djpbessems/ClusterAPI.imageBuilder
Archived
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Test dependencies
Some checks failed
continuous-integration/drone Build is failing
Details

Browse Source
This commit is contained in:
Danny Bessems
2023-02-22 21:24:42 +01:00
commit f2b0a5e7c7
429 changed files with 20330 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.drone.yml Normal file
View File

@@ -0,0 +1,31 @@
kind: pipeline
type: kubernetes
name: 'CAPI ImageBuilder'
volumes:
- name: output
claim:
name: flexvolsmb-drone-output
- name: scratch
claim:
name: flexvolsmb-drone-scratch
steps:
- name: Debugging information
image: bv11-cr01.bessems.eu/library/packer-extended
commands:
- ansible --version
- ovftool --version
- packer --version
- yamllint --version
- name: Build CAPV image(s)
image: bv11-cr01.bessems.eu/library/packer-extended
pull: always
commands:
- |
make deps
volumes:
- name: output
path: /output

33
.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@@ -0,0 +1,33 @@
---
name: Bug report
about: Tell us about a problem you are experiencing
---
**What steps did you take and what happened:**
[A clear and concise description on how to REPRODUCE the bug.]
**What did you expect to happen:**
**Anything else you would like to add:**
[Miscellaneous information that will assist in solving the issue.]
**Environment:**
Project ([Image Builder for Cluster API](https://github.com/kubernetes-sigs/image-builder/tree/master/images/capi), [kube-deploy/imagebuilder](https://github.com/kubernetes-sigs/image-builder/tree/master/images/kube-deploy/imagebuilder), [konfigadm](https://github.com/kubernetes-sigs/image-builder/tree/master/images/konfigadm)):
Additional info for Image Builder for Cluster API related issues:
- OS (e.g. from `/etc/os-release`, or `cmd /c ver`):
- Packer Version:
- Packer Provider:
- Ansible Version:
- Cluster-api version (if using):
- Kubernetes version: (use `kubectl version`):
/kind bug
[One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels]

20
.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
/kind feature

6
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,6 @@
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #
**Additional context**
Add any other context for the reviewers

46
Dockerfile Normal file
View File

@@ -0,0 +1,46 @@
# syntax=docker/dockerfile:1.1-experimental
# Copyright 2020 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ARG BASE_IMAGE=docker.io/library/ubuntu:latest
FROM $BASE_IMAGE
RUN apt-get update && apt-get install -y apt-transport-https ca-certificates python3-pip curl wget git rsync vim unzip build-essential \
&& useradd -ms /bin/bash imagebuilder \
&& apt-get purge --auto-remove -y \
&& rm -rf /var/lib/apt/lists/*
ARG ARCH
ARG PASSED_IB_VERSION
USER imagebuilder
WORKDIR /home/imagebuilder/
COPY --chown=imagebuilder:imagebuilder ansible ansible/
COPY --chown=imagebuilder:imagebuilder ansible.cfg ansible.cfg
COPY --chown=imagebuilder:imagebuilder cloudinit cloudinit/
COPY --chown=imagebuilder:imagebuilder hack hack/
COPY --chown=imagebuilder:imagebuilder packer packer/
COPY --chown=imagebuilder:imagebuilder Makefile Makefile
COPY --chown=imagebuilder:imagebuilder azure_targets.sh azure_targets.sh
ENV PATH="/home/imagebuilder/.local/bin:${PATH}"
ENV PACKER_ARGS ''
ENV PACKER_VAR_FILES ''
ENV IB_VERSION "${PASSED_IB_VERSION}"
RUN make deps
ENTRYPOINT [ "/usr/bin/make" ]

938
Makefile Normal file
View File

@@ -0,0 +1,938 @@
# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# If you update this file, please follow
# https://suva.sh/posts/well-documented-makefiles
# Ensure Make is run with bash shell as some syntax below is bash-specific
SHELL := /usr/bin/env bash
.DEFAULT_GOAL := help
# This option is for running docker manifest command
export DOCKER_CLI_EXPERIMENTAL := enabled
export PATH := $(PATH):$(CURDIR)/.local/bin
export IB_VERSION ?= $(shell git describe --dirty)
## --------------------------------------
## Help
## --------------------------------------
##@ Helpers
help: ## Display this help
@echo NOTE
@echo ' The "build-node-ova" targets have analogue "clean-node-ova" targets for'
@echo ' cleaning artifacts created from building OVAs using a local'
@echo ' hypervisor.'
