feat/first_recipes #1
|
@ -0,0 +1,2 @@
|
|||
/output
|
||||
/packer-manifest.json
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
"ansible.python.interpreterPath": "/bin/python"
|
||||
}
|
6
build
6
build
|
@ -1,5 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
# Simple build wrapper
|
||||
|
||||
ACTION=${1}
|
||||
|
@ -25,8 +27,8 @@ initPacker() {
|
|||
# First the "base" image then the provisionned ones
|
||||
#
|
||||
run() {
|
||||
${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/."
|
||||
${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/."
|
||||
${PACKER} build ${PACKER_OPTS} -on-error=abort -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.*.${OS}" "${RCP_DIR}/${OS}/."
|
||||
${PACKER} build ${PACKER_OPTS} -on-error=abort -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.*.${OS}" "${RCP_DIR}/${OS}/."
|
||||
}
|
||||
|
||||
#
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
name = "debian"
|
||||
version = "11"
|
||||
short_version = "11"
|
||||
code_name = "bullseye"
|
||||
arch = "amd64"
|
||||
source_url = "https://cloud.debian.org/images/cloud/bullseye/latest"
|
||||
iso_cd_checksum = "9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741"
|
||||
image_dir_name= "latest"
|
||||
boot_command = [ "<enter>" ]
|
||||
# "<enter>",
|
||||
# "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter>",
|
||||
# "<wait>",
|
||||
# "<wait1s>mkdir -p .ssh<enter>",
|
||||
# "<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys<enter><wait1s>",
|
||||
# "<wait1s>chmod 600 .ssh/authorized_keys<enter>",
|
||||
#]
|
|
@ -0,0 +1,7 @@
|
|||
name = "debian"
|
||||
version = "12.2.0"
|
||||
short_version = "12"
|
||||
code_name = "bookworm"
|
||||
arch = "amd64"
|
||||
source_url = "https://cdimage.debian.org/cdimage/release/12.2.0"
|
||||
image_dir_name= "latest"
|
|
@ -1,7 +1,5 @@
|
|||
locals {
|
||||
Globals = {
|
||||
Vars = {
|
||||
PrometheusPort = "9090"
|
||||
}
|
||||
Vars = {}
|
||||
}
|
||||
}
|
|
@ -10,24 +10,11 @@ locals {
|
|||
dirs = local.locations
|
||||
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
|
||||
output_name = "${var.name}"
|
||||
source_checksum_url = "file:${var.source_url}/SHA512SUMS"
|
||||
source_iso = "${var.source_url}/debian-${var.version}-generic-${var.arch}.qcow2"
|
||||
source_checksum = "${var.iso_cd_checksum}"
|
||||
source_iso = "${var.source_url}/${var.arch}/iso-cd/debian-${var.version}-${var.arch}-netinst.iso"
|
||||
iso_cd_checksum = "file:${var.source_url}/${var.arch}/iso-cd/SHA256SUMS"
|
||||
ssh_user = "root"
|
||||
ssh_password = "PbkRc1vup7Wq5n4r"
|
||||
ssh_password = "toor"
|
||||
disk_size = 8000
|
||||
memory = 512
|
||||
instance_data = {
|
||||
"instance-id": "${var.name}"
|
||||
}
|
||||
installOpts = {
|
||||
hostname = var.name
|
||||
user = "eole"
|
||||
disk_device = "/dev/vda"
|
||||
}
|
||||
installOptsVMWare = {
|
||||
hostname = var.name
|
||||
user = "eole"
|
||||
disk_device = "/dev/sda"
|
||||
}
|
||||
headless = var.headless
|
||||
}
|
||||
|
|
|
@ -7,38 +7,20 @@ EOF
|
|||
|
||||
source "vmware-iso.debian" {
|
||||
output_directory = "${var.output_dir}/${var.version}/base"
|
||||
vm_name = "${local.output_name}-${var.version}.img"
|
||||
vm_name = "${local.output_name}-${var.version}"
|
||||
disk_size = 10240
|
||||
iso_url = "${local.source_iso}"
|
||||
iso_checksum = "${var.iso_cd_checksum}"
|
||||
guest_os_type = "ubuntu-64"
|
||||
http_content = {
|
||||
"/ssh-packer-pub.key" = data.sshkey.install.public_key
|
||||
"/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare)
|
||||
"/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local })
|
||||
}
|
||||
boot_command = var.boot_command
|
||||
cd_label = "cidata"
|
||||
}
|
||||
|
||||
source "qemu.debian" {
|
||||
output_directory = "${var.output_dir}/${var.version}/base"
|
||||
vm_name = "${local.output_name}-${var.version}.img"
|
||||
iso_url = "${local.source_iso}"
|
||||
iso_checksum = "${var.iso_cd_checksum}"
|
||||
disk_image = true
|
||||
disk_size = 10240
|
||||
cd_content = {
|
||||
"meta-data" = jsonencode(local.instance_data)
|
||||
"user-data" = templatefile("${path.cwd}/recipes/debian/templates/conf/cloud-init/user-data",
|
||||
{ user = local.ssh_user,
|
||||
password = local.ssh_password,
|
||||
runcmd = var.cloud_init_runcmd })
|
||||
}
|
||||
#http_content = {
|
||||
# "/ssh-packer-pub.key" = data.sshkey.install.public_key
|
||||
# "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts)
|
||||
#}
|
||||
cd_label = "cidata"
|
||||
boot_command = var.boot_command
|
||||
boot_command = [
|
||||
"<esc><wait>",
|
||||
"auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter><wait10s>",
|
||||
"<enter>"
|
||||
]
|
||||
}
|
||||
|
||||
provisioner "shell" {
|
||||
|
@ -49,7 +31,6 @@ EOF
|
|||
script = "${local.locations.provisionning}/letsencrypt.sh"
|
||||
}
|
||||
|
||||
|
||||
post-processor "shell-local" {
|
||||
inline = [
|
||||
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}",
|
||||
|
|
|
@ -11,7 +11,11 @@ packer {
|
|||
qemu = {
|
||||
source = "github.com/hashicorp/qemu"
|
||||
version = "~> 1"
|
||||
}
|
||||
}
|
||||
ansible = {
|
||||
version = "~> 1"
|
||||
source = "github.com/hashicorp/ansible"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
: ${SUBCFGDIR:=/srv}
|
||||
DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"}
|
||||
|
||||
SUBSVC="${SVCNAME#*.}"
|
||||
[ -z "${SUBSVC}" ] && exit 1
|
||||
: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"}
|
||||
DOCOCMD="/usr/bin/docker-compose"
|
||||
export COMPOSE_HTTP_TIMEOUT=300
|
||||
|
||||
description="Manage docker services defined in ${SUBCFG}"
|
||||
extra_commands="configtest build"
|
||||
description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\""
|
||||
description_build="Run \"docker-compose -f ${SUBCFG} build\""
|
||||
|
||||
depend() {
|
||||
need localmount net docker
|
||||
use dns
|
||||
after docker
|
||||
}
|
||||
|
||||
configtest() {
|
||||
if ! [ -f "${SUBCFG}" ]; then
|
||||
eerror "The config file ${SUBCFG} does not exist!"
|
||||
return 1
|
||||
fi
|
||||
if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then
|
||||
einfo "config: ok"
|
||||
else
|
||||
eerror "config: error"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
build() {
|
||||
configtest || return 1
|
||||
ebegin "Building dockerservice ${SUBSVC}"
|
||||
"${DOCOCMD}" -f "${SUBCFG}" build
|
||||
eend $?
|
||||
}
|
||||
|
||||
start() {
|
||||
configtest || return 1
|
||||
ebegin "Starting dockerservice ${SUBSVC}"
|
||||
sleep 5
|
||||
"${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS}
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
ebegin "Stopping dockerservice ${SUBSVC}"
|
||||
"${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300
|
||||
eend $?
