + Globals = { + Vars = { + PrometheusPort = "9090" + } + } +} \ No newline at end of file diff --git a/recipes/nuo/locals.harbor.pkr.hcl b/recipes/nuo/locals.harbor.pkr.hcl new file mode 100644 index 0000000..0bcc742 --- /dev/null +++ b/recipes/nuo/locals.harbor.pkr.hcl @@ -0,0 +1,89 @@ +locals { + ServiceNuoHarbor = { + ConfigFiles = [ + { + destination = "/etc/harbor/harbor.yml" + source = "harbor.yml.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Vars = { + AuthEnabled = false + User = "harbor" + Group = "harbor" + HarborHTTPPort = "80" + HarborHTTPSPort = "443" + HarborSSLCert = "/etc/ssl/certs/harbor.crt" + HarborSSLPrivKey = "/etc/ssl/certs/harbor.key" + HarborDomain = "reg.k8s.in.nuonet.fr" + HarborAdminPassword = "ChangeMeAsSoonAsPossible" + HarborDBPassword = "WeNeedToBeAbleToManagePasswords" + NIC = [ + { + Name = "eth0" + IP = "192.168.160.10" + Mask = "255.255.254.0" + Gateway = "192.168.160.1" + } + ] + DNS = [ "192.168.160.10" ] + Set = { Hostname = "reg.k8s.in.nuonet.fr" } + } + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } + Packages = { + vmtools = { + name = "open-vm-tools" + action = "install" + }, + mkcert = { + name = "mkcert" + action = "install" + }, + gpg-agent = { + name = "gpg-agent" + action = "install" + } + ncurses = { + name = "ncurses" + action = "install" + } + } + Daemons = { + vm-tools = { + name = "open-vm-tools" + type = "auto" + enabled = true + } + harbor = { + name = "harbor" + type = "auto" + enabled = true + } + } + Users = { + harbor = { + username = "harbor" + group = "harbor" + home = "/srv/harbor" + shell = "/bin/nologin" + } + } + } + NuoHarbor = { + Name = "nuo-harbor" + Globals = local.Globals + Services = { + Docker = local.ServiceDocker + Harbor = local.ServiceNuoHarbor + } + } +} \ No newline at end of file diff --git a/recipes/nuo/locals.kind.pkr.hcl b/recipes/nuo/locals.kind.pkr.hcl new file mode 100644 index 0000000..d8bfb28 --- /dev/null +++ b/recipes/nuo/locals.kind.pkr.hcl @@ -0,0 +1,132 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceKubernetes = { + ConfigFiles = [ + { + destination = "/etc/cluster.yaml" + source = "cluster.yaml.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/rc.conf" + source = "rc.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = {} + Packages = { + docker = { + name = "docker" + action = "install" + } + docker-compose = { + name = "docker-compose" + action = "install" + } + gpg = { + name = "gpg" + action = "install" + } + kubeadm = { + name = "kind" + action = "install" + } + vmtools = { + name = "open-vm-tools" + action = "install" + } + vmtools-rc = { + name = "open-vm-tools-openrc" + action = "install" + } + } + Vars = { + RootlessDocker = "true" + Cluster = { + Name = "nuo" + IngressReady = true + PodSubNet = "10.110.0.0/16" + ServieSubNet = "10.115.0.0/16" + Version = "1.27.2" + Nodes = [ + { + Role = "control-plane" + Ports = [ + { + containerPort = 31000 + hostPort = 31000 + listenAddress = "0.0.0.0" + }, + { + containerPort = 80 + hostPort = 8080 + listenAddress = "0.0.0.0" + }, + { + containerPort = 443 + hostPort = 8443 + listenAddress = "0.0.0.0" + } + ] + }, + { Role = "worker" }, + { Role = "worker" }, + { Role = "worker" } + ] + } + } + Users = { + dock = { + username = "dock" + group = "dock" + home = "/srv/dock" + shell = "/bin/nologin" + } + } + Daemons = { + vm-tools = { + name = "open-vm-tools" + type = "auto" + enabled = true + } + docker = { + name = "docker" + type = "auto" + enabled = true + } + cgroups = { + name = "cgroups" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + ntpd = { + name = "ntpd" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + Kind = { + Name = "kind" + Globals = local.Globals + Services = { + Kubernetes = local.ServiceKubernetes + } + } +} diff --git a/recipes/nuo/locals.matchbox.pkr.hcl b/recipes/nuo/locals.matchbox.pkr.hcl new file mode 100644 index 0000000..de336e7 --- /dev/null +++ b/recipes/nuo/locals.matchbox.pkr.hcl @@ -0,0 +1,176 @@ +locals { + // Definition of the Kubernetes service (templater compatible) + ServiceNuoMatchBox = { + ConfigFiles = [ + { + destination = "/etc/dnsmasq.d/pxe.conf" + source = "dnsmasq.d/ipxe.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/dnsmasq-hosts.conf" + source = "dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl" + mode = "600" + owner = "dnsmasq" + group = "root" + }, + { + destination = "/etc/conf.d/matchbox" + source = "conf.d/matchbox.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/init.d/matchbox" + source = "init.d/matchbox.pktpl.hcl" + mode = "700" + owner = "root" + group = "root" + }, + { + destination = "/etc/network/interfaces" + source = "network/interfaces.pktpl.hcl" + mode = "700" + owner = "root" + group = "root" + }, + { + destination = "/etc/resolv.conf" + source = "resolv.conf.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/hostname" + source = "hostname.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + AlpineEdgeCommunity = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/community" + enabled = true + } + } + Packages = { + dnsmasq = { + name = "dnsmasq" + action = "install" + } + terraform = { + name = "terraform" + action = "install" + } + git = { + name = "git" + action = "install" + } + kubectl = { + name = "kubectl" + action = "install" + } + gpg = { + name = "gpg" + action = "install" + } + vmtools = { + name = "open-vm-tools" + action = "install" + } + bash = { + name = "bash" + action = "install" + } + } + Vars = { + PXE = { + DHCPMode = "standalone" + DNSDomain = "k8s.in.nuonet.fr" + ListenInterface = "eth0" + GreetingMessage = "Nuo PXE Boot Server" + DelayTime = "5" + BootingMessage = "Booting from network the Nuo way" + DHCPRangeStart = "192.168.160.20" + DHCPRangeEnd = "192.168.160.60" + DHCPLeaseDuration = "48h" + TFTPRoot = "/var/lib/tftpboot" + } + DNSMasq = { + Hosts = [ + { + Name = "reg.k8s.in.nuonet.fr" + IP = "192.168.160.11" + } + ] + } + MatchBox = { + Hostname = "mb.k8s.in.nuonet.fr" + HTTPPort = "8080" + gRPCPort = "8081" + LogLevel = "info" + } + NIC = [ + { + Name = "eth0" + IP = "192.168.160.10" + Mask = "255.255.254.0" + Gateway = "192.168.160.1" + } + ] + DNS = [ "10.253.50.105" ] + Hosts = [ + { + Name = "harbor.k8s.in.nuonet.fr" + IP = "192.168.160.11" + } + ] + Set = { Hostname = "mb.k8s.in.nuonet.fr" } + } + Users = {} + Daemons = { + vm-tools = { + name = "open-vm-tools" + type = "auto" + enabled = true + } + matchbox = { + name = "matchbox" + type = "auto" + enabled = true + } + dnsmasq = { + name = "dnsmasq" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + } + + // Definition of the Kubernetes full configuration (with all the services) + NuoMatchBox = { + Name = "nuo-matchbox" + Globals = local.Globals + Services = { + NuoMatchBox = local.ServiceNuoMatchBox + } + } +} diff --git a/recipes/nuo/locals.pkr.hcl b/recipes/nuo/locals.pkr.hcl new file mode 100644 index 0000000..1e1aa3c --- /dev/null +++ b/recipes/nuo/locals.pkr.hcl @@ -0,0 +1,37 @@ +# "timestamp" template function replacement +locals { + locations = { + recipes = "${path.cwd}/recipes/${var.name}" + templates = "${path.cwd}/recipes/${var.name}/templates" + provisionning = "${path.cwd}/recipes/${var.name}/provisionning" + post-processors = "${path.cwd}/recipes/${var.name}/post-processor" + tools = "${path.cwd}/tools" + } + dirs = local.locations + timestamp = regex_replace(timestamp(), "[- TZ:]", "") + output_name = "${var.name}" + source_checksum_url = "file:${var.source_url}/${var.version}/${var.arch}/iso-cd/SHA256SUMS" + source_iso = "${var.source_url}/v${var.short_version}/releases/${var.arch}/alpine-virt-${var.version}-${var.arch}.iso" + source_checksum = "${var.iso_cd_checksum}" + ssh_user = "root" + ssh_password = "PbkRc1vup7Wq5n4r" + disk_size = 8000 + memory = 512 + installOpts = { + hostname = var.name + user = "eole" + disk_device = "/dev/vda" + } + + installOptsVMWare = { + hostname = var.name + user = "eole" + disk_device = "/dev/sda" + } + installOptsVirtualBox = { + hostname = var.name + user = "eole" + disk_device = "/dev/sda" + } + instance_data = { "instance-id": "${var.name}" } +} diff --git a/recipes/nuo/main.pkr.hcl b/recipes/nuo/main.pkr.hcl new file mode 100644 index 0000000..743dd48 --- /dev/null +++ b/recipes/nuo/main.pkr.hcl @@ -0,0 +1,136 @@ +#Flavour base +build { + name = "base" + description = <root", + "", + "setup-interfaces", + "ifup eth0", + "mkdir -p .ssh", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", + "chmod 600 .ssh/authorized_keys", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/install.conf", + "setup-sshd -c openssh -k .ssh/authorized_keys", + ] + } + + source "qemu.nuo" { + output_directory = "${var.output_dir}/${var.version}/base" + vm_name = "${local.output_name}-${var.version}.img" + disk_size = 8000 + iso_url = "${local.source_iso}" + iso_checksum = "${var.iso_cd_checksum}" + http_content = { + "/ssh-packer-pub.key" = data.sshkey.install.public_key + "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts) + } + boot_command = [ + "root", + "", + "setup-interfaces", + "ifup eth0", + "mkdir -p .ssh", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", + "chmod 600 .ssh/authorized_keys", + "wget http://{{.HTTPIP}}:{{.HTTPPort}}/install.conf", + "setup-sshd -c openssh -k .ssh/authorized_keys", + ] + } + + source "virtualbox-iso.nuo" { + output_directory = "${var.output_dir}/${var.version}/base" + vm_name = "${local.output_name}-${var.version}.img" + disk_size = 10240 + iso_url = "${local.source_iso}" + iso_checksum = "${var.iso_cd_checksum}" + guest_os_type = "Linux_64" + cd_label = "cidata" + cd_content = { + "meta-data" = jsonencode(local.instance_data) + "user-data" = templatefile("${local.locations.templates}/conf/cloud-init/user-data", + { + user = local.ssh_user, + password = local.ssh_password, + root_password = local.ssh_password, + runcmd = [] + ssh_keys = [ data.sshkey.install.public_key ] + files = [ + { + path = "/root/install.conf" + owner = "root" + group = "root" + permissions = "600" + content = [ "KEYMAPOPTS=\"fr fr\"", + "HOSTNAMEOPTS=\"-n nuo\"", + "INTERFACESOPTS=\"auto lo", + "iface lo inet loopback", + "auto eth0", + "iface eth0 inet dhcp", + " hostname nuo\"", + "DNSOPTS=\"\"", + "TIMEZONEOPTS=\"-z Europe/Paris\"", + "PROXYOPTS=\"none\"", + "APKREPOSOPTS=\"-r -c\"", + "SSHDOPTS=\"-c openssh -k /root/.ssh/authorized_keys\"", + "NTPOPTS=\"-c openntpd\"", + "DISKOPTS=\"-L -m sys /dev/sda\""] + } + ] + } + ) + } + + boot_command = [] + } + + provisioner "shell" { + pause_before = "1s" + expect_disconnect = true # Because the previous step has rebooted the machine + script = "${local.locations.provisionning}/${var.name}-${var.short_version}-install.sh" + valid_exit_codes = [ 0, 141 ] + } + + provisioner "shell" { + pause_before = "1s" + inline = [ "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'" ] + } + + provisioner "shell" { + pause_before = "10s" + script = "${local.locations.provisionning}/${var.name}-${var.short_version}-postinstall.sh" + } + + provisioner "shell" { + script = "${local.locations.provisionning}/letsencrypt.sh" + } + + provisioner "file" { + destination = "/etc/conf.d/chronyd" + source = "${local.locations.templates}/conf/conf.d/" + } + + + post-processor "manifest" { + keep_input_artifact = true + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}" + ] + } +} diff --git a/recipes/nuo/matchbox.pkr.hcl b/recipes/nuo/matchbox.pkr.hcl new file mode 100644 index 0000000..c6f85d5 --- /dev/null +++ b/recipes/nuo/matchbox.pkr.hcl @@ -0,0 +1,120 @@ +#Flavour nuo-matchbox +build { + name = "matchbox" + description = <" ] + ssh_clear_authorized_keys = true + } + + source "source.qemu.nuo" { + output_directory = "${var.output_dir}/${var.version}/provisionned/nuo-matchbox" + vm_name = "${local.output_name}-${var.version}-nuo-matchbox.img" + iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" + iso_checksum = "none" + disk_size = 40960 + disk_image = true + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" + } + + // Copy configuration values on the image + provisioner "shell" { + inline = [ + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] + } + + // Copy configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + + // Copy configuration values on the image + provisioner "file" { + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.NuoMatchBox)}" + } + + // Copy nuo-matchbox boot provisionning script + provisioner "file" { + destination = "/etc/local.d/initmatchbox.start" + source = "${local.locations.provisionning}/conf/${build.name}/initmatchbox.start" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + + provisioner "file" { + destination = "/etc/local.d/templater.start" + source = "${local.locations.provisionning}/conf/common/templater.start" + } + + // Copy tftp provisionning script + provisioner "file" { + destination = "/etc/local.d/inittftp.start" + source = "${local.locations.provisionning}/conf/${build.name}/inittftp.start" + } + + // Generate default configuration for kubernetes + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "file" { + destination = "/tmp/${build.name}.sh" + source = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "shell" { + inline = [ + "sh -cx 'sh /tmp/${build.name}.sh'" + ] + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/initmatchbox.start", + "chmod +x /etc/local.d/templater.start", + "chmod +x /etc/local.d/inittftp.start" + ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/nuo-matchbox ${var.image_version}" + ] + } + +} diff --git a/recipes/nuo/plugins.pkr.hcl b/recipes/nuo/plugins.pkr.hcl new file mode 100644 index 0000000..399e758 --- /dev/null +++ b/recipes/nuo/plugins.pkr.hcl @@ -0,0 +1,24 @@ +packer { + required_plugins { + sshkey = { + version = ">= 1.0.1" + source = "github.com/ivoronin/sshkey" + } + vmware = { + version = ">= 1.0.8" + source = "github.com/hashicorp/vmware" + } + qemu = { + source = "github.com/hashicorp/qemu" + version = "~> 1" + } + virtualbox = { + source = "github.com/hashicorp/virtualbox" + version = "~> 1" + } + } +} + +data "sshkey" "install" { + type = "ed25519" +} \ No newline at end of file diff --git a/recipes/nuo/post-processor/sparsify.sh b/recipes/nuo/post-processor/sparsify.sh new file mode 100755 index 0000000..316265a --- /dev/null +++ b/recipes/nuo/post-processor/sparsify.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +if [ "${#}" -ne 2 ]; then + echo Missing arguments + exit 2 +fi + +WORKDIR=${1} +VERSION=${2} + +findImages() { + find ${1} -iname "*.img" +} + +sleep 5 + +for imageName in $(findImages ${WORKDIR} ${DOMAIN}); do + if [ $(which virt-sparsify) ]; then + newName=$(echo $imageName | sed "s/.img/_${VERSION}.img/g") + virt-sparsify --compress --tmp ./ --format qcow2 ${imageName} ${newName} + if [ "${?}" -eq 0 ]; then + rm -rf ${imageName} + cd ${WORKDIR} + ln -s $(basename ${newName}) $(basename ${imageName}) + echo ${newName} ${imageName} + cd - + fi + else + echo "Sparsify skipped 'virt-sparsify' command is missing" + fi +done diff --git a/recipes/nuo/provisionning/conf/common/templater.start b/recipes/nuo/provisionning/conf/common/templater.start new file mode 100644 index 0000000..f4f253d --- /dev/null +++ b/recipes/nuo/provisionning/conf/common/templater.start @@ -0,0 +1,104 @@ +#!/usr/bin/env bash + +# +# Generate all the configuration files +# Get all the values from the VLS_DIR +# Process each template from the TPL_DIR with this values +# + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} +TPL_DIR="/usr/share/builder/templates" +VLS_DIR="/usr/share/builder/values" +CONFIG="" + +if [ -f "${ENV_FILE}" ]; then +. ${ENV_FILE} +fi + +BTR="$(command -v btr)" +if [ "${?}" -ne 0 ]; then + echo "Warning: Nothing to do the templater is not installed" + exit 0 +fi + +if [ ! -e "${TPL_DIR}" ]; then + echo "Error: The template dir is missing (${TPL_DIR})" + exit 1 +fi + +if [ ! -e "${VLS_DIR}" ]; then + echo "Error: The template dir is missing (${VLS_DIR})" + exit 1 +fi + +jsonQuery() { + local data="${1}" + local query="${2}" + echo "${data}" | jq -cr "${query}" +} + +# NAME: @jsonMerge +# AIM: Merge two json structures +# NOTES: +# The last one has de last word +# if you have the same key in A and B +# this keeps the value of the B structure. +# PARAMS: +# $1: original JSON Structure +# $2: updated JSON Structure +jsonMerge() { + local data="${1}" + local data2="${2}" + + echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]" +} + +jsonUpdateVal() { + local json="${1}" + local key="${2}" + local value="${3}" + + echo "${json}" | jq --arg a "${value}" "${key} = \$a" +} + +getValues() { + + local values="" + + for file in $(find ${VLS_DIR} -name "*.json"); do + values="${values}$(cat ${file})" + done + + if [ -n "${RAW_CONFIG}" ]; then + values="$(jsonMerge ${values} ${RAW_CONFIG})" + fi + + for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do + for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do + ukey=${key^^} + vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")" + if [ ${?} -eq 0 ]; then + for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do + uvar=${var^^} + val=$(eval echo "\$${ukey}_${uvar}") + if [ -n "${val}" ]; then + values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}") + fi + done + else + values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}") + fi + done + done + echo ${values} +} + +processTemplates() { + ${BTR} -t ${TPL_DIR} -c "${1}" +} + +VALUES=$(getValues) +file=$(mktemp) +echo "${VALUES}" > "${file}" +processTemplates "${file}" +rm -rf "${file}" diff --git a/recipes/nuo/provisionning/conf/harbor/init.d/harbor b/recipes/nuo/provisionning/conf/harbor/init.d/harbor new file mode 100755 index 0000000..86a2255 --- /dev/null +++ b/recipes/nuo/provisionning/conf/harbor/init.d/harbor @@ -0,0 +1,64 @@ +#!/sbin/openrc-run + +: ${SUBCFGDIR:=/srv} +DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"} + +SUBSVC="${SVCNAME#*.}" +[ -z "${SUBSVC}" ] && exit 1 +: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"} +DOCOCMD="/usr/bin/docker-compose" +export COMPOSE_HTTP_TIMEOUT=300 + +description="Manage docker services defined in ${SUBCFG}" +extra_commands="configtest build" +description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\"" +description_build="Run \"docker-compose -f ${SUBCFG} build\"" + +depend() { + need localmount net docker + use dns + after docker +} + +configtest() { + if ! [ -f "${SUBCFG}" ]; then + eerror "The config file ${SUBCFG} does not exist!" + return 1 + fi + if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then + einfo "config: ok" + else + eerror "config: error" + return 1 + fi +} + +build() { + configtest || return 1 + ebegin "Building dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" build + eend $? +} + +start() { + configtest || return 1 + ebegin "Starting dockerservice ${SUBSVC}" + sleep 5 + "${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS} + eend $? +} + +stop() { + ebegin "Stopping dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300 + eend $? +} + +status() { + if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then + einfo "status: started" + else + einfo "status: stopped" + return 3 + fi +} diff --git a/recipes/nuo/provisionning/conf/kind/initkind.start b/recipes/nuo/provisionning/conf/kind/initkind.start new file mode 100644 index 0000000..121dfae --- /dev/null +++ b/recipes/nuo/provisionning/conf/kind/initkind.start @@ -0,0 +1,13 @@ +#!