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-35s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
.PHONY: version
version: ## Display version of image-builder
@echo $(IB_VERSION)
## --------------------------------------
## Dependencies
## --------------------------------------
##@ Dependencies
.PHONY: deps
deps: ## Installs/checks all dependencies
deps: deps-ami deps-azure deps-do deps-gce deps-ova deps-qemu deps-raw deps-oci deps-osc deps-vbox deps-powervs deps-nutanix
.PHONY: deps-ami
deps-ami: ## Installs/checks dependencies for AMI builds
deps-ami:
hack/ensure-ansible.sh
hack/ensure-ansible-windows.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
.PHONY: deps-azure
deps-azure: ## Installs/checks dependencies for Azure builds
deps-azure:
hack/ensure-ansible.sh
hack/ensure-ansible-windows.sh
hack/ensure-packer.sh
hack/ensure-jq.sh
hack/ensure-azure-cli.sh
hack/ensure-goss.sh
.PHONY: deps-do
deps-do: ## Installs/checks dependencies for DigitalOcean builds
deps-do:
hack/ensure-ansible.sh
hack/ensure-packer.sh
.PHONY: deps-osc
deps-osc: ## Installs/checks dependencies for Outscale builds
deps-osc:
hack/ensure-ansible.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
packer plugins install github.com/outscale/outscale
.PHONY: deps-gce
deps-gce: ## Installs/checks dependencies for GCE builds
deps-gce:
hack/ensure-ansible.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
.PHONY: deps-ova
deps-ova: ## Installs/checks dependencies for OVA builds
deps-ova:
hack/ensure-ansible.sh
hack/ensure-ansible-windows.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
hack/ensure-ovftool.sh
.PHONY: deps-qemu
deps-qemu: ## Installs/checks dependencies for QEMU builds
deps-qemu:
hack/ensure-ansible.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
.PHONY: deps-raw
deps-raw: ## Installs/checks dependencies for RAW builds
deps-raw:
hack/ensure-ansible.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
.PHONY: deps-oci
deps-oci: ## Installs/checks dependencies for OCI builds
deps-oci:
hack/ensure-ansible.sh
hack/ensure-packer.sh
packer plugins install github.com/hashicorp/oracle
.PHONY: deps-vbox
deps-vbox: ## Installs/checks dependencies for VirtualBox builds
deps-vbox:
hack/ensure-ansible.sh
hack/ensure-ansible-windows.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
.PHONY: deps-powervs
deps-powervs:
deps-powervs:
hack/ensure-ansible.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
hack/ensure-powervs.sh
.PHONY: deps-ignition
deps-ignition: ## Installs/checks dependencies for generating Ignition files
deps-ignition:
hack/ensure-jq.sh
hack/ensure-ct.sh
.PHONY: deps-nutanix
deps-nutanix: ## Installs/checks dependencies for Nutanix builds
deps-nutanix:
hack/ensure-ansible.sh
hack/ensure-packer.sh
hack/ensure-goss.sh
## --------------------------------------
## Container variables
## --------------------------------------
REGISTRY ?= gcr.io/$(shell gcloud config get-value project)
STAGING_REGISTRY := gcr.io/k8s-staging-scl-image-builder
IMAGE_NAME ?= cluster-node-image-builder
CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME)
TAG ?= dev
ARCH ?= amd64
BASE_IMAGE ?= docker.io/library/ubuntu:focal
## --------------------------------------
## Packer flags
## --------------------------------------
# Set Packer color to true if not already set in env variables
# Only valid for builds
ifneq (,$(findstring build-, $(MAKECMDGOALS)))
# A build target
PACKER_COLOR ?= true
PACKER_FLAGS += -color=$(PACKER_COLOR)
endif
# If FOREGROUND=1 then Packer will set headless to false, causing local builds
# to build in the foreground, with a UI. This is very useful when debugging new
# platforms or issues with existing ones.
ifeq (1,$(strip $(FOREGROUND)))
PACKER_FLAGS += -var="headless=false"
endif
# If ON_ERROR_ASK=1 then Packer will set -on-error to ask, causing the Packer
# build to pause when any error happens, instead of simply exiting. This is
# useful when debugging unknown issues logging into the remote machine via ssh.
ifeq (1,$(strip $(ON_ERROR_ASK)))
PACKER_FLAGS += -on-error=ask
endif
# ssh_private_key_file and ssh_public_key are needed to pass ssh keypair
# from its host to the packer guest machine, so boot managers like ignition
# could make use of the key in its config.
# SSH_PRIVATE_KEY_FILE is name of the file that contains the private key.
# SSH_PUBLIC_KEY_FILE is name of the file that contains the public key.
ifneq (,$(strip $(SSH_PRIVATE_KEY_FILE)))
PACKER_FLAGS += -var ssh_private_key_file="$(SSH_PRIVATE_KEY_FILE)"
endif
ifneq (,$(strip $(SSH_PUBLIC_KEY_FILE)))
PACKER_FLAGS += -var ssh_public_key="$(shell cat ${SSH_PUBLIC_KEY_FILE})"
endif
# Since OpenSSH 9.0+ 'scp' uses SFTP protocol instead of legacy SCP protocol, which causes building errors like:
#
# bash: line 1: /usr/lib/sftp-server: No such file or directory\nscp: Connection closed\r\n""
#
# However, -O option is not available in older OpenSSH version, so we cannot always set it as an option to use.
# To provide better out-of-the-box experience for users with newer versions of OpenSSH, we conditionally ensure
# -O is used when used OpenSSH version requires it.
#
# See https://github.com/kubernetes-sigs/image-builder/issues/859 and
# https://github.com/hashicorp/packer-plugin-ansible/issues/100 for more details.
ifeq ($(shell test $$(ssh -V 2>&1 | cut -d _ -f2 | cut -d . -f1) -ge 9; echo $$?),0)
# Use ?= to retain possible existing value of environment variable. If it is already declared, we assume user to be
# aware of OpenSSH version they use and it is up to the user to specify "-O" option as well if needed.
export ANSIBLE_SCP_EXTRA_ARGS ?= "-O"
endif
# If DEBUG=1 then Packer will set -debug, enabling debug mode for builds, providing
# more verbose logging
ifeq (1,$(strip $(DEBUG)))