|
||||
}
|
||||
|
||||
status() {
|
||||
if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then
|
||||
einfo "status: started"
|
||||
else
|
||||
einfo "status: stopped"
|
||||
return 3
|
||||
fi
|
||||
}
|
|
@ -1,181 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
||||
LOG_FILE="/var/log/initkubernets.log"
|
||||
FIRST_BOOT="/var/run/firstboot.flag"
|
||||
|
||||
infoLog() {
|
||||
echo "Info: $@" | tee -a ${LOG_FILE}
|
||||
}
|
||||
|
||||
errorLog() {
|
||||
echo "Error: $@" | tee -a ${LOG_FILE}
|
||||
}
|
||||
|
||||
waitReadyState() {
|
||||
local vmID="${1}"
|
||||
local timeout="${2}"
|
||||
|
||||
local tick=0
|
||||
while true ;do
|
||||
local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY")
|
||||
if [ "${ready}" = "YES" ];then
|
||||
return 0
|
||||
elif [ "${timeout}" -eq "${tick}" ];then
|
||||
return ${timeout}
|
||||
else
|
||||
sleep 1
|
||||
tick=$((tick+1))
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
returnToken() {
|
||||
infoLog "Returning tokens"
|
||||
local caSecretKey="${1}"
|
||||
local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1)
|
||||
local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}')
|
||||
local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf)
|
||||
|
||||
if [ -n "${ONEGATE_ENDPOINT}" ];then
|
||||
infoLog "Onegate detected"
|
||||
data="READY=YES"
|
||||
data="${data} MASTER_ADDR=${masterAddr}"
|
||||
data="${data} MASTER_TOKEN=${kubeToken}"
|
||||
data="${data} MASTER_CA_TOKEN=sha256:${caToken}"
|
||||
data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}"
|
||||
onegate vm update --data "${data}"
|
||||
infoLog "Onegate data seted"
|
||||
else
|
||||
infoLog "Onegate is not present"
|
||||
echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token
|
||||
infoLog "Tokens are available at /root/kube.token"
|
||||
fi
|
||||
}
|
||||
|
||||
joinCluster() {
|
||||
local master="${MASTER_ADDR}"
|
||||
local token="${MASTER_TOKEN}"
|
||||
local caToken="${MASTER_CA_TOKEN}"
|
||||
local caSecretKey="${MASTER_CA_SECRET_KEY}"
|
||||
local sname="${SERVICE_NAME}"
|
||||
|
||||
if [ -n "${ONEGATE_ENDPOINT}" ];then
|
||||
local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id')
|
||||
if [ "${?}" -eq 0 ]; then
|
||||
waitReadyState ${masterID} 600
|
||||
if [ "${?}" -ne 0 ];then
|
||||
errorLog "Master node is node ready after 600s"
|
||||
return 3
|
||||
fi
|
||||
local masterInfo=$(onegate vm show ${masterID} --json | \
|
||||
jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP")
|
||||
master=$(echo ${masterInfo} | cut -d " " -f 1)
|
||||
token=$(echo ${masterInfo} | cut -d " " -f 2)
|
||||
caToken=$(echo ${masterInfo} | cut -d " " -f 3)
|
||||
caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4)
|
||||
masterIP=$(echo ${masterInfo} | cut -d " " -f 5)
|
||||
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
|
||||
fi
|
||||
|
||||
# Setting dns resolution for cluster
|
||||
echo "${masterIP} ${sname}" >> /etc/hosts
|
||||
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
|
||||
fi
|
||||
if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then
|
||||
opts="--node-name $(hostname -f)"
|
||||
opts="${opts} --token ${token}"
|
||||
opts="${opts} --discovery-token-ca-cert-hash ${caToken}"
|
||||
if [ -n "${1}" ];then
|
||||
opts="${opts} --control-plane"
|
||||
opts="${opts} --certificate-key ${caSecretKey}"
|
||||
fi
|
||||
opts="${opts} ${master}"
|
||||
|
||||
kubeadm join ${opts} | tee -a "${LOG_FILE}"
|
||||
else
|
||||
errorLog "Something is missing, can't join the cluster:"
|
||||
errorLog " Master addr: [${master}]"
|
||||
errorLog " Master token: [${token}]"
|
||||
errorLog " Master CA token: [${caToken}]"
|
||||
return 3
|
||||
fi
|
||||
}
|
||||
|
||||
getServiceName() {
|
||||
local sname=$(onegate service show --json | jq -cr ".SERVICE.name")
|
||||
local tmout=30
|
||||
local tick=0
|
||||
while true ;do
|
||||
if [ -z "${sname}" ];then
|
||||
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
|
||||
else
|
||||
echo ${sname}
|
||||
return 0
|
||||
fi
|
||||
sleep 1
|
||||
tick=$((tick+1))
|
||||
if [ ${tmout} -eq ${tick} ];then
|
||||
hostname -f
|
||||
return 3
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
initLeader() {
|
||||
sname="$(hostname -f)"
|
||||
|
||||
if [ -n "${ONEGATE_ENDPOINT}" ];then
|
||||
sname=$(getServiceName)
|
||||
sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP")
|
||||
echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts
|
||||
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
|
||||
fi
|
||||
|
||||
caSecretKey=$(date | sha256sum | awk '{print $1}')
|
||||
|
||||
infoLog "Kubernetes init started"
|
||||
kubeadm init --pod-network-cidr=10.244.0.0/16 \
|
||||
--node-name="${SET_HOSTNAME}" \
|
||||
--control-plane-endpoint "${sname}:6443" \
|
||||
--upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}"
|
||||
infoLog "Kubernetes init ended"
|
||||
|
||||
infoLog "Configuring kubectl"
|
||||
mkdir /root/.kube
|
||||
ln -s /etc/kubernetes/admin.conf /root/.kube/config
|
||||
infoLog "kubectl configured"
|
||||
|
||||
infoLog "Installing cilium"
|
||||
sleep 20
|
||||
kubectl config view --minify -o jsonpath='{.clusters[].name}'
|
||||
sleep 20
|
||||
cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}"
|
||||
infoLog "Cilium is installed"
|
||||
|
||||
returnToken "${caSecretKey}"
|
||||
}
|
||||
|
||||
initKube() {
|
||||
if [ "${SERVER_ROLE}" == "leader" ];then
|
||||
initLeader
|
||||
elif [ "${SERVER_ROLE}" == "worker" ];then
|
||||
joinCluster
|
||||
elif [ "${SERVER_ROLE}" == "master" ];then
|
||||
joinCluster "${SERVER_ROLE}"
|
||||
fi
|
||||
touch ${FIRST_BOOT}
|
||||
infoLog "Kubernetes cluster init is finished"
|
||||
}
|
||||
|
||||
if [ -f "${ENV_FILE}" ]; then
|
||||
. "${ENV_FILE}"
|
||||
fi
|
||||
|
||||
if [ -f "${FIRST_BOOT}" ];then
|
||||
exit 0
|
||||
else
|
||||
uuidgen > /etc/machine-id
|
||||
swapoff -a # Make sure swap is disabled
|
||||
initKube &
|
||||
fi
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
mount --make-rshared /
|
|
@ -1,25 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
FL_VERSIONS="current 3374.2.0"
|
||||
MATCHBOX_DIR="/var/lib/matchbox"
|
||||
ASSETS_DIR="${MATCHBOX_DIR}/assets/"
|
||||
|
||||
GPG_FNAME="Flatcar_Image_Signing_Key.asc"
|
||||
GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/"
|
||||
|
||||
cd /tmp
|
||||
curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME}
|
||||
gpg --import --keyid-format LONG ${GPG_FNAME}
|
||||
cd -
|
||||
|
||||
echo "Provisionning matchbox with flatcar images"
|
||||
tout=30
|
||||
for version in ${FL_VERSIONS}; do
|
||||
for i in $(seq 1 ${tout});do
|
||||
echo " * ${FL_VERSIONS} stable image (try ${i})"
|
||||
/usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR}
|
||||
if [[ "${?}" -eq 0 ]]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
done
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
dest="${1}"
|
||||
|
||||
ipxeEFISource="http://boot.ipxe.org/ipxe.efi"
|
||||
kpxeSource="http://boot.ipxe.org/undionly.kpxe"
|
||||
|
||||
cd "${dest}"
|
||||
wget "${ipxeEFISource}"
|
||||
wget "${kpxeSource}"
|
|
@ -1 +0,0 @@
|
|||
harbor
|
|
@ -1 +0,0 @@
|
|||
matchbox
|
|
@ -1,13 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
CONF="/etc/conf.d/jenkins-slave"
|
||||
if [ -e "/etc/jenkins-slave.conf" ]; then
|
||||
CONF="/etc/jenkins-slave.conf"
|
||||
fi
|
||||
|
||||
TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }')
|
||||
sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}"
|
||||
sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}"
|
||||
sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}"
|
||||
sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}"
|
||||
sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}"
|
|
@ -1,31 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
||||
|
||||
# $TOKENTXT is available only through the env. file
|
||||
# shellcheck disable=SC1090
|
||||
if [ -f "${ENV_FILE}" ]; then
|
||||
. "${ENV_FILE}"
|
||||
fi
|
||||
|
||||
###
|
||||
|
||||
if [ -n "${GITLAB_URL}" ]; then
|
||||
if command -v gitlab-runner; then
|
||||
if [ -n "${GITLAB_SHELL}" ]; then
|
||||
opts="--shell=${GITLAB_SHELL}"
|
||||
fi
|
||||
# shellcheck disable=SC2086
|
||||
gitlab-runner register \
|
||||
--non-interactive \
|
||||
--url="${GITLAB_URL}" \
|
||||
--registration-token="${GITLAB_TOKEN}" \
|
||||
--executor="${GITLAB_EXECUTOR}" \
|
||||
--description="${GITLAB_RUNNER_NAME}" \
|
||||
--tag-list="${GITLAB_TAG_LIST}" \
|
||||
--locked=false \
|
||||
--access-level=not_protected \
|
||||
--run-untagged=false \
|
||||
"${opts}"
|
||||
fi
|
||||
fi
|
|
@ -1,21 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
||||
|
||||
# $TOKENTXT is available only through the env. file
|
||||
# shellcheck disable=SC1090
|
||||
if [ -f "${ENV_FILE}" ]; then
|
||||
. "${ENV_FILE}"
|
||||
fi
|
||||
|
||||
###
|
||||
|
||||
if [ -n "${K3S_ROLE}" ]; then
|
||||
if [ "${K3S_ROLE}" = "server" ]; then
|
||||
rc-update add dnsmasq default
|
||||
service dnsmasq start
|
||||
|
||||
rc-update add k3s default
|
||||
service k3s start
|
||||
fi
|
||||
fi
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
echo "${1}" >/etc/hostname
|
||||
|
||||
apt-get update
|
||||
apt-get -y dist-upgrade
|
||||
apt-get install wget curl -y
|
||||
|
||||
touch /etc/cloud/cloud-init.disabled
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "${1}" >/etc/hostname
|
||||
|
||||
apt-get update
|
||||
apt-get -y dist-upgrade
|
||||
apt-get install wget curl open-vm-tools -y
|
||||
|
||||
systemctl enable --now open-vm-tools.service
|
||||
|
||||
touch /etc/cloud/cloud-init.disabled
|
|
@ -37,10 +37,14 @@ d-i finish-install/reboot_in_progress note
|
|||
# Bootloader options
|
||||
d-i grub-installer/only_debian boolean true
|
||||
d-i grub-installer/with_other_os boolean true
|
||||
d-i grub-installer/bootdev string /dev/vda
|
||||
d-i grub-installer/bootdev string /dev/sda
|
||||
|
||||
# Set the keyboard layout
|
||||
d-i console-setup/ask_detect boolean false
|
||||
d-i keyboard-configuration/variant select France
|
||||
d-i keyboard-configuration/xkb-keymap select fr
|
||||
d-i console-keymaps-at/keymap select fr-latin9
|
||||
d-i debian-installer/keymap string fr-latin9
|
||||
|
||||
# Mirror from which packages will be downloaded
|
||||
d-i mirror/country string manual
|
||||
|
@ -65,15 +69,19 @@ d-i partman/confirm_write_new_label boolean true
|
|||
|
||||
# User configuration
|
||||
d-i passwd/root-login boolean true
|
||||
d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
|
||||
d-i passwd/root-password password ${local.ssh_password}
|
||||
d-i passwd/root-password-again password ${local.ssh_password}
|
||||
d-i passwd/user-fullname string packer
|
||||
d-i passwd/user-uid string 1000
|
||||
d-i passwd/username string packer
|
||||
d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0
|
||||
d-i passwd/user-password password ${local.ssh_password}
|
||||
d-i passwd/user-password-again password ${local.ssh_password}
|
||||
|
||||
# Extra packages to be installed
|
||||
d-i pkgsel/include string sudo
|
||||
d-i pkgsel/include string openssh-server build-essential
|
||||
d-i pkgsel/include string openssh-server
|
||||
d-i pkgsel/include string wget
|
||||
d-i pkgsel/include string cloud-init
|
||||
|
||||
d-i pkgsel/install-language-support boolean false
|
||||
d-i pkgsel/update-policy select none
|
||||
|
@ -102,6 +110,6 @@ popularity-contest popularity-contest/participate boolean false
|
|||
# Select base install
|
||||
tasksel tasksel/first multiselect standard, ssh-server
|
||||
|
||||
# Setup passwordless sudo for packer user
|
||||
d-i preseed/late_command string \
|
||||
echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer
|
||||
d-i preseed/late_command string in-target mkdir -p /root/.ssh; \
|
||||
in-target /bin/sh -c "echo '${data.sshkey.install.public_key}' >> /root/.ssh/authorized_keys"; \
|
||||
in-target chown -R root:root /root/.ssh/
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
|
@ -20,7 +20,7 @@ for cert in $CERTS; do
|
|||
echo "Downloading '$cert'..."