/bin/sh + +CLUSTER_NAME="nuo" + +if [ $(kind get clusters -q | grep "${CLUSTER_NAME}") ];then + podman start -f name="^${CLUSTER_NAME}" +else + kind create cluster --config /etc/cluster.yaml | tee -a /var/log/kind-init.log +fi + +if [ ! $(which kubectl) ];then + apk add kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community +fi diff --git a/recipes/nuo/provisionning/conf/matchbox/initmatchbox.start b/recipes/nuo/provisionning/conf/matchbox/initmatchbox.start new file mode 100644 index 0000000..9180b96 --- /dev/null +++ b/recipes/nuo/provisionning/conf/matchbox/initmatchbox.start @@ -0,0 +1,25 @@ +#!/bin/sh + +FL_VERSIONS="current 3374.2.0" +MATCHBOX_DIR="/var/lib/matchbox" +ASSETS_DIR="${MATCHBOX_DIR}/assets/" + +GPG_FNAME="Flatcar_Image_Signing_Key.asc" +GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/" + +cd /tmp +curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME} +gpg --import --keyid-format LONG ${GPG_FNAME} +cd - + +echo "Provisionning matchbox with flatcar images" +tout=30 +for version in ${FL_VERSIONS}; do + for i in $(seq 1 ${tout});do + echo " * ${FL_VERSIONS} stable image (try ${i})" + /usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR} + if [[ "${?}" -eq 0 ]]; then + break + fi + done +done diff --git a/recipes/nuo/provisionning/conf/matchbox/inittftp.start b/recipes/nuo/provisionning/conf/matchbox/inittftp.start new file mode 100644 index 0000000..e076de9 --- /dev/null +++ b/recipes/nuo/provisionning/conf/matchbox/inittftp.start @@ -0,0 +1,10 @@ +#!/bin/sh + +dest="${1}" + +ipxeEFISource="http://boot.ipxe.org/ipxe.efi" +kpxeSource="http://boot.ipxe.org/undionly.kpxe" + +cd "${dest}" +wget "${ipxeEFISource}" +wget "${kpxeSource}" \ No newline at end of file diff --git a/recipes/nuo/provisionning/harbor.sh b/recipes/nuo/provisionning/harbor.sh new file mode 100644 index 0000000..35068b3 --- /dev/null +++ b/recipes/nuo/provisionning/harbor.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +HARBOR_VERSION="2.8.2" +HARBOR_SOURCE_URL="https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/" +HARBOR_INSTALLER="harbor-offline-installer-v${HARBOR_VERSION}.tgz" +HARBOR_INSTALLER_ASC="${HARBOR_INSTALLER}.asc" +export TERM=xterm + + +gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C + +cd /srv + +wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} +wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER_ASC} + +gpg -v --keyserver hkps://keyserver.ubuntu.com --verify ${HARBOR_INSTALLER}.asc +if [ $? -ne 0 ]; then + echo "Harbor sources ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} are corrupt" + exit 3 +fi + +tar xzvf ${HARBOR_INSTALLER} + +if [ ! -f ${HARBOR_SSL_CERT} ];then + mkcert -install + mkcert -cert-file ${HARBOR_SSL_CERT} -key-file ${HARBOR_SSL_KEY} ${HARBOR_DOMAIN} +fi + +cd harbor + +ln -s /etc/harbor/harbor.yml . + +service docker start +sleep 5 + +./prepare +./install.sh --with-notary --with-trivy \ No newline at end of file diff --git a/recipes/nuo/provisionning/kind.sh b/recipes/nuo/provisionning/kind.sh new file mode 100644 index 0000000..9b31d9b --- /dev/null +++ b/recipes/nuo/provisionning/kind.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +# Remove swap +cat /etc/fstab | grep -v swap > temp.fstab +cat temp.fstab > /etc/fstab +rm temp.fstab +swapoff -a + +#lvremove -y /dev/vg0/lv_swap +#lvextend -y -r -l +100%FREE /dev/vg0/lv_root diff --git a/recipes/nuo/provisionning/letsencrypt.sh b/recipes/nuo/provisionning/letsencrypt.sh new file mode 100644 index 0000000..4ae1968 --- /dev/null +++ b/recipes/nuo/provisionning/letsencrypt.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +set -eo pipefail + +DESTDIR=/usr/local/share/ca-certificates +UPDATE_CERTS_CMD=update-ca-certificates +CERTS="$(cat < "${file}" +processTemplates "${file}" +rm -rf "${file}" diff --git a/recipes/nuo/provisionning/one-context/net-97-k3s b/recipes/nuo/provisionning/one-context/net-97-k3s new file mode 100644 index 0000000..77bd98a --- /dev/null +++ b/recipes/nuo/provisionning/one-context/net-97-k3s @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} + +# $TOKENTXT is available only through the env. file +# shellcheck disable=SC1090 +if [ -f "${ENV_FILE}" ]; then + . "${ENV_FILE}" +fi + +### + +if [ -n "${K3S_ROLE}" ]; then + if [ "${K3S_ROLE}" = "server" ]; then + rc-update add dnsmasq default + service dnsmasq start + + rc-update add k3s default + service k3s start + fi +fi diff --git a/recipes/nuo/provisionning/ssh/cadoles/pcaseiro.pub b/recipes/nuo/provisionning/ssh/cadoles/pcaseiro.pub new file mode 100644 index 0000000..9ac0828 --- /dev/null +++ b/recipes/nuo/provisionning/ssh/cadoles/pcaseiro.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDph3zh6ojSvH44k13z9B6xj+Hargo3uzkxnYv5s5NI4yagNuBXEc3aS++KdocND+FtVfLK+iVE8qHo2bvmpMmVkqU6WU2apN7DfIP0QGLlSGeo+UOZ9hGeEDlgVO4AOnZKZ5kPGBEPZ84JXuE9CmhKfwEVCK8w3B8XQttA8alFl4A4/4F14x2w4njsSLY1H3b0qah7hgYKU5zHIGLg8Lxx+1BxGIF0l5n5m5rqAskRNaF+aYbs0CcWHv49bPK0sJJ0qPV2r2sq8BlzuZFHExnZRIxpsIXdce4Bm4rdlGi7tBmmurLk4OOtDkwvhD0LMaNJf10k6QLSmRUTVzgsYz/dmGxopbMtwwIXkwi014uSZgi8wAuznXx5I4j2TUGPZHOVf+1iw/yaxWlgTVOSoX7ZxyhDgW5cCgZZGNzU5UWe0vUuVTB+hfSMj50/Q6+Vi92/mDMbPhm4nBoVzD5DT15mB+yGyN45Ej61m0JzVUyZexfvVaffEug1/u5dnwilP0WGKr4i2OXxOXtvSdAs5rlZjvppZk6IxRCwXIcPwEFL97ZrQZAxlVS5Nh+ZnlSwTe3zfQhzHj1ao0AdCAHFPUEdoUPJhSb0OjyCvZ9XZ1KCkXhuhuN/3IUhuoWl4soNCeC3KmU/USx1wda438Exj0hM1mTyBZScDPGyD9nw78DGw== Philippe Caseiro diff --git a/recipes/nuo/provisionning/ssh/cadoles/vfebvre.pub b/recipes/nuo/provisionning/ssh/cadoles/vfebvre.pub new file mode 100644 index 0000000..648c129 --- /dev/null +++ b/recipes/nuo/provisionning/ssh/cadoles/vfebvre.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZxr8C81Dm5Zl2AtDzTVa8hFs04aV1z8ANrXYVHnLf7gEG4c1BI9iWbm94gVCQT4IvoKR5oZxjxGnx1a7VaX6h6dt33+p/s2IJiwG+9/DykPnImw+ALTcnMcyrwOYh68jnQIOGkYzK/VaHRzrvFNuoVWIU+FqfN+sW+bLQWi9v/K5oiup83xQBze6kjMEL2PT48bJwT/dQgP5cnTTEYwcOK/Yes1Cmb+VqjAs5B3uiHDoch10fy4b4duuALozPGhgoOfTLqe9Ekbt8PdIhUzGxFCw79W7IBA9vw79tYBy4B2et8Zb9sf+sMmxPINDkouYmfSnU0PjNjida7Tii2IEWbrb/qbSkRNcyIBmpGKz6VnSIvomv4FA9dGkOLYRyvTjAM6Shy5aiGV8F7T9hMxm3zGDjiVseyPVtMdSjM2SCx95uPCH5oSrj8M1OIjC2D+w3DsmTPFvTjA1gmKEYnXfFj82DvO+wDcbb6/DF2qS6y5rNpdnPWDb57iBqKeZISQ5x+h8arV0U3yItHoi7z4Cb51V29pdBE0xgFx5DE5akuPO3RC+BP0CK242HBdb94YXQCfmoQ1dV59mvu0ObAhP4CH/efOqONHXjTG9eurQyJWUr8yYO9DI7HkQHwvYDS7xuEO9yvs7gizm22FOTcxBPc4M/KFhPfnUs7Nyfw6I0Nw== vfebvre@cadoles.com diff --git a/recipes/nuo/provisionning/ssh/cnous/nmelin.pub b/recipes/nuo/provisionning/ssh/cnous/nmelin.pub new file mode 100644 index 0000000..a4e15ee --- /dev/null +++ b/recipes/nuo/provisionning/ssh/cnous/nmelin.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr diff --git a/recipes/nuo/provisionning/ssh/cnous/operrot.pub b/recipes/nuo/provisionning/ssh/cnous/operrot.pub new file mode 100644 index 0000000..f68677c --- /dev/null +++ b/recipes/nuo/provisionning/ssh/cnous/operrot.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr diff --git a/recipes/nuo/provisionning/templater-install.sh b/recipes/nuo/provisionning/templater-install.sh new file mode 100644 index 0000000..091bbdb --- /dev/null +++ b/recipes/nuo/provisionning/templater-install.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +set -ex + +TOOL_DIR="${1:-/usr/local/bin}" +TOOL_USER="${2:-root}" +TOOL_GROUP="${3:-root}" +ATTACHMENT_URL="https://forge.cadoles.com/attachments/" + +installTool() { + NAME="${1}" + URL="${2}" + + curl -k -o ${TOOL_DIR}/${NAME} ${URL} + chmod +x ${TOOL_DIR}/${NAME} +} + +apk add curl + +# Install templater +installTool "tpr" "https://forge.cadoles.com/attachments/242b3cba-8d07-4b89-80ab-7c12253a8524" +# Install bootstraper +installTool "btr" "https://forge.cadoles.com/attachments/e8442b2a-2065-4282-b4a4-648681fa044c" diff --git a/recipes/nuo/provisionning/tools/additionnal-disk b/recipes/nuo/provisionning/tools/additionnal-disk new file mode 100644 index 0000000..7dd4786 --- /dev/null +++ b/recipes/nuo/provisionning/tools/additionnal-disk @@ -0,0 +1,27 @@ +#!/bin/sh + +# +# Quick and dirty script to add disk space +# It creates a new PV (with the additionnal disk), +# a new VG and a new LV with 100% disk space +# The names and devices are provided with env variables: +# - PV_DEVICE : The /dev/xxx device +# - VG_NAME: The new vg name +# - LV_NAME: Then new lv name +# - LV_MTP: The mount point for the FS created on the LV +# - LV_FS: The fstype of the new FS +# +if [ -e ${PV_DEVICE} ]; then + pvcreate ${PV_DEVICE} + vgcreate ${VG_NAME} ${PV_DEVICE} + lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME} + mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME} + if [ ! -d ${LV_MTP} ]; then + mkdir -p ${LV_MTP} + fi + mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP} + echo "/dev/${VG_NAME}/${LV_NAME} ${LV_MTP} ${LV_FS} rw,relatime 0 1" >> /etc/fstab +else + echo "${PV_DEVICE} is missing" + exit 3 +fi \ No newline at end of file diff --git a/recipes/nuo/sources.pkr.hcl b/recipes/nuo/sources.pkr.hcl new file mode 100644 index 0000000..309ac35 --- /dev/null +++ b/recipes/nuo/sources.pkr.hcl @@ -0,0 +1,135 @@ +source qemu "nuo" { + cpus = 1 + memory = "${local.memory}" + accelerator = "kvm" + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + host_port_min = 2222 + host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + disk_compression = true + disk_discard = "unmap" + skip_compaction = false + disk_detect_zeroes = "unmap" + + format = "qcow2" + + boot_wait = "5s" +} + +source "vmware-iso" "nuo" { + cpus = 1 + disk_type_id = 0 + memory = "${local.memory}" + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} + +source "vmware-vmx" "nuo" { + disk_type_id = 0 + vnc_bind_address = "0.0.0.0" + + headless = true + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_port_min = 9990 + http_port_max = 9999 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} + +source "virtualbox-iso" "nuo" { + cpus = 1 + memory = "${local.memory}" + vrdp_bind_address = "0.0.0.0" + nic_type = "virtio" + + headless = false + + # Serve the `http` directory via HTTP, used for preseeding the Debian installer. + http_bind_address = "0.0.0.0" + http_port_min = 9290 + http_port_max = 9299 + + # SSH ports to redirect to the VM being built + #host_port_min = 2222 + #host_port_max = 2229 + + # This user is configured in the preseed file. + ssh_username = "${local.ssh_user}" + ssh_private_key_file = data.sshkey.install.private_key_path + ssh_wait_timeout = "1000s" + ssh_file_transfer_method = "sftp" + + shutdown_command = "/sbin/poweroff" + + # Builds a compact image + #disk_compression = true + #disk_discard = "unmap" + #skip_compaction = false + #disk_detect_zeroes = "unmap" + + format = "ova" + + boot_wait = "5s" +} \ No newline at end of file diff --git a/recipes/nuo/templates/conf/cloud-init/user-data b/recipes/nuo/templates/conf/cloud-init/user-data new file mode 100644 index 0000000..ef12b75 --- /dev/null +++ b/recipes/nuo/templates/conf/cloud-init/user-data @@ -0,0 +1,47 @@ +#alpine-config +user: + name: ${user} + password: ${password} +chpasswd: + expire: False +apk: + repositories: + - base_url: https://mirrors.ircam.fr/pub/alpine/ + repos: [ "main", "community" ] +package_update: true +packages: + - tmux + - vim + - openssh-server + - openssh-sftp-server +users: + - name: root + lock-passwd: false + passwd: ${root_password} + ssh_authorized_keys: +%{ for sk in ssh_keys ~} + - ${sk} +%{ endfor ~} +ssh_authorized_keys: +%{ for sk in ssh_keys ~} + - ${sk} +%{ endfor ~} +%{ if files != [] ~} +write_files: +%{ for fl in files ~} + - path: ${fl.path} + owner: ${fl.owner}:${fl.group} + permissions: '0${fl.permissions}' + content: | +%{ for li in fl.content ~} + ${li} +%{ endfor ~} +%{ endfor ~} +%{ endif ~} +%{ if runcmd != [] ~} +# Work around network interface down after boot +runcmd: +%{ for cmd in runcmd ~} + - ${cmd} +%{ endfor ~} +%{ endif ~} \ No newline at end of file diff --git a/recipes/nuo/templates/conf/conf.d/chronyd b/recipes/nuo/templates/conf/conf.d/chronyd new file mode 100644 index 0000000..e692251 --- /dev/null +++ b/recipes/nuo/templates/conf/conf.d/chronyd @@ -0,0 +1,6 @@ +# /etc/conf.d/chronyd +CFGFILE="/etc/chrony/chrony.conf" +FAST_STARTUP=yes +ARGS="" +# vrf e.g 'vrf-mgmt' +#vrf="" diff --git a/recipes/nuo/templates/conf/docker/rc.conf.pktpl.hcl b/recipes/nuo/templates/conf/docker/rc.conf.pktpl.hcl new file mode 100644 index 0000000..677fc84 --- /dev/null +++ b/recipes/nuo/templates/conf/docker/rc.conf.pktpl.hcl @@ -0,0 +1,337 @@ +# Global OpenRC configuration settings +# ${Vars.RootlessDocker} + +# Set to "YES" if you want the rc system to try and start services +# in parallel for a slight speed improvement. When running in parallel we +# prefix the service output with its name as the output will get +# jumbled up. +# WARNING: whilst we have improved parallel, it can still potentially lock +# the boot process. Don't file bugs about this unless you can supply +# patches that fix it without breaking other things! +#rc_parallel="NO" + +# Set rc_interactive to "YES" and you'll be able to press the I key during +# boot so you can choose to start specific services. Set to "NO" to disable +# this feature. This feature is automatically disabled if rc_parallel is +# set to YES. +#rc_interactive="YES" + +# If we need to drop to a shell, you can specify it here. +# If not specified we use $SHELL, otherwise the one specified in /etc/passwd, +# otherwise /bin/sh +# Linux users could specify /sbin/sulogin +#rc_shell=/bin/sh + +# Do we allow any started service in the runlevel to satisfy the dependency +# or do we want all of them regardless of state? For example, if net.eth0 +# and net.eth1 are in the default runlevel then with rc_depend_strict="NO" +# both will be started, but services that depend on 'net' will work if either +# one comes up. With rc_depend_strict="YES" we would require them both to +# come up. +#rc_depend_strict="YES" + +# rc_hotplug controls which services we allow to be hotplugged. +# A hotplugged service is one started by a dynamic dev manager when a matching +# hardware device is found. +# Hotplugged services appear in the "hotplugged" runlevel. +# If rc_hotplug is set to any value, we compare the name of this service +# to every pattern in the value, from left to right, and we allow the +# service to be hotplugged if it matches a pattern, or if it matches no +# patterns. Patterns can include shell wildcards. +# To disable services from being hotplugged, prefix patterns with "!". +#If rc_hotplug is not set or is empty, all hotplugging is disabled. +# Example - rc_hotplug="net.wlan !net.*" +# This allows net.wlan and any service not matching net.* to be hotplugged. +# Example - rc_hotplug="!net.*" +# This allows services that do not match "net.*" to be hotplugged. + +# rc_logger launches a logging daemon to log the entire rc process to +# /var/log/rc.log +# NOTE: Linux systems require the devfs service to be started before +# logging can take place and as such cannot log the sysinit runlevel. +#rc_logger="NO" + +# Through rc_log_path you can specify a custom log file. +# The default value is: /var/log/rc.log +#rc_log_path="/var/log/rc.log" + +# If you want verbose output for OpenRC, set this to yes. If you want +# verbose output for service foo only, set it to yes in /etc/conf.d/foo. +#rc_verbose=no + +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +#rc_env_allow="VAR1 VAR2" + +# By default we assume that all daemons will start correctly. +# However, some do not - a classic example is that they fork and return 0 AND +# then child barfs on a configuration error. Or the daemon has a bug and the +# child crashes. You can set the number of milliseconds start-stop-daemon +# waits to check that the daemon is still running after starting here. +# The default is 0 - no checking. +#rc_start_wait=100 + +# rc_nostop is a list of services which will not stop when changing runlevels. +# This still allows the service itself to be stopped when called directly. +#rc_nostop="" + +# rc will attempt to start crashed services by default. +# However, it will not stop them by default as that could bring down other +# critical services. +#rc_crashed_stop=NO +#rc_crashed_start=YES + +# Set rc_nocolor to yes if you do not want colors displayed in OpenRC +# output. +#rc_nocolor=NO + +############################################################################## +# MISC CONFIGURATION VARIABLES +# There variables are shared between many init scripts + +# Set unicode to NO to turn off unicode support for keyboards and screens. +#unicode="YES" + +# This is how long fuser should wait for a remote server to respond. The +# default is 60 seconds, but it can be adjusted here. +#rc_fuser_timeout=60 + +# Below is the default list of network fstypes. +# +# afs ceph cifs coda davfs fuse fuse.glusterfs fuse.sshfs gfs glusterfs lustre +# ncpfs nfs nfs4 ocfs2 shfs smbfs +# +# If you would like to add to this list, you can do so by adding your +# own fstypes to the following variable. +#extra_net_fs_list="" + +############################################################################## +# SERVICE CONFIGURATION VARIABLES +# These variables are documented here, but should be configured in +# /etc/conf.d/foo for service foo and NOT enabled here unless you +# really want them to work on a global basis. +# If your service has characters in its name which are not legal in +# shell variable names and you configure the variables for it in this +# file, those characters should be replaced with underscores in the +# variable names as shown below. + +# Some daemons are started and stopped via start-stop-daemon. +# We can set some things on a per service basis, like the nicelevel. +# These need to be exported +#export SSD_NICELEVEL="0" +# Or the ionice level. The format is class[:data] , just like the +# --ionice start-stop-daemon parameter. +#export SSD_IONICELEVEL="0:0" +# Or the OOM score adjustment. +#export SSD_OOM_SCORE_ADJ="0" + +# Pass ulimit parameters +# If you are using bash in POSIX mode for your shell, note that the +# ulimit command uses a block size of 512 bytes for the -c and -f +# options +#rc_ulimit="-u 30" + +# It's possible to define extra dependencies for services like so +#rc_config="/etc/foo" +#rc_need="openvpn" +#rc_use="net.eth0" +#rc_after="clock" +#rc_before="local" +#rc_provide="!net" + +# You can also enable the above commands here for each service. Below is an +# example for service foo. +#rc_foo_config="/etc/foo" +#rc_foo_need="openvpn" +#rc_foo_after="clock" + +# Below is an example for service foo-bar. Note that the '-' is illegal +# in a shell variable name, so we convert it to an underscore. +# example for service foo-bar. +#rc_foo_bar_config="/etc/foo-bar" +#rc_foo_bar_need="openvpn" +#rc_foo_bar_after="clock" + +# You can also remove dependencies. +# This is mainly used for saying which services do NOT provide net. +#rc_net_tap0_provide="!net" + +# This is the subsystem type. +# It is used to match against keywords set by the keyword call in the +# depend function of service scripts. +# +# It should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +# If it is commented out, automatic detection will be used. +# +# The list below shows all possible settings as well as the host +# operating systems where they can be used and autodetected. +# +# "" - nothing special +# "docker" - Docker container manager (Linux) +# "jail" - Jail (DragonflyBSD or FreeBSD) +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "rkt" - CoreOS container management system (Linux) +# "subhurd" - Hurd subhurds (to be checked) +# "systemd-nspawn" - Container created by systemd-nspawn (Linux) +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "xen0" - Xen0 Domain (Linux and NetBSD) +# "xenU" - XenU Domain (Linux and NetBSD) +#rc_sys="" + +# if you use openrc-init, which is currently only available on