PACKER_FLAGS += -debug
endif
# We want the var files passed to Packer to have a specific order, because the
# precenence of the variables they contain depends on the order. Files listed
# later on the CLI have higher precedence. We want the common var files found in
# packer/config to be listed first, then the var files that specific to the
# provider, then any user-supplied var files so that a user can override what
# they need to.
# A list of variable files given to Packer to configure things like the versions
# of Kubernetes, CNI, and ContainerD to install. Any additional files from the
# environment are appended.
COMMON_NODE_VAR_FILES := packer/config/kubernetes.json \
packer/config/cni.json \
packer/config/containerd.json \
packer/config/wasm-shims.json \
packer/config/ansible-args.json \
packer/config/goss-args.json \
packer/config/common.json \
packer/config/additional_components.json
COMMON_WINDOWS_VAR_FILES := packer/config/kubernetes.json \
packer/config/windows/kubernetes.json \
packer/config/containerd.json \
packer/config/windows/containerd.json \
packer/config/windows/docker.json \
packer/config/windows/ansible-args-windows.json \
packer/config/common.json \
packer/config/windows/common.json \
packer/config/windows/cloudbase-init.json \
packer/config/goss-args.json \
packer/config/additional_components.json
COMMON_POWERVS_VAR_FILES := packer/config/kubernetes.json \
packer/config/ppc64le/kubernetes.json \
packer/config/cni.json \
packer/config/ppc64le/cni.json \
packer/config/containerd.json \
packer/config/ppc64le/containerd.json \
packer/config/ansible-args.json \
packer/config/goss-args.json \
packer/config/common.json \
packer/config/ppc64le/common.json \
packer/config/additional_components.json
# Initialize a list of flags to pass to Packer. This includes any existing flags
# specified by PACKER_FLAGS, as well as prefixing the list with the variable
# files from COMMON_VAR_FILES, with each file prefixed by -var-file=.
#
# Any existing values from PACKER_FLAGS take precendence over variable files.
PACKER_NODE_FLAGS := $(foreach f,$(abspath $(COMMON_NODE_VAR_FILES)),-var-file="$(f)" ) \
$(PACKER_FLAGS)
ABSOLUTE_PACKER_VAR_FILES := $(foreach f,$(abspath $(PACKER_VAR_FILES)),-var-file="$(f)" )
PACKER_WINDOWS_NODE_FLAGS := $(foreach f,$(abspath $(COMMON_WINDOWS_VAR_FILES)),-var-file="$(f)" ) \
$(PACKER_FLAGS)
PACKER_POWERVS_NODE_FLAGS := $(foreach f,$(abspath $(COMMON_POWERVS_VAR_FILES)),-var-file="$(f)" ) \
$(PACKER_FLAGS)
## --------------------------------------
## Platform and version combinations
## --------------------------------------
CENTOS_VERSIONS := centos-7
FLATCAR_VERSIONS := flatcar
PHOTON_VERSIONS := photon-3 photon-4
RHEL_VERSIONS := rhel-7 rhel-8
ROCKYLINUX_VERSIONS := rockylinux-8
UBUNTU_VERSIONS := ubuntu-1804 ubuntu-2004 ubuntu-2004-efi ubuntu-2204
WINDOWS_VERSIONS := windows-2019 windows-2004 windows-2022
# Set Flatcar Container Linux channel and version if not supplied
FLATCAR_CHANNEL ?= stable
FLATCAR_VERSION ?= current
ifeq ($(FLATCAR_VERSION),current)
override FLATCAR_VERSION := $(shell hack/image-grok-latest-flatcar-version.sh $(FLATCAR_CHANNEL))
endif
export FLATCAR_CHANNEL FLATCAR_VERSION
PLATFORMS_AND_VERSIONS := $(CENTOS_VERSIONS) \
$(PHOTON_VERSIONS) \
$(RHEL_VERSIONS) \
$(ROCKYLINUX_VERSIONS) \
$(UBUNTU_VERSIONS) \
$(FLATCAR_VERSIONS) \
$(WINDOWS_VERSIONS)
NODE_OVA_LOCAL_BUILD_NAMES := $(addprefix node-ova-local-,$(PLATFORMS_AND_VERSIONS))
NODE_OVA_LOCAL_VMX_BUILD_NAMES := $(addprefix node-ova-local-vmx-,$(PLATFORMS_AND_VERSIONS))
NODE_OVA_LOCAL_BASE_BUILD_NAMES := $(addprefix node-ova-local-base-,$(PLATFORMS_AND_VERSIONS))
NODE_OVA_VSPHERE_BUILD_NAMES := $(addprefix node-ova-vsphere-,$(PLATFORMS_AND_VERSIONS))
NODE_OVA_VSPHERE_BASE_BUILD_NAMES := $(addprefix node-ova-vsphere-base-,$(PLATFORMS_AND_VERSIONS))
NODE_OVA_VSPHERE_CLONE_BUILD_NAMES := $(addprefix node-ova-vsphere-clone-,$(PLATFORMS_AND_VERSIONS))
AMI_BUILD_NAMES ?= ami-centos-7 ami-ubuntu-1804 ami-ubuntu-2004 ami-ubuntu-2204 ami-amazon-2 ami-flatcar ami-windows-2019 ami-windows-2004 ami-rockylinux-8 ami-rhel-8
GCE_BUILD_NAMES ?= gce-ubuntu-1804 gce-ubuntu-2004 gce-ubuntu-2204
# Make needs these lists to be space delimited, no quotes
VHD_TARGETS := $(shell grep VHD_TARGETS azure_targets.sh | sed 's/VHD_TARGETS=//' | tr -d \")
