Recette de construction de l'image "Quid" basée sur Debian 12 #6

Merged
pcaseiro merged 2 commits from feat/efs-quid into feat/first-recipes 2023-10-27 12:22:50 +02:00
64 changed files with 347 additions and 1295 deletions
Showing only changes of commit 9429201d16 - Show all commits

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/output
/packer-manifest.json

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"ansible.python.interpreterPath": "/bin/python"
}

6
build
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
set -eo pipefail
# Simple build wrapper # Simple build wrapper
ACTION=${1} ACTION=${1}
@ -25,8 +27,8 @@ initPacker() {
# First the "base" image then the provisionned ones # First the "base" image then the provisionned ones
# #
run() { run() {
${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/." ${PACKER} build ${PACKER_OPTS} -on-error=abort -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.*.${OS}" "${RCP_DIR}/${OS}/."
${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/." ${PACKER} build ${PACKER_OPTS} -on-error=abort -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.*.${OS}" "${RCP_DIR}/${OS}/."
} }
# #

View File

@ -1,16 +0,0 @@
name = "debian"
version = "11"
short_version = "11"
code_name = "bullseye"
arch = "amd64"
source_url = "https://cloud.debian.org/images/cloud/bullseye/latest"
iso_cd_checksum = "9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741"
image_dir_name= "latest"
boot_command = [ "<enter>" ]
# "<enter>",
# "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter>",
# "<wait>",
# "<wait1s>mkdir -p .ssh<enter>",
# "<wait1s>wget http://{{.HTTPIP}}:{{.HTTPPort}}/ssh-packer-pub.key -O .ssh/authorized_keys<enter><wait1s>",
# "<wait1s>chmod 600 .ssh/authorized_keys<enter>",
#]

View File

@ -0,0 +1,7 @@
name = "debian"
version = "12.2.0"
short_version = "12"
code_name = "bookworm"
arch = "amd64"
source_url = "https://cdimage.debian.org/cdimage/release/12.2.0"
image_dir_name= "latest"

View File

@ -1,7 +1,5 @@
locals { locals {
Globals = { Globals = {
Vars = { Vars = {}
PrometheusPort = "9090"
}
} }
} }

View File

@ -10,24 +10,11 @@ locals {
dirs = local.locations dirs = local.locations
timestamp = regex_replace(timestamp(), "[- TZ:]", "") timestamp = regex_replace(timestamp(), "[- TZ:]", "")
output_name = "${var.name}" output_name = "${var.name}"
source_checksum_url = "file:${var.source_url}/SHA512SUMS" source_iso = "${var.source_url}/${var.arch}/iso-cd/debian-${var.version}-${var.arch}-netinst.iso"
source_iso = "${var.source_url}/debian-${var.version}-generic-${var.arch}.qcow2" iso_cd_checksum = "file:${var.source_url}/${var.arch}/iso-cd/SHA256SUMS"
source_checksum = "${var.iso_cd_checksum}"
ssh_user = "root" ssh_user = "root"
ssh_password = "PbkRc1vup7Wq5n4r" ssh_password = "toor"
disk_size = 8000 disk_size = 8000
memory = 512 memory = 512
instance_data = { headless = var.headless
"instance-id": "${var.name}"
}
installOpts = {
hostname = var.name
user = "eole"
disk_device = "/dev/vda"
}
installOptsVMWare = {
hostname = var.name
user = "eole"
disk_device = "/dev/sda"
}
} }

View File

@ -7,38 +7,20 @@ EOF
source "vmware-iso.debian" { source "vmware-iso.debian" {
output_directory = "${var.output_dir}/${var.version}/base" output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}.img" vm_name = "${local.output_name}-${var.version}"
disk_size = 10240 disk_size = 10240
pcaseiro marked this conversation as resolved
Review

Je ne penses pas que la VM fasse le resize automatique des partitions au boot, du coup peut importe la taille selectionnée par l'utilisateur lors de l'import de l'OVF, les fs feront toujours 10Go.

Je vais tester un import sur ma machine pour voir.

Je ne penses pas que la VM fasse le resize automatique des partitions au boot, du coup peut importe la taille selectionnée par l'utilisateur lors de l'import de l'OVF, les fs feront toujours 10Go. Je vais tester un import sur ma machine pour voir.
iso_url = "${local.source_iso}" iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}" iso_checksum = "${var.iso_cd_checksum}"
guest_os_type = "ubuntu-64"
http_content = { http_content = {
"/ssh-packer-pub.key" = data.sshkey.install.public_key "/ssh-packer-pub.key" = data.sshkey.install.public_key
"/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOptsVMWare) "/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local })
} }
boot_command = var.boot_command boot_command = [
cd_label = "cidata" "<esc><wait>",
} "auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter><wait10s>",
"<enter>"
source "qemu.debian" { ]
output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}.img"
iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}"
disk_image = true
disk_size = 10240
cd_content = {
"meta-data" = jsonencode(local.instance_data)
"user-data" = templatefile("${path.cwd}/recipes/debian/templates/conf/cloud-init/user-data",
{ user = local.ssh_user,
password = local.ssh_password,
runcmd = var.cloud_init_runcmd })
}
#http_content = {
# "/ssh-packer-pub.key" = data.sshkey.install.public_key
# "/install.conf" = templatefile("${local.locations.templates}/conf/install/awnsers.pktpl.hcl", local.installOpts)
#}
cd_label = "cidata"
boot_command = var.boot_command
} }
provisioner "shell" { provisioner "shell" {
@ -49,7 +31,6 @@ EOF
script = "${local.locations.provisionning}/letsencrypt.sh" script = "${local.locations.provisionning}/letsencrypt.sh"
} }
post-processor "shell-local" { post-processor "shell-local" {
inline = [ inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}", "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}",

View File

@ -11,7 +11,11 @@ packer {
qemu = { qemu = {
source = "github.com/hashicorp/qemu" source = "github.com/hashicorp/qemu"
version = "~> 1" version = "~> 1"
} }
ansible = {
version = "~> 1"
source = "github.com/hashicorp/ansible"
}
} }
} }

View File

@ -1,64 +0,0 @@
#!/sbin/openrc-run
: ${SUBCFGDIR:=/srv}
DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"}
SUBSVC="${SVCNAME#*.}"
[ -z "${SUBSVC}" ] && exit 1
: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"}
DOCOCMD="/usr/bin/docker-compose"
export COMPOSE_HTTP_TIMEOUT=300
description="Manage docker services defined in ${SUBCFG}"
extra_commands="configtest build"
description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\""
description_build="Run \"docker-compose -f ${SUBCFG} build\""
depend() {
need localmount net docker
use dns
after docker
}
configtest() {
if ! [ -f "${SUBCFG}" ]; then
eerror "The config file ${SUBCFG} does not exist!"
return 1
fi
if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then
einfo "config: ok"
else
eerror "config: error"
return 1
fi
}
build() {
configtest || return 1
ebegin "Building dockerservice ${SUBSVC}"
"${DOCOCMD}" -f "${SUBCFG}" build
eend $?
}
start() {
configtest || return 1
ebegin "Starting dockerservice ${SUBSVC}"
sleep 5
"${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS}
eend $?
}
stop() {
ebegin "Stopping dockerservice ${SUBSVC}"
"${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300
eend $?
}
status() {
if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then
einfo "status: started"
else
einfo "status: stopped"
return 3
fi
}