|
||||
filename=$(basename "$cert")
|
||||
wget --tries=10 --timeout=30 -O "$filename" "$cert"
|
||||
#openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
||||
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
||||
done
|
||||
|
||||
$UPDATE_CERTS_CMD
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
|
||||
|
||||
# $TOKENTXT is available only through the env. file
|
||||
# shellcheck disable=SC1090
|
||||
if [ -f "${ENV_FILE}" ]; then
|
||||
. "${ENV_FILE}"
|
||||
fi
|
||||
|
||||
###
|
||||
|
||||
if [ -n "${K3S_ROLE}" ]; then
|
||||
if [ "${K3S_ROLE}" = "server" ]; then
|
||||
rc-update add dnsmasq default
|
||||
service dnsmasq start
|
||||
|
||||
rc-update add k3s default
|
||||
service k3s start
|
||||
fi
|
||||
fi
|
|
@ -0,0 +1,2 @@
|
|||
/quid-ansible
|
||||
/.ansible_vault_passphrase
|
|
@ -0,0 +1,137 @@
|
|||
---
|
||||
quid_ansible_repo_private_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63356330363932313165663737383634623039383935333233316532643433643930663630663337
|
||||
3938373061393535383638356438396264363132333939320a616463333939643036396266653435
|
||||
32373265633439633663306433393037376235323965343530333239356633326266336333333961
|
||||
6663613239393639370a663135333562663264376533336166323062656333613636393263356233
|
||||
66653132386131613436356364636432336166353938373837333036393931343063343632613832
|
||||
32303862623536356638396337373661623666393839303861653837393032666366396334383466
|
||||
66373866366662353062653939393631373535666261323965666465383566343064653838313237
|
||||
64396466393834373538613430636134663463313331336330393238636561663566343535663537
|
||||
35643434313030636139326362613832346536333166613061653136346439653231336239626363
|
||||
33376362383034303033343539306134313033386434366534633033306564636661386530306431
|
||||
34656461323164656135303931626536643330653338656162386262633033393030363333336534
|
||||
31343732636363623061303238386137316464333030343733316262646639366531633566383635
|
||||
64653166393134623835363865326639613732353562303665643331663431333034373337653336
|
||||
65313563333439613938396264626464393037396264646237303034356638323139373665613265
|
||||
62623933623064333332313265326431333931643332393166373765383962333639643033393736
|
||||
39666365666662396334316666323933306561343032386436613932396666653330653936656635
|
||||
64353361366539363034316434306239646463336564643939353238393264633235633737656365
|
||||
31313130396532313839613764393636656365303636323437643939313030373464353636363037
|
||||
35376439383531633265613734383463643562333763646131643134383262313736613261346237
|
||||
36633839323833316165393439386136343161306266666331396163363464343132393936313231
|
||||
35663530633132386633313138333835346630383265666638373836663737623933376661633936
|
||||
31623863396439623661396135633537306132306435303430613433346362333934383033656434
|
||||
31363437626463383039336438666662316664353536393139383236323835333738393332623138
|
||||
30343264633964393461616633313837353632373935623462326461663965363962306337396231
|
||||
36623661333934616237306137663130316533613461616136306334666138656534383539393331
|
||||
32623464333030653930393563343031383362383233373235623433643037636463656638386334
|
||||
38316362643736313038366339396165626164336230663538303166316332633337396231646663
|
||||
35303130666135313632326162643632356534646630383163653966346365646334396532313335
|
||||
38353539383630663936313939613638346536623739366164313132636463353666636338353562
|
||||
65336663333937353630636565396537366261646464626163623465313962353039623432653335
|
||||
39653662366335646437366639303736653434623137613633353664336534373965616436643837
|
||||
37396239633533616136636165396333366162313736666366396363303536373235656234393332
|
||||
34663330653738643931373465313939313236363935316237303566363234346330303534353736
|
||||
35336639313233346437666236653931366331393530363432303065323234376436373830346664
|
||||
30613335333062633563643565383065663361613737343537396230353339656234613264666232
|
||||
36393831663264393437316362653734356236333165666361623134626438653536303862653965
|
||||
62636431643738393437663762376261653231633038343365666361626466653634353030356566
|
||||
65333436353939623233623964393833363461356133653564633164366630303034633237653138
|
||||
64343230383036336430306164636134623930656532366232353561656237306435353839396661
|
||||
36633861363830633964376165633339376264363735613965376437303666326665303839363566
|
||||
36306239376230303463663836653931656231353531383561353838383565356363376134343334
|
||||
33363430613935643839316137333765383537326231343734643766373865306262336166313763
|
||||
33666530633938636537663539616334643933396232653665373335663964343631623233366430
|
||||
63306361383332323936343461313231343730373333346337656461346136656531326332613537
|
||||
39323335313061376439343034336466643934306538333030616139353564323432376531663464
|
||||
35613462396430346533383061636132323961303938613365306531386462313730326639363461
|
||||
36313839336232373938353537356663363034356238383264303462396534343035633461336334
|
||||
38613737373430396132313465366363386365303265396261303434653463623265323237393734
|
||||
38616262326461383739353235353835316638653263383938653233326336633532323561656433
|
||||
34326634623130336135333931633635316464383139393639353731636432613832633265376332
|
||||
32346161396332356530316365316362393130643833633264643136623733313963326161333535
|
||||
61623835643931613461333033643636386339323137306663366563393463383266356433306362
|
||||
32626430316137336536663232633061396232313935656562346437653238313130383837336361
|
||||
61323865646637333037336335656462303065616237356463616631663539633433613263623932
|
||||
61333236653836653436616161666330616239393331393139333231626464326339666433663461
|
||||
33343539356634613363616662333562653162366532396337643163373738363637313738386362
|
||||
30356634626536336264616263313438366336373962636438303634333130626433366536366436
|
||||
33393461386337663366663132336136343930623464663062663930363663333566323734336631
|
||||
63643866643262333735386433386662303263323038613862653563363230643065356439663264
|
||||
36323666323331613663626533366130663766643036366430643734303561393234623539646463
|
||||
38376132653234346633363238303265376431653663363861653037323436393037306436623962
|
||||
66376536343032303863323138326334626166363930323530353161333737616261346631326364
|
||||
36343239373365306266323832303531313037316234353537383436363866326533663437373537
|
||||
31353038326439303839353139303362613264386434303236363336386665303861663438626135
|
||||
39633361656130316335333965643966616263303563326639653534653931343261356133616461
|
||||
63353664633636343438303936636632393963343235323537393064646138623934633237646139
|
||||
33366664636664373135316366316163343266646435626636366534343061323464633464666430
|
||||
36653231633565346334333362343734613861313465366530376266653939656163323236613139
|
||||
31363165646134343236326663343534383031323431323162343566353938666365323265663931
|
||||
62396466333730363261626465366431316332626236346364396536636165653330653531306330
|
||||
63633564613330323637633761613066623135396132316636303130663534306562326535363733
|
||||
31636639643632633232383938363563643732623364303732663133386434326236353635326439
|
||||
37656138663166616231383264353763623066646337656363663839376536633235353838373465
|
||||
37343237376138326337623565306137363833333165383166343233373438373261306433653734
|
||||
65376361633165383034666337623832336262393831313831626564346231376561393365633437
|
||||
65383236633036616538623861656439323866633864666434643262346632343865643462393237
|
||||
36386463393936376437643065356461306235656233373561393965613461643035356634626335
|
||||
38633664323265303563363636613130383236393339333330613239633765636232326265653864
|
||||
31346361346364396166663930663435313230366631623363306136353833346138346433373730
|
||||
36326536323166396562303733353835663234636136383539356139623433316537343039623761
|
||||
66373231353639623533323837386339323462366137376363373030333762323830623535626433
|
||||