SIG_TARGETS := $(shell grep SIG_TARGETS azure_targets.sh | sed 's/SIG_TARGETS=//' | tr -d \")
SIG_GEN2_TARGETS := $(shell grep SIG_GEN2_TARGETS azure_targets.sh | sed 's/SIG_GEN2_TARGETS=//' | tr -d \")
AZURE_BUILD_VHD_NAMES ?= $(addprefix azure-vhd-,$(VHD_TARGETS))
AZURE_BUILD_SIG_NAMES ?= $(addprefix azure-sig-,$(SIG_TARGETS))
AZURE_BUILD_SIG_GEN2_NAMES ?= $(addsuffix -gen2,$(addprefix azure-sig-,$(SIG_GEN2_TARGETS)))
OCI_BUILD_NAMES ?= oci-ubuntu-1804 oci-ubuntu-2004 oci-ubuntu-2204 oci-oracle-linux-8 oci-oracle-linux-9 oci-windows-2019 oci-windows-2022
DO_BUILD_NAMES ?= do-centos-7 do-ubuntu-1804 do-ubuntu-2004
OSC_BUILD_NAMES ?= osc-ubuntu-2004
QEMU_BUILD_NAMES ?= qemu-ubuntu-1804 qemu-ubuntu-2004 qemu-ubuntu-2204 qemu-centos-7 qemu-ubuntu-2004-efi qemu-rhel-8 qemu-rockylinux-8 qemu-flatcar
QEMU_KUBEVIRT_BUILD_NAMES := $(addprefix kubevirt-,$(QEMU_BUILD_NAMES))
RAW_BUILD_NAMES ?= raw-ubuntu-1804 raw-ubuntu-2004 raw-ubuntu-2004-efi raw-flatcar
VBOX_BUILD_NAMES ?= vbox-windows-2019
POWERVS_BUILD_NAMES ?= powervs-centos-8
NUTANIX_BUILD_NAMES ?= nutanix-ubuntu-2004 nutanix-ubuntu-2204 nutanix-rockylinux-8 nutanix-rockylinux-9 nutanix-flatcar nutanix-windows-2022
## --------------------------------------
## Dynamic build targets
## --------------------------------------
NODE_OVA_LOCAL_BUILD_TARGETS := $(addprefix build-,$(NODE_OVA_LOCAL_BUILD_NAMES))
NODE_OVA_LOCAL_VMX_BUILD_TARGETS := $(addprefix build-,$(NODE_OVA_LOCAL_VMX_BUILD_NAMES))
NODE_OVA_LOCAL_BASE_BUILD_TARGETS := $(addprefix build-,$(NODE_OVA_LOCAL_BASE_BUILD_NAMES))
NODE_OVA_LOCAL_VALIDATE_TARGETS := $(addprefix validate-,$(NODE_OVA_LOCAL_BUILD_NAMES))
NODE_OVA_VSPHERE_BUILD_TARGETS := $(addprefix build-,$(NODE_OVA_VSPHERE_BUILD_NAMES))
NODE_OVA_VSPHERE_BASE_BUILD_TARGETS := $(addprefix build-,$(NODE_OVA_VSPHERE_BASE_BUILD_NAMES))
NODE_OVA_VSPHERE_CLONE_BUILD_TARGETS := $(addprefix build-,$(NODE_OVA_VSPHERE_CLONE_BUILD_NAMES))
AMI_BUILD_TARGETS := $(addprefix build-,$(AMI_BUILD_NAMES))
AMI_VALIDATE_TARGETS := $(addprefix validate-,$(AMI_BUILD_NAMES))
GCE_BUILD_TARGETS := $(addprefix build-,$(GCE_BUILD_NAMES))
GCE_VALIDATE_TARGETS := $(addprefix validate-,$(GCE_BUILD_NAMES))
AZURE_BUILD_VHD_TARGETS := $(addprefix build-,$(AZURE_BUILD_VHD_NAMES))
AZURE_VALIDATE_VHD_TARGETS := $(addprefix validate-,$(AZURE_BUILD_VHD_NAMES))
AZURE_BUILD_SIG_TARGETS := $(addprefix build-,$(AZURE_BUILD_SIG_NAMES))
AZURE_BUILD_SIG_GEN2_TARGETS := $(addprefix build-,$(AZURE_BUILD_SIG_GEN2_NAMES))
AZURE_VALIDATE_SIG_TARGETS := $(addprefix validate-,$(AZURE_BUILD_SIG_NAMES))
AZURE_VALIDATE_SIG_GEN2_TARGETS := $(addprefix validate-,$(AZURE_BUILD_SIG_GEN2_NAMES))
DO_BUILD_TARGETS := $(addprefix build-,$(DO_BUILD_NAMES))
DO_VALIDATE_TARGETS := $(addprefix validate-,$(DO_BUILD_NAMES))
QEMU_BUILD_TARGETS := $(addprefix build-,$(QEMU_BUILD_NAMES))
QEMU_VALIDATE_TARGETS := $(addprefix validate-,$(QEMU_BUILD_NAMES))
QEMU_KUBEVIRT_BUILD_TARGETS := $(addprefix build-,$(QEMU_KUBEVIRT_BUILD_NAMES))
QEMU_KUBEVIRT_VALIDATE_TARGETS := $(addprefix validate-,$(QEMU_KUBEVIRT_BUILD_NAMES))
RAW_BUILD_TARGETS := $(addprefix build-,$(RAW_BUILD_NAMES))
RAW_VALIDATE_TARGETS := $(addprefix validate-,$(RAW_BUILD_NAMES))
OCI_BUILD_TARGETS := $(addprefix build-,$(OCI_BUILD_NAMES))
OCI_VALIDATE_TARGETS := $(addprefix validate-,$(OCI_BUILD_NAMES))
OSC_BUILD_TARGETS := $(addprefix build-,$(OSC_BUILD_NAMES))
OSC_VALIDATE_TARGETS := $(addprefix validate-,$(OSC_BUILD_NAMES))
VBOX_BUILD_TARGETS := $(addprefix build-,$(VBOX_BUILD_NAMES))
VBOX_VALIDATE_TARGETS := $(addprefix validate-,$(VBOX_BUILD_NAMES))
POWERVS_BUILD_TARGETS := $(addprefix build-,$(POWERVS_BUILD_NAMES))
POWERVS_VALIDATE_TARGETS := $(addprefix validate-,$(POWERVS_BUILD_NAMES))
NUTANIX_BUILD_TARGETS := $(addprefix build-,$(NUTANIX_BUILD_NAMES))
NUTANIX_VALIDATE_TARGETS := $(addprefix validate-,$(NUTANIX_BUILD_NAMES))
.PHONY: $(NODE_OVA_LOCAL_BUILD_TARGETS)
$(NODE_OVA_LOCAL_BUILD_TARGETS): deps-ova
# This uses a packer file builder to input unattend variables into a json file to be consumed by the python script before running the vmware-iso provisioner
$(if $(findstring windows,$@),packer build $(PACKER_WINDOWS_NODE_FLAGS) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-local-,,$@).json)" -only=file $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-windows.json,)
