Test dependencies

packer/files/flatcar/README.md

@@ -0,0 +1,42 @@
+# Flatcar-Related Build Files
+
+This directory contains files needed for building Flatcar Container Linux CAPI images.
+
+The following subdirectories exist:
+
+- `clc` - contains [Container Linux Config][1] files.
+- `ignition` - contains [Ignition][2] files generated from the CLC files in the `clc` directory.
+- `scripts` - contains scripts which are used by the various Flatcar builds.
+
+## Ignition Files
+
+Some Flatcar builds (e.g. QEMU) require Ignition files during OS installation. These files can be
+consumed directly from the `ignition` directory. Ignition files are generated from CLC files by the
+[Container Linux Config Transpiler][3].
+
+### Adding New Files
+
+To add a new Ignition file, do the following:
+
+1. Place a CLC YAML file with the desired config in `clc`.
+1. Add the name of the file without an extension to the `ignition_files` variable under the
+  `gen-ignition` target in the [Makefile](../../../Makefile). For example, for a CLC file named
+  `foo.yaml`, add `foo` to the Make target.
+1. Run `make gen-ignition` under `images/capi`. A new Ignition file is generated under `ignition`.
+1. Commit both the CLC file and the resulting Ignition file and open a PR to merge the changes.
+
+Once the changes are merged, the new Ignition file can be referenced in Flatcar builds and consumed
+as a raw file directly from GitHub.
+
+### Changing Existing Files
+
+To change an existing Ignition file, do the following:
+
+1. Edit the relevant CLC YAML file in `clc`.
+1. Run `make gen-ignition` under `images/capi`. The corresponding Ignition file is updated under
+  `ignition`.
+1. Commit the changes and open a PR to merge them.
+
+[1]: https://flatcar.org/docs/latest/provisioning/cl-config/
+[2]: https://flatcar.org/docs/latest/provisioning/ignition/
+[3]: https://flatcar.org/docs/latest/provisioning/config-transpiler/

packer/files/flatcar/clc/bootstrap.yaml

@@ -0,0 +1,26 @@
+# This file is used for initial provisioning of a Flatcar machine, before Packer provisioners (e.g.
+# Ansible) are executed.
+passwd:
+  users:
+  - name: builder
+    # "BUILDERPASSWORDHASH" gets overwritten by Packer on platforms where SSH password auth is used.
+    password_hash: BUILDERPASSWORDHASH
+    # "BUILDERSSHAUTHKEY" gets overwritten by Packer on platforms where SSH key auth is used.
+    # TODO: Once https://github.com/kubernetes-sigs/image-builder/pull/882 is merged we can remove
+    # the ssh_authorized_keys key altogether since the QEMU and raw targets would be using password
+    # auth and the rest of the targets have provider-specific authorization mechanisms, meaning SSH
+    # keys don't have to be specified in this CLC file.
+    ssh_authorized_keys: ["BUILDERSSHAUTHKEY"]
+    groups:
+    - wheel
+    - sudo
+    - docker
+systemd:
+  units:
+  - name: docker.service
+    enable: true
+  # Mask update-engine and locksmithd to disable automatic updates during image creation.
+  - name: update-engine.service
+    mask: true
+  - name: locksmithd.service
+    mask: true

packer/files/flatcar/ignition/bootstrap.json

@@ -0,0 +1,44 @@
+{
+  "ignition": {
+    "config": {},
+    "security": {
+      "tls": {}
+    },
+    "timeouts": {},
+    "version": "2.3.0"
+  },
+  "networkd": {},
+  "passwd": {
+    "users": [
+      {
+        "groups": [
+          "wheel",
+          "sudo",
+          "docker"
+        ],
+        "name": "builder",
+        "passwordHash": "BUILDERPASSWORDHASH",
+        "sshAuthorizedKeys": [
+          "BUILDERSSHAUTHKEY"
+        ]
+      }
+    ]
+  },
+  "storage": {},
+  "systemd": {
+    "units": [
+      {
+        "enable": true,
+        "name": "docker.service"
+      },
+      {
+        "mask": true,
+        "name": "update-engine.service"
+      },
+      {
+        "mask": true,
+        "name": "locksmithd.service"
+      }
+    ]
+  }
+}

packer/files/flatcar/scripts/bootstrap-flatcar.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+#
+# This script installs PyPy as a Python interpreter on a Flatcar instance.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+BINDIR="/opt/bin"
+BUILDER_ENV="/opt/bin/builder-env"
+
+set -x
+
+mkdir -p ${BINDIR}
+
+cd ${BINDIR}
+
+if [[ -e ${BINDIR}/.bootstrapped ]]; then
+  exit 0
+fi
+
+PYPY_VERSION=7.2.0
+PYTHON3_VERSION=3.6
+
+curl -sfL https://github.com/squeaky-pl/portable-pypy/releases/download/pypy-${PYPY_VERSION}/pypy-${PYPY_VERSION}-linux_x86_64-portable.tar.bz2 | tar -xjf -
+mv -n pypy-${PYPY_VERSION}-linux_x86_64-portable pypy2
+ln -s ./pypy2/bin/pypy python2
+ln -s ./pypy2/bin/pypy python
+
+curl -sfL  https://github.com/squeaky-pl/portable-pypy/releases/download/pypy${PYTHON3_VERSION}-${PYPY_VERSION}/pypy${PYTHON3_VERSION}-${PYPY_VERSION}-linux_x86_64-portable.tar.bz2 | tar -xjf -
+mv -n pypy${PYTHON3_VERSION}-${PYPY_VERSION}-linux_x86_64-portable pypy3
+ln -s ./pypy3/bin/pypy3 python3
+
+${BINDIR}/python --version
+
+${BINDIR}/pypy2/bin/virtualenv-pypy ${BUILDER_ENV}
+chown -R core ${BUILDER_ENV}
+
+ln -s builder-env/bin/pip ${BINDIR}/pip
+# need to have symlink pip3 required by ansible/roles/providers/tasks/aws.yml
+ln -s builder-env/bin/pip ${BINDIR}/pip3
+
+touch ${BINDIR}/.bootstrapped