Linux, +# this is the default runlevel to activate after "sysinit" and "boot" +# when booting. +#rc_default_runlevel="default" + +# on Linux and Hurd, this is the number of ttys allocated for logins +# It is used in the consolefont, keymaps, numlock and termencoding +# service scripts. +rc_tty_number=12 + +############################################################################## +# LINUX CGROUPS RESOURCE MANAGEMENT + +# This sets the mode used to mount cgroups. +# "hybrid" mounts cgroups version 2 on /sys/fs/cgroup/unified and +# cgroups version 1 on /sys/fs/cgroup. +# "legacy" mounts cgroups version 1 on /sys/fs/cgroup +# "unified" mounts cgroups version 2 on /sys/fs/cgroup +rc_cgroup_mode="hybrid" + + +# This is a list of controllers which should be enabled for cgroups version 2 +# when hybrid mode is being used. +# Controllers listed here will not be available for cgroups version 1. +rc_cgroup_controllers="cpuset cpu io memory hugelb openrc pids" + +# This variable contains the cgroups version 2 settings for your services. +# If this is set in this file, the settings will apply to all services. +# If you want different settings for each service, place the settings in +# /etc/conf.d/foo for service foo. +# The format is to specify the setting and value followed by a newline. +# Multiple settings and values can be specified. +# For example, you would use this to set the maximum memory and maximum +# number of pids for a service. +#rc_cgroup_settings=" +#memory.max 10485760 +#pids.max max +#" +# +# For more information about the adjustments that can be made with +# cgroups version 2, see Documentation/cgroups-v2.txt in the linux kernel +# source tree. +#rc_cgroup_settings="" + +# This switch controls whether or not cgroups version 1 controllers are +# individually mounted under +# /sys/fs/cgroup in hybrid or legacy mode. +rc_controller_cgroups="YES" + +# The following setting turns on the memory.use_hierarchy setting in the +# root memory cgroup for cgroups v1. +# It must be set to yes in this file if you want this functionality. +#rc_cgroup_memory_use_hierarchy="NO" + +# The following settings allow you to set up values for the cgroups version 1 +# controllers for your services. +# They can be set in this file;, however, if you do this, the settings +# will apply to all of your services. +# If you want different settings for each service, place the settings in +# /etc/conf.d/foo for service foo. +# The format is to specify the names of the settings followed by their +# values. Each variable can hold multiple settings. +# For example, you would use this to set the cpu.shares setting in the +# cpu controller to 512 for your service. +# rc_cgroup_cpu=" +# cpu.shares 512 +# " +# +# For more information about the adjustments that can be made with +# cgroups version 1, see Documentation/cgroups-v1/* in the linux kernel +# source tree. + +# Set the blkio controller settings for this service. +#rc_cgroup_blkio="" + +# Set the cpu controller settings for this service. +#rc_cgroup_cpu="" + +# Add this service to the cpuacct controller (any value means yes). +#rc_cgroup_cpuacct="" + +# Set the cpuset controller settings for this service. +#rc_cgroup_cpuset="" + +# Set the devices controller settings for this service. +#rc_cgroup_devices="" + +# Set the hugetlb controller settings for this service. +#rc_cgroup_hugetlb="" + +# Set the memory controller settings for this service. +#rc_cgroup_memory="" + +# Set the net_cls controller settings for this service. +#rc_cgroup_net_cls="" + +# Set the net_prio controller settings for this service. +#rc_cgroup_net_prio="" + +# Set the pids controller settings for this service. +#rc_cgroup_pids="" + +# Set this to YES if you want all of the processes in a service's cgroup +# killed when the service is stopped or restarted. +# Be aware that setting this to yes means all of a service's +# child processes will be killed. Keep this in mind if you set this to +# yes here instead of for the individual services in +# /etc/conf.d/. +# To perform this cleanup manually for a stopped service, you can +# execute cgroup_cleanup with /etc/init.d/ cgroup_cleanup or +# rc-service cgroup_cleanup. +# If the kernel includes support for cgroup2's cgroup.kill, this is used +# to reliably teardown the cgroup. +# If this fails, the process followed in this cleanup is the following: +# 1. send stopsig (sigterm if it isn't set) to all processes left in the +# cgroup immediately followed by sigcont. +# 2. Send sighup to all processes in the cgroup if rc_send_sighup is +# yes. +# 3. delay for rc_timeout_stopsec seconds. +# 4. send sigkill to all processes in the cgroup unless disabled by +# setting rc_send_sigkill to no. +# rc_cgroup_cleanup="NO" + +# If this is yes, we will send sighup to the processes in the cgroup +# immediately after stopsig and sigcont. +#rc_send_sighup="NO" + +# This is the amount of time in seconds that we delay after sending sigcont +# and optionally sighup, before we optionally send sigkill to all +# processes in the # cgroup. +# The default is 90 seconds. +#rc_timeout_stopsec="90" + +# If this is set to no, we do not send sigkill to all processes in the +# cgroup. +#rc_send_sigkill="YES" + +############################################################################## +# SUPERVISE DAEMON CONFIGURATION VARIABLES +# These variables sets more reasonable defaults for supervise-daemon(8). +# They may be overriden on a per service basis. + +# Wait this number of seconds before restarting a daemon after it crashes. +respawn_delay=2 + +# Sets the maximum number of times a daemon will be respawned during a respawn +# period. If a daemon dies more than this number of times during a respawn +# period, supervise-daemon(8) will give up trying to respawn it and exit. +# 0 means unlimited. +respawn_max=5 + +# Sets the length in seconds of a respawn period. +respawn_period=1800 diff --git a/recipes/nuo/templates/conf/docker/subuid.pktpl.hcl b/recipes/nuo/templates/conf/docker/subuid.pktpl.hcl new file mode 100644 index 0000000..c512a70 --- /dev/null +++ b/recipes/nuo/templates/conf/docker/subuid.pktpl.hcl @@ -0,0 +1,3 @@ +%{ if Vars.RootlessDocker } +docker:231072:65536 +%{ endif } \ No newline at end of file diff --git a/recipes/nuo/templates/conf/harbor/harbor.yml.pktpl.hcl b/recipes/nuo/templates/conf/harbor/harbor.yml.pktpl.hcl new file mode 100644 index 0000000..24a94cf --- /dev/null +++ b/recipes/nuo/templates/conf/harbor/harbor.yml.pktpl.hcl @@ -0,0 +1,265 @@ +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: ${Vars.HarborDomain} + +# http related config +http: + # port for http, default is 80. If https enabled, this port will redirect to https port + port: ${Vars.HarborHTTPPort} + +# https related config +https: + # https port for harbor, default is 443 + port: ${Vars.HarborHTTPSPort} + # The path of cert and key files for nginx + certificate: ${Vars.HarborSSLCert} + private_key: ${Vars.HarborSSLPrivKey} + +# # Uncomment following will enable tls communication between all harbor components +# internal_tls: +# # set enabled to true means internal tls is enabled +# enabled: true +# # put your cert and key files on dir +# dir: /etc/harbor/tls/internal + +# Uncomment external_url if you want to enable external proxy +# And when it enabled the hostname will no longer used +# external_url: https://reg.mydomain.com:8433 + +# The initial password of Harbor admin +# It only works in first time to install harbor +# Remember Change the admin password from UI after launching Harbor. +harbor_admin_password: ${Vars.HarborAdminPassword} + +# Harbor DB configuration +database: + # The password for the root user of Harbor DB. Change this before any production use. + password: ${Vars.HarborDBPassword} + # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. + max_idle_conns: 50 + # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. + # Note: the default number of connections is 100 for postgres. + max_open_conns: 200 + +# The default data volume +data_volume: /srv/harbor/data + +# Harbor Storage settings by default is using /data dir on local filesystem +# Uncomment storage_service setting If you want to using external storage +# storage_service: +# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore +# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. +# ca_bundle: + +# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss +# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ +# filesystem: +# maxthreads: 100 +# # set disable to true when you want to disable registry redirect +# redirect: +# disabled: false + +# Trivy configuration +# +# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. +# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached +# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it +# should download a newer version from the Internet or use the cached one. Currently, the database is updated every +# 12 hours and published as a new release to GitHub. +trivy: + # ignoreUnfixed The flag to display only fixed vulnerabilities + ignore_unfixed: false + # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub + # + # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. + # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and + # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. + skip_update: false + # + # The offline_scan option prevents Trivy from sending API requests to identify dependencies. + # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. + # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't + # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode. + # It would work if all the dependencies are in local. + # This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment. + offline_scan: false + # + # insecure The flag to skip verifying registry certificate + insecure: false + # github_token The GitHub access token to download Trivy DB + # + # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough + # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 + # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult + # https://developer.github.com/v3/#rate-limiting + # + # You can create a GitHub token by following the instructions in + # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line + # + # github_token: xxx + +jobservice: + # Maximum number of job workers in job service + max_job_workers: 10 + logger_sweeper_duration: 300 + +notification: + # Maximum retry count for webhook job + webhook_job_max_retry: 10 + webhook_job_http_client_timeout: 300 + +chart: + # Change the value of absolute_url to enabled can enable absolute url in chart + absolute_url: disabled + +# Log configurations +log: + # options are debug, info, warning, error, fatal + level: info + # configs for logs in local storage + local: + # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. + rotate_count: 50 + # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. + # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G + # are all valid. + rotate_size: 200M + # The directory on your host that store log + location: /var/log/harbor + + # Uncomment following lines to enable external syslog endpoint. + # external_endpoint: + # # protocol used to transmit log to external endpoint, options is tcp or udp + # protocol: tcp + # # The host of external endpoint + # host: localhost + # # Port of external endpoint + # port: 5140 + +#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! +_version: 2.6.0 + +# Uncomment external_database if using external database. +# external_database: +# harbor: +# host: harbor_db_host +# port: harbor_db_port +# db_name: harbor_db_name +# username: harbor_db_username +# password: harbor_db_password +# ssl_mode: disable +# max_idle_conns: 2 +# max_open_conns: 0 +# notary_signer: +# host: notary_signer_db_host +# port: notary_signer_db_port +# db_name: notary_signer_db_name +# username: notary_signer_db_username +# password: notary_signer_db_password +# ssl_mode: disable +# notary_server: +# host: notary_server_db_host +# port: notary_server_db_port +# db_name: notary_server_db_name +# username: notary_server_db_username +# password: notary_server_db_password +# ssl_mode: disable + +# Uncomment external_redis if using external Redis server +# external_redis: +# # support redis, redis+sentinel +# # host for redis: : +# # host for redis+sentinel: +# # :,:,: +# host: redis:6379 +# password: +# # sentinel_master_set must be set to support redis+sentinel +# #sentinel_master_set: +# # db_index 0 is for core, it's unchangeable +# registry_db_index: 1 +# jobservice_db_index: 2 +# chartmuseum_db_index: 3 +# trivy_db_index: 5 +# idle_timeout_seconds: 30 + +# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. +# uaa: +# ca_file: /path/to/ca + +# Global proxy +# Config http proxy for components, e.g. http://my.proxy.com:3128 +# Components doesn't need to connect to each others via http proxy. +# Remove component from `components` array if want disable proxy +# for it. If you want use proxy for replication, MUST enable proxy +# for core and jobservice, and set `http_proxy` and `https_proxy`. +# Add domain to the `no_proxy` field, when you want disable proxy +# for some special registry. +proxy: + http_proxy: + https_proxy: + no_proxy: + components: + - core + - jobservice + - notary + - trivy + +metric: + enabled: false + port: 9090 + path: /metrics + +# Trace related config +# only can enable one trace provider(jaeger or otel) at the same time, +# and when using jaeger as provider, can only enable it with agent mode or collector mode. +# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed +# if using jaeger agetn mode uncomment agent_host and agent_port +# trace: +# enabled: true +# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth +# sample_rate: 1 +# # # namespace used to differenciate different harbor services +# # namespace: +# # # attributes is a key value dict contains user defined attributes used to initialize trace provider +# # attributes: +# # application: harbor +# # # jaeger should be 1.26 or newer. +# # jaeger: +# # endpoint: http://hostname:14268/api/traces +# # username: +# # password: +# # agent_host: hostname +# # # export trace data by jaeger.thrift in compact mode +# # agent_port: 6831 +# # otel: +# # endpoint: hostname:4318 +# # url_path: /v1/traces +# # compression: false +# # insecure: true +# # timeout: 10s + +# enable purge _upload directories +upload_purging: + enabled: true + # remove files in _upload directories which exist for a period of time, default is one week. + age: 168h + # the interval of the purge operations + interval: 24h + dryrun: false + +# cache layer configurations +# If this feature enabled, harbor will cache the resource +# `project/project_metadata/repository/artifact/manifest` in the redis +# which can especially help to improve the performance of high concurrent +# manifest pulling. +# NOTICE +# If you are deploying Harbor in HA mode, make sure that all the harbor +# instances have the same behaviour, all with caching enabled or disabled, +# otherwise it can lead to potential data inconsistency. +cache: + # not enabled by default + enabled: false + # keep cache for one day by default + expire_hours: 24 diff --git a/recipes/nuo/templates/conf/install/awnsers.pktpl.hcl b/recipes/nuo/templates/conf/install/awnsers.pktpl.hcl new file mode 100644 index 0000000..33d05d0 --- /dev/null +++ b/recipes/nuo/templates/conf/install/awnsers.pktpl.hcl @@ -0,0 +1,47 @@ + +# Example answer file for setup-alpine script +# If you don't want to use a certain option, then comment it out + +# Use US layout with US variant +KEYMAPOPTS="fr fr" + +# Set hostname to alpine-test +HOSTNAMEOPTS="-n ${hostname}" + +# Contents of /etc/network/interfaces +INTERFACESOPTS="auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp + hostname ${hostname} +" + +# Search domain of example.com, OpenDNS public nameserver +# ex: -d example.com 1.1.1.1" +DNSOPTS="" + +# Set timezone to UTC +TIMEZONEOPTS="-z Europe/Paris" + +# set http/ftp proxy +PROXYOPTS="none" + +# Add a random mirror +APKREPOSOPTS="-r -c" + +# Install Openssh +SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys" + +# Use openntpd +NTPOPTS="-c openntpd" + +# Use /dev/sda as a data disk +DISKOPTS="-L -m sys ${disk_device}" + +USEROPTS="-a -g 'netdev' ${user}" + +# Setup in /media/vda1 +# LBUOPTS="/media/vda1" +# APKCACHEOPTS="/media/vda1/cache" + diff --git a/recipes/nuo/templates/conf/k3s/k3s.conf.pkr.hcl b/recipes/nuo/templates/conf/k3s/k3s.conf.pkr.hcl new file mode 100644 index 0000000..3fa8501 --- /dev/null +++ b/recipes/nuo/templates/conf/k3s/k3s.conf.pkr.hcl @@ -0,0 +1,8 @@ +# k3s options +export PATH="/usr/libexec/cni/:$PATH" +K3S_EXEC="server" +%{ if Vars.DeployTraefik } +K3S_OPTS="" +%{ else } +K3S_OPTS="--disable traefik" +%{ endif } diff --git a/recipes/nuo/templates/conf/kind/cluster.yaml.pktpl.hcl b/recipes/nuo/templates/conf/kind/cluster.yaml.pktpl.hcl new file mode 100644 index 0000000..87e29d6 --- /dev/null +++ b/recipes/nuo/templates/conf/kind/cluster.yaml.pktpl.hcl @@ -0,0 +1,40 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +name: ${Vars.Cluster.Name} +networking: + podSubnet: "${Vars.Cluster.PodSubNet}" + serviceSubnet: "${Vars.Cluster.ServieSubNet}" +nodes: +%{ for nd in Vars.Cluster.Nodes } +- role: ${nd.Role} + image: kindest/node:v${Vars.Cluster.Version} + %{ if nd.Role == "control-plane"} + kubeadmConfigPatches: + - | + kind: InitConfiguration + %{ if Vars.Cluster.IngressReady } + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + %{ endif } + extraPortMappings: + - containerPort: 31000 + hostPort: 31000 + listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" + - containerPort: 80 + hostPort: 8080 + listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0" + %{ if Vars.Cluster.IngressReady } + labels: + ingress-ready: true + %{ endif } + %{ endif } + %{ if nd.Role == "worker" } + kubeadmConfigPatches: + - | + kind: JoinConfiguration + nodeRegistration: + kubeletExtraArgs: + system-reserved: memory=2Gi + %{ endif } +%{ endfor ~} \ No newline at end of file diff --git a/recipes/nuo/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/nuo/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl new file mode 100644 index 0000000..b8432f0 --- /dev/null +++ b/recipes/nuo/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl @@ -0,0 +1 @@ +command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/nuo/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/nuo/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl new file mode 100644 index 0000000..489b338 --- /dev/null +++ b/recipes/nuo/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -0,0 +1,4 @@ +${Vars.NIC[0].IP} ${Vars.Set.Hostname} +%{ if Vars.MatchBox.Hostname != "" } +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} +%{ endif } \ No newline at end of file diff --git a/recipes/nuo/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/nuo/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl new file mode 100644 index 0000000..8d08dac --- /dev/null +++ b/recipes/nuo/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl @@ -0,0 +1,60 @@ +log-queries +log-dhcp + +#port=0 +listen-address=0.0.0.0 +interface=${Vars.PXE.ListenInterface} +no-resolv +domain-needed +bogus-priv +expand-hosts +server=${Vars.ETH0.DNS} +strict-order +addn-hosts=/etc/dnsmasq-hosts.conf +domain=${Vars.PXE.DNSDomain} +local=/${Vars.PXE.DNSDomain}/ +localise-queries + + +%{ if Vars.PXE.DHCPMode == "proxy" } +#dhcp-no-override +dhcp-range=${Vars.ETH0.IP},proxy +%{ else } +dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} +dhcp-option=option:router,${Vars.ETH0.GATEWAY} +%{ endif } + +dhcp-option=option:dns-server,${Vars.ETH0.IP} +dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} + +# TFTP Configuration +enable-tftp +tftp-root="${Vars.PXE.TFTPRoot}" + +pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} + +# Based on logic in https://gist.github.com/robinsmidsrod/4008017 +# iPXE sends a 175 option, checking suboptions +dhcp-match=set:ipxe-http,175,19 +dhcp-match=set:ipxe-https,175,20 +dhcp-match=set:ipxe-menu,175,39 +# pcbios specific +dhcp-match=set:ipxe-pxe,175,33 +dhcp-match=set:ipxe-bzimage,175,24 +dhcp-match=set:ipxe-iscsi,175,17 +# efi specific +dhcp-match=set:ipxe-efi,175,36 +# combination +# set ipxe-ok tag if we have correct combination +# http && menu && iscsi ((pxe && bzimage) || efi) +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi + + +## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) +pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe +pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi +pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP} diff --git a/recipes/nuo/templates/conf/matchbox/init.d/matchbox.pktpl.hcl b/recipes/nuo/templates/conf/matchbox/init.d/matchbox.pktpl.hcl new file mode 100644 index 0000000..6652098 --- /dev/null +++ b/recipes/nuo/templates/conf/matchbox/init.d/matchbox.pktpl.hcl @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/$RC_SVCNAME" +command_user="$RC_SVCNAME" +pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" +start_stop_daemon_args="--start -b" +command_args="$command_args" +command_background="yes" + +depend() { + need net +} + +start_pre() { + checkpath --directory --owner $command_user:$command_user --mode 0775 \ + /run/$RC_SVCNAME /var/log/$RC_SVCNAME + if [ ! -f "/etc/matchbox/server.crt" ]; then + cd /root/tls + export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}" + ./cert-gen + mkdir -p /etc/matchbox + cp ca.crt server.crt server.key /etc/matchbox + chown -R matchbox:matchbox /etc/matchbox + mkdir -p /root/.matchbox + cp client.crt client.key ca.crt /root/.matchbox/ + fi +} \ No newline at end of file diff --git a/recipes/nuo/templates/conf/nuo-harbor b/recipes/nuo/templates/conf/nuo-harbor new file mode 120000 index 0000000..8b35999 --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-harbor @@ -0,0 +1 @@ +harbor \ No newline at end of file diff --git a/recipes/nuo/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/nuo/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl new file mode 100644 index 0000000..b8432f0 --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl @@ -0,0 +1 @@ +command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl new file mode 100644 index 0000000..0809dc3 --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl @@ -0,0 +1,7 @@ +${Vars.NIC[0].IP} ${Vars.Set.Hostname} +%{ if Vars.MatchBox.Hostname != "" } +${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} +%{ endif } +%{ for host in Vars.DNSMasq.Hosts } +${host.IP} ${host.Name} +%{ endfor } \ No newline at end of file diff --git a/recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl new file mode 100644 index 0000000..afbef7f --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl @@ -0,0 +1,60 @@ +log-queries +log-dhcp + +#port=0 +listen-address=0.0.0.0 +interface=${Vars.PXE.ListenInterface} +no-resolv +domain-needed +bogus-priv +expand-hosts +server=${Vars.DNS[0]} +strict-order +addn-hosts=/etc/dnsmasq-hosts.conf +domain=${Vars.PXE.DNSDomain} +local=/${Vars.PXE.DNSDomain}/ +localise-queries + + +%{ if Vars.PXE.DHCPMode == "proxy" } +#dhcp-no-override +dhcp-range=${Vars.NIC[0].IP},proxy +%{ else } +dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} +dhcp-option=option:router,${Vars.NIC[0].Gateway} +%{ endif } + +dhcp-option=option:dns-server,${Vars.NIC[0].IP} +dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} + +# TFTP Configuration +enable-tftp +tftp-root="${Vars.PXE.TFTPRoot}" + +pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} + +# Based on logic in https://gist.github.com/robinsmidsrod/4008017 +# iPXE sends a 175 option, checking suboptions +dhcp-match=set:ipxe-http,175,19 +dhcp-match=set:ipxe-https,175,20 +dhcp-match=set:ipxe-menu,175,39 +# pcbios specific +dhcp-match=set:ipxe-pxe,175,33 +dhcp-match=set:ipxe-bzimage,175,24 +dhcp-match=set:ipxe-iscsi,175,17 +# efi specific +dhcp-match=set:ipxe-efi,175,36 +# combination +# set ipxe-ok tag if we have correct combination +# http && menu && iscsi ((pxe && bzimage) || efi) +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage +tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi + + +## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) +pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe +pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi +pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP} diff --git a/recipes/nuo/templates/conf/nuo-matchbox/hostname.pktpl.hcl b/recipes/nuo/templates/conf/nuo-matchbox/hostname.pktpl.hcl new file mode 100644 index 0000000..f9a48de --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-matchbox/hostname.pktpl.hcl @@ -0,0 +1 @@ +${Vars.Set.Hostname} \ No newline at end of file diff --git a/recipes/nuo/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl b/recipes/nuo/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl new file mode 100644 index 0000000..2128aa2 --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl @@ -0,0 +1,28 @@ +#!/sbin/openrc-run + +name=$RC_SVCNAME +command="/usr/local/bin/$RC_SVCNAME" +command_user="$RC_SVCNAME" +pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" +start_stop_daemon_args="--start -b" +command_args="$command_args" +command_background="yes" + +depend() { + need net +} + +start_pre() { + checkpath --directory --owner $command_user:$command_user --mode 0775 \ + /run/$RC_SVCNAME /var/log/$RC_SVCNAME + if [ ! -f "/etc/matchbox/server.crt" ]; then + cd /root/tls + export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}" + ./cert-gen + mkdir -p /etc/matchbox + cp ca.crt server.crt server.key /etc/matchbox + chown -R matchbox:matchbox /etc/matchbox + mkdir -p /root/.matchbox + cp client.crt client.key ca.crt /root/.matchbox/ + fi +} \ No newline at end of file diff --git a/recipes/nuo/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl b/recipes/nuo/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl new file mode 100644 index 0000000..ab21faa --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl @@ -0,0 +1,9 @@ + +%{ for iface in Vars.NIC } +auto ${iface.Name} + +iface ${iface.Name} inet static + address ${iface.IP} + netmask ${iface.Mask} + gateway ${iface.Gateway} +%{ endfor ~} \ No newline at end of file diff --git a/recipes/nuo/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl b/recipes/nuo/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl new file mode 100644 index 0000000..9a677a5 --- /dev/null +++ b/recipes/nuo/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl @@ -0,0 +1,4 @@ + +%{ for dns in Vars.DNS } +nameserver ${dns} +%{ endfor ~} \ No newline at end of file diff --git a/recipes/nuo/templates/one/image/common.tpl b/recipes/nuo/templates/one/image/common.tpl new file mode 100644 index 0000000..d422fb1 --- /dev/null +++ b/recipes/nuo/templates/one/image/common.tpl @@ -0,0 +1,7 @@ +NAME = <%= image_name %> +PATH = <%= image_source %> +TYPE = OS +PERSISTENT = No +DESCRIPTION = "<%= image_comment %>" +DEV_PREFIX = vd +FORMAT = qcow2 \ No newline at end of file diff --git a/recipes/nuo/templates/one/service/kubernetes-cluster.json b/recipes/nuo/templates/one/service/kubernetes-cluster.json new file mode 100644 index 0000000..635b8d2 --- /dev/null +++ b/recipes/nuo/templates/one/service/kubernetes-cluster.json @@ -0,0 +1,48 @@ +{ + "name": "<%= template_name %>", + "deployment": "straight", + "description": "Cluster Kubernetes (k8s)", + "roles": [ + { + "name": "leader", + "cardinality": 1, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + }, + { + "name": "master", + "cardinality": 2, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + }, + { + "name": "worker", + "cardinality": 4, + "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, + "shutdown_action": "terminate", + "parents": [ + "leader" + ], + "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", + "elasticity_policies": [], + "scheduled_policies": [] + } + ], + "networks": { + "main": "M|network|Main network| |id:", + "internal": "M|network|Internal network| |id:" + }, + "custom_attrs": { + "KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local", + "INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |", + "LE_EMAIL": "M|text|Email | |" + }, + "shutdown_action": "terminate", + "ready_status_gate": true + } diff --git a/recipes/nuo/templates/one/vm/common.xml b/recipes/nuo/templates/one/vm/common.xml new file mode 100644 index 0000000..fdb5be4 --- /dev/null +++ b/recipes/nuo/templates/one/vm/common.xml @@ -0,0 +1,33 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "Alpine basic image" +DISK = [ + DEV_PREFIX = "vd", + DRIVER = "qcow2", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/linux.png" +MEMORY = "512" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "2" diff --git a/recipes/nuo/templates/one/vm/k3s.xml b/recipes/nuo/templates/one/vm/k3s.xml new file mode 100644 index 0000000..6c515f2 --- /dev/null +++ b/recipes/nuo/templates/one/vm/k3s.xml @@ -0,0 +1,32 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "K3S Ready VM" +DISK = [ + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "2" diff --git a/recipes/nuo/templates/one/vm/kubeleader.xml b/recipes/nuo/templates/one/vm/kubeleader.xml new file mode 100644 index 0000000..c68faa5 --- /dev/null +++ b/recipes/nuo/templates/one/vm/kubeleader.xml @@ -0,0 +1,35 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "leader", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes master or Docker VM (check the name)" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/nuo/templates/one/vm/kubemaster.xml b/recipes/nuo/templates/one/vm/kubemaster.xml new file mode 100644 index 0000000..e0fe33d --- /dev/null +++ b/recipes/nuo/templates/one/vm/kubemaster.xml @@ -0,0 +1,42 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "master", + MASTER_ADDR = "$MASTER_ADDR", + MASTER_TOKEN = "$MASTER_TOKEN", + MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes worker VM" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + MASTER_ADDR = "O|text|Master address (for workers only)", + MASTER_TOKEN = "O|text|Master Token (for workers only)", + MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/nuo/templates/one/vm/kubeworker.xml b/recipes/nuo/templates/one/vm/kubeworker.xml new file mode 100644 index 0000000..9aa3f0a --- /dev/null +++ b/recipes/nuo/templates/one/vm/kubeworker.xml @@ -0,0 +1,42 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + NETWORK = "YES", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SERVER_ROLE = "worker", + MASTER_ADDR = "$MASTER_ADDR", + MASTER_TOKEN = "$MASTER_TOKEN", + MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", + TOKEN = "YES", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" +] +CPU = "0.8" +DESCRIPTION = "Kubernetes worker VM" +DISK = [ + DEV_PREFIX = "vd", + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + LISTEN = "0.0.0.0", + KEYMAP = "fr", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "4096" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + MASTER_ADDR = "O|text|Master address (for workers only)", + MASTER_TOKEN = "O|text|Master Token (for workers only)", + MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] +VCPU = "4" \ No newline at end of file diff --git a/recipes/nuo/templates/one/vm/matchbox.xml b/recipes/nuo/templates/one/vm/matchbox.xml new file mode 100644 index 0000000..794ab44 --- /dev/null +++ b/recipes/nuo/templates/one/vm/matchbox.xml @@ -0,0 +1,47 @@ +NAME = "<%= template_name %>" +CONTEXT = [ + MATCHBOX_URL = "http://$NAME", + NETWORK = "YES", + PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION", + PXE_DHCPMODE = "$ADHCPMODE", + PXE_DNSDOMAIN = "$BDNSDOMAIN", + PXE_DHCPRANGESTART = "$CDHCPRANGESTART", + PXE_DHCPRANGEEND = "$DDHCPRANGEEND", + PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION", + MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME", + REPORT_READY = "YES", + SET_HOSTNAME = "$NAME", + SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", + TOKEN = "YES" ] +CPU = "0.2" +DESCRIPTION = "Matchbox Ready VM" +DISK = [ + IMAGE = "<%= image_name %>", + IMAGE_UNAME = "<%= user %>", + DRIVER = "qcow2" ] +GRAPHICS = [ + KEYMAP = "fr", + LISTEN = "0.0.0.0", + TYPE = "VNC" ] +HYPERVISOR = "kvm" +INPUT = [ + BUS = "usb", + TYPE = "tablet" ] +INPUTS_ORDER = "" +LOGO = "images/logos/alpine.png" +MEMORY = "2048" +MEMORY_UNIT_COST = "MB" +NIC_DEFAULT = [ + MODEL = "virtio" ] +OS = [ + ARCH = "x86_64", + BOOT = "", + SD_DISK_BUS = "scsi" ] +USER_INPUTS = [ + ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy", + BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)", + CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP", + DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP", + EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h", + FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ] +VCPU = "2" diff --git a/recipes/nuo/variables.pkr.hcl b/recipes/nuo/variables.pkr.hcl new file mode 100644 index 0000000..9b5f6e1 --- /dev/null +++ b/recipes/nuo/variables.pkr.hcl @@ -0,0 +1,54 @@ +variable "name" { + type = string + default = "nuo" +} + +variable "version" { + type = string + default = "3.18.0" +} + +variable "short_version" { + type = string + default = "3.18" +} + +variable "arch" { + type = string + default = "x86_64" +} + +variable "output_dir" { + type = string + default = "output/nuo/" +} + +variable "source_url" { + type = string + default = "https://cdimage.debian.org/cdimage/release" +} + +variable "iso_cd_checksum" { + type = string + default = "sha256:ae6d563d2444665316901fe7091059ac34b8f67ba30f9159f7cef7d2fdc5bf8a" +} + +variable "image_version" { + type = string + default = "0.0.1" +} + +variable "one_user" { + type = string + default = env("ONE_USER") +} + +variable "one_token" { + type = string + default = env("ONE_TOKEN") +} + +variable "boot_command" { + type = list(string) + default = [] +} -- 2.17.1 From 9429201d16a63bc9c53be52ec695b021d2004760 Mon Sep 17 00:00:00 2001 From: William Petit Date: Fri, 20 Oct 2023 16:19:23 +0200 Subject: [PATCH 5/8] feat(quid): debian 12 based quid image --- .gitignore | 2 + .vscode/settings.json | 3 + build | 6 +- recipes/debian/11.pkrvars.hcl | 16 -- recipes/debian/12.pkrvars.hcl | 7 + recipes/debian/locals.globals.pkr.hcl | 4 +- recipes/debian/locals.pkr.hcl | 21 +- recipes/debian/main.pkr.hcl | 35 +-- recipes/debian/plugins.pkr.hcl | 6 +- .../provisionning/conf/harbor/init.d/harbor | 64 ----- .../conf/kubernetes/initkubernetes.start | 181 ------------ .../conf/kubernetes/sharemetrics.start | 3 - .../conf/matchbox/initmatchbox.start | 25 -- .../conf/matchbox/inittftp.start | 10 - recipes/debian/provisionning/conf/nuo-harbor | 1 - .../debian/provisionning/conf/nuo-matchbox | 1 - .../conf/one-context/net-90-jenkins-slave | 13 - .../conf/one-context/net-96-gitlab-register | 31 -- .../conf/one-context/net-97-k3s | 21 -- .../provisionning/debian/debian-11-install.sh | 9 - .../provisionning/debian/debian-12-install.sh | 11 + .../{preseed.cfg => preseed.cfg.pkrtpl.hcl} | 22 +- recipes/debian/provisionning/letsencrypt.sh | 4 +- recipes/debian/provisionning/one-context.sh | 2 +- .../provisionning/one-context/net-97-k3s | 21 -- recipes/debian/provisionning/quid/.gitignore | 2 + .../provisionning/quid/ansible-vars.yml | 137 +++++++++ .../provisionning/quid/clone-quid-ansible.yml | 10 + .../provisionning/quid/run-quid-ansible.yml | 2 + .../debian/provisionning/ssh/cnous/nmelin.pub | 1 - .../provisionning/ssh/cnous/operrot.pub | 1 - .../debian/provisionning/templater-install.sh | 2 +- recipes/debian/quid.pkr.hcl | 74 +++++ recipes/debian/readme.quid.md | 37 +++ recipes/debian/sources.pkr.hcl | 11 +- recipes/debian/templates/conf/conf.d/chronyd | 6 - .../templates/conf/docker/subgid.pktpl.hcl | 6 - .../templates/conf/docker/subuid.pktpl.hcl | 3 - .../conf/harbor/harbor.yml.pktpl.hcl | 265 ------------------ .../templates/conf/install/awnsers.pktpl.hcl | 47 ---- .../templates/conf/k3s/k3s.conf.pkr.hcl | 8 - .../debian/templates/conf/kubernetes/.flag | 0 .../matchbox/conf.d/matchbox.conf.pktpl.hcl | 1 - .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 4 - .../matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ---- .../conf/matchbox/init.d/matchbox.pktpl.hcl | 28 -- recipes/debian/templates/conf/nuo-harbor | 1 - .../conf.d/matchbox.conf.pktpl.hcl | 1 - .../dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl | 7 - .../dnsmasq.d/ipxe.conf.pktpl.hcl | 60 ---- .../conf/nuo-matchbox/hostname.pktpl.hcl | 1 - .../nuo-matchbox/init.d/matchbox.pktpl.hcl | 28 -- .../nuo-matchbox/network/interfaces.pktpl.hcl | 9 - .../conf/nuo-matchbox/resolv.conf.pktpl.hcl | 4 - recipes/debian/templates/one/image/common.tpl | 7 - .../one/service/kubernetes-cluster.json | 48 ---- recipes/debian/templates/one/vm/common.xml | 33 --- recipes/debian/templates/one/vm/k3s.xml | 32 --- .../debian/templates/one/vm/kubeleader.xml | 35 --- .../debian/templates/one/vm/kubemaster.xml | 42 --- .../debian/templates/one/vm/kubeworker.xml | 42 --- recipes/debian/templates/one/vm/matchbox.xml | 47 ---- recipes/debian/variables.pkr.hcl | 15 +- recipes/debian/variables.quid.pkr.hcl | 6 + 64 files changed, 347 insertions(+), 1295 deletions(-) create mode 100644 .gitignore create mode 100644 .vscode/settings.json delete mode 100644 recipes/debian/11.pkrvars.hcl create mode 100644 recipes/debian/12.pkrvars.hcl delete mode 100755 recipes/debian/provisionning/conf/harbor/init.d/harbor delete mode 100644 recipes/debian/provisionning/conf/kubernetes/initkubernetes.start delete mode 100644 recipes/debian/provisionning/conf/kubernetes/sharemetrics.start delete mode 100644 recipes/debian/provisionning/conf/matchbox/initmatchbox.start delete mode 100644 recipes/debian/provisionning/conf/matchbox/inittftp.start delete mode 120000 recipes/debian/provisionning/conf/nuo-harbor delete mode 120000 recipes/debian/provisionning/conf/nuo-matchbox delete mode 100644 recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave delete mode 100644 recipes/debian/provisionning/conf/one-context/net-96-gitlab-register delete mode 100644 recipes/debian/provisionning/conf/one-context/net-97-k3s delete mode 100644 recipes/debian/provisionning/debian/debian-11-install.sh create mode 100644 recipes/debian/provisionning/debian/debian-12-install.sh rename recipes/debian/provisionning/debian/http/{preseed.cfg => preseed.cfg.pkrtpl.hcl} (79%) delete mode 100644 recipes/debian/provisionning/one-context/net-97-k3s create mode 100644 recipes/debian/provisionning/quid/.gitignore create mode 100644 recipes/debian/provisionning/quid/ansible-vars.yml create mode 100644 recipes/debian/provisionning/quid/clone-quid-ansible.yml create mode 100644 recipes/debian/provisionning/quid/run-quid-ansible.yml delete mode 100644 recipes/debian/provisionning/ssh/cnous/nmelin.pub delete mode 100644 recipes/debian/provisionning/ssh/cnous/operrot.pub create mode 100644 recipes/debian/quid.pkr.hcl create mode 100644 recipes/debian/readme.quid.md delete mode 100644 recipes/debian/templates/conf/conf.d/chronyd delete mode 100644 recipes/debian/templates/conf/docker/subgid.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/docker/subuid.