View File

@ -1,181 +0,0 @@
#!/bin/sh
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
LOG_FILE="/var/log/initkubernets.log"
FIRST_BOOT="/var/run/firstboot.flag"
infoLog() {
echo "Info: $@" | tee -a ${LOG_FILE}
}
errorLog() {
echo "Error: $@" | tee -a ${LOG_FILE}
}
waitReadyState() {
local vmID="${1}"
local timeout="${2}"
local tick=0
while true ;do
local ready=$(onegate vm show ${vmID} --json | jq -rc ".VM.USER_TEMPLATE.READY")
if [ "${ready}" = "YES" ];then
return 0
elif [ "${timeout}" -eq "${tick}" ];then
return ${timeout}
else
sleep 1
tick=$((tick+1))
fi
done
}
returnToken() {
infoLog "Returning tokens"
local caSecretKey="${1}"
local caToken=$(openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1)
local kubeToken=$(kubeadm token list | awk '/authentication,signing.*The default*/ {print $1}')
local masterAddr=$(awk -F '/' '/server/ {print $3}' /etc/kubernetes/admin.conf)
if [ -n "${ONEGATE_ENDPOINT}" ];then
infoLog "Onegate detected"
data="READY=YES"
data="${data} MASTER_ADDR=${masterAddr}"
data="${data} MASTER_TOKEN=${kubeToken}"
data="${data} MASTER_CA_TOKEN=sha256:${caToken}"
data="${data} MASTER_CA_SECRET_KEY=${caSecretKey}"
onegate vm update --data "${data}"
infoLog "Onegate data seted"
else
infoLog "Onegate is not present"
echo "${masterAdd} ${kubeToken} ${caToken}" >> /root/kube.token
infoLog "Tokens are available at /root/kube.token"
fi
}
joinCluster() {
local master="${MASTER_ADDR}"
local token="${MASTER_TOKEN}"
local caToken="${MASTER_CA_TOKEN}"
local caSecretKey="${MASTER_CA_SECRET_KEY}"
local sname="${SERVICE_NAME}"
if [ -n "${ONEGATE_ENDPOINT}" ];then
local masterID=$(onegate service show --json | jq -c '.SERVICE.roles[] | select(.name == "leader") | .nodes[0].deploy_id')
if [ "${?}" -eq 0 ]; then
waitReadyState ${masterID} 600
if [ "${?}" -ne 0 ];then
errorLog "Master node is node ready after 600s"
return 3
fi
local masterInfo=$(onegate vm show ${masterID} --json | \
jq -cr ".VM.USER_TEMPLATE.MASTER_ADDR, .VM.USER_TEMPLATE.MASTER_TOKEN, .VM.USER_TEMPLATE.MASTER_CA_TOKEN,.VM.USER_TEMPLATE.MASTER_CA_SECRET_KEY, .VM.TEMPLATE.NIC[0].IP")
master=$(echo ${masterInfo} | cut -d " " -f 1)
token=$(echo ${masterInfo} | cut -d " " -f 2)
caToken=$(echo ${masterInfo} | cut -d " " -f 3)
caSecretKey=$(echo ${masterInfo} | cut -d " " -f 4)
masterIP=$(echo ${masterInfo} | cut -d " " -f 5)
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
fi
# Setting dns resolution for cluster
echo "${masterIP} ${sname}" >> /etc/hosts
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
fi
if [ -n "${master}" ] & [ -n "${token}" ] & [ -n "${caToken}" ];then
opts="--node-name $(hostname -f)"
opts="${opts} --token ${token}"
opts="${opts} --discovery-token-ca-cert-hash ${caToken}"
if [ -n "${1}" ];then
opts="${opts} --control-plane"
opts="${opts} --certificate-key ${caSecretKey}"
fi
opts="${opts} ${master}"
kubeadm join ${opts} | tee -a "${LOG_FILE}"
else
errorLog "Something is missing, can't join the cluster:"
errorLog " Master addr: [${master}]"
errorLog " Master token: [${token}]"
errorLog " Master CA token: [${caToken}]"
return 3
fi
}
getServiceName() {
local sname=$(onegate service show --json | jq -cr ".SERVICE.name")
local tmout=30
local tick=0
while true ;do
if [ -z "${sname}" ];then
sname=$(onegate service show --json | jq -cr ".SERVICE.name")
else
echo ${sname}
return 0
fi
sleep 1
tick=$((tick+1))
if [ ${tmout} -eq ${tick} ];then
hostname -f
return 3
fi
done
}
initLeader() {
sname="$(hostname -f)"
if [ -n "${ONEGATE_ENDPOINT}" ];then
sname=$(getServiceName)
sip=$(onegate vm show --json | jq -rc ".VM.TEMPLATE.NIC[0].IP")
echo "${sip} ${sname} $(hostname -f)" >> /etc/hosts
onegate service show --json | jq -rc '.SERVICE.roles[].nodes[].vm_info.VM | .TEMPLATE.NIC[].IP + " " + .NAME' >> /etc/hosts
fi
caSecretKey=$(date | sha256sum | awk '{print $1}')
infoLog "Kubernetes init started"
kubeadm init --pod-network-cidr=10.244.0.0/16 \
--node-name="${SET_HOSTNAME}" \
--control-plane-endpoint "${sname}:6443" \
--upload-certs --certificate-key "${caSecretKey}" | tee -a "${LOG_FILE}"
infoLog "Kubernetes init ended"
infoLog "Configuring kubectl"
mkdir /root/.kube
ln -s /etc/kubernetes/admin.conf /root/.kube/config
infoLog "kubectl configured"
infoLog "Installing cilium"
sleep 20
kubectl config view --minify -o jsonpath='{.clusters[].name}'
sleep 20
cilium install --helm-set 'cni.binPath=/usr/libexec/cni' --wait | tee -a "${LOG_FILE}"
infoLog "Cilium is installed"
returnToken "${caSecretKey}"
}
initKube() {
if [ "${SERVER_ROLE}" == "leader" ];then
initLeader
elif [ "${SERVER_ROLE}" == "worker" ];then
joinCluster
elif [ "${SERVER_ROLE}" == "master" ];then
joinCluster "${SERVER_ROLE}"
fi
touch ${FIRST_BOOT}
infoLog "Kubernetes cluster init is finished"
}
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
if [ -f "${FIRST_BOOT}" ];then
exit 0
else
uuidgen > /etc/machine-id
swapoff -a # Make sure swap is disabled
initKube &
fi

View File

@ -1,3 +0,0 @@
#!/bin/sh
mount --make-rshared /

View File

@ -1,25 +0,0 @@
#!/bin/sh
FL_VERSIONS="current 3374.2.0"
MATCHBOX_DIR="/var/lib/matchbox"
ASSETS_DIR="${MATCHBOX_DIR}/assets/"
GPG_FNAME="Flatcar_Image_Signing_Key.asc"
GPG_KEYS_URL="https://www.flatcar.org/security/image-signing-key/"
cd /tmp
curl -L -O ${GPG_KEYS_URL}/${GPG_FNAME}
gpg --import --keyid-format LONG ${GPG_FNAME}
cd -
echo "Provisionning matchbox with flatcar images"
tout=30
for version in ${FL_VERSIONS}; do
for i in $(seq 1 ${tout});do
echo " * ${FL_VERSIONS} stable image (try ${i})"
/usr/local/bin/get-flatcar stable ${version} ${ASSETS_DIR}
if [[ "${?}" -eq 0 ]]; then
break
fi
done
done

View File

@ -1,10 +0,0 @@
#!/bin/sh
dest="${1}"
ipxeEFISource="http://boot.ipxe.org/ipxe.efi"
kpxeSource="http://boot.ipxe.org/undionly.kpxe"
cd "${dest}"
wget "${ipxeEFISource}"
wget "${kpxeSource}"

View File

@ -1 +0,0 @@
harbor

View File

@ -1 +0,0 @@
matchbox

View File

@ -1,13 +0,0 @@
#!/bin/sh
CONF="/etc/conf.d/jenkins-slave"
if [ -e "/etc/jenkins-slave.conf" ]; then
CONF="/etc/jenkins-slave.conf"
fi
TOTAL_MEMORY=$(cat /proc/meminfo | grep MemTotal | awk '{ printf "%sg", int($2/1024/1024)+1 }')
sed -i "s|^JENKINS_SLAVE_NAME=.*$|JENKINS_SLAVE_NAME='slave-$ETH0_IP'|" "${CONF}"
sed -i "s|^JENKINS_SLAVE_USERNAME=.*$|JENKINS_SLAVE_USERNAME='$JENKINS_SLAVE_USERNAME'|" "${CONF}"
sed -i "s|^JENKINS_SLAVE_PASSWORD=.*$|JENKINS_SLAVE_PASSWORD='$JENKINS_SLAVE_PASSWORD'|" "${CONF}"
sed -i "s|^JENKINS_MASTER_URL=.*$|JENKINS_MASTER_URL='$JENKINS_MASTER_URL'|" "${CONF}"
sed -i "s|^JENKINS_SLAVE_LABELS=.*$|JENKINS_SLAVE_LABELS='docker docker-compose mem-$TOTAL_MEMORY $JENKINS_SLAVE_LABELS'|" "${CONF}"