$(if $(findstring windows,$@),hack/windows-ova-unattend.py --unattend-file='./packer/ova/windows/$(subst build-node-ova-local-,,$@)/autounattend.xml',)
packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-local-,,$@).json)" -except=vsphere -only=vmware-iso $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-$(if $(findstring windows,$@),windows,node).json
.PHONY: $(NODE_OVA_LOCAL_VALIDATE_TARGETS)
$(NODE_OVA_LOCAL_VALIDATE_TARGETS): deps-ova
packer validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst validate-node-ova-local-,,$@).json)" -except=vsphere -only=vmware-iso $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-$(if $(findstring windows,$@),windows,node).json
.PHONY: $(NODE_OVA_LOCAL_VMX_BUILD_TARGETS)
$(NODE_OVA_LOCAL_VMX_BUILD_TARGETS): deps-ova
packer build $(PACKER_NODE_FLAGS) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-local-vmx-,,$@).json)" -var-file="packer/ova/vmx.json" -except=vsphere -except=vmware-iso -only=vmware-vmx $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-node.json
.PHONY: $(NODE_OVA_LOCAL_BASE_BUILD_TARGETS)
$(NODE_OVA_LOCAL_BASE_BUILD_TARGETS): deps-ova
packer build $(PACKER_NODE_FLAGS) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-local-base-,,$@).json)" -except=vsphere -except=vmware-iso -except=vmware-vmx -only=vmware-iso-base $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-node.json
.PHONY: $(NODE_OVA_VSPHERE_BUILD_TARGETS)
$(NODE_OVA_VSPHERE_BUILD_TARGETS): deps-ova
# This uses a packer file builder to input unattend variables into a json file to be consumed by the python script before running the vsphere provisioner
$(if $(findstring windows,$@),packer build $(PACKER_WINDOWS_NODE_FLAGS) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-vsphere-,,$@).json)" -only=file $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-windows.json,)
$(if $(findstring windows,$@),hack/windows-ova-unattend.py --unattend-file='./packer/ova/windows/$(subst build-node-ova-vsphere-,,$@)/autounattend.xml',)
packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-vsphere-,,$@).json)" -var-file="packer/ova/vsphere.json" -except=local -only=vsphere-iso $(ABSOLUTE_PACKER_VAR_FILES) -only=vsphere packer/ova/packer-$(if $(findstring windows,$@),windows,node).json
.PHONY: $(NODE_OVA_VSPHERE_BASE_BUILD_TARGETS)
$(NODE_OVA_VSPHERE_BASE_BUILD_TARGETS): deps-ova
packer build $(PACKER_NODE_FLAGS) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-vsphere-base-,,$@).json)" -var-file="packer/ova/vsphere.json" -except=local -except=manifest -except=vsphere -only=vsphere-iso-base $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-node.json
.PHONY: $(NODE_OVA_VSPHERE_CLONE_BUILD_TARGETS)
$(NODE_OVA_VSPHERE_CLONE_BUILD_TARGETS): deps-ova
packer build $(PACKER_NODE_FLAGS) -var-file="packer/ova/packer-common.json" -var-file="$(abspath packer/ova/$(subst build-node-ova-vsphere-clone-,,$@).json)" -var-file="packer/ova/vsphere.json" -except=local -only=vsphere-clone $(ABSOLUTE_PACKER_VAR_FILES) packer/ova/packer-node.json
.PHONY: $(AMI_BUILD_TARGETS)
$(AMI_BUILD_TARGETS): deps-ami
packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/ami/$(subst build-ami-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/ami/packer$(if $(findstring windows,$@),-windows,).json
.PHONY: $(AMI_VALIDATE_TARGETS)
$(AMI_VALIDATE_TARGETS): deps-ami
packer validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/ami/$(subst validate-ami-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/ami/packer$(if $(findstring windows,$@),-windows,).json
.PHONY: $(GCE_BUILD_TARGETS)
$(GCE_BUILD_TARGETS): deps-gce
packer build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/gce/$(subst build-gce-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/gce/packer.json
.PHONY: $(GCE_VALIDATE_TARGETS)
$(GCE_VALIDATE_TARGETS): deps-gce
packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/gce/$(subst validate-gce-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/gce/packer.json
.PHONY: $(AZURE_BUILD_VHD_TARGETS)
$(AZURE_BUILD_VHD_TARGETS): deps-azure