36636162396439363436343330636162383864383837663236626237396562333032383162636165
|
||||
36663833343062613362663739303639396139376166376234646663316239306261356561396535
|
||||
30316331656464333137313333396132656636653932363834336336303635633865313165316434
|
||||
63376461333137343164333634333139336539613839393237343336646261643038643833303461
|
||||
30663763653864626133356439646664663331613666616133383830346331636438656639633065
|
||||
38346562343531633166666436643138366235373562386137326535333936383832313962313233
|
||||
65613265313538626565666339643866393165316363663664373066623962303435663635653738
|
||||
65363262633236333339633636363233333232333332643837326163633061656135653763663539
|
||||
39346365356266353336316461613336343039656330306530303961346133343765363036633734
|
||||
65643563633631373133633031343532356461633461616430313331306335336131333062643230
|
||||
33623331313566646130373833373137333733343534383239306630396335383539373736613862
|
||||
39323265393438376437386261636162303535346638316464366431316439643463623237323563
|
||||
31326633373964626266356435376231333933646139666166663232633132323832353034626132
|
||||
37316235376265633762613536323735653134616233396439326239323933623465613932363332
|
||||
61663862613330366134633534653632343865666562376438386563653066363635666136613534
|
||||
62356433653861666634653536353163306539613061373936346538306134326561323564353936
|
||||
62666139646238663230376132613334323138313261336338666433613231323633623636333938
|
||||
31356334613334383839396535643764393938303931613835643037626530333534323063646164
|
||||
33346363366334333063363564663638306461613838616564643938396234373961613130373738
|
||||
32636533653666626261336138326335623366643737633763353066643263663161396239663432
|
||||
66646233303739623032313439643763656464623865353963333330653833323763633362303434
|
||||
61343530613530336461363038383731646663343764383262393534623530613033636665656233
|
||||
38666162336332376436363335626365666134646532356534346264316465613336653664326461
|
||||
66626537643465326661636164313166393761343231643831366362386431323664633134303062
|
||||
37623863616165633236643139633736336537326533636632646666633466336230653165666333
|
||||
39326566326665366364636631646237663534393631646633316231303835343837303233333565
|
||||
65663163646566306331343766636461326333306662633337356135663938383166303532313566
|
||||
31393932333037366237663465626434643564663036336139316636313163646439643934343436
|
||||
65343462393337333161323236303233376532363963616433343133383631643937333662363063
|
||||
39646536373865626230633466616162613333623462616139386166316662343034393761343339
|
||||
63313263316662626563343130633837303932383134656432383232626163323634636462343662
|
||||
62326665366431656239663564663838653631396366313861323935623364633266333739383861
|
||||
63326264333236373333313566323937336232326461343839616533633639346435333162313237
|
||||
38646638373735663163623231313463326263656531373536393934626632326433363634616337
|
||||
61303035356263366166656565393565343733626439376533316266343038366366656538663830
|
||||
61656661323936633964333433306165613334306436343832666561363565343631383538643631
|
||||
35623839643133376335393331643962386532346437313933366133336364326533373436613833
|
||||
66326237386161623332323130333839336363373330313435636634663532346130626230393333
|
||||
61323361646537623235376135363033636261343365343735623963643066373631343235356536
|
||||
39653136376661353837383839663965643334393861373235353035356235396235613562363061
|
||||
33353339663165656432383230663033363861343032326663373632346634303231346462663836
|
||||
65313963373139383765303838666634666431343734313532626438373961393839656236646263
|
||||
32623264636434636531663138373466663032333463373232353333363534336435353664353238
|
||||
66663562653238396637613463636133656133386163376637353439626133373032373762623465
|
||||
63316335336662623039633837613666363766363931343865313330316362316561626438626533
|
||||
65383465396536306562363163653132343263636363613434333966346166326263373038653266
|
||||
62353734326365616361303135303561313131633637633461636539636666363162646238343265
|
||||
32363065326330303666336638333439356135633764643830353135346139306366353831613564
|
||||
36303763363031613531623336656637393337323035343532623239623735383932626463643866
|
||||
30363138313964643664653834363861616565393065633231623961353532623434623832343930
|
||||
66666330633633653030613237383063353064373661393965373333323565336434653837616336
|
||||
32613737623064316233613434363031623238326132653434646237306234663538616463643230
|
||||
3261376331343330613739346434313636613561626230656334
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Ciblage de la machine locale
|
||||
hosts: localhost
|
||||
connection: local
|
||||
tasks:
|
||||
- name: Clonage du projet "EFS/quid-ansible"
|
||||
ansible.builtin.git:
|
||||
repo: "ssh://git@forge.cadoles.com:2222/EFS/quid-ansible.git"
|
||||
dest: "quid-ansible"
|
||||
version: "master"
|
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
- import_playbook: quid-ansible/deploy.yml
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
#Flavour base
|
||||
build {
|
||||
name = "quid"
|
||||
description = <<EOF
|
||||
This builder builds a QEMU image from a Debian cloud image.
|
||||
EOF
|
||||
source "vmware-vmx.debian" {
|
||||
output_directory = "${var.output_dir}/${var.version}/quid"
|
||||
vm_name = "quid-${local.output_name}-${var.version}"
|
||||
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.vmx"
|
||||
boot_command = [ "<enter><enter><wait>" ]
|
||||
ssh_clear_authorized_keys = true
|
||||
disk_additional_size = [ 102400 ]
|
||||
vmx_data = {
|
||||
"scsi1.pcislotnumber" = "16"
|
||||
"scsi1.present" = "TRUE"
|
||||
"scsi1.virtualdev" = "lsilogic"
|
||||
"scsi1:0.filename" = "disk-1.vmdk"
|
||||
"scsi1:0.present" = "TRUE"
|
||||
"scsi1:0.redo" = ""
|
||||
}
|
||||
vmx_data_post = {
|
||||
"memsize" = "4096",
|
||||
"numvcpus" = "2",
|
||||
}
|
||||
}
|
||||
|
||||
// Extend root logical volume with additional disk space
|
||||
provisioner "shell" {
|
||||
inline = [
|
||||
"pvcreate /dev/sdb",
|
||||
"vgextend debian-vg /dev/sdb",
|
||||
"lvextend -l +100%FREE /dev/debian-vg/root",
|
||||
"resize2fs /dev/debian-vg/root"
|
||||
]
|
||||
}
|
||||
|
||||
// Store temporarily ansible vault password in local file
|
||||
provisioner "shell-local" {
|
||||
inline = ["echo '${var.quid_ansible_vault_passphrase}' > '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
|
||||
}
|
||||
|
||||
// Clone quid-ansible repository
|
||||
provisioner "ansible" {
|
||||
playbook_file = "${local.locations.provisionning}/quid/clone-quid-ansible.yml"
|
||||
// Manjaro/Arch OpenSSH version compatibility mode
|
||||
// See https://github.com/hashicorp/packer/issues/11783
|
||||
extra_arguments = [ "--scp-extra-args", "'-O'", "-v" ]
|
||||
}
|
||||
|
||||
// Run quid-ansible playbook from cloned repository
|
||||
provisioner "ansible" {
|
||||
playbook_file = "${local.locations.provisionning}/quid/run-quid-ansible.yml"
|
||||
groups = ["quid_server"]
|
||||
// Manjaro/Arch OpenSSH version compatibility mode
|
||||
// See https://github.com/hashicorp/packer/issues/11783
|
||||
extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--vault-password-file=${local.locations.provisionning}/quid/.ansible_vault_passphrase", "--extra-vars=@${local.locations.provisionning}/quid/ansible-vars.yml" ]
|
||||
}
|
||||
|
||||
// Remove ansible vault password file
|
||||
provisioner "shell-local" {
|
||||
inline = ["rm -f '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
|
||||
}
|
||||
|
||||
post-processor "shell-local" {
|
||||
inline = [
|
||||
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/quid ${var.image_version}",
|
||||
]
|
||||
}
|
||||
|
||||
post-processor "manifest" {
|
||||
keep_input_artifact = true
|
||||
}
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
# Flavor "Quid"
|
||||
|
||||
## Construction de l'image
|
||||
|
||||
1. Récupérer la phrase de passe pour les données chiffrées via `ansible-vault` dans le coffre-fort partagé (Section "Cadoles" -> "Kube").