View File

@ -1,31 +0,0 @@
#!/usr/bin/env bash
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
# $TOKENTXT is available only through the env. file
# shellcheck disable=SC1090
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
###
if [ -n "${GITLAB_URL}" ]; then
if command -v gitlab-runner; then
if [ -n "${GITLAB_SHELL}" ]; then
opts="--shell=${GITLAB_SHELL}"
fi
# shellcheck disable=SC2086
gitlab-runner register \
--non-interactive \
--url="${GITLAB_URL}" \
--registration-token="${GITLAB_TOKEN}" \
--executor="${GITLAB_EXECUTOR}" \
--description="${GITLAB_RUNNER_NAME}" \
--tag-list="${GITLAB_TAG_LIST}" \
--locked=false \
--access-level=not_protected \
--run-untagged=false \
"${opts}"
fi
fi

View File

@ -1,21 +0,0 @@
#!/usr/bin/env bash
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
# $TOKENTXT is available only through the env. file
# shellcheck disable=SC1090
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
###
if [ -n "${K3S_ROLE}" ]; then
if [ "${K3S_ROLE}" = "server" ]; then
rc-update add dnsmasq default
service dnsmasq start
rc-update add k3s default
service k3s start
fi
fi

View File

@ -1,9 +0,0 @@
#!/bin/sh
echo "${1}" >/etc/hostname
apt-get update
apt-get -y dist-upgrade
apt-get install wget curl -y
touch /etc/cloud/cloud-init.disabled

View File

@ -0,0 +1,11 @@
#!/bin/bash
echo "${1}" >/etc/hostname
apt-get update
apt-get -y dist-upgrade
apt-get install wget curl open-vm-tools -y
systemctl enable --now open-vm-tools.service
touch /etc/cloud/cloud-init.disabled

View File

@ -37,10 +37,14 @@ d-i finish-install/reboot_in_progress note
# Bootloader options # Bootloader options
d-i grub-installer/only_debian boolean true d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string /dev/vda d-i grub-installer/bootdev string /dev/sda
# Set the keyboard layout # Set the keyboard layout
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/variant select France
d-i keyboard-configuration/xkb-keymap select fr d-i keyboard-configuration/xkb-keymap select fr
d-i console-keymaps-at/keymap select fr-latin9
d-i debian-installer/keymap string fr-latin9
# Mirror from which packages will be downloaded # Mirror from which packages will be downloaded
d-i mirror/country string manual d-i mirror/country string manual
@ -65,15 +69,19 @@ d-i partman/confirm_write_new_label boolean true
# User configuration # User configuration
d-i passwd/root-login boolean true d-i passwd/root-login boolean true
d-i passwd/root-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 d-i passwd/root-password password ${local.ssh_password}
d-i passwd/root-password-again password ${local.ssh_password}
d-i passwd/user-fullname string packer d-i passwd/user-fullname string packer
d-i passwd/user-uid string 1000 d-i passwd/user-uid string 1000
d-i passwd/username string packer d-i passwd/username string packer
d-i passwd/user-password-crypted password $1$hA6nLFTh$FitTH.KXJWluJN9z7lDjr0 d-i passwd/user-password password ${local.ssh_password}
d-i passwd/user-password-again password ${local.ssh_password}
# Extra packages to be installed # Extra packages to be installed
d-i pkgsel/include string sudo d-i pkgsel/include string sudo
d-i pkgsel/include string openssh-server build-essential d-i pkgsel/include string openssh-server
d-i pkgsel/include string wget
d-i pkgsel/include string cloud-init
d-i pkgsel/install-language-support boolean false d-i pkgsel/install-language-support boolean false
d-i pkgsel/update-policy select none d-i pkgsel/update-policy select none
@ -102,6 +110,6 @@ popularity-contest popularity-contest/participate boolean false
# Select base install # Select base install
tasksel tasksel/first multiselect standard, ssh-server tasksel tasksel/first multiselect standard, ssh-server
# Setup passwordless sudo for packer user d-i preseed/late_command string in-target mkdir -p /root/.ssh; \
d-i preseed/late_command string \ in-target /bin/sh -c "echo '${data.sshkey.install.public_key}' >> /root/.ssh/authorized_keys"; \
echo "packer ALL=(ALL:ALL) NOPASSWD:ALL" > /target/etc/sudoers.d/packer && chmod 0440 /target/etc/sudoers.d/packer in-target chown -R root:root /root/.ssh/

View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
set -eo pipefail set -eo pipefail
@ -20,7 +20,7 @@ for cert in $CERTS; do
echo "Downloading '$cert'..." echo "Downloading '$cert'..."
filename=$(basename "$cert") filename=$(basename "$cert")
wget --tries=10 --timeout=30 -O "$filename" "$cert" wget --tries=10 --timeout=30 -O "$filename" "$cert"
#openssl x509 -in "$filename" -inform PEM -out "$filename.crt" openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
done done
$UPDATE_CERTS_CMD $UPDATE_CERTS_CMD

View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
set -e set -e

View File

@ -1,21 +0,0 @@
#!/usr/bin/env bash
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
# $TOKENTXT is available only through the env. file
# shellcheck disable=SC1090
if [ -f "${ENV_FILE}" ]; then
. "${ENV_FILE}"
fi
###
if [ -n "${K3S_ROLE}" ]; then
if [ "${K3S_ROLE}" = "server" ]; then
rc-update add dnsmasq default
service dnsmasq start
rc-update add k3s default
service k3s start
fi
fi