. $(abspath packer/azure/scripts/init-vhd.sh) && packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-vhd.json)" -var-file="$(abspath packer/azure/$(subst build-azure-vhd-,,$@).json)" -only="$(subst build-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json
.PHONY: $(AZURE_VALIDATE_VHD_TARGETS)
$(AZURE_VALIDATE_VHD_TARGETS): deps-azure
packer validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-vhd.json)" -var-file="$(abspath packer/azure/$(subst validate-azure-vhd-,,$@).json)" -only="$(subst validate-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json
.PHONY: $(AZURE_BUILD_SIG_TARGETS)
$(AZURE_BUILD_SIG_TARGETS): deps-azure
. $(abspath packer/azure/scripts/init-sig.sh) $(subst build-azure-sig-,,$@) && packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-sig.json)" -var-file="$(abspath packer/azure/$(subst build-azure-sig-,,$@).json)" -only="$(subst build-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json
.PHONY: $(AZURE_BUILD_SIG_GEN2_TARGETS)
$(AZURE_BUILD_SIG_GEN2_TARGETS): deps-azure
. $(abspath packer/azure/scripts/init-sig.sh) $(subst build-azure-sig-,,$@) && packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-sig-gen2.json)" -var-file="$(abspath packer/azure/$(subst build-azure-sig-,,$@).json)" -only="$(subst build-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json
.PHONY: $(AZURE_VALIDATE_SIG_TARGETS)
$(AZURE_VALIDATE_SIG_TARGETS): deps-azure
packer validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-sig.json)" -var-file="$(abspath packer/azure/$(subst validate-azure-sig-,,$@).json)" -only="$(subst validate-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring -windows,$@).json
.PHONY: $(AZURE_VALIDATE_SIG_GEN2_TARGETS)
$(AZURE_VALIDATE_SIG_GEN2_TARGETS): deps-azure
packer validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/azure/azure-config.json)" -var-file="$(abspath packer/azure/azure-sig-gen2.json)" -var-file="$(abspath packer/azure/$(subst validate-azure-sig-,,$@).json)" -only="$(subst validate-azure-,,$@)" $(ABSOLUTE_PACKER_VAR_FILES) packer/azure/packer$(findstring windows,$@).json
.PHONY: $(DO_BUILD_TARGETS)
$(DO_BUILD_TARGETS): deps-do
packer build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/digitalocean/$(subst build-do-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/digitalocean/packer.json
.PHONY: $(DO_VALIDATE_TARGETS)
$(DO_VALIDATE_TARGETS): deps-do
packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/digitalocean/$(subst validate-do-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/digitalocean/packer.json
.PHONY: $(QEMU_BUILD_TARGETS)
$(QEMU_BUILD_TARGETS): deps-qemu
packer build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/qemu/$(subst build-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/qemu/packer.json
.PHONY: $(QEMU_VALIDATE_TARGETS)
$(QEMU_VALIDATE_TARGETS): deps-qemu
packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/qemu/$(subst validate-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/qemu/packer.json
.PHONY: $(QEMU_KUBEVIRT_BUILD_TARGETS)
$(QEMU_KUBEVIRT_BUILD_TARGETS): deps-qemu
packer build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/qemu/$(subst build-kubevirt-,,$@).json)" --var 'kubevirt=true' $(ABSOLUTE_PACKER_VAR_FILES) packer/qemu/packer.json
.PHONY: $(QEMU_KUBEVIRT_VALIDATE_TARGETS)
$(QEMU_KUBEVIRT_VALIDATE_TARGETS): deps-qemu
packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/qemu/$(subst validate-kubevirt-,,$@).json)" --var 'kubevirt=true' $(ABSOLUTE_PACKER_VAR_FILES) packer/qemu/packer.json
.PHONY: $(RAW_BUILD_TARGETS)
$(RAW_BUILD_TARGETS): deps-raw
packer build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/raw/$(subst build-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/raw/packer.json
.PHONY: $(RAW_VALIDATE_TARGETS)
$(RAW_VALIDATE_TARGETS): deps-raw
packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/raw/$(subst validate-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/raw/packer.json
.PHONY: $(OCI_BUILD_TARGETS)
$(OCI_BUILD_TARGETS): deps-oci
$(if $(findstring windows,$@),./packer/oci/scripts/set_bootstrap.sh,)
packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="$(abspath packer/oci/$(subst build-oci-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/oci/packer$(findstring -windows,$@).json
$(if $(findstring windows,$@),./packer/oci/scripts/unset_bootstrap.sh,)