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/install/awnsers.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl delete mode 100644 recipes/debian/templates/conf/kubernetes/.flag delete mode 100644 recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl delete mode 120000 recipes/debian/templates/conf/nuo-harbor delete mode 100644 recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl delete mode 100644 recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl delete mode 100644 recipes/debian/templates/one/image/common.tpl delete mode 100644 recipes/debian/templates/one/service/kubernetes-cluster.json delete mode 100644 recipes/debian/templates/one/vm/common.xml delete mode 100644 recipes/debian/templates/one/vm/k3s.xml delete mode 100644 recipes/debian/templates/one/vm/kubeleader.xml delete mode 100644 recipes/debian/templates/one/vm/kubemaster.xml delete mode 100644 recipes/debian/templates/one/vm/kubeworker.xml delete mode 100644 recipes/debian/templates/one/vm/matchbox.xml create mode 100644 recipes/debian/variables.quid.pkr.hcl diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6a1961e --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/output +/packer-manifest.json \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..9d14cfb --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/bin/python" +} \ No newline at end of file diff --git a/build b/build index ef5af55..dd10499 100755 --- a/build +++ b/build @@ -1,5 +1,7 @@ #!/bin/bash +set -eo pipefail + # Simple build wrapper ACTION=${1} @@ -25,8 +27,8 @@ initPacker() { # First the "base" image then the provisionned ones # run() { - ${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/." - ${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -on-error=abort -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.*.${OS}" "${RCP_DIR}/${OS}/." + ${PACKER} build ${PACKER_OPTS} -on-error=abort -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.*.${OS}" "${RCP_DIR}/${OS}/." } # diff --git a/recipes/debian/11.pkrvars.hcl b/recipes/debian/11.pkrvars.hcl deleted file mode 100644 index b0a6e6f..0000000 --- a/recipes/debian/11.pkrvars.hcl +++ /dev/null @@ -1,16 +0,0 @@ -name = "debian" -version = "11" -short_version = "11" -code_name = "bullseye" -arch = "amd64" -source_url = "https://cloud.debian.org/images/cloud/bullseye/latest" -iso_cd_checksum = "9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741" -image_dir_name= "latest" -boot_command = [ "" ] -# "", -# "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg", -# "", -# "mkdir -p .ssh", -# "wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys", -# "chmod 600 .ssh/authorized_keys", -#] diff --git a/recipes/debian/12.pkrvars.hcl b/recipes/debian/12.pkrvars.hcl new file mode 100644 index 0000000..cd61a1a --- /dev/null +++ b/recipes/debian/12.pkrvars.hcl @@ -0,0 +1,7 @@ +name = "debian" +version = "12.2.0" +short_version = "12" +code_name = "bookworm" +arch = "amd64" +source_url = "https://cdimage.debian.org/cdimage/release/12.2.0" +image_dir_name= "latest" diff --git a/recipes/debian/locals.globals.pkr.hcl b/recipes/debian/locals.globals.pkr.hcl index f940e19..404a7c7 100644 --- a/recipes/debian/locals.globals.pkr.hcl +++ b/recipes/debian/locals.globals.pkr.hcl @@ -1,7 +1,5 @@ locals { Globals = { - Vars = { - PrometheusPort = "9090" - } + Vars = {} } } \ No newline at end of file diff --git a/recipes/debian/locals.pkr.hcl b/recipes/debian/locals.pkr.hcl index 0d290d3..2517483 100644 --- a/recipes/debian/locals.pkr.hcl +++ b/recipes/debian/locals.pkr.hcl @@ -10,24 +10,11 @@ locals { dirs = local.locations timestamp = regex_replace(timestamp(), "[- TZ:]", "") output_name = "${var.name}" - source_checksum_url = "file:${var.source_url}/SHA512SUMS" - source_iso = "${var.source_url}/debian-${var.version}-generic-${var.arch}.qcow2" - source_checksum = "${var.iso_cd_checksum}" + source_iso = "${var.source_url}/${var.arch}/iso-cd/debian-${var.version}-${var.arch}-netinst.iso" + iso_cd_checksum = "file:${var.source_url}/${var.arch}/iso-cd/SHA256SUMS" ssh_user = "root" - ssh_password = "PbkRc1vup7Wq5n4r" + ssh_password = "toor" disk_size = 8000 memory = 512 - instance_data = { - "instance-id": "${var.name}" - } - installOpts = { - hostname = var.name - user = "eole" - disk_device = "/dev/vda" - } - installOptsVMWare = { - hostname = var.name - user = "eole" - disk_device = "/dev/sda" - } + headless = var.headless } diff --git a/recipes/debian/main.pkr.hcl b/recipes/debian/main.pkr.hcl index 89271fc..0b0b22a 100644 --- a/recipes/debian/main.pkr.hcl +++ b/recipes/debian/main.pkr.hcl @@ -7,38 +7,20 @@ EOF source "vmware-iso.debian" { output_directory = "${var.output_dir}/${var.version}/base" - vm_name = "${local.output_name}-${var.version}.img" + vm_name = "${local.output_name}-${var.version}" disk_size = 10240 iso_url = "${local.source_iso}" iso_checksum = "${var.iso_cd_checksum}" + guest_os_type = "ubuntu-64" http_content = { "/ssh-packer-pub.key" = data.sshkey.install.public_key - "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare) + "/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local }) } - boot_command = var.boot_command - cd_label = "cidata" - } - - source "qemu.debian" { - output_directory = "${var.output_dir}/${var.version}/base" - vm_name = "${local.output_name}-${var.version}.img" - iso_url = "${local.source_iso}" - iso_checksum = "${var.iso_cd_checksum}" - disk_image = true - disk_size = 10240 - cd_content = { - "meta-data" = jsonencode(local.instance_data) - "user-data" = templatefile("${path.cwd}/recipes/debian/templates/conf/cloud-init/user-data", - { user = local.ssh_user, - password = local.ssh_password, - runcmd = var.cloud_init_runcmd }) - } - #http_content = { - # "/ssh-packer-pub.key" = data.sshkey.install.public_key - # "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts) - #} - cd_label = "cidata" - boot_command = var.boot_command + boot_command = [ + "", + "auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg", + "" + ] } provisioner "shell" { @@ -49,7 +31,6 @@ EOF script = "${local.locations.provisionning}/letsencrypt.sh" } - post-processor "shell-local" { inline = [ "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}", diff --git a/recipes/debian/plugins.pkr.hcl b/recipes/debian/plugins.pkr.hcl index ff44743..548ed16 100644 --- a/recipes/debian/plugins.pkr.hcl +++ b/recipes/debian/plugins.pkr.hcl @@ -11,7 +11,11 @@ packer { qemu = { source = "github.com/hashicorp/qemu" version = "~> 1" - } + } + ansible = { + version = "~> 1" + source = "github.com/hashicorp/ansible" + } } } diff --git a/recipes/debian/provisionning/conf/harbor/init.d/harbor b/recipes/debian/provisionning/conf/harbor/init.d/harbor deleted file mode 100755 index 86a2255..0000000 --- a/recipes/debian/provisionning/conf/harbor/init.d/harbor +++ /dev/null @@ -1,64 +0,0 @@ -#!/sbin/openrc-run - -: ${SUBCFGDIR:=/srv} -DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"} - -SUBSVC="${SVCNAME#*.}" -[ -z "${SUBSVC}" ] && exit 1 -: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"} -DOCOCMD="/usr/bin/docker-compose" -export COMPOSE_HTTP_TIMEOUT=300 - -description="Manage docker services defined in ${SUBCFG}" -extra_commands="configtest build" -description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\"" -description_build="Run \"docker-compose -f ${SUBCFG} build\"" - -depend() { - need localmount net docker - use dns - after docker -} - -configtest() { - if ! [ -f "${SUBCFG}" ]; then - eerror "The config file ${SUBCFG} does not exist!" - return 1 - fi - if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then - einfo "config: ok" - else - eerror "config: error" - return 1 - fi -} - -build() { - configtest || return 1 - ebegin "Building dockerservice ${SUBSVC}" - "${DOCOCMD}" -f "${SUBCFG}" build - eend $? -} - -start() { - configtest || return 1 - ebegin "Starting dockerservice ${SUBSVC}" - sleep 5 - "${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS} - eend $? -} - -stop() { - ebegin "Stopping dockerservice ${SUBSVC}" - "${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300 - eend $? -} - -status() { - if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then - einfo "status: started" - else - einfo "status: stopped" - return 3 - fi -} diff --git a/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start b/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start deleted file mode 100644 index a0e0748..0000000 --- a/recipes/debian/provisionning/conf/kubernetes/initkubernetes.start +++ /dev/null @@ -1,181 +0,0 @@ -#!/bin/sh - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} -LOG_FILE="/var/log/initkubernets.log" -FIRST_BOOT="/var/run/firstboot.flag" - -infoLog() { - echo "Info: $@" | tee -a ${LOG_FILE} -} - -errorLog() { - echo "Error: $@" | tee -a ${LOG_FILE} -} - -waitReadyState() { - local vmID="${1}" - local timeout="${2}" - - local tick=0 - while true ;do - local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY") - if [ "${ready}" = "YES" ];then - return 0 - elif [ "${timeout}" -eq "${tick}" ];then - return ${timeout} - else - sleep 1 - tick=$((tick+1)) - fi - done -} - -returnToken() { - infoLog "Returning tokens" - local caSecretKey="${1}" - local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1) - local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}') - local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf) - - if [ -n "${ONEGATE_ENDPOINT}" ];then - infoLog "Onegate detected" - data="READY=YES" - data="${data} MASTER_ADDR=${masterAddr}" - data="${data} MASTER_TOKEN=${kubeToken}" - data="${data} MASTER_CA_TOKEN=sha256:${caToken}" - data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}" - onegate vm update --data "${data}" - infoLog "Onegate data seted" - else - infoLog "Onegate is not present" - echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token - infoLog "Tokens are available at /root/kube.token" - fi -} - -joinCluster() { - local master="${MASTER_ADDR}" - local token="${MASTER_TOKEN}" - local caToken="${MASTER_CA_TOKEN}" - local caSecretKey="${MASTER_CA_SECRET_KEY}" - local sname="${SERVICE_NAME}" - - if [ -n "${ONEGATE_ENDPOINT}" ];then - local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id') - if [ "${?}" -eq 0 ]; then - waitReadyState ${masterID} 600 - if [ "${?}" -ne 0 ];then - errorLog "Master node is node ready after 600s" - return 3 - fi - local masterInfo=$(onegate vm show ${masterID} --json | \ - jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP") - master=$(echo ${masterInfo} | cut -d " " -f 1) - token=$(echo ${masterInfo} | cut -d " " -f 2) - caToken=$(echo ${masterInfo} | cut -d " " -f 3) - caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4) - masterIP=$(echo ${masterInfo} | cut -d " " -f 5) - sname=$(onegate service show --json | jq -cr ".SERVICE.name") - fi - - # Setting dns resolution for cluster - echo "${masterIP} ${sname}" >> /etc/hosts - onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts - fi - if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then - opts="--node-name $(hostname -f)" - opts="${opts} --token ${token}" - opts="${opts} --discovery-token-ca-cert-hash ${caToken}" - if [ -n "${1}" ];then - opts="${opts} --control-plane" - opts="${opts} --certificate-key ${caSecretKey}" - fi - opts="${opts} ${master}" - - kubeadm join ${opts} | tee -a "${LOG_FILE}" - else - errorLog "Something is missing, can't join the cluster:" - errorLog " Master addr: [${master}]" - errorLog " Master token: [${token}]" - errorLog " Master CA token: [${caToken}]" - return 3 - fi -} - -getServiceName() { - local sname=$(onegate service show --json | jq -cr ".SERVICE.name") - local tmout=30 - local tick=0 - while true ;do - if [ -z "${sname}" ];then - sname=$(onegate service show --json | jq -cr ".SERVICE.name") - else - echo ${sname} - return 0 - fi - sleep 1 - tick=$((tick+1)) - if [ ${tmout} -eq ${tick} ];then - hostname -f - return 3 - fi - done -} - -initLeader() { - sname="$(hostname -f)" - - if [ -n "${ONEGATE_ENDPOINT}" ];then - sname=$(getServiceName) - sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP") - echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts - onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts - fi - - caSecretKey=$(date | sha256sum | awk '{print $1}') - - infoLog "Kubernetes init started" - kubeadm init --pod-network-cidr=10.244.0.0/16 \ - --node-name="${SET_HOSTNAME}" \ - --control-plane-endpoint "${sname}:6443" \ - --upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}" - infoLog "Kubernetes init ended" - - infoLog "Configuring kubectl" - mkdir /root/.kube - ln -s /etc/kubernetes/admin.conf /root/.kube/config - infoLog "kubectl configured" - - infoLog "Installing cilium" - sleep 20 - kubectl config view --minify -o jsonpath='{.clusters[].name}' - sleep 20 - cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}" - infoLog "Cilium is installed" - - returnToken "${caSecretKey}" -} - -initKube() { - if [ "${SERVER_ROLE}" == "leader" ];then - initLeader - elif [ "${SERVER_ROLE}" == "worker" ];then - joinCluster - elif [ "${SERVER_ROLE}" == "master" ];then - joinCluster "${SERVER_ROLE}" - fi - touch ${FIRST_BOOT} - infoLog "Kubernetes cluster init is finished" -} - -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -if [ -f "${FIRST_BOOT}" ];then - exit 0 -else - uuidgen > /etc/machine-id - swapoff -a # Make sure swap is disabled - initKube & -fi \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start b/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start deleted file mode 100644 index 6876caf..0000000 --- a/recipes/debian/provisionning/conf/kubernetes/sharemetrics.start +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -mount --make-rshared / \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/matchbox/initmatchbox.start b/recipes/debian/provisionning/conf/matchbox/initmatchbox.start deleted file mode 100644 index 9180b96..0000000 --- a/recipes/debian/provisionning/conf/matchbox/initmatchbox.start +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh - -FL_VERSIONS="current 3374.2.0" -MATCHBOX_DIR="/var/lib/matchbox" -ASSETS_DIR="${MATCHBOX_DIR}/assets/" - -GPG_FNAME="Flatcar_Image_Signing_Key.asc" -GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/" - -cd /tmp -curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME} -gpg --import --keyid-format LONG ${GPG_FNAME} -cd - - -echo "Provisionning matchbox with flatcar images" -tout=30 -for version in ${FL_VERSIONS}; do - for i in $(seq 1 ${tout});do - echo " * ${FL_VERSIONS} stable image (try ${i})" - /usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR} - if [[ "${?}" -eq 0 ]]; then - break - fi - done -done diff --git a/recipes/debian/provisionning/conf/matchbox/inittftp.start b/recipes/debian/provisionning/conf/matchbox/inittftp.start deleted file mode 100644 index e076de9..0000000 --- a/recipes/debian/provisionning/conf/matchbox/inittftp.start +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -dest="${1}" - -ipxeEFISource="http://boot.ipxe.org/ipxe.efi" -kpxeSource="http://boot.ipxe.org/undionly.kpxe" - -cd "${dest}" -wget "${ipxeEFISource}" -wget "${kpxeSource}" \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/nuo-harbor b/recipes/debian/provisionning/conf/nuo-harbor deleted file mode 120000 index 8b35999..0000000 --- a/recipes/debian/provisionning/conf/nuo-harbor +++ /dev/null @@ -1 +0,0 @@ -harbor \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/nuo-matchbox b/recipes/debian/provisionning/conf/nuo-matchbox deleted file mode 120000 index ed5a219..0000000 --- a/recipes/debian/provisionning/conf/nuo-matchbox +++ /dev/null @@ -1 +0,0 @@ -matchbox \ No newline at end of file diff --git a/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave b/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave deleted file mode 100644 index 2540f0e..0000000 --- a/recipes/debian/provisionning/conf/one-context/net-90-jenkins-slave +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -CONF="/etc/conf.d/jenkins-slave" -if [ -e "/etc/jenkins-slave.conf" ]; then - CONF="/etc/jenkins-slave.conf" -fi - -TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }') -sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}" -sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}" -sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}" -sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}" -sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}" diff --git a/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register b/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register deleted file mode 100644 index 821d654..0000000 --- a/recipes/debian/provisionning/conf/one-context/net-96-gitlab-register +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} - -# $TOKENTXT is available only through the env. file -# shellcheck disable=SC1090 -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -### - -if [ -n "${GITLAB_URL}" ]; then - if command -v gitlab-runner; then - if [ -n "${GITLAB_SHELL}" ]; then - opts="--shell=${GITLAB_SHELL}" - fi - # shellcheck disable=SC2086 - gitlab-runner register \ - --non-interactive \ - --url="${GITLAB_URL}" \ - --registration-token="${GITLAB_TOKEN}" \ - --executor="${GITLAB_EXECUTOR}" \ - --description="${GITLAB_RUNNER_NAME}" \ - --tag-list="${GITLAB_TAG_LIST}" \ - --locked=false \ - --access-level=not_protected \ - --run-untagged=false \ - "${opts}" - fi -fi diff --git a/recipes/debian/provisionning/conf/one-context/net-97-k3s b/recipes/debian/provisionning/conf/one-context/net-97-k3s deleted file mode 100644 index 77bd98a..0000000 --- a/recipes/debian/provisionning/conf/one-context/net-97-k3s +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} - -# $TOKENTXT is available only through the env. file -# shellcheck disable=SC1090 -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -### - -if [ -n "${K3S_ROLE}" ]; then - if [ "${K3S_ROLE}" = "server" ]; then - rc-update add dnsmasq default - service dnsmasq start - - rc-update add k3s default - service k3s start - fi -fi diff --git a/recipes/debian/provisionning/debian/debian-11-install.sh b/recipes/debian/provisionning/debian/debian-11-install.sh deleted file mode 100644 index 695b527..0000000 --- a/recipes/debian/provisionning/debian/debian-11-install.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -echo "${1}" >/etc/hostname - -apt-get update -apt-get -y dist-upgrade -apt-get install wget curl -y - -touch /etc/cloud/cloud-init.disabled \ No newline at end of file diff --git a/recipes/debian/provisionning/debian/debian-12-install.sh b/recipes/debian/provisionning/debian/debian-12-install.sh new file mode 100644 index 0000000..f618074 --- /dev/null +++ b/recipes/debian/provisionning/debian/debian-12-install.