View File

@ -0,0 +1,2 @@
/quid-ansible
/.ansible_vault_passphrase

View File

@ -0,0 +1,137 @@
---
quid_ansible_repo_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
63356330363932313165663737383634623039383935333233316532643433643930663630663337
3938373061393535383638356438396264363132333939320a616463333939643036396266653435
32373265633439633663306433393037376235323965343530333239356633326266336333333961
6663613239393639370a663135333562663264376533336166323062656333613636393263356233
66653132386131613436356364636432336166353938373837333036393931343063343632613832
32303862623536356638396337373661623666393839303861653837393032666366396334383466
66373866366662353062653939393631373535666261323965666465383566343064653838313237
64396466393834373538613430636134663463313331336330393238636561663566343535663537
35643434313030636139326362613832346536333166613061653136346439653231336239626363
33376362383034303033343539306134313033386434366534633033306564636661386530306431
34656461323164656135303931626536643330653338656162386262633033393030363333336534
31343732636363623061303238386137316464333030343733316262646639366531633566383635
64653166393134623835363865326639613732353562303665643331663431333034373337653336
65313563333439613938396264626464393037396264646237303034356638323139373665613265
62623933623064333332313265326431333931643332393166373765383962333639643033393736
39666365666662396334316666323933306561343032386436613932396666653330653936656635
64353361366539363034316434306239646463336564643939353238393264633235633737656365
31313130396532313839613764393636656365303636323437643939313030373464353636363037
35376439383531633265613734383463643562333763646131643134383262313736613261346237
36633839323833316165393439386136343161306266666331396163363464343132393936313231
35663530633132386633313138333835346630383265666638373836663737623933376661633936
31623863396439623661396135633537306132306435303430613433346362333934383033656434
31363437626463383039336438666662316664353536393139383236323835333738393332623138
30343264633964393461616633313837353632373935623462326461663965363962306337396231
36623661333934616237306137663130316533613461616136306334666138656534383539393331
32623464333030653930393563343031383362383233373235623433643037636463656638386334
38316362643736313038366339396165626164336230663538303166316332633337396231646663
35303130666135313632326162643632356534646630383163653966346365646334396532313335
38353539383630663936313939613638346536623739366164313132636463353666636338353562
65336663333937353630636565396537366261646464626163623465313962353039623432653335
39653662366335646437366639303736653434623137613633353664336534373965616436643837
37396239633533616136636165396333366162313736666366396363303536373235656234393332
34663330653738643931373465313939313236363935316237303566363234346330303534353736
35336639313233346437666236653931366331393530363432303065323234376436373830346664
30613335333062633563643565383065663361613737343537396230353339656234613264666232
36393831663264393437316362653734356236333165666361623134626438653536303862653965
62636431643738393437663762376261653231633038343365666361626466653634353030356566
65333436353939623233623964393833363461356133653564633164366630303034633237653138
64343230383036336430306164636134623930656532366232353561656237306435353839396661
36633861363830633964376165633339376264363735613965376437303666326665303839363566
36306239376230303463663836653931656231353531383561353838383565356363376134343334
33363430613935643839316137333765383537326231343734643766373865306262336166313763
33666530633938636537663539616334643933396232653665373335663964343631623233366430
63306361383332323936343461313231343730373333346337656461346136656531326332613537
39323335313061376439343034336466643934306538333030616139353564323432376531663464
35613462396430346533383061636132323961303938613365306531386462313730326639363461
36313839336232373938353537356663363034356238383264303462396534343035633461336334
38613737373430396132313465366363386365303265396261303434653463623265323237393734
38616262326461383739353235353835316638653263383938653233326336633532323561656433
34326634623130336135333931633635316464383139393639353731636432613832633265376332
32346161396332356530316365316362393130643833633264643136623733313963326161333535
61623835643931613461333033643636386339323137306663366563393463383266356433306362
32626430316137336536663232633061396232313935656562346437653238313130383837336361
61323865646637333037336335656462303065616237356463616631663539633433613263623932
61333236653836653436616161666330616239393331393139333231626464326339666433663461
33343539356634613363616662333562653162366532396337643163373738363637313738386362
30356634626536336264616263313438366336373962636438303634333130626433366536366436
33393461386337663366663132336136343930623464663062663930363663333566323734336631
63643866643262333735386433386662303263323038613862653563363230643065356439663264
36323666323331613663626533366130663766643036366430643734303561393234623539646463
38376132653234346633363238303265376431653663363861653037323436393037306436623962
66376536343032303863323138326334626166363930323530353161333737616261346631326364
36343239373365306266323832303531313037316234353537383436363866326533663437373537
31353038326439303839353139303362613264386434303236363336386665303861663438626135
39633361656130316335333965643966616263303563326639653534653931343261356133616461
63353664633636343438303936636632393963343235323537393064646138623934633237646139
33366664636664373135316366316163343266646435626636366534343061323464633464666430
36653231633565346334333362343734613861313465366530376266653939656163323236613139
31363165646134343236326663343534383031323431323162343566353938666365323265663931
62396466333730363261626465366431316332626236346364396536636165653330653531306330
63633564613330323637633761613066623135396132316636303130663534306562326535363733
31636639643632633232383938363563643732623364303732663133386434326236353635326439
37656138663166616231383264353763623066646337656363663839376536633235353838373465
37343237376138326337623565306137363833333165383166343233373438373261306433653734
65376361633165383034666337623832336262393831313831626564346231376561393365633437
65383236633036616538623861656439323866633864666434643262346632343865643462393237
36386463393936376437643065356461306235656233373561393965613461643035356634626335
38633664323265303563363636613130383236393339333330613239633765636232326265653864
31346361346364396166663930663435313230366631623363306136353833346138346433373730
36326536323166396562303733353835663234636136383539356139623433316537343039623761
66373231353639623533323837386339323462366137376363373030333762323830623535626433
36636162396439363436343330636162383864383837663236626237396562333032383162636165
36663833343062613362663739303639396139376166376234646663316239306261356561396535
30316331656464333137313333396132656636653932363834336336303635633865313165316434
63376461333137343164333634333139336539613839393237343336646261643038643833303461
30663763653864626133356439646664663331613666616133383830346331636438656639633065
38346562343531633166666436643138366235373562386137326535333936383832313962313233
65613265313538626565666339643866393165316363663664373066623962303435663635653738
65363262633236333339633636363233333232333332643837326163633061656135653763663539
39346365356266353336316461613336343039656330306530303961346133343765363036633734
65643563633631373133633031343532356461633461616430313331306335336131333062643230
33623331313566646130373833373137333733343534383239306630396335383539373736613862
39323265393438376437386261636162303535346638316464366431316439643463623237323563
31326633373964626266356435376231333933646139666166663232633132323832353034626132
37316235376265633762613536323735653134616233396439326239323933623465613932363332
61663862613330366134633534653632343865666562376438386563653066363635666136613534
62356433653861666634653536353163306539613061373936346538306134326561323564353936
62666139646238663230376132613334323138313261336338666433613231323633623636333938
31356334613334383839396535643764393938303931613835643037626530333534323063646164
33346363366334333063363564663638306461613838616564643938396234373961613130373738
32636533653666626261336138326335623366643737633763353066643263663161396239663432
66646233303739623032313439643763656464623865353963333330653833323763633362303434
61343530613530336461363038383731646663343764383262393534623530613033636665656233
38666162336332376436363335626365666134646532356534346264316465613336653664326461
66626537643465326661636164313166393761343231643831366362386431323664633134303062
37623863616165633236643139633736336537326533636632646666633466336230653165666333
39326566326665366364636631646237663534393631646633316231303835343837303233333565
65663163646566306331343766636461326333306662633337356135663938383166303532313566
31393932333037366237663465626434643564663036336139316636313163646439643934343436
65343462393337333161323236303233376532363963616433343133383631643937333662363063
39646536373865626230633466616162613333623462616139386166316662343034393761343339
63313263316662626563343130633837303932383134656432383232626163323634636462343662
62326665366431656239663564663838653631396366313861323935623364633266333739383861
63326264333236373333313566323937336232326461343839616533633639346435333162313237
38646638373735663163623231313463326263656531373536393934626632326433363634616337
61303035356263366166656565393565343733626439376533316266343038366366656538663830
61656661323936633964333433306165613334306436343832666561363565343631383538643631
35623839643133376335393331643962386532346437313933366133336364326533373436613833
66326237386161623332323130333839336363373330313435636634663532346130626230393333
61323361646537623235376135363033636261343365343735623963643066373631343235356536
39653136376661353837383839663965643334393861373235353035356235396235613562363061
33353339663165656432383230663033363861343032326663373632346634303231346462663836
65313963373139383765303838666634666431343734313532626438373961393839656236646263
32623264636434636531663138373466663032333463373232353333363534336435353664353238
66663562653238396637613463636133656133386163376637353439626133373032373762623465
63316335336662623039633837613666363766363931343865313330316362316561626438626533
65383465396536306562363163653132343263636363613434333966346166326263373038653266
62353734326365616361303135303561313131633637633461636539636666363162646238343265
32363065326330303666336638333439356135633764643830353135346139306366353831613564
36303763363031613531623336656637393337323035343532623239623735383932626463643866
30363138313964643664653834363861616565393065633231623961353532623434623832343930
66666330633633653030613237383063353064373661393965373333323565336434653837616336
32613737623064316233613434363031623238326132653434646237306234663538616463643230
3261376331343330613739346434313636613561626230656334

View File

@ -0,0 +1,10 @@
---
- name: Ciblage de la machine locale
hosts: localhost
connection: local
tasks:
- name: Clonage du projet "EFS/quid-ansible"
ansible.builtin.git:
repo: "ssh://git@forge.cadoles.com:2222/EFS/quid-ansible.git"
dest: "quid-ansible"
version: "master"