.PHONY: $(OCI_VALIDATE_TARGETS)
$(OCI_VALIDATE_TARGETS): deps-oci
packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/oci/$(subst validate-oci-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/oci/packer.json
.PHONY: $(OSC_BUILD_TARGETS)
$(OSC_BUILD_TARGETS): deps-osc
packer build $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/outscale/$(subst build-osc-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/outscale/packer.json
.PHONY: $(OSC_VALIDATE_TARGETS)
$(OSC_VALIDATE_TARGETS): deps-osc
packer validate $(PACKER_NODE_FLAGS) -var-file="$(abspath packer/outscale/$(subst validate-osc-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/outscale/packer.json
.PHONY: $(VBOX_BUILD_TARGETS)
$(VBOX_BUILD_TARGETS): deps-vbox
packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="packer/vbox/packer-common.json" -var-file="$(abspath packer/vbox/$(subst build-vbox-,,$@).json)" -only=virtualbox-iso $(ABSOLUTE_PACKER_VAR_FILES) packer/vbox/packer-$(if $(findstring windows,$@),windows).json
.PHONY: $(VBOX_VALIDATE_TARGETS)
$(VBOX_VALIDATE_TARGETS): deps-vbox
packer validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="packer/vbox/packer-common.json" -var-file="$(abspath packer/vbox/$(subst validate-vbox-,,$@).json)" -only=virtualbox-iso $(ABSOLUTE_PACKER_VAR_FILES) packer/vbox/packer-$(if $(findstring windows,$@),windows).json
.PHONY: $(POWERVS_BUILD_TARGETS)
$(POWERVS_BUILD_TARGETS): deps-powervs
packer build $(PACKER_POWERVS_NODE_FLAGS) -var-file="$(abspath packer/powervs/$(subst build-powervs-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) -except=flatcar packer/powervs/packer.json
.PHONY: $(POWERVS_VALIDATE_TARGETS)
$(POWERVS_VALIDATE_TARGETS): deps-powervs
packer validate $(PACKER_POWERVS_NODE_FLAGS) -var-file="$(abspath packer/powervs/$(subst validate-powervs-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) -except=flatcar packer/powervs/packer.json
.PHONY: $(NUTANIX_BUILD_TARGETS)
$(NUTANIX_BUILD_TARGETS): deps-nutanix
packer init packer/nutanix/config.pkr.hcl
packer build $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="packer/nutanix/nutanix.json" -var-file="$(abspath packer/nutanix/$(subst build-nutanix-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/nutanix/packer$(if $(findstring windows,$@),-windows,).json
.PHONY: $(NUTANIX_VALIDATE_TARGETS)
$(NUTANIX_VALIDATE_TARGETS): deps-nutanix
packer init packer/nutanix/config.pkr.hcl
packer validate $(if $(findstring windows,$@),$(PACKER_WINDOWS_NODE_FLAGS),$(PACKER_NODE_FLAGS)) -var-file="packer/nutanix/nutanix.json" -var-file="$(abspath packer/nutanix/$(subst validate-nutanix-,,$@).json)" $(ABSOLUTE_PACKER_VAR_FILES) packer/nutanix/packer$(if $(findstring windows,$@),-windows,).json
## --------------------------------------
## Dynamic clean targets
## --------------------------------------
NODE_OVA_LOCAL_CLEAN_TARGETS := $(subst build-,clean-,$(NODE_OVA_LOCAL_BUILD_TARGETS))
.PHONY: $(NODE_OVA_LOCAL_CLEAN_TARGETS)
$(NODE_OVA_LOCAL_CLEAN_TARGETS):
rm -fr output/$(subst clean-node-ova-local-,,$@)-kube*
QEMU_CLEAN_TARGETS := $(subst build-,clean-,$(QEMU_BUILD_TARGETS))
.PHONY: $(QEMU_CLEAN_TARGETS)
$(QEMU_CLEAN_TARGETS):
rm -fr output/$(subst clean-qemu-,,$@)-kube*
RAW_CLEAN_TARGETS := $(subst build-,clean-,$(RAW_BUILD_TARGETS))
.PHONY: $(RAW_CLEAN_TARGETS)
$(RAW_CLEAN_TARGETS):
rm -fr output/$(subst clean-raw-,,$@)-kube*
VBOX_CLEAN_TARGETS := $(subst build-,clean-,$(VBOX_BUILD_TARGETS))
.PHONY: $(VBOX_CLEAN_TARGETS)
$(VBOX_CLEAN_TARGETS):
rm -fr output/$(subst clean-vbox-,,$@)-kube*
## --------------------------------------
## Document dynamic build targets
## --------------------------------------
##@ Builds
build-ami-amazon-2: ## Builds Amazon-2 Linux AMI
build-ami-centos-7: ## Builds CentOS 7 AMI
build-ami-ubuntu-1804: ## Builds Ubuntu 18.04 AMI
build-ami-ubuntu-2004: ## Builds Ubuntu 20.04 AMI
build-ami-ubuntu-2204: ## Builds Ubuntu 22.04 AMI
build-ami-rockylinux-8: ## Builds RockyLinux 8 AMI
build-ami-rhel-8: ## Builds RHEL-8 AMI
build-ami-flatcar: ## Builds Flatcar
build-ami-windows-2019: ## Build Windows Server 2019 AMI Packer config
build-ami-windows-2004: ## Build Windows Server 2004 SAC AMI Packer config
build-ami-all: $(AMI_BUILD_TARGETS) ## Builds all AMIs