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +echo "${1}" >/etc/hostname + +apt-get update +apt-get -y dist-upgrade +apt-get install wget curl open-vm-tools -y + +systemctl enable --now open-vm-tools.service + +touch /etc/cloud/cloud-init.disabled \ No newline at end of file diff --git a/recipes/debian/provisionning/debian/http/preseed.cfg b/recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl similarity index 79% rename from recipes/debian/provisionning/debian/http/preseed.cfg rename to recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl index 88788c9..dbe1b67 100644 --- a/recipes/debian/provisionning/debian/http/preseed.cfg +++ b/recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl @@ -37,10 +37,14 @@ d-i finish-install/reboot_in_progress note # Bootloader options d-i grub-installer/only_debian boolean true d-i grub-installer/with_other_os boolean true -d-i grub-installer/bootdev string /dev/vda +d-i grub-installer/bootdev string /dev/sda # Set the keyboard layout +d-i console-setup/ask_detect boolean false +d-i keyboard-configuration/variant select France d-i keyboard-configuration/xkb-keymap select fr +d-i console-keymaps-at/keymap select fr-latin9 +d-i debian-installer/keymap string fr-latin9 # Mirror from which packages will be downloaded d-i mirror/country string manual @@ -65,15 +69,19 @@ d-i partman/confirm_write_new_label boolean true # User configuration d-i passwd/root-login boolean true -d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 +d-i passwd/root-password password ${local.ssh_password} +d-i passwd/root-password-again password ${local.ssh_password} d-i passwd/user-fullname string packer d-i passwd/user-uid string 1000 d-i passwd/username string packer -d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 +d-i passwd/user-password password ${local.ssh_password} +d-i passwd/user-password-again password ${local.ssh_password} # Extra packages to be installed d-i pkgsel/include string sudo -d-i pkgsel/include string openssh-server build-essential +d-i pkgsel/include string openssh-server +d-i pkgsel/include string wget +d-i pkgsel/include string cloud-init d-i pkgsel/install-language-support boolean false d-i pkgsel/update-policy select none @@ -102,6 +110,6 @@ popularity-contest popularity-contest/participate boolean false # Select base install tasksel tasksel/first multiselect standard, ssh-server -# Setup passwordless sudo for packer user -d-i preseed/late_command string \ - echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer \ No newline at end of file +d-i preseed/late_command string in-target mkdir -p /root/.ssh; \ +in-target /bin/sh -c "echo '${data.sshkey.install.public_key}' >> /root/.ssh/authorized_keys"; \ +in-target chown -R root:root /root/.ssh/ \ No newline at end of file diff --git a/recipes/debian/provisionning/letsencrypt.sh b/recipes/debian/provisionning/letsencrypt.sh index 4ae1968..3b267a5 100644 --- a/recipes/debian/provisionning/letsencrypt.sh +++ b/recipes/debian/provisionning/letsencrypt.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -eo pipefail @@ -20,7 +20,7 @@ for cert in $CERTS; do echo "Downloading '$cert'..." filename=$(basename "$cert") wget --tries=10 --timeout=30 -O "$filename" "$cert" - #openssl x509 -in "$filename" -inform PEM -out "$filename.crt" + openssl x509 -in "$filename" -inform PEM -out "$filename.crt" done $UPDATE_CERTS_CMD \ No newline at end of file diff --git a/recipes/debian/provisionning/one-context.sh b/recipes/debian/provisionning/one-context.sh index 23dd304..a5d47c2 100644 --- a/recipes/debian/provisionning/one-context.sh +++ b/recipes/debian/provisionning/one-context.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e diff --git a/recipes/debian/provisionning/one-context/net-97-k3s b/recipes/debian/provisionning/one-context/net-97-k3s deleted file mode 100644 index 77bd98a..0000000 --- a/recipes/debian/provisionning/one-context/net-97-k3s +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env} - -# $TOKENTXT is available only through the env. file -# shellcheck disable=SC1090 -if [ -f "${ENV_FILE}" ]; then - . "${ENV_FILE}" -fi - -### - -if [ -n "${K3S_ROLE}" ]; then - if [ "${K3S_ROLE}" = "server" ]; then - rc-update add dnsmasq default - service dnsmasq start - - rc-update add k3s default - service k3s start - fi -fi diff --git a/recipes/debian/provisionning/quid/.gitignore b/recipes/debian/provisionning/quid/.gitignore new file mode 100644 index 0000000..2fb066b --- /dev/null +++ b/recipes/debian/provisionning/quid/.gitignore @@ -0,0 +1,2 @@ +/quid-ansible +/.ansible_vault_passphrase \ No newline at end of file diff --git a/recipes/debian/provisionning/quid/ansible-vars.yml b/recipes/debian/provisionning/quid/ansible-vars.yml new file mode 100644 index 0000000..85c5690 --- /dev/null +++ b/recipes/debian/provisionning/quid/ansible-vars.yml @@ -0,0 +1,137 @@ +--- +quid_ansible_repo_private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63356330363932313165663737383634623039383935333233316532643433643930663630663337 + 3938373061393535383638356438396264363132333939320a616463333939643036396266653435 + 32373265633439633663306433393037376235323965343530333239356633326266336333333961 + 6663613239393639370a663135333562663264376533336166323062656333613636393263356233 + 66653132386131613436356364636432336166353938373837333036393931343063343632613832 + 32303862623536356638396337373661623666393839303861653837393032666366396334383466 + 66373866366662353062653939393631373535666261323965666465383566343064653838313237 + 64396466393834373538613430636134663463313331336330393238636561663566343535663537 + 35643434313030636139326362613832346536333166613061653136346439653231336239626363 + 33376362383034303033343539306134313033386434366534633033306564636661386530306431 + 34656461323164656135303931626536643330653338656162386262633033393030363333336534 + 31343732636363623061303238386137316464333030343733316262646639366531633566383635 + 64653166393134623835363865326639613732353562303665643331663431333034373337653336 + 65313563333439613938396264626464393037396264646237303034356638323139373665613265 + 62623933623064333332313265326431333931643332393166373765383962333639643033393736 + 39666365666662396334316666323933306561343032386436613932396666653330653936656635 + 64353361366539363034316434306239646463336564643939353238393264633235633737656365 + 31313130396532313839613764393636656365303636323437643939313030373464353636363037 + 35376439383531633265613734383463643562333763646131643134383262313736613261346237 + 36633839323833316165393439386136343161306266666331396163363464343132393936313231 + 35663530633132386633313138333835346630383265666638373836663737623933376661633936 + 31623863396439623661396135633537306132306435303430613433346362333934383033656434 + 31363437626463383039336438666662316664353536393139383236323835333738393332623138 + 30343264633964393461616633313837353632373935623462326461663965363962306337396231 + 36623661333934616237306137663130316533613461616136306334666138656534383539393331 + 32623464333030653930393563343031383362383233373235623433643037636463656638386334 + 38316362643736313038366339396165626164336230663538303166316332633337396231646663 + 35303130666135313632326162643632356534646630383163653966346365646334396532313335 + 38353539383630663936313939613638346536623739366164313132636463353666636338353562 + 65336663333937353630636565396537366261646464626163623465313962353039623432653335 + 39653662366335646437366639303736653434623137613633353664336534373965616436643837 + 37396239633533616136636165396333366162313736666366396363303536373235656234393332 + 34663330653738643931373465313939313236363935316237303566363234346330303534353736 + 35336639313233346437666236653931366331393530363432303065323234376436373830346664 + 30613335333062633563643565383065663361613737343537396230353339656234613264666232 + 36393831663264393437316362653734356236333165666361623134626438653536303862653965 + 62636431643738393437663762376261653231633038343365666361626466653634353030356566 + 65333436353939623233623964393833363461356133653564633164366630303034633237653138 + 64343230383036336430306164636134623930656532366232353561656237306435353839396661 + 36633861363830633964376165633339376264363735613965376437303666326665303839363566 + 36306239376230303463663836653931656231353531383561353838383565356363376134343334 + 33363430613935643839316137333765383537326231343734643766373865306262336166313763 + 33666530633938636537663539616334643933396232653665373335663964343631623233366430 + 63306361383332323936343461313231343730373333346337656461346136656531326332613537 + 39323335313061376439343034336466643934306538333030616139353564323432376531663464 + 35613462396430346533383061636132323961303938613365306531386462313730326639363461 + 36313839336232373938353537356663363034356238383264303462396534343035633461336334 + 38613737373430396132313465366363386365303265396261303434653463623265323237393734 + 38616262326461383739353235353835316638653263383938653233326336633532323561656433 + 34326634623130336135333931633635316464383139393639353731636432613832633265376332 + 32346161396332356530316365316362393130643833633264643136623733313963326161333535 + 61623835643931613461333033643636386339323137306663366563393463383266356433306362 + 32626430316137336536663232633061396232313935656562346437653238313130383837336361 + 61323865646637333037336335656462303065616237356463616631663539633433613263623932 + 61333236653836653436616161666330616239393331393139333231626464326339666433663461 + 33343539356634613363616662333562653162366532396337643163373738363637313738386362 + 30356634626536336264616263313438366336373962636438303634333130626433366536366436 + 33393461386337663366663132336136343930623464663062663930363663333566323734336631 + 63643866643262333735386433386662303263323038613862653563363230643065356439663264 + 36323666323331613663626533366130663766643036366430643734303561393234623539646463 + 38376132653234346633363238303265376431653663363861653037323436393037306436623962 + 66376536343032303863323138326334626166363930323530353161333737616261346631326364 + 36343239373365306266323832303531313037316234353537383436363866326533663437373537 + 31353038326439303839353139303362613264386434303236363336386665303861663438626135 + 39633361656130316335333965643966616263303563326639653534653931343261356133616461 + 63353664633636343438303936636632393963343235323537393064646138623934633237646139 + 33366664636664373135316366316163343266646435626636366534343061323464633464666430 + 36653231633565346334333362343734613861313465366530376266653939656163323236613139 + 31363165646134343236326663343534383031323431323162343566353938666365323265663931 + 62396466333730363261626465366431316332626236346364396536636165653330653531306330 + 63633564613330323637633761613066623135396132316636303130663534306562326535363733 + 31636639643632633232383938363563643732623364303732663133386434326236353635326439 + 37656138663166616231383264353763623066646337656363663839376536633235353838373465 + 37343237376138326337623565306137363833333165383166343233373438373261306433653734 + 65376361633165383034666337623832336262393831313831626564346231376561393365633437 + 65383236633036616538623861656439323866633864666434643262346632343865643462393237 + 36386463393936376437643065356461306235656233373561393965613461643035356634626335 + 38633664323265303563363636613130383236393339333330613239633765636232326265653864 + 31346361346364396166663930663435313230366631623363306136353833346138346433373730 + 36326536323166396562303733353835663234636136383539356139623433316537343039623761 + 66373231353639623533323837386339323462366137376363373030333762323830623535626433 + 36636162396439363436343330636162383864383837663236626237396562333032383162636165 + 36663833343062613362663739303639396139376166376234646663316239306261356561396535 + 30316331656464333137313333396132656636653932363834336336303635633865313165316434 + 63376461333137343164333634333139336539613839393237343336646261643038643833303461 + 30663763653864626133356439646664663331613666616133383830346331636438656639633065 + 38346562343531633166666436643138366235373562386137326535333936383832313962313233 + 65613265313538626565666339643866393165316363663664373066623962303435663635653738 + 65363262633236333339633636363233333232333332643837326163633061656135653763663539 + 39346365356266353336316461613336343039656330306530303961346133343765363036633734 + 65643563633631373133633031343532356461633461616430313331306335336131333062643230 + 33623331313566646130373833373137333733343534383239306630396335383539373736613862 + 39323265393438376437386261636162303535346638316464366431316439643463623237323563 + 31326633373964626266356435376231333933646139666166663232633132323832353034626132 + 37316235376265633762613536323735653134616233396439326239323933623465613932363332 + 61663862613330366134633534653632343865666562376438386563653066363635666136613534 + 62356433653861666634653536353163306539613061373936346538306134326561323564353936 + 62666139646238663230376132613334323138313261336338666433613231323633623636333938 + 31356334613334383839396535643764393938303931613835643037626530333534323063646164 + 33346363366334333063363564663638306461613838616564643938396234373961613130373738 + 32636533653666626261336138326335623366643737633763353066643263663161396239663432 + 66646233303739623032313439643763656464623865353963333330653833323763633362303434 + 61343530613530336461363038383731646663343764383262393534623530613033636665656233 + 38666162336332376436363335626365666134646532356534346264316465613336653664326461 + 66626537643465326661636164313166393761343231643831366362386431323664633134303062 + 37623863616165633236643139633736336537326533636632646666633466336230653165666333 + 39326566326665366364636631646237663534393631646633316231303835343837303233333565 + 65663163646566306331343766636461326333306662633337356135663938383166303532313566 + 31393932333037366237663465626434643564663036336139316636313163646439643934343436 + 65343462393337333161323236303233376532363963616433343133383631643937333662363063 + 39646536373865626230633466616162613333623462616139386166316662343034393761343339 + 63313263316662626563343130633837303932383134656432383232626163323634636462343662 + 62326665366431656239663564663838653631396366313861323935623364633266333739383861 + 63326264333236373333313566323937336232326461343839616533633639346435333162313237 + 38646638373735663163623231313463326263656531373536393934626632326433363634616337 + 61303035356263366166656565393565343733626439376533316266343038366366656538663830 + 61656661323936633964333433306165613334306436343832666561363565343631383538643631 + 35623839643133376335393331643962386532346437313933366133336364326533373436613833 + 66326237386161623332323130333839336363373330313435636634663532346130626230393333 + 61323361646537623235376135363033636261343365343735623963643066373631343235356536 + 39653136376661353837383839663965643334393861373235353035356235396235613562363061 + 33353339663165656432383230663033363861343032326663373632346634303231346462663836 + 65313963373139383765303838666634666431343734313532626438373961393839656236646263 + 32623264636434636531663138373466663032333463373232353333363534336435353664353238 + 66663562653238396637613463636133656133386163376637353439626133373032373762623465 + 63316335336662623039633837613666363766363931343865313330316362316561626438626533 + 65383465396536306562363163653132343263636363613434333966346166326263373038653266 + 62353734326365616361303135303561313131633637633461636539636666363162646238343265 + 32363065326330303666336638333439356135633764643830353135346139306366353831613564 + 36303763363031613531623336656637393337323035343532623239623735383932626463643866 + 30363138313964643664653834363861616565393065633231623961353532623434623832343930 + 66666330633633653030613237383063353064373661393965373333323565336434653837616336 + 32613737623064316233613434363031623238326132653434646237306234663538616463643230 + 3261376331343330613739346434313636613561626230656334 \ No newline at end of file diff --git a/recipes/debian/provisionning/quid/clone-quid-ansible.yml b/recipes/debian/provisionning/quid/clone-quid-ansible.yml new file mode 100644 index 0000000..4d42a2e --- /dev/null +++ b/recipes/debian/provisionning/quid/clone-quid-ansible.yml @@ -0,0 +1,10 @@ +--- +- name: Ciblage de la machine locale + hosts: localhost + connection: local + tasks: + - name: Clonage du projet "EFS/quid-ansible" + ansible.builtin.git: + repo: "ssh://git@forge.cadoles.com:2222/EFS/quid-ansible.git" + dest: "quid-ansible" + version: "master" diff --git a/recipes/debian/provisionning/quid/run-quid-ansible.yml b/recipes/debian/provisionning/quid/run-quid-ansible.yml new file mode 100644 index 0000000..b769e38 --- /dev/null +++ b/recipes/debian/provisionning/quid/run-quid-ansible.yml @@ -0,0 +1,2 @@ +--- +- import_playbook: quid-ansible/deploy.yml \ No newline at end of file diff --git a/recipes/debian/provisionning/ssh/cnous/nmelin.pub b/recipes/debian/provisionning/ssh/cnous/nmelin.pub deleted file mode 100644 index a4e15ee..0000000 --- a/recipes/debian/provisionning/ssh/cnous/nmelin.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr diff --git a/recipes/debian/provisionning/ssh/cnous/operrot.pub b/recipes/debian/provisionning/ssh/cnous/operrot.pub deleted file mode 100644 index f68677c..0000000 --- a/recipes/debian/provisionning/ssh/cnous/operrot.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr diff --git a/recipes/debian/provisionning/templater-install.sh b/recipes/debian/provisionning/templater-install.sh index 091bbdb..b4b7c50 100644 --- a/recipes/debian/provisionning/templater-install.sh +++ b/recipes/debian/provisionning/templater-install.