View File

@ -0,0 +1,2 @@
---
- import_playbook: quid-ansible/deploy.yml

View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsoXFfQcqFp6+5QbB1o1ZpjCGeiPMM9aOK2DoZoMM/7 nicolas.melin@cnous.fr

View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwyKvtyfZibpHNDDsfg7N6PHPnv9AzA2PowGd7iqF6YRv6CgGPnUixWE791bmekr57TR1QwW58aSEPSQMfLBwo0OwZ7GXYbOb9Fdb6WHAUJHSyMNsFvakgjq0g7TERMw3UksiYpUBCLgvWhF5jNjKsXgK3LyMUVqJs9KlUBt6elxy3CWoMYaWVJTQwXqLEbvr7W9F1rb9PQi80vxcSZXgk5XPPZH4vh7oN7GLB5UwaTFRh4lcup0xnV938gSgLxttPg4t5li5cmvXXMgtCrIDj7JPh9Cic+UXo80cV14nOpX23nuu408Veys/4p5tYiYFCg6NnUtW2dJrfyga9W1h6nc/6JaY8aXdoE+pi7lL7XrMvJPQxVYdwA9rPUBSZAIOmZQQx2aKFMsXocyVXQDzLQyg8lAF9gbMkjXH7DluXd+s0OAdijW9VFxhjutojaC76vhH+ZqSq511vdCTuq+6juW/By/pYQRtKiL1jJqfQoC+JU8RmOVOml5ciT7I0OM/0dakdIMYINX1FaRuSYb8wm0k3pKh+PGmMigja5lY7Bv8M89gRRw+8bJ42h5XkR0Jd04Wagd9eFXvaLa9OdarwF5rE2d6NM5Gfr2wJ4XuDMC7C3r/b6U3sZr6CWvQ5URrXS9OLtZG09DtEGIIuMcu0pgqclitVDi06Ffz5dZMnVQ== olivier.perrot@cnous.fr

View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
set -ex set -ex

View File

@ -0,0 +1,74 @@
#Flavour base
build {
name = "quid"
description = <<EOF
This builder builds a QEMU image from a Debian cloud image.
EOF
source "vmware-vmx.debian" {
output_directory = "${var.output_dir}/${var.version}/quid"
vm_name = "quid-${local.output_name}-${var.version}"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
disk_additional_size = [ 102400 ]
vmx_data = {
"scsi1.pcislotnumber" = "16"
"scsi1.present" = "TRUE"
"scsi1.virtualdev" = "lsilogic"
"scsi1:0.filename" = "disk-1.vmdk"
"scsi1:0.present" = "TRUE"
"scsi1:0.redo" = ""
}
vmx_data_post = {
"memsize" = "4096",
"numvcpus" = "2",
}
}
// Extend root logical volume with additional disk space
provisioner "shell" {
inline = [
"pvcreate /dev/sdb",
"vgextend debian-vg /dev/sdb",
"lvextend -l +100%FREE /dev/debian-vg/root",
"resize2fs /dev/debian-vg/root"
]
}
// Store temporarily ansible vault password in local file
provisioner "shell-local" {
inline = ["echo '${var.quid_ansible_vault_passphrase}' > '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
}
// Clone quid-ansible repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/quid/clone-quid-ansible.yml"
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v" ]
}
// Run quid-ansible playbook from cloned repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/quid/run-quid-ansible.yml"
groups = ["quid_server"]
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--vault-password-file=${local.locations.provisionning}/quid/.ansible_vault_passphrase", "--extra-vars=@${local.locations.provisionning}/quid/ansible-vars.yml" ]
}
// Remove ansible vault password file
provisioner "shell-local" {
inline = ["rm -f '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/quid ${var.image_version}",
]
}
post-processor "manifest" {
keep_input_artifact = true
}
}

View File

@ -0,0 +1,37 @@
# Flavor "Quid"
## Construction de l'image
1. Récupérer la phrase de passe pour les données chiffrées via `ansible-vault` dans le coffre-fort partagé (Section "Cadoles" -> "Kube").
2. Lancer la construction de l'image de la machine virtuelle
```
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" ./build start debian 12
```
ou si l'image Debian de base est déjà construite
```
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" BUILDER="vmware-vmx" ./build run debian 12 quid
```
> **Tip** Le paramètre `PACKER_OPTS="-var headless=false"` n'est nécessaire que dans le cas où vous souhaitez l'exécuteur VMWare avec son interface graphique.
## Générer le fichier OVF à partir de l'OVA
```
ovftool output/debian/12.2.0/quid/quid-debian-12.2.0.ova output/debian/12.2.0/quid/quid-debian-12.2.0.ovf
```
## Configuration de l'environnement Quid sur la machine virtuelle
1. Ajouter l'image de la machine sur votre environnement de virtualisation. Les fichiers sont normalement générés dans le répertoire `output/debian/12.2.0/quid`.
2. Démarrer la machine virtuelle. Le mot de passe par défaut du compte administrateur est `toor`.
3. Éditer le fichier `/etc/quid-ansible/config.yml` avec les valeurs correspondant à votre environnement de déploiement ([voir les valeurs par défaut](https://forge.cadoles.com/EFS/quid-ansible/src/branch/master/roles/quid-server/files/quid_ansible_default_config.yml))
4. Exécuter la commande `apply-config` pour mettre à jour la machine avec les valeurs présentes dans le fichier précédemment édité.
Pour plus d'informations voir la documentation du projet [`quid-ansible`](https://forge.cadoles.com/EFS/quid-ansible).

View File

@ -4,7 +4,7 @@ source qemu "debian" {
accelerator = "kvm" accelerator = "kvm"
vnc_bind_address = "0.0.0.0" vnc_bind_address = "0.0.0.0"
headless = false headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer. # Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
@ -39,7 +39,7 @@ source "vmware-iso" "debian" {
memory = "${local.memory}" memory = "${local.memory}"
vnc_bind_address = "0.0.0.0" vnc_bind_address = "0.0.0.0"
headless = true headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer. # Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
@ -69,10 +69,9 @@ source "vmware-iso" "debian" {
} }
source "vmware-vmx" "debian" { source "vmware-vmx" "debian" {
disk_type_id = 0
vnc_bind_address = "0.0.0.0" vnc_bind_address = "0.0.0.0"
headless = true headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer. # Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http" #http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
@ -99,4 +98,4 @@ source "vmware-vmx" "debian" {
format = "ova" format = "ova"
boot_wait = "5s" boot_wait = "5s"
} }

View File

@ -1,6 +0,0 @@
# /etc/conf.d/chronyd
CFGFILE="/etc/chrony/chrony.conf"
FAST_STARTUP=yes
ARGS=""
# vrf e.g 'vrf-mgmt'
#vrf=""

View File

@ -1,6 +0,0 @@
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: ${Vars.RootlessDocker}