|
||||
|
||||
2. Lancer la construction de l'image de la machine virtuelle
|
||||
|
||||
```
|
||||
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" ./build start debian 12
|
||||
```
|
||||
|
||||
ou si l'image Debian de base est déjà construite
|
||||
|
||||
```
|
||||
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" BUILDER="vmware-vmx" ./build run debian 12 quid
|
||||
```
|
||||
|
||||
> **Tip** Le paramètre `PACKER_OPTS="-var headless=false"` n'est nécessaire que dans le cas où vous souhaitez l'exécuteur VMWare avec son interface graphique.
|
||||
|
||||
## Générer le fichier OVF à partir de l'OVA
|
||||
|
||||
```
|
||||
ovftool output/debian/12.2.0/quid/quid-debian-12.2.0.ova output/debian/12.2.0/quid/quid-debian-12.2.0.ovf
|
||||
```
|
||||
|
||||
## Configuration de l'environnement Quid sur la machine virtuelle
|
||||
|
||||
1. Ajouter l'image de la machine sur votre environnement de virtualisation. Les fichiers sont normalement générés dans le répertoire `output/debian/12.2.0/quid`.
|
||||
|
||||
2. Démarrer la machine virtuelle. Le mot de passe par défaut du compte administrateur est `toor`.
|
||||
|
||||
3. Éditer le fichier `/etc/quid-ansible/config.yml` avec les valeurs correspondant à votre environnement de déploiement ([voir les valeurs par défaut](https://forge.cadoles.com/EFS/quid-ansible/src/branch/master/roles/quid-server/files/quid_ansible_default_config.yml))
|
||||
|
||||
4. Exécuter la commande `apply-config` pour mettre à jour la machine avec les valeurs présentes dans le fichier précédemment édité.
|
||||
|
||||
Pour plus d'informations voir la documentation du projet [`quid-ansible`](https://forge.cadoles.com/EFS/quid-ansible).
|
|
@ -4,7 +4,7 @@ source qemu "debian" {
|
|||
accelerator = "kvm"
|
||||
vnc_bind_address = "0.0.0.0"
|
||||
|
||||
headless = false
|
||||
headless = local.headless
|
||||
|
||||
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
|
||||
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
|
||||
|
@ -39,7 +39,7 @@ source "vmware-iso" "debian" {
|
|||
memory = "${local.memory}"
|
||||
vnc_bind_address = "0.0.0.0"
|
||||
|
||||
headless = true
|
||||
headless = local.headless
|
||||
|
||||
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
|
||||
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
|
||||
|
@ -69,10 +69,9 @@ source "vmware-iso" "debian" {
|
|||
}
|
||||
|
||||
source "vmware-vmx" "debian" {
|
||||
disk_type_id = 0
|
||||
vnc_bind_address = "0.0.0.0"
|
||||
|
||||
headless = true
|
||||
|
||||
headless = local.headless
|
||||
|
||||
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
|
||||
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
|
||||
|
@ -99,4 +98,4 @@ source "vmware-vmx" "debian" {
|
|||
format = "ova"
|
||||
|
||||
boot_wait = "5s"
|
||||
}
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
# /etc/conf.d/chronyd
|
||||
CFGFILE="/etc/chrony/chrony.conf"
|
||||
FAST_STARTUP=yes
|
||||
ARGS=""
|
||||
# vrf e.g 'vrf-mgmt'
|
||||
#vrf=""
|
|
@ -1,6 +0,0 @@
|
|||
|
||||
# Configuration file of Harbor
|
||||
|
||||
# The IP address or hostname to access admin UI and registry service.
|
||||
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
||||
hostname: ${Vars.RootlessDocker}
|
|
@ -1,3 +0,0 @@
|
|||
%{ if Vars.RootlessDocker }
|
||||
docker:231072:65536
|
||||
%{ endif }
|
|
@ -1,265 +0,0 @@
|
|||
# Configuration file of Harbor
|
||||
|
||||
# The IP address or hostname to access admin UI and registry service.
|
||||
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
||||
hostname: ${Vars.HarborDomain}
|
||||
|
||||
# http related config
|
||||
http:
|
||||
# port for http, default is 80. If https enabled, this port will redirect to https port
|
||||
port: ${Vars.HarborHTTPPort}
|
||||
|
||||
# https related config
|
||||
https:
|
||||
# https port for harbor, default is 443
|
||||
port: ${Vars.HarborHTTPSPort}
|
||||
# The path of cert and key files for nginx
|
||||
certificate: ${Vars.HarborSSLCert}
|
||||
private_key: ${Vars.HarborSSLPrivKey}
|
||||
|
||||
# # Uncomment following will enable tls communication between all harbor components
|
||||
# internal_tls:
|
||||
# # set enabled to true means internal tls is enabled
|
||||
# enabled: true
|
||||
# # put your cert and key files on dir
|
||||
# dir: /etc/harbor/tls/internal
|
||||
|
||||
# Uncomment external_url if you want to enable external proxy
|
||||
# And when it enabled the hostname will no longer used
|
||||
# external_url: https://reg.mydomain.com:8433
|
||||
|
||||
# The initial password of Harbor admin
|
||||
# It only works in first time to install harbor
|
||||
# Remember Change the admin password from UI after launching Harbor.
|
||||
harbor_admin_password: ${Vars.HarborAdminPassword}
|
||||
|
||||
# Harbor DB configuration
|
||||
database:
|
||||
# The password for the root user of Harbor DB. Change this before any production use.
|
||||
password: ${Vars.HarborDBPassword}
|
||||
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
|
||||
max_idle_conns: 50
|
||||
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
|
||||
# Note: the default number of connections is 100 for postgres.
|
||||
max_open_conns: 200
|
||||
|
||||
# The default data volume
|
||||
data_volume: /srv/harbor/data
|
||||
|
||||
# Harbor Storage settings by default is using /data dir on local filesystem
|
||||
# Uncomment storage_service setting If you want to using external storage
|
||||
# storage_service:
|
||||
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
|
||||
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
|
||||
# ca_bundle:
|
||||
|
||||
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
|
||||
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
|
||||
# filesystem:
|
||||
# maxthreads: 100
|
||||
# # set disable to true when you want to disable registry redirect
|
||||
# redirect:
|
||||
# disabled: false
|
||||
|
||||
# Trivy configuration
|
||||
#
|
||||
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
|
||||
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
|
||||
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
|
||||
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
|
||||
# 12 hours and published as a new release to GitHub.
|
||||
trivy:
|
||||
# ignoreUnfixed The flag to display only fixed vulnerabilities
|
||||
ignore_unfixed: false
|
||||
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
|
||||
#
|
||||
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
|
||||
# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
|
||||
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
|
||||
skip_update: false
|
||||
#
|
||||
# The offline_scan option prevents Trivy from sending API requests to identify dependencies.
|
||||
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
|
||||
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't
|
||||
# exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode.
|
||||
# It would work if all the dependencies are in local.
|
||||
# This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment.
|
||||
offline_scan: false
|
||||
#
|
||||
# insecure The flag to skip verifying registry certificate
|
||||
insecure: false
|
||||
# github_token The GitHub access token to download Trivy DB
|
||||
#
|
||||
# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
|
||||
# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
|
||||
# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
|
||||
# https://developer.github.com/v3/#rate-limiting
|
||||
#
|
||||
# You can create a GitHub token by following the instructions in
|
||||
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
|
||||
#
|
||||
# github_token: xxx
|
||||
|
||||
jobservice:
|
||||
# Maximum number of job workers in job service
|
||||
max_job_workers: 10
|
||||
logger_sweeper_duration: 300
|
||||
|
||||
notification:
|
||||
# Maximum retry count for webhook job
|
||||
webhook_job_max_retry: 10
|
||||
webhook_job_http_client_timeout: 300
|
||||
|
||||
chart:
|
||||
# Change the value of absolute_url to enabled can enable absolute url in chart
|
||||
absolute_url: disabled
|
||||
|
||||
# Log configurations
|
||||
log:
|
||||
# options are debug, info, warning, error, fatal
|
||||
level: info
|
||||
# configs for logs in local storage
|
||||
local:
|
||||
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
|
||||
rotate_count: 50
|
||||
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
|
||||
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
|
||||
# are all valid.
|
||||
rotate_size: 200M
|
||||
# The directory on your host that store log
|
||||
location: /var/log/harbor
|
||||
|
||||
# Uncomment following lines to enable external syslog endpoint.
|
||||
# external_endpoint:
|
||||
# # protocol used to transmit log to external endpoint, options is tcp or udp
|
||||
# protocol: tcp
|
||||
# # The host of external endpoint
|
||||
# host: localhost
|
||||
# # Port of external endpoint
|
||||
# port: 5140
|
||||
|
||||
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
|
||||
_version: 2.6.0
|
||||
|
||||
# Uncomment external_database if using external database.
|
||||
# external_database:
|
||||
# harbor:
|
||||
# host: harbor_db_host
|
||||
# port: harbor_db_port
|
||||
# db_name: harbor_db_name
|
||||
# username: harbor_db_username
|
||||
# password: harbor_db_password
|
||||
# ssl_mode: disable
|
||||
# max_idle_conns: 2
|
||||
# max_open_conns: 0
|
||||
# notary_signer:
|
||||
# host: notary_signer_db_host
|
||||
# port: notary_signer_db_port
|
||||
# db_name: notary_signer_db_name
|
||||
# username: notary_signer_db_username
|
||||
# password: notary_signer_db_password
|
||||
# ssl_mode: disable
|
||||
# notary_server:
|
||||
# host: notary_server_db_host
|
||||
# port: notary_server_db_port
|
||||
# db_name: notary_server_db_name
|
||||
# username: notary_server_db_username
|
||||
# password: notary_server_db_password
|
||||
# ssl_mode: disable
|
||||
|
||||
# Uncomment external_redis if using external Redis server
|
||||
# external_redis:
|
||||
# # support redis, redis+sentinel
|
||||
# # host for redis: <host_redis>:<port_redis>
|
||||
# # host for redis+sentinel:
|
||||
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
|
||||
# host: redis:6379
|
||||
# password:
|
||||
# # sentinel_master_set must be set to support redis+sentinel
|
||||
# #sentinel_master_set:
|
||||
# # db_index 0 is for core, it's unchangeable
|
||||
# registry_db_index: 1
|
||||
# jobservice_db_index: 2
|
||||
# chartmuseum_db_index: 3
|
||||
# trivy_db_index: 5
|
||||
# idle_timeout_seconds: 30
|
||||
|
||||
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
|
||||
# uaa:
|
||||
# ca_file: /path/to/ca
|
||||
|
||||
# Global proxy
|
||||
# Config http proxy for components, e.g. http://my.proxy.com:3128
|
||||
# Components doesn't need to connect to each others via http proxy.
|
||||
# Remove component from `components` array if want disable proxy
|
||||
# for it. If you want use proxy for replication, MUST enable proxy
|
||||
# for core and jobservice, and set `http_proxy` and `https_proxy`.
|
||||
# Add domain to the `no_proxy` field, when you want disable proxy
|
||||
# for some special registry.
|
||||
proxy:
|
||||
http_proxy:
|
||||
https_proxy:
|
||||
no_proxy:
|
||||
components:
|
||||
- core
|
||||
- jobservice
|
||||
- notary
|
||||
- trivy
|
||||
|
||||
metric:
|
||||
enabled: false
|
||||
port: 9090
|
||||
path: /metrics
|
||||
|
||||
# Trace related config
|
||||
# only can enable one trace provider(jaeger or otel) at the same time,
|
||||
# and when using jaeger as provider, can only enable it with agent mode or collector mode.
|
||||
# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed
|
||||
# if using jaeger agetn mode uncomment agent_host and agent_port
|
||||
# trace:
|
||||
# enabled: true
|
||||
# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth
|
||||
# sample_rate: 1
|
||||
# # # namespace used to differenciate different harbor services
|
||||
# # namespace:
|
||||
# # # attributes is a key value dict contains user defined attributes used to initialize trace provider
|
||||
# # attributes:
|
||||
# # application: harbor
|
||||
# # # jaeger should be 1.26 or newer.
|
||||
# # jaeger:
|
||||
# # endpoint: http://hostname:14268/api/traces
|
||||
# # username:
|
||||
# # password:
|
||||
# # agent_host: hostname
|
||||
# # # export trace data by jaeger.thrift in compact mode
|
||||
# # agent_port: 6831
|
||||
# # otel:
|
||||
# # endpoint: hostname:4318
|
||||
# # url_path: /v1/traces
|
||||
# # compression: false
|
||||
# # insecure: true
|
||||
# # timeout: 10s
|
||||
|
||||
# enable purge _upload directories
|
||||
upload_purging:
|
||||
enabled: true
|
||||
# remove files in _upload directories which exist for a period of time, default is one week.
|
||||
age: 168h
|
||||
# the interval of the purge operations
|
||||
interval: 24h
|
||||
dryrun: false
|
||||
|
||||
# cache layer configurations
|
||||
# If this feature enabled, harbor will cache the resource
|
||||
# `project/project_metadata/repository/artifact/manifest` in the redis
|
||||
# which can especially help to improve the performance of high concurrent
|
||||
# manifest pulling.
|
||||
# NOTICE
|
||||
# If you are deploying Harbor in HA mode, make sure that all the harbor
|
||||
# instances have the same behaviour, all with caching enabled or disabled,
|
||||
# otherwise it can lead to potential data inconsistency.
|
||||
cache:
|
||||
# not enabled by default
|
||||
enabled: false
|
||||
# keep cache for one day by default
|
||||
expire_hours: 24
|
|
@ -1,47 +0,0 @@
|
|||
|
||||
# Example answer file for setup-alpine script
|
||||
# If you don't want to use a certain option, then comment it out
|
||||
|
||||
# Use US layout with US variant
|
||||
KEYMAPOPTS="fr fr"
|
||||
|
||||
# Set hostname to alpine-test
|
||||
HOSTNAMEOPTS="-n ${hostname}"
|
||||
|
||||
# Contents of /etc/network/interfaces
|
||||
INTERFACESOPTS="auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto eth0
|
||||
iface eth0 inet dhcp
|
||||
hostname ${hostname}
|
||||
"
|
||||
|
||||
# Search domain of example.com, OpenDNS public nameserver
|
||||
# ex: -d example.com 1.1.1.1"
|
||||
DNSOPTS=""
|
||||
|
||||
# Set timezone to UTC
|
||||
TIMEZONEOPTS="-z Europe/Paris"
|
||||
|
||||
# set http/ftp proxy
|
||||
PROXYOPTS="none"
|
||||
|
||||
# Add a random mirror
|
||||
APKREPOSOPTS="-r -c"
|
||||
|
||||
# Install Openssh
|
||||
SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys"
|
||||
|
||||
# Use openntpd
|
||||
NTPOPTS="-c openntpd"
|
||||
|
||||
# Use /dev/sda as a data disk
|
||||
DISKOPTS="-L -m sys ${disk_device}"
|
||||
|
||||
USEROPTS="-a -g 'netdev' ${user}"
|
||||
|
||||
# Setup in /media/vda1
|
||||
# LBUOPTS="/media/vda1"
|
||||
# APKCACHEOPTS="/media/vda1/cache"
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# k3s options
|
||||
export PATH="/usr/libexec/cni/:$PATH"
|
||||
K3S_EXEC="server"
|
||||
%{ if Vars.DeployTraefik }
|
||||
K3S_OPTS=""
|
||||
%{ else }
|
||||
K3S_OPTS="--disable traefik"
|
||||
%{ endif }
|
|
@ -1 +0,0 @@
|
|||
command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}"
|
|
@ -1,4 +0,0 @@
|
|||
${Vars.NIC[0].IP} ${Vars.Set.Hostname}
|
||||
%{ if Vars.MatchBox.Hostname != "" }
|
||||
${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname}
|
||||
%{ endif }
|
|
@ -1,60 +0,0 @@
|
|||
log-queries
|
||||
log-dhcp
|
||||
|
||||
#port=0
|
||||
listen-address=0.0.0.0
|
||||
interface=${Vars.PXE.ListenInterface}
|
||||
no-resolv
|
||||
domain-needed
|
||||
bogus-priv
|
||||
expand-hosts
|
||||
server=${Vars.ETH0.DNS}
|
||||
strict-order
|
||||
addn-hosts=/etc/dnsmasq-hosts.conf
|
||||
domain=${Vars.PXE.DNSDomain}
|
||||
local=/${Vars.PXE.DNSDomain}/
|
||||
localise-queries
|
||||
|
||||
|
||||
%{ if Vars.PXE.DHCPMode == "proxy" }
|
||||
#dhcp-no-override
|
||||
dhcp-range=${Vars.ETH0.IP},proxy
|
||||
%{ else }
|
||||
dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration}
|
||||
dhcp-option=option:router,${Vars.ETH0.GATEWAY}
|
||||
%{ endif }
|
||||
|
||||
dhcp-option=option:dns-server,${Vars.ETH0.IP}
|
||||
dhcp-option=option:domain-name,${Vars.PXE.DNSDomain}
|
||||
|
||||
# TFTP Configuration
|
||||
enable-tftp
|
||||
tftp-root="${Vars.PXE.TFTPRoot}"
|
||||
|
||||
pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime}
|
||||
|
||||
# Based on logic in https://gist.github.com/robinsmidsrod/4008017
|
||||
# iPXE sends a 175 option, checking suboptions
|
||||
dhcp-match=set:ipxe-http,175,19
|
||||
dhcp-match=set:ipxe-https,175,20
|
||||
dhcp-match=set:ipxe-menu,175,39
|
||||
# pcbios specific
|
||||
dhcp-match=set:ipxe-pxe,175,33
|
||||
dhcp-match=set:ipxe-bzimage,175,24
|
||||
dhcp-match=set:ipxe-iscsi,175,17
|
||||
# efi specific
|
||||
dhcp-match=set:ipxe-efi,175,36
|
||||
# combination
|
||||
# set ipxe-ok tag if we have correct combination
|
||||
# http && menu && iscsi ((pxe && bzimage) || efi)
|
||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
|
||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi
|
||||
|
||||
|
||||
## Load different PXE boot image depending on client architecture (when running as a proxy DHCP)
|
||||
pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe
|
||||
pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi
|
||||
pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi
|
||||
|
||||
dhcp-userclass=set:ipxe,iPXE
|
||||
dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP}
|
|
@ -1,28 +0,0 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
name=$RC_SVCNAME
|
||||
command="/usr/local/bin/$RC_SVCNAME"
|
||||
command_user="$RC_SVCNAME"
|
||||
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
|
||||
start_stop_daemon_args="--start -b"
|
||||
command_args="$command_args"
|
||||
command_background="yes"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
checkpath --directory --owner $command_user:$command_user --mode 0775 \
|
||||
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
|
||||
if [ ! -f "/etc/matchbox/server.crt" ]; then
|
||||
cd /root/tls
|
||||
export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}"
|
||||
./cert-gen
|
||||
mkdir -p /etc/matchbox
|
||||
cp ca.crt server.crt server.key /etc/matchbox
|
||||
chown -R matchbox:matchbox /etc/matchbox
|
||||
mkdir -p /root/.matchbox
|
||||
cp client.crt client.key ca.crt /root/.matchbox/
|
||||
fi
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
harbor
|
|
@ -1 +0,0 @@
|
|||
command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}"
|
|
@ -1,7 +0,0 @@
|
|||
${Vars.NIC[0].IP} ${Vars.Set.Hostname}
|
||||
%{ if Vars.MatchBox.Hostname != "" }
|
||||
${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname}
|
||||
%{ endif }
|
||||
%{ for host in Vars.DNSMasq.Hosts }
|
||||
${host.IP} ${host.Name}
|
||||
%{ endfor }
|
|
@ -1,60 +0,0 @@
|
|||
log-queries
|
||||
log-dhcp
|
||||
|
||||
#port=0
|
||||
listen-address=0.0.0.0
|
||||
interface=${Vars.PXE.ListenInterface}
|
||||
no-resolv
|
||||
domain-needed
|
||||
bogus-priv
|
||||
expand-hosts
|
||||
server=${Vars.DNS[0]}
|
||||
strict-order
|
||||
addn-hosts=/etc/dnsmasq-hosts.conf
|
||||
domain=${Vars.PXE.DNSDomain}
|
||||
local=/${Vars.PXE.DNSDomain}/
|
||||
localise-queries
|
||||
|
||||
|
||||
%{ if Vars.PXE.DHCPMode == "proxy" }
|
||||
#dhcp-no-override
|
||||
dhcp-range=${Vars.NIC[0].IP},proxy
|
||||
%{ else }
|
||||
dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration}
|
||||
dhcp-option=option:router,${Vars.NIC[0].Gateway}
|
||||
%{ endif }
|
||||
|
||||
dhcp-option=option:dns-server,${Vars.NIC[0].IP}
|
||||
dhcp-option=option:domain-name,${Vars.PXE.DNSDomain}
|
||||
|
||||
# TFTP Configuration
|
||||
enable-tftp
|
||||
tftp-root="${Vars.PXE.TFTPRoot}"
|
||||
|
||||
pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime}
|
||||
|
||||
# Based on logic in https://gist.github.com/robinsmidsrod/4008017
|
||||
# iPXE sends a 175 option, checking suboptions
|
||||
dhcp-match=set:ipxe-http,175,19
|
||||
dhcp-match=set:ipxe-https,175,20
|
||||
dhcp-match=set:ipxe-menu,175,39
|
||||
# pcbios specific
|
||||
dhcp-match=set:ipxe-pxe,175,33
|
||||
dhcp-match=set:ipxe-bzimage,175,24
|
||||
dhcp-match=set:ipxe-iscsi,175,17
|
||||
# efi specific
|
||||
dhcp-match=set:ipxe-efi,175,36
|
||||
# combination
|
||||
# set ipxe-ok tag if we have correct combination
|
||||
# http && menu && iscsi ((pxe && bzimage) || efi)
|
||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
|
||||
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi
|
||||
|
||||
|
||||
## Load different PXE boot image depending on client architecture (when running as a proxy DHCP)
|
||||
pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe
|
||||
pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi
|
||||
pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi
|
||||
|
||||
dhcp-userclass=set:ipxe,iPXE
|
||||
dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP}
|
|
@ -1 +0,0 @@
|
|||
${Vars.Set.Hostname}
|
|
@ -1,28 +0,0 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
name=$RC_SVCNAME
|
||||
command="/usr/local/bin/$RC_SVCNAME"
|
||||
command_user="$RC_SVCNAME"
|
||||
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
|
||||
start_stop_daemon_args="--start -b"
|
||||
command_args="$command_args"
|
||||
command_background="yes"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
checkpath --directory --owner $command_user:$command_user --mode 0775 \
|
||||
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
|
||||
if [ ! -f "/etc/matchbox/server.crt" ]; then
|
||||
cd /root/tls
|
||||
export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}"
|
||||
./cert-gen
|
||||
mkdir -p /etc/matchbox
|
||||
cp ca.crt server.crt server.key /etc/matchbox
|
||||
chown -R matchbox:matchbox /etc/matchbox
|
||||
mkdir -p /root/.matchbox
|
||||
cp client.crt client.key ca.crt /root/.matchbox/
|
||||
fi
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
|
||||
%{ for iface in Vars.NIC }
|
||||
auto ${iface.Name}
|
||||
|
||||
iface ${iface.Name} inet static
|
||||
address ${iface.IP}
|
||||
netmask ${iface.Mask}
|
||||
gateway ${iface.Gateway}
|
||||
%{ endfor ~}
|
|
@ -1,4 +0,0 @@
|
|||
|
||||
%{ for dns in Vars.DNS }
|
||||
nameserver ${dns}
|
||||
%{ endfor ~}
|
|
@ -1,7 +0,0 @@
|
|||
NAME = <%= image_name %>
|
||||
PATH = <%= image_source %>
|
||||
TYPE = OS
|
||||
PERSISTENT = No
|
||||
DESCRIPTION = "<%= image_comment %>"
|
||||
DEV_PREFIX = vd
|
||||
FORMAT = qcow2
|
|
@ -1,48 +0,0 @@
|
|||
{
|
||||
"name": "<%= template_name %>",
|
||||
"deployment": "straight",
|
||||
"description": "Cluster Kubernetes (k8s)",
|
||||
"roles": [
|
||||
{
|
||||
"name": "leader",
|
||||
"cardinality": 1,
|
||||
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
|
||||
"shutdown_action": "terminate",
|
||||
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
|
||||
"elasticity_policies": [],
|
||||
"scheduled_policies": []
|
||||
},
|
||||
{
|
||||
"name": "master",
|
||||
"cardinality": 2,
|
||||
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
|
||||
"shutdown_action": "terminate",
|
||||
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
|
||||
"elasticity_policies": [],
|
||||
"scheduled_policies": []
|
||||
},
|
||||
{
|
||||
"name": "worker",
|
||||
"cardinality": 4,
|
||||
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
|
||||
"shutdown_action": "terminate",
|
||||
"parents": [
|
||||
"leader"
|
||||
],
|
||||
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
|
||||
"elasticity_policies": [],
|
||||
"scheduled_policies": []
|
||||
}
|
||||
],
|
||||
"networks": {
|
||||
"main": "M|network|Main network| |id:",
|
||||
"internal": "M|network|Internal network| |id:"
|
||||
},
|
||||
"custom_attrs": {
|
||||
"KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local",
|
||||
"INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |",
|
||||
"LE_EMAIL": "M|text|Email | |"
|
||||
},
|
||||
"shutdown_action": "terminate",
|
||||
"ready_status_gate": true
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
NAME = "<%= template_name %>"
|
||||
CONTEXT = [
|
||||
NETWORK = "YES",
|
||||
REPORT_READY = "YES",
|
||||
SET_HOSTNAME = "$NAME",
|
||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
|
||||
TOKEN = "YES" ]
|
||||
CPU = "0.2"
|
||||
DESCRIPTION = "Alpine basic image"
|
||||
DISK = [