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -ex diff --git a/recipes/debian/quid.pkr.hcl b/recipes/debian/quid.pkr.hcl new file mode 100644 index 0000000..276174d --- /dev/null +++ b/recipes/debian/quid.pkr.hcl @@ -0,0 +1,74 @@ +#Flavour base +build { + name = "quid" + description = <" ] + ssh_clear_authorized_keys = true + disk_additional_size = [ 102400 ] + vmx_data = { + "scsi1.pcislotnumber" = "16" + "scsi1.present" = "TRUE" + "scsi1.virtualdev" = "lsilogic" + "scsi1:0.filename" = "disk-1.vmdk" + "scsi1:0.present" = "TRUE" + "scsi1:0.redo" = "" + } + vmx_data_post = { + "memsize" = "4096", + "numvcpus" = "2", + } + } + + // Extend root logical volume with additional disk space + provisioner "shell" { + inline = [ + "pvcreate /dev/sdb", + "vgextend debian-vg /dev/sdb", + "lvextend -l +100%FREE /dev/debian-vg/root", + "resize2fs /dev/debian-vg/root" + ] + } + + // Store temporarily ansible vault password in local file + provisioner "shell-local" { + inline = ["echo '${var.quid_ansible_vault_passphrase}' > '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"] + } + + // Clone quid-ansible repository + provisioner "ansible" { + playbook_file = "${local.locations.provisionning}/quid/clone-quid-ansible.yml" + // Manjaro/Arch OpenSSH version compatibility mode + // See https://github.com/hashicorp/packer/issues/11783 + extra_arguments = [ "--scp-extra-args", "'-O'", "-v" ] + } + + // Run quid-ansible playbook from cloned repository + provisioner "ansible" { + playbook_file = "${local.locations.provisionning}/quid/run-quid-ansible.yml" + groups = ["quid_server"] + // Manjaro/Arch OpenSSH version compatibility mode + // See https://github.com/hashicorp/packer/issues/11783 + extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--vault-password-file=${local.locations.provisionning}/quid/.ansible_vault_passphrase", "--extra-vars=@${local.locations.provisionning}/quid/ansible-vars.yml" ] + } + + // Remove ansible vault password file + provisioner "shell-local" { + inline = ["rm -f '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/quid ${var.image_version}", + ] + } + + post-processor "manifest" { + keep_input_artifact = true + } +} \ No newline at end of file diff --git a/recipes/debian/readme.quid.md b/recipes/debian/readme.quid.md new file mode 100644 index 0000000..b24af38 --- /dev/null +++ b/recipes/debian/readme.quid.md @@ -0,0 +1,37 @@ +# Flavor "Quid" + +## Construction de l'image + +1. Récupérer la phrase de passe pour les données chiffrées via `ansible-vault` dans le coffre-fort partagé (Section "Cadoles" -> "Kube"). + +2. Lancer la construction de l'image de la machine virtuelle + + ``` + QUID_ANSIBLE_VAULT_PASSPHRASE="" PACKER_OPTS="-var headless=false" ./build start debian 12 + ``` + + ou si l'image Debian de base est déjà construite + + ``` + QUID_ANSIBLE_VAULT_PASSPHRASE="" PACKER_OPTS="-var headless=false" BUILDER="vmware-vmx" ./build run debian 12 quid + ``` + + > **Tip** Le paramètre `PACKER_OPTS="-var headless=false"` n'est nécessaire que dans le cas où vous souhaitez l'exécuteur VMWare avec son interface graphique. + +## Générer le fichier OVF à partir de l'OVA + +``` +ovftool output/debian/12.2.0/quid/quid-debian-12.2.0.ova output/debian/12.2.0/quid/quid-debian-12.2.0.ovf +``` + +## Configuration de l'environnement Quid sur la machine virtuelle + +1. Ajouter l'image de la machine sur votre environnement de virtualisation. Les fichiers sont normalement générés dans le répertoire `output/debian/12.2.0/quid`. + +2. Démarrer la machine virtuelle. Le mot de passe par défaut du compte administrateur est `toor`. + +3. Éditer le fichier `/etc/quid-ansible/config.yml` avec les valeurs correspondant à votre environnement de déploiement ([voir les valeurs par défaut](https://forge.cadoles.com/EFS/quid-ansible/src/branch/master/roles/quid-server/files/quid_ansible_default_config.yml)) + +4. Exécuter la commande `apply-config` pour mettre à jour la machine avec les valeurs présentes dans le fichier précédemment édité. + +Pour plus d'informations voir la documentation du projet [`quid-ansible`](https://forge.cadoles.com/EFS/quid-ansible). \ No newline at end of file diff --git a/recipes/debian/sources.pkr.hcl b/recipes/debian/sources.pkr.hcl index 353ce0b..7b461a3 100644 --- a/recipes/debian/sources.pkr.hcl +++ b/recipes/debian/sources.pkr.hcl @@ -4,7 +4,7 @@ source qemu "debian" { accelerator = "kvm" vnc_bind_address = "0.0.0.0" - headless = false + headless = local.headless # Serve the `http` directory via HTTP, used for preseeding the Debian installer. #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" @@ -39,7 +39,7 @@ source "vmware-iso" "debian" { memory = "${local.memory}" vnc_bind_address = "0.0.0.0" - headless = true + headless = local.headless # Serve the `http` directory via HTTP, used for preseeding the Debian installer. #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" @@ -69,10 +69,9 @@ source "vmware-iso" "debian" { } source "vmware-vmx" "debian" { - disk_type_id = 0 vnc_bind_address = "0.0.0.0" - - headless = true + + headless = local.headless # Serve the `http` directory via HTTP, used for preseeding the Debian installer. #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" @@ -99,4 +98,4 @@ source "vmware-vmx" "debian" { format = "ova" boot_wait = "5s" -} +} \ No newline at end of file diff --git a/recipes/debian/templates/conf/conf.d/chronyd b/recipes/debian/templates/conf/conf.d/chronyd deleted file mode 100644 index e692251..0000000 --- a/recipes/debian/templates/conf/conf.d/chronyd +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/conf.d/chronyd -CFGFILE="/etc/chrony/chrony.conf" -FAST_STARTUP=yes -ARGS="" -# vrf e.g 'vrf-mgmt' -#vrf="" diff --git a/recipes/debian/templates/conf/docker/subgid.pktpl.hcl b/recipes/debian/templates/conf/docker/subgid.pktpl.hcl deleted file mode 100644 index 6187cff..0000000 --- a/recipes/debian/templates/conf/docker/subgid.pktpl.hcl +++ /dev/null @@ -1,6 +0,0 @@ - -# Configuration file of Harbor - -# The IP address or hostname to access admin UI and registry service. -# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname: ${Vars.RootlessDocker} diff --git a/recipes/debian/templates/conf/docker/subuid.pktpl.hcl b/recipes/debian/templates/conf/docker/subuid.pktpl.hcl deleted file mode 100644 index c512a70..0000000 --- a/recipes/debian/templates/conf/docker/subuid.pktpl.hcl +++ /dev/null @@ -1,3 +0,0 @@ -%{ if Vars.RootlessDocker } -docker:231072:65536 -%{ endif } \ No newline at end of file diff --git a/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl b/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl deleted file mode 100644 index 24a94cf..0000000 --- a/recipes/debian/templates/conf/harbor/harbor.yml.pktpl.hcl +++ /dev/null @@ -1,265 +0,0 @@ -# Configuration file of Harbor - -# The IP address or hostname to access admin UI and registry service. -# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname: ${Vars.HarborDomain} - -# http related config -http: - # port for http, default is 80. If https enabled, this port will redirect to https port - port: ${Vars.HarborHTTPPort} - -# https related config -https: - # https port for harbor, default is 443 - port: ${Vars.HarborHTTPSPort} - # The path of cert and key files for nginx - certificate: ${Vars.HarborSSLCert} - private_key: ${Vars.HarborSSLPrivKey} - -# # Uncomment following will enable tls communication between all harbor components -# internal_tls: -# # set enabled to true means internal tls is enabled -# enabled: true -# # put your cert and key files on dir -# dir: /etc/harbor/tls/internal - -# Uncomment external_url if you want to enable external proxy -# And when it enabled the hostname will no longer used -# external_url: https://reg.mydomain.com:8433 - -# The initial password of Harbor admin -# It only works in first time to install harbor -# Remember Change the admin password from UI after launching Harbor. -harbor_admin_password: ${Vars.HarborAdminPassword} - -# Harbor DB configuration -database: - # The password for the root user of Harbor DB. Change this before any production use. - password: ${Vars.HarborDBPassword} - # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. - max_idle_conns: 50 - # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. - # Note: the default number of connections is 100 for postgres. - max_open_conns: 200 - -# The default data volume -data_volume: /srv/harbor/data - -# Harbor Storage settings by default is using /data dir on local filesystem -# Uncomment storage_service setting If you want to using external storage -# storage_service: -# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore -# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. -# ca_bundle: - -# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss -# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ -# filesystem: -# maxthreads: 100 -# # set disable to true when you want to disable registry redirect -# redirect: -# disabled: false - -# Trivy configuration -# -# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. -# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached -# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it -# should download a newer version from the Internet or use the cached one. Currently, the database is updated every -# 12 hours and published as a new release to GitHub. -trivy: - # ignoreUnfixed The flag to display only fixed vulnerabilities - ignore_unfixed: false - # skipUpdate The flag to enable or disable Trivy DB downloads from GitHub - # - # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues. - # If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and - # `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path. - skip_update: false - # - # The offline_scan option prevents Trivy from sending API requests to identify dependencies. - # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. - # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't - # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode. - # It would work if all the dependencies are in local. - # This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment. - offline_scan: false - # - # insecure The flag to skip verifying registry certificate - insecure: false - # github_token The GitHub access token to download Trivy DB - # - # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough - # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 - # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult - # https://developer.github.com/v3/#rate-limiting - # - # You can create a GitHub token by following the instructions in - # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line - # - # github_token: xxx - -jobservice: - # Maximum number of job workers in job service - max_job_workers: 10 - logger_sweeper_duration: 300 - -notification: - # Maximum retry count for webhook job - webhook_job_max_retry: 10 - webhook_job_http_client_timeout: 300 - -chart: - # Change the value of absolute_url to enabled can enable absolute url in chart - absolute_url: disabled - -# Log configurations -log: - # options are debug, info, warning, error, fatal - level: info - # configs for logs in local storage - local: - # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. - rotate_count: 50 - # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. - # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G - # are all valid. - rotate_size: 200M - # The directory on your host that store log - location: /var/log/harbor - - # Uncomment following lines to enable external syslog endpoint. - # external_endpoint: - # # protocol used to transmit log to external endpoint, options is tcp or udp - # protocol: tcp - # # The host of external endpoint - # host: localhost - # # Port of external endpoint - # port: 5140 - -#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version: 2.6.0 - -# Uncomment external_database if using external database. -# external_database: -# harbor: -# host: harbor_db_host -# port: harbor_db_port -# db_name: harbor_db_name -# username: harbor_db_username -# password: harbor_db_password -# ssl_mode: disable -# max_idle_conns: 2 -# max_open_conns: 0 -# notary_signer: -# host: notary_signer_db_host -# port: notary_signer_db_port -# db_name: notary_signer_db_name -# username: notary_signer_db_username -# password: notary_signer_db_password -# ssl_mode: disable -# notary_server: -# host: notary_server_db_host -# port: notary_server_db_port -# db_name: notary_server_db_name -# username: notary_server_db_username -# password: notary_server_db_password -# ssl_mode: disable - -# Uncomment external_redis if using external Redis server -# external_redis: -# # support redis, redis+sentinel -# # host for redis: : -# # host for redis+sentinel: -# # :,:,: -# host: redis:6379 -# password: -# # sentinel_master_set must be set to support redis+sentinel -# #sentinel_master_set: -# # db_index 0 is for core, it's unchangeable -# registry_db_index: 1 -# jobservice_db_index: 2 -# chartmuseum_db_index: 3 -# trivy_db_index: 5 -# idle_timeout_seconds: 30 - -# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. -# uaa: -# ca_file: /path/to/ca - -# Global proxy -# Config http proxy for components, e.g. http://my.proxy.com:3128 -# Components doesn't need to connect to each others via http proxy. -# Remove component from `components` array if want disable proxy -# for it. If you want use proxy for replication, MUST enable proxy -# for core and jobservice, and set `http_proxy` and `https_proxy`. -# Add domain to the `no_proxy` field, when you want disable proxy -# for some special registry. -proxy: - http_proxy: - https_proxy: - no_proxy: - components: - - core - - jobservice - - notary - - trivy - -metric: - enabled: false - port: 9090 - path: /metrics - -# Trace related config -# only can enable one trace provider(jaeger or otel) at the same time, -# and when using jaeger as provider, can only enable it with agent mode or collector mode. -# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed -# if using jaeger agetn mode uncomment agent_host and agent_port -# trace: -# enabled: true -# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth -# sample_rate: 1 -# # # namespace used to differenciate different harbor services -# # namespace: -# # # attributes is a key value dict contains user defined attributes used to initialize trace provider -# # attributes: -# # application: harbor -# # # jaeger should be 1.26 or newer. -# # jaeger: -# # endpoint: http://hostname:14268/api/traces -# # username: -# # password: -# # agent_host: hostname -# # # export trace data by jaeger.thrift in compact mode -# # agent_port: 6831 -# # otel: -# # endpoint: hostname:4318 -# # url_path: /v1/traces -# # compression: false -# # insecure: true -# # timeout: 10s - -# enable purge _upload directories -upload_purging: - enabled: true - # remove files in _upload directories which exist for a period of time, default is one week. - age: 168h - # the interval of the purge operations - interval: 24h - dryrun: false - -# cache layer configurations -# If this feature enabled, harbor will cache the resource -# `project/project_metadata/repository/artifact/manifest` in the redis -# which can especially help to improve the performance of high concurrent -# manifest pulling. -# NOTICE -# If you are deploying Harbor in HA mode, make sure that all the harbor -# instances have the same behaviour, all with caching enabled or disabled, -# otherwise it can lead to potential data inconsistency. -cache: - # not enabled by default - enabled: false - # keep cache for one day by default - expire_hours: 24 diff --git a/recipes/debian/templates/conf/install/awnsers.pktpl.hcl b/recipes/debian/templates/conf/install/awnsers.pktpl.hcl deleted file mode 100644 index 33d05d0..0000000 --- a/recipes/debian/templates/conf/install/awnsers.pktpl.hcl +++ /dev/null @@ -1,47 +0,0 @@ - -# Example answer file for setup-alpine script -# If you don't want to use a certain option, then comment it out - -# Use US layout with US variant -KEYMAPOPTS="fr fr" - -# Set hostname to alpine-test -HOSTNAMEOPTS="-n ${hostname}" - -# Contents of /etc/network/interfaces -INTERFACESOPTS="auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp - hostname ${hostname} -" - -# Search domain of example.com, OpenDNS public nameserver -# ex: -d example.com 1.1.1.1" -DNSOPTS="" - -# Set timezone to UTC -TIMEZONEOPTS="-z Europe/Paris" - -# set http/ftp proxy -PROXYOPTS="none" - -# Add a random mirror -APKREPOSOPTS="-r -c" - -# Install Openssh -SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys" - -# Use openntpd -NTPOPTS="-c openntpd" - -# Use /dev/sda as a data disk -DISKOPTS="-L -m sys ${disk_device}" - -USEROPTS="-a -g 'netdev' ${user}" - -# Setup in /media/vda1 -# LBUOPTS="/media/vda1" -# APKCACHEOPTS="/media/vda1/cache" - diff --git a/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl b/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl deleted file mode 100644 index 3fa8501..0000000 --- a/recipes/debian/templates/conf/k3s/k3s.conf.pkr.hcl +++ /dev/null @@ -1,8 +0,0 @@ -# k3s options -export PATH="/usr/libexec/cni/:$PATH" -K3S_EXEC="server" -%{ if Vars.DeployTraefik } -K3S_OPTS="" -%{ else } -K3S_OPTS="--disable traefik" -%{ endif } diff --git a/recipes/debian/templates/conf/kubernetes/.flag b/recipes/debian/templates/conf/kubernetes/.flag deleted file mode 100644 index e69de29..0000000 diff --git a/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl deleted file mode 100644 index b8432f0..0000000 --- a/recipes/debian/templates/conf/matchbox/conf.d/matchbox.conf.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl deleted file mode 100644 index 489b338..0000000 --- a/recipes/debian/templates/conf/matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl +++ /dev/null @@ -1,4 +0,0 @@ -${Vars.NIC[0].IP} ${Vars.Set.Hostname} -%{ if Vars.MatchBox.Hostname != "" } -${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} -%{ endif } \ No newline at end of file diff --git a/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl deleted file mode 100644 index 8d08dac..0000000 --- a/recipes/debian/templates/conf/matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl +++ /dev/null @@ -1,60 +0,0 @@ -log-queries -log-dhcp - -#port=0 -listen-address=0.0.0.0 -interface=${Vars.PXE.ListenInterface} -no-resolv -domain-needed -bogus-priv -expand-hosts -server=${Vars.ETH0.DNS} -strict-order -addn-hosts=/etc/dnsmasq-hosts.conf -domain=${Vars.PXE.DNSDomain} -local=/${Vars.PXE.DNSDomain}/ -localise-queries - - -%{ if Vars.PXE.DHCPMode == "proxy" } -#dhcp-no-override -dhcp-range=${Vars.ETH0.IP},proxy -%{ else } -dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} -dhcp-option=option:router,${Vars.ETH0.GATEWAY} -%{ endif } - -dhcp-option=option:dns-server,${Vars.ETH0.IP} -dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} - -# TFTP Configuration -enable-tftp -tftp-root="${Vars.PXE.TFTPRoot}" - -pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} - -# Based on logic in https://gist.github.com/robinsmidsrod/4008017 -# iPXE sends a 175 option, checking suboptions -dhcp-match=set:ipxe-http,175,19 -dhcp-match=set:ipxe-https,175,20 -dhcp-match=set:ipxe-menu,175,39 -# pcbios specific -dhcp-match=set:ipxe-pxe,175,33 -dhcp-match=set:ipxe-bzimage,175,24 -dhcp-match=set:ipxe-iscsi,175,17 -# efi specific -dhcp-match=set:ipxe-efi,175,36 -# combination -# set ipxe-ok tag if we have correct combination -# http && menu && iscsi ((pxe && bzimage) || efi) -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi - - -## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) -pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe -pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi -pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi - -dhcp-userclass=set:ipxe,iPXE -dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP} diff --git a/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl b/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl deleted file mode 100644 index 6652098..0000000 --- a/recipes/debian/templates/conf/matchbox/init.d/matchbox.pktpl.hcl +++ /dev/null @@ -1,28 +0,0 @@ -#!/sbin/openrc-run - -name=$RC_SVCNAME -command="/usr/local/bin/$RC_SVCNAME" -command_user="$RC_SVCNAME" -pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" -start_stop_daemon_args="--start -b" -command_args="$command_args" -command_background="yes" - -depend() { - need net -} - -start_pre() { - checkpath --directory --owner $command_user:$command_user --mode 0775 \ - /run/$RC_SVCNAME /var/log/$RC_SVCNAME - if [ ! -f "/etc/matchbox/server.crt" ]; then - cd /root/tls - export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}" - ./cert-gen - mkdir -p /etc/matchbox - cp ca.crt server.crt server.key /etc/matchbox - chown -R matchbox:matchbox /etc/matchbox - mkdir -p /root/.matchbox - cp client.crt client.key ca.crt /root/.matchbox/ - fi -} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-harbor b/recipes/debian/templates/conf/nuo-harbor deleted file mode 120000 index 8b35999..0000000 --- a/recipes/debian/templates/conf/nuo-harbor +++ /dev/null @@ -1 +0,0 @@ -harbor \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl deleted file mode 100644 index b8432f0..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/conf.d/matchbox.conf.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}" \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl deleted file mode 100644 index 0809dc3..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/dnsmasq-hosts.conf.pktpl.hcl +++ /dev/null @@ -1,7 +0,0 @@ -${Vars.NIC[0].IP} ${Vars.Set.Hostname} -%{ if Vars.MatchBox.Hostname != "" } -${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname} -%{ endif } -%{ for host in Vars.DNSMasq.Hosts } -${host.IP} ${host.Name} -%{ endfor } \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl deleted file mode 100644 index afbef7f..