View File

@ -1,3 +0,0 @@
%{ if Vars.RootlessDocker }
docker:231072:65536
%{ endif }

View File

@ -1,265 +0,0 @@
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: ${Vars.HarborDomain}
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: ${Vars.HarborHTTPPort}
# https related config
https:
# https port for harbor, default is 443
port: ${Vars.HarborHTTPSPort}
# The path of cert and key files for nginx
certificate: ${Vars.HarborSSLCert}
private_key: ${Vars.HarborSSLPrivKey}
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: ${Vars.HarborAdminPassword}
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: ${Vars.HarborDBPassword}
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 50
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 100 for postgres.
max_open_conns: 200
# The default data volume
data_volume: /srv/harbor/data
# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle:
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false
# Trivy configuration
#
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
# 12 hours and published as a new release to GitHub.
trivy:
# ignoreUnfixed The flag to display only fixed vulnerabilities
ignore_unfixed: false
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
#
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
skip_update: false
#
# The offline_scan option prevents Trivy from sending API requests to identify dependencies.
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't
# exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode.
# It would work if all the dependencies are in local.
# This option doesnt affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment.
offline_scan: false
#
# insecure The flag to skip verifying registry certificate
insecure: false
# github_token The GitHub access token to download Trivy DB
#
# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
# https://developer.github.com/v3/#rate-limiting
#
# You can create a GitHub token by following the instructions in
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
#
# github_token: xxx
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
logger_sweeper_duration: 300
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10
webhook_job_http_client_timeout: 300
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
# Uncomment following lines to enable external syslog endpoint.
# external_endpoint:
# # protocol used to transmit log to external endpoint, options is tcp or udp
# protocol: tcp
# # The host of external endpoint
# host: localhost
# # Port of external endpoint
# port: 5140
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.6.0
# Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable
# Uncomment external_redis if using external Redis server
# external_redis:
# # support redis, redis+sentinel
# # host for redis: <host_redis>:<port_redis>
# # host for redis+sentinel:
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
# host: redis:6379
# password:
# # sentinel_master_set must be set to support redis+sentinel
# #sentinel_master_set:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# trivy_db_index: 5
# idle_timeout_seconds: 30
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca
# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- notary
- trivy
metric:
enabled: false
port: 9090
path: /metrics
# Trace related config
# only can enable one trace provider(jaeger or otel) at the same time,
# and when using jaeger as provider, can only enable it with agent mode or collector mode.
# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed
# if using jaeger agetn mode uncomment agent_host and agent_port
# trace:
# enabled: true
# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth
# sample_rate: 1
# # # namespace used to differenciate different harbor services
# # namespace:
# # # attributes is a key value dict contains user defined attributes used to initialize trace provider
# # attributes:
# # application: harbor
# # # jaeger should be 1.26 or newer.
# # jaeger:
# # endpoint: http://hostname:14268/api/traces
# # username:
# # password:
# # agent_host: hostname
# # # export trace data by jaeger.thrift in compact mode
# # agent_port: 6831
# # otel:
# # endpoint: hostname:4318
# # url_path: /v1/traces
# # compression: false
# # insecure: true
# # timeout: 10s
# enable purge _upload directories
upload_purging:
enabled: true
# remove files in _upload directories which exist for a period of time, default is one week.
age: 168h
# the interval of the purge operations
interval: 24h
dryrun: false
# cache layer configurations
# If this feature enabled, harbor will cache the resource
# `project/project_metadata/repository/artifact/manifest` in the redis
# which can especially help to improve the performance of high concurrent
# manifest pulling.
# NOTICE
# If you are deploying Harbor in HA mode, make sure that all the harbor
# instances have the same behaviour, all with caching enabled or disabled,
# otherwise it can lead to potential data inconsistency.
cache:
# not enabled by default
enabled: false
# keep cache for one day by default
expire_hours: 24

View File

@ -1,47 +0,0 @@
# Example answer file for setup-alpine script
# If you don't want to use a certain option, then comment it out
# Use US layout with US variant
KEYMAPOPTS="fr fr"
# Set hostname to alpine-test
HOSTNAMEOPTS="-n ${hostname}"
# Contents of /etc/network/interfaces
INTERFACESOPTS="auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
hostname ${hostname}
"
# Search domain of example.com, OpenDNS public nameserver
# ex: -d example.com 1.1.1.1"
DNSOPTS=""
# Set timezone to UTC
TIMEZONEOPTS="-z Europe/Paris"
# set http/ftp proxy
PROXYOPTS="none"
# Add a random mirror
APKREPOSOPTS="-r -c"
# Install Openssh
SSHDOPTS="-c openssh -k /root/.ssh/authorized_keys"
# Use openntpd
NTPOPTS="-c openntpd"
# Use /dev/sda as a data disk
DISKOPTS="-L -m sys ${disk_device}"
USEROPTS="-a -g 'netdev' ${user}"
# Setup in /media/vda1
# LBUOPTS="/media/vda1"
# APKCACHEOPTS="/media/vda1/cache"

View File

@ -1,8 +0,0 @@
# k3s options
export PATH="/usr/libexec/cni/:$PATH"
K3S_EXEC="server"
%{ if Vars.DeployTraefik }
K3S_OPTS=""
%{ else }
K3S_OPTS="--disable traefik"
%{ endif }

View File

@ -1 +0,0 @@
command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}"

View File

@ -1,4 +0,0 @@
${Vars.NIC[0].IP} ${Vars.Set.Hostname}
%{ if Vars.MatchBox.Hostname != "" }
${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname}
%{ endif }

View File

@ -1,60 +0,0 @@
log-queries
log-dhcp
#port=0
listen-address=0.0.0.0
interface=${Vars.PXE.ListenInterface}
no-resolv
domain-needed
bogus-priv
expand-hosts
server=${Vars.ETH0.DNS}
strict-order
addn-hosts=/etc/dnsmasq-hosts.conf
domain=${Vars.PXE.DNSDomain}
local=/${Vars.PXE.DNSDomain}/
localise-queries
%{ if Vars.PXE.DHCPMode == "proxy" }
#dhcp-no-override
dhcp-range=${Vars.ETH0.IP},proxy
%{ else }
dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration}
dhcp-option=option:router,${Vars.ETH0.GATEWAY}
%{ endif }
dhcp-option=option:dns-server,${Vars.ETH0.IP}
dhcp-option=option:domain-name,${Vars.PXE.DNSDomain}
# TFTP Configuration
enable-tftp
tftp-root="${Vars.PXE.TFTPRoot}"
pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime}
# Based on logic in https://gist.github.com/robinsmidsrod/4008017
# iPXE sends a 175 option, checking suboptions
dhcp-match=set:ipxe-http,175,19
dhcp-match=set:ipxe-https,175,20
dhcp-match=set:ipxe-menu,175,39
# pcbios specific
dhcp-match=set:ipxe-pxe,175,33
dhcp-match=set:ipxe-bzimage,175,24
dhcp-match=set:ipxe-iscsi,175,17
# efi specific
dhcp-match=set:ipxe-efi,175,36
# combination
# set ipxe-ok tag if we have correct combination
# http && menu && iscsi ((pxe && bzimage) || efi)
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi
## Load different PXE boot image depending on client architecture (when running as a proxy DHCP)
pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe
pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi
pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi
dhcp-userclass=set:ipxe,iPXE
dhcp-boot=tag:ipxe-ok,http://${Vars.ETH0.IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.ETH0.IP}

View File

@ -1,28 +0,0 @@
#!/sbin/openrc-run
name=$RC_SVCNAME
command="/usr/local/bin/$RC_SVCNAME"
command_user="$RC_SVCNAME"
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
start_stop_daemon_args="--start -b"
command_args="$command_args"
command_background="yes"
depend() {
need net
}
start_pre() {
checkpath --directory --owner $command_user:$command_user --mode 0775 \
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
if [ ! -f "/etc/matchbox/server.crt" ]; then
cd /root/tls
export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.ETH0.IP}"
./cert-gen
mkdir -p /etc/matchbox
cp ca.crt server.crt server.key /etc/matchbox
chown -R matchbox:matchbox /etc/matchbox
mkdir -p /root/.matchbox
cp client.crt client.key ca.crt /root/.matchbox/
fi
}

View File

@ -1 +0,0 @@
harbor

View File

@ -1 +0,0 @@
command_args="-address 0.0.0.0:${Vars.MatchBox.HTTPPort} -rpc-address 0.0.0.0:${Vars.MatchBox.gRPCPort} -log-level ${Vars.MatchBox.LogLevel}"

View File

@ -1,7 +0,0 @@
${Vars.NIC[0].IP} ${Vars.Set.Hostname}
%{ if Vars.MatchBox.Hostname != "" }
${Vars.NIC[0].IP} ${Vars.MatchBox.Hostname}
%{ endif }
%{ for host in Vars.DNSMasq.Hosts }
${host.IP} ${host.Name}
%{ endfor }