|
||||
DEV_PREFIX = "vd",
|
||||
DRIVER = "qcow2",
|
||||
IMAGE = "<%= image_name %>",
|
||||
IMAGE_UNAME = "<%= user %>" ]
|
||||
GRAPHICS = [
|
||||
KEYMAP = "fr",
|
||||
LISTEN = "0.0.0.0",
|
||||
TYPE = "VNC" ]
|
||||
HYPERVISOR = "kvm"
|
||||
INPUT = [
|
||||
BUS = "usb",
|
||||
TYPE = "tablet" ]
|
||||
INPUTS_ORDER = ""
|
||||
LOGO = "images/logos/linux.png"
|
||||
MEMORY = "512"
|
||||
MEMORY_UNIT_COST = "MB"
|
||||
NIC_DEFAULT = [
|
||||
MODEL = "virtio" ]
|
||||
OS = [
|
||||
ARCH = "x86_64",
|
||||
BOOT = "",
|
||||
SD_DISK_BUS = "scsi" ]
|
||||
VCPU = "2"
|
|
@ -1,32 +0,0 @@
|
|||
NAME = "<%= template_name %>"
|
||||
CONTEXT = [
|
||||
NETWORK = "YES",
|
||||
REPORT_READY = "YES",
|
||||
SET_HOSTNAME = "$NAME",
|
||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
|
||||
TOKEN = "YES" ]
|
||||
CPU = "0.2"
|
||||
DESCRIPTION = "K3S Ready VM"
|
||||
DISK = [
|
||||
IMAGE = "<%= image_name %>",
|
||||
IMAGE_UNAME = "<%= user %>",
|
||||
DRIVER = "qcow2" ]
|
||||
GRAPHICS = [
|
||||
KEYMAP = "fr",
|
||||
LISTEN = "0.0.0.0",
|
||||
TYPE = "VNC" ]
|
||||
HYPERVISOR = "kvm"
|
||||
INPUT = [
|
||||
BUS = "usb",
|
||||
TYPE = "tablet" ]
|
||||
INPUTS_ORDER = ""
|
||||
LOGO = "images/logos/alpine.png"
|
||||
MEMORY = "2048"
|
||||
MEMORY_UNIT_COST = "MB"
|
||||
NIC_DEFAULT = [
|
||||
MODEL = "virtio" ]
|
||||
OS = [
|
||||
ARCH = "x86_64",
|
||||
BOOT = "",
|
||||
SD_DISK_BUS = "scsi" ]
|
||||
VCPU = "2"
|
|
@ -1,35 +0,0 @@
|
|||
NAME = "<%= template_name %>"
|
||||
CONTEXT = [
|
||||
NETWORK = "YES",
|
||||
REPORT_READY = "YES",
|
||||
SET_HOSTNAME = "$NAME",
|
||||
SERVER_ROLE = "leader",
|
||||
TOKEN = "YES",
|
||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
|
||||
]
|
||||
CPU = "0.8"
|
||||
DESCRIPTION = "Kubernetes master or Docker VM (check the name)"
|
||||
DISK = [
|
||||
DEV_PREFIX = "vd",
|
||||
IMAGE = "<%= image_name %>",
|
||||
IMAGE_UNAME = "<%= user %>",
|
||||
DRIVER = "qcow2" ]
|
||||
GRAPHICS = [
|
||||
LISTEN = "0.0.0.0",
|
||||
KEYMAP = "fr",
|
||||
TYPE = "VNC" ]
|
||||
HYPERVISOR = "kvm"
|
||||
INPUT = [
|
||||
BUS = "usb",
|
||||
TYPE = "tablet" ]
|
||||
INPUTS_ORDER = ""
|
||||
LOGO = "images/logos/alpine.png"
|
||||
MEMORY = "2048"
|
||||
MEMORY_UNIT_COST = "MB"
|
||||
NIC_DEFAULT = [
|
||||
MODEL = "virtio" ]
|
||||
OS = [
|
||||
ARCH = "x86_64",
|
||||
BOOT = "",
|
||||
SD_DISK_BUS = "scsi" ]
|
||||
VCPU = "4"
|
|
@ -1,42 +0,0 @@
|
|||
NAME = "<%= template_name %>"
|
||||
CONTEXT = [
|
||||
NETWORK = "YES",
|
||||
REPORT_READY = "YES",
|
||||
SET_HOSTNAME = "$NAME",
|
||||
SERVER_ROLE = "master",
|
||||
MASTER_ADDR = "$MASTER_ADDR",
|
||||
MASTER_TOKEN = "$MASTER_TOKEN",
|
||||
MASTER_CA_TOKEN = "$MASTER_CA_TOKEN",
|
||||
TOKEN = "YES",
|
||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
|
||||
]
|
||||
CPU = "0.8"
|
||||
DESCRIPTION = "Kubernetes worker VM"
|
||||
DISK = [
|
||||
DEV_PREFIX = "vd",
|
||||
IMAGE = "<%= image_name %>",
|
||||
IMAGE_UNAME = "<%= user %>",
|
||||
DRIVER = "qcow2" ]
|
||||
GRAPHICS = [
|
||||
LISTEN = "0.0.0.0",
|
||||
KEYMAP = "fr",
|
||||
TYPE = "VNC" ]
|
||||
HYPERVISOR = "kvm"
|
||||
INPUT = [
|
||||
BUS = "usb",
|
||||
TYPE = "tablet" ]
|
||||
INPUTS_ORDER = ""
|
||||
LOGO = "images/logos/alpine.png"
|
||||
MEMORY = "2048"
|
||||
MEMORY_UNIT_COST = "MB"
|
||||
NIC_DEFAULT = [
|
||||
MODEL = "virtio" ]
|
||||
OS = [
|
||||
ARCH = "x86_64",
|
||||
BOOT = "",
|
||||
SD_DISK_BUS = "scsi" ]
|
||||
USER_INPUTS = [
|
||||
MASTER_ADDR = "O|text|Master address (for workers only)",
|
||||
MASTER_TOKEN = "O|text|Master Token (for workers only)",
|
||||
MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ]
|
||||
VCPU = "4"
|
|
@ -1,42 +0,0 @@
|
|||
NAME = "<%= template_name %>"
|
||||
CONTEXT = [
|
||||
NETWORK = "YES",
|
||||
REPORT_READY = "YES",
|
||||
SET_HOSTNAME = "$NAME",
|
||||
SERVER_ROLE = "worker",
|
||||
MASTER_ADDR = "$MASTER_ADDR",
|
||||
MASTER_TOKEN = "$MASTER_TOKEN",
|
||||
MASTER_CA_TOKEN = "$MASTER_CA_TOKEN",
|
||||
TOKEN = "YES",
|
||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
|
||||
]
|
||||
CPU = "0.8"
|
||||
DESCRIPTION = "Kubernetes worker VM"
|
||||
DISK = [
|
||||
DEV_PREFIX = "vd",
|
||||
IMAGE = "<%= image_name %>",
|
||||
IMAGE_UNAME = "<%= user %>",
|
||||
DRIVER = "qcow2" ]
|
||||
GRAPHICS = [
|
||||
LISTEN = "0.0.0.0",
|
||||
KEYMAP = "fr",
|
||||
TYPE = "VNC" ]
|
||||
HYPERVISOR = "kvm"
|
||||
INPUT = [
|
||||
BUS = "usb",
|
||||
TYPE = "tablet" ]
|
||||
INPUTS_ORDER = ""
|
||||
LOGO = "images/logos/alpine.png"
|
||||
MEMORY = "4096"
|
||||
MEMORY_UNIT_COST = "MB"
|
||||
NIC_DEFAULT = [
|
||||
MODEL = "virtio" ]
|
||||
OS = [
|
||||
ARCH = "x86_64",
|
||||
BOOT = "",
|
||||
SD_DISK_BUS = "scsi" ]
|
||||
USER_INPUTS = [
|
||||
MASTER_ADDR = "O|text|Master address (for workers only)",
|
||||
MASTER_TOKEN = "O|text|Master Token (for workers only)",
|
||||
MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ]
|
||||
VCPU = "4"
|
|
@ -1,47 +0,0 @@
|
|||
NAME = "<%= template_name %>"
|
||||
CONTEXT = [
|
||||
MATCHBOX_URL = "http://$NAME",
|
||||
NETWORK = "YES",
|
||||
PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION",
|
||||
PXE_DHCPMODE = "$ADHCPMODE",
|
||||
PXE_DNSDOMAIN = "$BDNSDOMAIN",
|
||||
PXE_DHCPRANGESTART = "$CDHCPRANGESTART",
|
||||
PXE_DHCPRANGEEND = "$DDHCPRANGEEND",
|
||||
PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION",
|
||||
MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME",
|
||||
REPORT_READY = "YES",
|
||||
SET_HOSTNAME = "$NAME",
|
||||
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
|
||||
TOKEN = "YES" ]
|
||||
CPU = "0.2"
|
||||
DESCRIPTION = "Matchbox Ready VM"
|
||||
DISK = [
|
||||
IMAGE = "<%= image_name %>",
|
||||
IMAGE_UNAME = "<%= user %>",
|
||||
DRIVER = "qcow2" ]
|
||||
GRAPHICS = [
|
||||
KEYMAP = "fr",
|
||||
LISTEN = "0.0.0.0",
|
||||
TYPE = "VNC" ]
|
||||
HYPERVISOR = "kvm"
|
||||
INPUT = [
|
||||
BUS = "usb",
|
||||
TYPE = "tablet" ]
|
||||
INPUTS_ORDER = ""
|
||||
LOGO = "images/logos/alpine.png"
|
||||
MEMORY = "2048"
|
||||
MEMORY_UNIT_COST = "MB"
|
||||
NIC_DEFAULT = [
|
||||
MODEL = "virtio" ]
|
||||
OS = [
|
||||
ARCH = "x86_64",
|
||||
BOOT = "",
|
||||
SD_DISK_BUS = "scsi" ]
|
||||
USER_INPUTS = [
|
||||
ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy",
|
||||
BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)",
|
||||
CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP",
|
||||
DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP",
|
||||
EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h",
|
||||
FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ]
|
||||
VCPU = "2"
|
|
@ -5,17 +5,17 @@ variable "name" {
|
|||
|
||||
variable "version" {
|
||||
type = string
|
||||
default = "11"
|
||||
default = "12.2.0"
|
||||
}
|
||||
|
||||
variable "short_version" {
|
||||
type = string
|
||||
default = "11"
|
||||
default = "12"
|
||||
}
|
||||
|
||||
variable "arch" {
|
||||
type = string
|
||||
default = "amd6464"
|
||||
default = "amd64"
|
||||
}
|
||||
|
||||
variable "output_dir" {
|
||||
|
@ -25,12 +25,12 @@ variable "output_dir" {
|
|||
|
||||
variable "source_url" {
|
||||
type = string
|
||||
default = "https://cdimage.debian.org/cdimage/release"
|
||||
default = "https://cdimage.debian.org/cdimage/release/12.2.0"
|
||||
}
|
||||
|
||||
variable "iso_cd_checksum" {
|
||||
type = string
|
||||
default = "sha256:9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741"
|
||||
default = "file:https://cdimage.debian.org/cdimage/release/12.2.0/amd64/iso-cd/SHA256SUMS"
|
||||
}
|
||||
|
||||
variable "image_version" {
|
||||
|
@ -57,3 +57,8 @@ variable "cloud_init_runcmd" {
|
|||
type = list(string)
|
||||
default = [ "uname" ]
|
||||
}
|
||||
|
||||
variable "headless" {
|
||||
type = bool
|
||||
default = true
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
|
||||
variable "quid_ansible_vault_passphrase" {
|
||||
type = string
|
||||
default = env("QUID_ANSIBLE_VAULT_PASSPHRASE")
|
||||
sensitive = true
|
||||
}
|
Loading…
Reference in New Issue