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/dnsmasq.d/ipxe.conf.pktpl.hcl +++ /dev/null @@ -1,60 +0,0 @@ -log-queries -log-dhcp - -#port=0 -listen-address=0.0.0.0 -interface=${Vars.PXE.ListenInterface} -no-resolv -domain-needed -bogus-priv -expand-hosts -server=${Vars.DNS[0]} -strict-order -addn-hosts=/etc/dnsmasq-hosts.conf -domain=${Vars.PXE.DNSDomain} -local=/${Vars.PXE.DNSDomain}/ -localise-queries - - -%{ if Vars.PXE.DHCPMode == "proxy" } -#dhcp-no-override -dhcp-range=${Vars.NIC[0].IP},proxy -%{ else } -dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration} -dhcp-option=option:router,${Vars.NIC[0].Gateway} -%{ endif } - -dhcp-option=option:dns-server,${Vars.NIC[0].IP} -dhcp-option=option:domain-name,${Vars.PXE.DNSDomain} - -# TFTP Configuration -enable-tftp -tftp-root="${Vars.PXE.TFTPRoot}" - -pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime} - -# Based on logic in https://gist.github.com/robinsmidsrod/4008017 -# iPXE sends a 175 option, checking suboptions -dhcp-match=set:ipxe-http,175,19 -dhcp-match=set:ipxe-https,175,20 -dhcp-match=set:ipxe-menu,175,39 -# pcbios specific -dhcp-match=set:ipxe-pxe,175,33 -dhcp-match=set:ipxe-bzimage,175,24 -dhcp-match=set:ipxe-iscsi,175,17 -# efi specific -dhcp-match=set:ipxe-efi,175,36 -# combination -# set ipxe-ok tag if we have correct combination -# http && menu && iscsi ((pxe && bzimage) || efi) -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage -tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi - - -## Load different PXE boot image depending on client architecture (when running as a proxy DHCP) -pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe -pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi -pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi - -dhcp-userclass=set:ipxe,iPXE -dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP} diff --git a/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl deleted file mode 100644 index f9a48de..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/hostname.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -${Vars.Set.Hostname} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl deleted file mode 100644 index 2128aa2..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/init.d/matchbox.pktpl.hcl +++ /dev/null @@ -1,28 +0,0 @@ -#!/sbin/openrc-run - -name=$RC_SVCNAME -command="/usr/local/bin/$RC_SVCNAME" -command_user="$RC_SVCNAME" -pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid" -start_stop_daemon_args="--start -b" -command_args="$command_args" -command_background="yes" - -depend() { - need net -} - -start_pre() { - checkpath --directory --owner $command_user:$command_user --mode 0775 \ - /run/$RC_SVCNAME /var/log/$RC_SVCNAME - if [ ! -f "/etc/matchbox/server.crt" ]; then - cd /root/tls - export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}" - ./cert-gen - mkdir -p /etc/matchbox - cp ca.crt server.crt server.key /etc/matchbox - chown -R matchbox:matchbox /etc/matchbox - mkdir -p /root/.matchbox - cp client.crt client.key ca.crt /root/.matchbox/ - fi -} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl deleted file mode 100644 index ab21faa..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/network/interfaces.pktpl.hcl +++ /dev/null @@ -1,9 +0,0 @@ - -%{ for iface in Vars.NIC } -auto ${iface.Name} - -iface ${iface.Name} inet static - address ${iface.IP} - netmask ${iface.Mask} - gateway ${iface.Gateway} -%{ endfor ~} \ No newline at end of file diff --git a/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl b/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl deleted file mode 100644 index 9a677a5..0000000 --- a/recipes/debian/templates/conf/nuo-matchbox/resolv.conf.pktpl.hcl +++ /dev/null @@ -1,4 +0,0 @@ - -%{ for dns in Vars.DNS } -nameserver ${dns} -%{ endfor ~} \ No newline at end of file diff --git a/recipes/debian/templates/one/image/common.tpl b/recipes/debian/templates/one/image/common.tpl deleted file mode 100644 index d422fb1..0000000 --- a/recipes/debian/templates/one/image/common.tpl +++ /dev/null @@ -1,7 +0,0 @@ -NAME = <%= image_name %> -PATH = <%= image_source %> -TYPE = OS -PERSISTENT = No -DESCRIPTION = "<%= image_comment %>" -DEV_PREFIX = vd -FORMAT = qcow2 \ No newline at end of file diff --git a/recipes/debian/templates/one/service/kubernetes-cluster.json b/recipes/debian/templates/one/service/kubernetes-cluster.json deleted file mode 100644 index 635b8d2..0000000 --- a/recipes/debian/templates/one/service/kubernetes-cluster.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "name": "<%= template_name %>", - "deployment": "straight", - "description": "Cluster Kubernetes (k8s)", - "roles": [ - { - "name": "leader", - "cardinality": 1, - "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, - "shutdown_action": "terminate", - "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", - "elasticity_policies": [], - "scheduled_policies": [] - }, - { - "name": "master", - "cardinality": 2, - "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, - "shutdown_action": "terminate", - "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", - "elasticity_policies": [], - "scheduled_policies": [] - }, - { - "name": "worker", - "cardinality": 4, - "vm_template": <%= getTemplateByName(oneCli, vm_name).id %>, - "shutdown_action": "terminate", - "parents": [ - "leader" - ], - "vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n", - "elasticity_policies": [], - "scheduled_policies": [] - } - ], - "networks": { - "main": "M|network|Main network| |id:", - "internal": "M|network|Internal network| |id:" - }, - "custom_attrs": { - "KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local", - "INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |", - "LE_EMAIL": "M|text|Email | |" - }, - "shutdown_action": "terminate", - "ready_status_gate": true - } diff --git a/recipes/debian/templates/one/vm/common.xml b/recipes/debian/templates/one/vm/common.xml deleted file mode 100644 index fdb5be4..0000000 --- a/recipes/debian/templates/one/vm/common.xml +++ /dev/null @@ -1,33 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", - TOKEN = "YES" ] -CPU = "0.2" -DESCRIPTION = "Alpine basic image" -DISK = [ - DEV_PREFIX = "vd", - DRIVER = "qcow2", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>" ] -GRAPHICS = [ - KEYMAP = "fr", - LISTEN = "0.0.0.0", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/linux.png" -MEMORY = "512" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -VCPU = "2" diff --git a/recipes/debian/templates/one/vm/k3s.xml b/recipes/debian/templates/one/vm/k3s.xml deleted file mode 100644 index 6c515f2..0000000 --- a/recipes/debian/templates/one/vm/k3s.xml +++ /dev/null @@ -1,32 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", - TOKEN = "YES" ] -CPU = "0.2" -DESCRIPTION = "K3S Ready VM" -DISK = [ - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - KEYMAP = "fr", - LISTEN = "0.0.0.0", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -VCPU = "2" diff --git a/recipes/debian/templates/one/vm/kubeleader.xml b/recipes/debian/templates/one/vm/kubeleader.xml deleted file mode 100644 index c68faa5..0000000 --- a/recipes/debian/templates/one/vm/kubeleader.xml +++ /dev/null @@ -1,35 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SERVER_ROLE = "leader", - TOKEN = "YES", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" -] -CPU = "0.8" -DESCRIPTION = "Kubernetes master or Docker VM (check the name)" -DISK = [ - DEV_PREFIX = "vd", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - LISTEN = "0.0.0.0", - KEYMAP = "fr", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/kubemaster.xml b/recipes/debian/templates/one/vm/kubemaster.xml deleted file mode 100644 index e0fe33d..0000000 --- a/recipes/debian/templates/one/vm/kubemaster.xml +++ /dev/null @@ -1,42 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SERVER_ROLE = "master", - MASTER_ADDR = "$MASTER_ADDR", - MASTER_TOKEN = "$MASTER_TOKEN", - MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", - TOKEN = "YES", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" -] -CPU = "0.8" -DESCRIPTION = "Kubernetes worker VM" -DISK = [ - DEV_PREFIX = "vd", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - LISTEN = "0.0.0.0", - KEYMAP = "fr", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -USER_INPUTS = [ - MASTER_ADDR = "O|text|Master address (for workers only)", - MASTER_TOKEN = "O|text|Master Token (for workers only)", - MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] -VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/kubeworker.xml b/recipes/debian/templates/one/vm/kubeworker.xml deleted file mode 100644 index 9aa3f0a..0000000 --- a/recipes/debian/templates/one/vm/kubeworker.xml +++ /dev/null @@ -1,42 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - NETWORK = "YES", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SERVER_ROLE = "worker", - MASTER_ADDR = "$MASTER_ADDR", - MASTER_TOKEN = "$MASTER_TOKEN", - MASTER_CA_TOKEN = "$MASTER_CA_TOKEN", - TOKEN = "YES", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" -] -CPU = "0.8" -DESCRIPTION = "Kubernetes worker VM" -DISK = [ - DEV_PREFIX = "vd", - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - LISTEN = "0.0.0.0", - KEYMAP = "fr", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "4096" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -USER_INPUTS = [ - MASTER_ADDR = "O|text|Master address (for workers only)", - MASTER_TOKEN = "O|text|Master Token (for workers only)", - MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ] -VCPU = "4" \ No newline at end of file diff --git a/recipes/debian/templates/one/vm/matchbox.xml b/recipes/debian/templates/one/vm/matchbox.xml deleted file mode 100644 index 794ab44..0000000 --- a/recipes/debian/templates/one/vm/matchbox.xml +++ /dev/null @@ -1,47 +0,0 @@ -NAME = "<%= template_name %>" -CONTEXT = [ - MATCHBOX_URL = "http://$NAME", - NETWORK = "YES", - PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION", - PXE_DHCPMODE = "$ADHCPMODE", - PXE_DNSDOMAIN = "$BDNSDOMAIN", - PXE_DHCPRANGESTART = "$CDHCPRANGESTART", - PXE_DHCPRANGEEND = "$DDHCPRANGEEND", - PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION", - MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME", - REPORT_READY = "YES", - SET_HOSTNAME = "$NAME", - SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]", - TOKEN = "YES" ] -CPU = "0.2" -DESCRIPTION = "Matchbox Ready VM" -DISK = [ - IMAGE = "<%= image_name %>", - IMAGE_UNAME = "<%= user %>", - DRIVER = "qcow2" ] -GRAPHICS = [ - KEYMAP = "fr", - LISTEN = "0.0.0.0", - TYPE = "VNC" ] -HYPERVISOR = "kvm" -INPUT = [ - BUS = "usb", - TYPE = "tablet" ] -INPUTS_ORDER = "" -LOGO = "images/logos/alpine.png" -MEMORY = "2048" -MEMORY_UNIT_COST = "MB" -NIC_DEFAULT = [ - MODEL = "virtio" ] -OS = [ - ARCH = "x86_64", - BOOT = "", - SD_DISK_BUS = "scsi" ] -USER_INPUTS = [ - ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy", - BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)", - CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP", - DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP", - EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h", - FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ] -VCPU = "2" diff --git a/recipes/debian/variables.pkr.hcl b/recipes/debian/variables.pkr.hcl index 20d31cd..de00b29 100644 --- a/recipes/debian/variables.pkr.hcl +++ b/recipes/debian/variables.pkr.hcl @@ -5,17 +5,17 @@ variable "name" { variable "version" { type = string - default = "11" + default = "12.2.0" } variable "short_version" { type = string - default = "11" + default = "12" } variable "arch" { type = string - default = "amd6464" + default = "amd64" } variable "output_dir" { @@ -25,12 +25,12 @@ variable "output_dir" { variable "source_url" { type = string - default = "https://cdimage.debian.org/cdimage/release" + default = "https://cdimage.debian.org/cdimage/release/12.2.0" } variable "iso_cd_checksum" { type = string - default = "sha256:9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741" + default = "file:https://cdimage.debian.org/cdimage/release/12.2.0/amd64/iso-cd/SHA256SUMS" } variable "image_version" { @@ -57,3 +57,8 @@ variable "cloud_init_runcmd" { type = list(string) default = [ "uname" ] } + +variable "headless" { + type = bool + default = true +} \ No newline at end of file diff --git a/recipes/debian/variables.quid.pkr.hcl b/recipes/debian/variables.quid.pkr.hcl new file mode 100644 index 0000000..ca629a5 --- /dev/null +++ b/recipes/debian/variables.quid.pkr.hcl @@ -0,0 +1,6 @@ + +variable "quid_ansible_vault_passphrase" { + type = string + default = env("QUID_ANSIBLE_VAULT_PASSPHRASE") + sensitive = true +} \ No newline at end of file -- 2.17.1 From dc5b7c097c02358e0b8708c53b10ef0ecc1ecaed Mon Sep 17 00:00:00 2001 From: William Petit Date: Mon, 23 Oct 2023 17:45:55 +0200 Subject: [PATCH 6/8] feat(hydra): add base recipe using ansible-role-sso --- recipes/debian/hydra.pkr.hcl | 44 +++++++++++++++++++ recipes/debian/provisionning/hydra/.gitignore | 1 + .../provisionning/hydra/ansible-vars.yml | 11 +++++ .../provisionning/hydra/clone-role-sso.yml | 10 +++++ .../provisionning/hydra/run-role-sso.yml | 3 ++ recipes/debian/readme.hydra.md | 23 ++++++++++ 6 files changed, 92 insertions(+) create mode 100644 recipes/debian/hydra.pkr.hcl create mode 100644 recipes/debian/provisionning/hydra/.gitignore create mode 100644 recipes/debian/provisionning/hydra/ansible-vars.yml create mode 100644 recipes/debian/provisionning/hydra/clone-role-sso.yml create mode 100644 recipes/debian/provisionning/hydra/run-role-sso.yml create mode 100644 recipes/debian/readme.hydra.md diff --git a/recipes/debian/hydra.pkr.hcl b/recipes/debian/hydra.pkr.hcl new file mode 100644 index 0000000..cd38eec --- /dev/null +++ b/recipes/debian/hydra.pkr.hcl @@ -0,0 +1,44 @@ +#Flavour base +build { + name = "hydra" + description = <" ] + ssh_clear_authorized_keys = true + vmx_data_post = { + "memsize" = "2048", + "numvcpus" = "2", + } + } + + // Clone ansible-role-sso repository + provisioner "ansible" { + playbook_file = "${local.locations.provisionning}/hydra/clone-role-sso.yml" + // Manjaro/Arch OpenSSH version compatibility mode + // See https://github.com/hashicorp/packer/issues/11783 + extra_arguments = [ "--scp-extra-args", "'-O'", "-v" ] + } + + // Run ansible-role-sso playbook from cloned repository + provisioner "ansible" { + playbook_file = "${local.locations.provisionning}/hydra/run-role-sso.yml" + // Manjaro/Arch OpenSSH version compatibility mode + // See https://github.com/hashicorp/packer/issues/11783 + extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--extra-vars=@${local.locations.provisionning}/hydra/ansible-vars.yml" ] + } + + post-processor "shell-local" { + inline = [ + "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/hydra ${var.image_version}", + ] + } + + post-processor "manifest" { + keep_input_artifact = true + } +} \ No newline at end of file diff --git a/recipes/debian/provisionning/hydra/.gitignore b/recipes/debian/provisionning/hydra/.gitignore new file mode 100644 index 0000000..014e296 --- /dev/null +++ b/recipes/debian/provisionning/hydra/.gitignore @@ -0,0 +1 @@ +/role-sso \ No newline at end of file diff --git a/recipes/debian/provisionning/hydra/ansible-vars.yml b/recipes/debian/provisionning/hydra/ansible-vars.yml new file mode 100644 index 0000000..919cf03 --- /dev/null +++ b/recipes/debian/provisionning/hydra/ansible-vars.yml @@ -0,0 +1,11 @@ +--- +hydra_use_external_database: true + +enable_hydra_dispatcher: true +enable_hydra_passwordless: false +enable_hydra_saml: true +enable_hydra_oidc: true +enable_hydra_ldap: false +enable_oidc_test_app: false + +install_only: true \ No newline at end of file diff --git a/recipes/debian/provisionning/hydra/clone-role-sso.yml b/recipes/debian/provisionning/hydra/clone-role-sso.yml new file mode 100644 index 0000000..3bfa798 --- /dev/null +++ b/recipes/debian/provisionning/hydra/clone-role-sso.yml @@ -0,0 +1,10 @@ +--- +- name: Ciblage de la machine locale + hosts: localhost + connection: local + tasks: + - name: Clonage du projet "Cadoles/ansible-role-sso" + ansible.builtin.git: + repo: "ssh://git@forge.cadoles.com:2222/Cadoles/ansible-role-sso.git" + dest: "role-sso" + version: "master" diff --git a/recipes/debian/provisionning/hydra/run-role-sso.yml b/recipes/debian/provisionning/hydra/run-role-sso.yml new file mode 100644 index 0000000..730d068 --- /dev/null +++ b/recipes/debian/provisionning/hydra/run-role-sso.yml @@ -0,0 +1,3 @@ +--- +- hosts: all + roles: [ role-sso ] diff --git a/recipes/debian/readme.hydra.md b/recipes/debian/readme.hydra.md new file mode 100644 index 0000000..45cbe54 --- /dev/null +++ b/recipes/debian/readme.hydra.md @@ -0,0 +1,23 @@ +# Flavor "Hydra" + +## Construction de l'image + +1. Lancer la construction de l'image de la machine virtuelle + + ``` + PACKER_OPTS="-var headless=false" ./build start debian 12 + ``` + + ou si l'image Debian de base est déjà construite: + + ``` + BUILDER="vmware-vmx" PACKER_OPTS="-var headless=false" ./build run debian 12 hydra + ``` + + > **Tip** Le paramètre `PACKER_OPTS="-var headless=false"` n'est nécessaire que dans le cas où vous souhaitez l'exécuteur VMWare avec son interface graphique. + +## Générer le fichier OVF à partir de l'OVA + +``` +ovftool output/debian/12.2.0/hydra/hydra-debian-12.2.0.ova output/debian/12.2.0/hydra/hydra-debian-12.2.0.ovf +``` \ No newline at end of file -- 2.17.1 From f7dfec14d7398d5f102695c9df5f436fccbf0e87 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Thu, 2 Nov 2023 11:38:47 +0100 Subject: [PATCH 7/8] fix(doc): adding new dependencies to the readme --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 1aaf3ff..7ead008 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,8 @@ With this tool you can publish all the images and the necessary templates to act * Packer >= 1.6.0 * virt-sparsify (optional) * Ruby + +### For OpenNebula you will need : * These ruby gems: * opennebula * opennebula-cli @@ -35,6 +37,15 @@ With this tool you can publish all the images and the necessary templates to act * create/manage services templates * create/manage network templates +### For Local qemu buidls you will need: + * qemu-kvm + +### For Local Virtualbox builds you will need: + * virtualbox + +### For Local VMWare Workstation builds you will need: + * vmware-workstation (with a valid licence, 30 trial is fine) + ## How to use the "build" tool ? First you need to create the "publisher" "tools/one-templates" configuration. -- 2.17.1 From d11d461dbc584f4110698f9c69607c33a702123e Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 28 Nov 2023 14:15:39 +0100 Subject: [PATCH 8/8] adding missing ssh keys --- recipes/debian/hydra.pkr.hcl | 19 +++++++++++++++++++ .../debian/provisionning/ssh/cnous/nmelin.pub | 1 + .../provisionning/ssh/cnous/operrot.pub | 1 + 3 files changed, 21 insertions(+) create mode 100644 recipes/debian/provisionning/ssh/cnous/nmelin.pub create mode 100644 recipes/debian/provisionning/ssh/cnous/operrot.pub diff --git a/recipes/debian/hydra.pkr.hcl b/recipes/debian/hydra.pkr.hcl index cd38eec..08f02b4 100644 --- a/recipes/debian/hydra.pkr.hcl +++ b/recipes/debian/hydra.pkr.hcl @@ -32,6 +32,25 @@ EOF extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--extra-vars=@${local.locations.provisionning}/hydra/ansible-vars.yml" ] } + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + post-processor "shell-local" { inline = [ "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/hydra ${var.image_version}", diff --git a/recipes/debian/provisionning/ssh/cnous/nmelin.pub b/recipes/debian/provisionning/ssh/cnous/nmelin.pub new file mode 100644 index 0000000..a4e15ee --- /dev/null +++ b/recipes/debian/provisionning/ssh/cnous/nmelin.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr diff --git a/recipes/debian/provisionning/ssh/cnous/operrot.pub b/recipes/debian/provisionning/ssh/cnous/operrot.pub new file mode 100644 index 0000000..f68677c --- /dev/null +++ b/recipes/debian/provisionning/ssh/cnous/operrot.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr -- 2.17.1