View File

@ -1,60 +0,0 @@
log-queries
log-dhcp
#port=0
listen-address=0.0.0.0
interface=${Vars.PXE.ListenInterface}
no-resolv
domain-needed
bogus-priv
expand-hosts
server=${Vars.DNS[0]}
strict-order
addn-hosts=/etc/dnsmasq-hosts.conf
domain=${Vars.PXE.DNSDomain}
local=/${Vars.PXE.DNSDomain}/
localise-queries
%{ if Vars.PXE.DHCPMode == "proxy" }
#dhcp-no-override
dhcp-range=${Vars.NIC[0].IP},proxy
%{ else }
dhcp-range=${Vars.PXE.DHCPRangeStart},${Vars.PXE.DHCPRangeEnd},${Vars.PXE.DHCPLeaseDuration}
dhcp-option=option:router,${Vars.NIC[0].Gateway}
%{ endif }
dhcp-option=option:dns-server,${Vars.NIC[0].IP}
dhcp-option=option:domain-name,${Vars.PXE.DNSDomain}
# TFTP Configuration
enable-tftp
tftp-root="${Vars.PXE.TFTPRoot}"
pxe-prompt="${Vars.PXE.GreetingMessage}",${Vars.PXE.DelayTime}
# Based on logic in https://gist.github.com/robinsmidsrod/4008017
# iPXE sends a 175 option, checking suboptions
dhcp-match=set:ipxe-http,175,19
dhcp-match=set:ipxe-https,175,20
dhcp-match=set:ipxe-menu,175,39
# pcbios specific
dhcp-match=set:ipxe-pxe,175,33
dhcp-match=set:ipxe-bzimage,175,24
dhcp-match=set:ipxe-iscsi,175,17
# efi specific
dhcp-match=set:ipxe-efi,175,36
# combination
# set ipxe-ok tag if we have correct combination
# http && menu && iscsi ((pxe && bzimage) || efi)
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi
## Load different PXE boot image depending on client architecture (when running as a proxy DHCP)
pxe-service=tag:!ipxe-ok, x86PC, "Legacy boot PXE chainload to iPXE", undionly.kpxe
pxe-service=tag:!ipxe-ok, BC_EFI, "UEFI32 boot chainload to iPXE", snponly.efi
pxe-service=tag:!ipxe-ok, X86-64_EFI, "UEFI64 boot chainload to iPXE", snponly.efi
dhcp-userclass=set:ipxe,iPXE
dhcp-boot=tag:ipxe-ok,http://${Vars.NIC[0].IP}:${Vars.MatchBox.HTTPPort}/boot.ipxe,,${Vars.NIC[0].IP}

View File

@ -1 +0,0 @@
${Vars.Set.Hostname}

View File

@ -1,28 +0,0 @@
#!/sbin/openrc-run
name=$RC_SVCNAME
command="/usr/local/bin/$RC_SVCNAME"
command_user="$RC_SVCNAME"
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
start_stop_daemon_args="--start -b"
command_args="$command_args"
command_background="yes"
depend() {
need net
}
start_pre() {
checkpath --directory --owner $command_user:$command_user --mode 0775 \
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
if [ ! -f "/etc/matchbox/server.crt" ]; then
cd /root/tls
export SAN="DNS.1:${Vars.MatchBox.Hostname},IP.1:${Vars.NIC[0].IP}"
./cert-gen
mkdir -p /etc/matchbox
cp ca.crt server.crt server.key /etc/matchbox
chown -R matchbox:matchbox /etc/matchbox
mkdir -p /root/.matchbox
cp client.crt client.key ca.crt /root/.matchbox/
fi
}

View File

@ -1,9 +0,0 @@
%{ for iface in Vars.NIC }
auto ${iface.Name}
iface ${iface.Name} inet static
address ${iface.IP}
netmask ${iface.Mask}
gateway ${iface.Gateway}
%{ endfor ~}

View File

@ -1,4 +0,0 @@
%{ for dns in Vars.DNS }
nameserver ${dns}
%{ endfor ~}

View File

@ -1,7 +0,0 @@
NAME = <%= image_name %>
PATH = <%= image_source %>
TYPE = OS
PERSISTENT = No
DESCRIPTION = "<%= image_comment %>"
DEV_PREFIX = vd
FORMAT = qcow2

View File

@ -1,48 +0,0 @@
{
"name": "<%= template_name %>",
"deployment": "straight",
"description": "Cluster Kubernetes (k8s)",
"roles": [
{
"name": "leader",
"cardinality": 1,
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
"shutdown_action": "terminate",
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
"elasticity_policies": [],
"scheduled_policies": []
},
{
"name": "master",
"cardinality": 2,
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
"shutdown_action": "terminate",
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
"elasticity_policies": [],
"scheduled_policies": []
},
{
"name": "worker",
"cardinality": 4,
"vm_template": <%= getTemplateByName(oneCli, vm_name).id %>,
"shutdown_action": "terminate",
"parents": [
"leader"
],
"vm_template_contents": "NIC = [\n NAME = \"NIC0\",\n NETWORK_ID = \"$main\",\n RDP = \"YES\" ]\nNIC = [\n NAME = \"NIC1\",\n NETWORK_ID = \"$internal\" ]\n",
"elasticity_policies": [],
"scheduled_policies": []
}
],
"networks": {
"main": "M|network|Main network| |id:",
"internal": "M|network|Internal network| |id:"
},
"custom_attrs": {
"KUBEAPPS_DNS_NAME": "M|text|DNS Name for kubeapps service| |kubeapps.k3s-eole.local",
"INGRESS_PROVIDER": "O|list|Default ingress to install|nginx, traefik, |",
"LE_EMAIL": "M|text|Email | |"
},
"shutdown_action": "terminate",
"ready_status_gate": true
}

View File

@ -1,33 +0,0 @@
NAME = "<%= template_name %>"
CONTEXT = [
NETWORK = "YES",
REPORT_READY = "YES",
SET_HOSTNAME = "$NAME",
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
TOKEN = "YES" ]
CPU = "0.2"
DESCRIPTION = "Alpine basic image"
DISK = [
DEV_PREFIX = "vd",
DRIVER = "qcow2",
IMAGE = "<%= image_name %>",
IMAGE_UNAME = "<%= user %>" ]
GRAPHICS = [
KEYMAP = "fr",
LISTEN = "0.0.0.0",
TYPE = "VNC" ]
HYPERVISOR = "kvm"
INPUT = [
BUS = "usb",
TYPE = "tablet" ]
INPUTS_ORDER = ""
LOGO = "images/logos/linux.png"
MEMORY = "512"
MEMORY_UNIT_COST = "MB"
NIC_DEFAULT = [
MODEL = "virtio" ]
OS = [
ARCH = "x86_64",
BOOT = "",
SD_DISK_BUS = "scsi" ]
VCPU = "2"

View File

@ -1,32 +0,0 @@
NAME = "<%= template_name %>"
CONTEXT = [
NETWORK = "YES",
REPORT_READY = "YES",
SET_HOSTNAME = "$NAME",
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
TOKEN = "YES" ]
CPU = "0.2"
DESCRIPTION = "K3S Ready VM"
DISK = [
IMAGE = "<%= image_name %>",
IMAGE_UNAME = "<%= user %>",
DRIVER = "qcow2" ]
GRAPHICS = [
KEYMAP = "fr",
LISTEN = "0.0.0.0",
TYPE = "VNC" ]
HYPERVISOR = "kvm"
INPUT = [
BUS = "usb",
TYPE = "tablet" ]
INPUTS_ORDER = ""
LOGO = "images/logos/alpine.png"
MEMORY = "2048"
MEMORY_UNIT_COST = "MB"
NIC_DEFAULT = [
MODEL = "virtio" ]
OS = [
ARCH = "x86_64",
BOOT = "",
SD_DISK_BUS = "scsi" ]
VCPU = "2"

View File

@ -1,35 +0,0 @@
NAME = "<%= template_name %>"
CONTEXT = [
NETWORK = "YES",
REPORT_READY = "YES",
SET_HOSTNAME = "$NAME",
SERVER_ROLE = "leader",
TOKEN = "YES",
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
]
CPU = "0.8"
DESCRIPTION = "Kubernetes master or Docker VM (check the name)"
DISK = [
DEV_PREFIX = "vd",
IMAGE = "<%= image_name %>",
IMAGE_UNAME = "<%= user %>",
DRIVER = "qcow2" ]
GRAPHICS = [
LISTEN = "0.0.0.0",
KEYMAP = "fr",
TYPE = "VNC" ]
HYPERVISOR = "kvm"
INPUT = [
BUS = "usb",
TYPE = "tablet" ]
INPUTS_ORDER = ""
LOGO = "images/logos/alpine.png"
MEMORY = "2048"
MEMORY_UNIT_COST = "MB"
NIC_DEFAULT = [
MODEL = "virtio" ]
OS = [
ARCH = "x86_64",
BOOT = "",
SD_DISK_BUS = "scsi" ]
VCPU = "4"

View File

@ -1,42 +0,0 @@
NAME = "<%= template_name %>"
CONTEXT = [
NETWORK = "YES",
REPORT_READY = "YES",
SET_HOSTNAME = "$NAME",
SERVER_ROLE = "master",
MASTER_ADDR = "$MASTER_ADDR",
MASTER_TOKEN = "$MASTER_TOKEN",
MASTER_CA_TOKEN = "$MASTER_CA_TOKEN",
TOKEN = "YES",
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
]
CPU = "0.8"
DESCRIPTION = "Kubernetes worker VM"
DISK = [
DEV_PREFIX = "vd",
IMAGE = "<%= image_name %>",
IMAGE_UNAME = "<%= user %>",
DRIVER = "qcow2" ]
GRAPHICS = [
LISTEN = "0.0.0.0",
KEYMAP = "fr",
TYPE = "VNC" ]
HYPERVISOR = "kvm"
INPUT = [
BUS = "usb",
TYPE = "tablet" ]
INPUTS_ORDER = ""
LOGO = "images/logos/alpine.png"
MEMORY = "2048"
MEMORY_UNIT_COST = "MB"
NIC_DEFAULT = [
MODEL = "virtio" ]
OS = [
ARCH = "x86_64",
BOOT = "",
SD_DISK_BUS = "scsi" ]
USER_INPUTS = [
MASTER_ADDR = "O|text|Master address (for workers only)",
MASTER_TOKEN = "O|text|Master Token (for workers only)",
MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ]
VCPU = "4"

View File

@ -1,42 +0,0 @@
NAME = "<%= template_name %>"
CONTEXT = [
NETWORK = "YES",
REPORT_READY = "YES",
SET_HOSTNAME = "$NAME",
SERVER_ROLE = "worker",
MASTER_ADDR = "$MASTER_ADDR",
MASTER_TOKEN = "$MASTER_TOKEN",
MASTER_CA_TOKEN = "$MASTER_CA_TOKEN",
TOKEN = "YES",
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]"
]
CPU = "0.8"
DESCRIPTION = "Kubernetes worker VM"
DISK = [
DEV_PREFIX = "vd",
IMAGE = "<%= image_name %>",
IMAGE_UNAME = "<%= user %>",
DRIVER = "qcow2" ]
GRAPHICS = [
LISTEN = "0.0.0.0",
KEYMAP = "fr",
TYPE = "VNC" ]
HYPERVISOR = "kvm"
INPUT = [
BUS = "usb",
TYPE = "tablet" ]
INPUTS_ORDER = ""
LOGO = "images/logos/alpine.png"
MEMORY = "4096"
MEMORY_UNIT_COST = "MB"
NIC_DEFAULT = [
MODEL = "virtio" ]
OS = [
ARCH = "x86_64",
BOOT = "",
SD_DISK_BUS = "scsi" ]
USER_INPUTS = [
MASTER_ADDR = "O|text|Master address (for workers only)",
MASTER_TOKEN = "O|text|Master Token (for workers only)",
MASTER_CA_TOKEN = "O|text|Master CA Token (for workers only)" ]
VCPU = "4"

View File

@ -1,47 +0,0 @@
NAME = "<%= template_name %>"
CONTEXT = [
MATCHBOX_URL = "http://$NAME",
NETWORK = "YES",
PXE_DHCPLEASEDURATION = "$DHCPLEASEDURATION",
PXE_DHCPMODE = "$ADHCPMODE",
PXE_DNSDOMAIN = "$BDNSDOMAIN",
PXE_DHCPRANGESTART = "$CDHCPRANGESTART",
PXE_DHCPRANGEEND = "$DDHCPRANGEEND",
PXE_DHCPLEASEDURATION = "$EDHCPLEASEDURATION",
MATCHBOX_HOSTNAME = "$FMATCHBOX_HOSTNAME",
REPORT_READY = "YES",
SET_HOSTNAME = "$NAME",
SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]",
TOKEN = "YES" ]
CPU = "0.2"
DESCRIPTION = "Matchbox Ready VM"
DISK = [
IMAGE = "<%= image_name %>",
IMAGE_UNAME = "<%= user %>",
DRIVER = "qcow2" ]
GRAPHICS = [
KEYMAP = "fr",
LISTEN = "0.0.0.0",
TYPE = "VNC" ]
HYPERVISOR = "kvm"
INPUT = [
BUS = "usb",
TYPE = "tablet" ]
INPUTS_ORDER = ""
LOGO = "images/logos/alpine.png"
MEMORY = "2048"
MEMORY_UNIT_COST = "MB"
NIC_DEFAULT = [
MODEL = "virtio" ]
OS = [
ARCH = "x86_64",
BOOT = "",
SD_DISK_BUS = "scsi" ]
USER_INPUTS = [
ADHCPMODE = "M|list|DHCP Mode|proxy,direct|proxy",
BDNSDOMAIN = "M|text|Nom de la zone DNS (ex: cadol.es)",
CDHCPRANGESTART = "O|text|DNSMASQ DHCP Range First IP",
DDHCPRANGEEND = "O|text|DNSMASQ DHCP Range Last IP",
EDHCPLEASEDURATION = "M|list|DHCP lease duration|1h,2h,4h,6h,8h,10h,12h,14h,24h|1h",
FMATCHBOX_HOSTNAME = "O|text|Matchbox service hostname|mb.cadol.es" ]
VCPU = "2"

View File

@ -5,17 +5,17 @@ variable "name" {
variable "version" { variable "version" {
type = string type = string
default = "11" default = "12.2.0"
} }
variable "short_version" { variable "short_version" {
type = string type = string
default = "11" default = "12"
} }
variable "arch" { variable "arch" {
type = string type = string
default = "amd6464" default = "amd64"
} }
variable "output_dir" { variable "output_dir" {
@ -25,12 +25,12 @@ variable "output_dir" {
variable "source_url" { variable "source_url" {
type = string type = string
default = "https://cdimage.debian.org/cdimage/release" default = "https://cdimage.debian.org/cdimage/release/12.2.0"
} }
variable "iso_cd_checksum" { variable "iso_cd_checksum" {
type = string type = string
default = "sha256:9ae04227e89047b72970a0d5f1897e2573fd0d4bba3d381086307af604072bad9e33174357fd3c3545a2a2b5b83ce19f3dbb5c352e86d5173b833df59b4a5741" default = "file:https://cdimage.debian.org/cdimage/release/12.2.0/amd64/iso-cd/SHA256SUMS"
} }
variable "image_version" { variable "image_version" {
@ -57,3 +57,8 @@ variable "cloud_init_runcmd" {
type = list(string) type = list(string)
default = [ "uname" ] default = [ "uname" ]
} }
variable "headless" {
type = bool
default = true
}

View File

@ -0,0 +1,6 @@
variable "quid_ansible_vault_passphrase" {
type = string
default = env("QUID_ANSIBLE_VAULT_PASSPHRASE")
sensitive = true
}