build-azure-sig-ubuntu-1804: ## Builds Ubuntu 18.04 Azure managed image in Shared Image Gallery
build-azure-sig-ubuntu-2004: ## Builds Ubuntu 20.04 Azure managed image in Shared Image Gallery
build-azure-sig-ubuntu-2204: ## Builds Ubuntu 22.04 Azure managed image in Shared Image Gallery
build-azure-sig-centos-7: ## Builds CentOS 7 Azure managed image in Shared Image Gallery
build-azure-sig-rhel-8: ## Builds RHEL 8 Azure managed image in Shared Image Gallery
build-azure-sig-windows-2019: ## Builds Windows Server 2019 Azure managed image in Shared Image Gallery
build-azure-sig-windows-2019-containerd: ## Builds Windows Server 2019 with containerd Azure managed image in Shared Image Gallery
build-azure-sig-windows-2022-containerd: ## Builds Windows Server 2022 with containerd Azure managed image in Shared Image Gallery
build-azure-sig-windows-2004: ## Builds Windows Server 2004 SAC Azure managed image in Shared Image Gallery
build-azure-vhd-ubuntu-1804: ## Builds Ubuntu 18.04 VHD image for Azure
build-azure-vhd-ubuntu-2004: ## Builds Ubuntu 20.04 VHD image for Azure
build-azure-vhd-ubuntu-2204: ## Builds Ubuntu 22.04 VHD image for Azure
build-azure-vhd-centos-7: ## Builds CentOS 7 VHD image for Azure
build-azure-vhd-rhel-8: ## Builds RHEL 8 VHD image for Azure
build-azure-vhd-windows-2019: ## Builds for Windows Server 2019
build-azure-vhd-windows-2019-containerd: ## Builds for Windows Server 2019 with containerd
build-azure-vhd-windows-2022-containerd: ## Builds for Windows Server 2022 with containerd
build-azure-vhd-windows-2004: ## Builds for Windows Server 2004 SAC
build-azure-sig-centos-7-gen2: ## Builds CentOS Gen2 managed image in Shared Image Gallery
build-azure-sig-flatcar: ## Builds Flatcar Azure managed image in Shared Image Gallery
build-azure-sig-flatcar-gen2: ## Builds Flatcar Azure Gen2 managed image in Shared Image Gallery
build-azure-sig-ubuntu-1804-gen2: ## Builds Ubuntu 18.04 Gen2 managed image in Shared Image Gallery
build-azure-sig-ubuntu-2004-gen2: ## Builds Ubuntu 20.04 Gen2 managed image in Shared Image Gallery
build-azure-sig-ubuntu-2204-gen2: ## Builds Ubuntu 22.04 Gen2 managed image in Shared Image Gallery
build-azure-vhds: $(AZURE_BUILD_VHD_TARGETS) ## Builds all Azure VHDs
build-azure-sigs: $(AZURE_BUILD_SIG_TARGETS) $(AZURE_BUILD_SIG_GEN2_TARGETS) ## Builds all Azure Shared Image Gallery images
build-do-ubuntu-1804: ## Builds Ubuntu 18.04 DigitalOcean Snapshot
build-do-ubuntu-2004: ## Builds Ubuntu 20.04 DigitalOcean Snapshot
build-do-centos-7: ## Builds Centos 7 DigitalOcean Snapshot
build-do-all: $(DO_BUILD_TARGETS) ## Builds all DigitalOcean Snapshot
build-gce-ubuntu-1804: ## Builds the GCE ubuntu-1804 image
build-gce-ubuntu-2004: ## Builds the GCE ubuntu-2004 image
build-gce-ubuntu-2204: ## Builds the GCE ubuntu-2204 image
build-gce-all: $(GCE_BUILD_TARGETS) ## Builds all GCE image
build-node-ova-local-centos-7: ## Builds CentOS 7 Node OVA w local hypervisor
build-node-ova-local-flatcar: ## Builds Flatcar stable Node OVA w local hypervisor
build-node-ova-local-photon-3: ## Builds Photon 3 Node OVA w local hypervisor
build-node-ova-local-photon-4: ## Builds Photon 4 Node OVA w local hypervisor
build-node-ova-local-rhel-7: ## Builds RHEL 7 Node OVA w local hypervisor
build-node-ova-local-rhel-8: ## Builds RHEL 8 Node OVA w local hypervisor
build-node-ova-local-rockylinux-8: ## Builds RockyLinux 8 Node OVA w local hypervisor
build-node-ova-local-ubuntu-1804: ## Builds Ubuntu 18.04 Node OVA w local hypervisor
build-node-ova-local-ubuntu-2004: ## Builds Ubuntu 20.04 Node OVA w local hypervisor
build-node-ova-local-windows-2019: ## Builds for Windows Server 2019 Node OVA w local hypervisor
build-node-ova-local-windows-2004: ## Builds for Windows Server 2004 SAC Node OVA w local hypervisor
build-node-ova-local-all: $(NODE_OVA_LOCAL_BUILD_TARGETS) ## Builds all Node OVAs w local hypervisor
build-node-ova-vsphere-centos-7: ## Builds CentOS 7 Node OVA and template on vSphere
build-node-ova-vsphere-flatcar: ## Builds Flatcar stable Node OVA and template on vSphere
build-node-ova-vsphere-photon-3: ## Builds Photon 3 Node OVA and template on vSphere
build-node-ova-vsphere-photon-4: ## Builds Photon 4 Node OVA and template on vSphere
build-node-ova-vsphere-rhel-7: ## Builds RHEL 7 Node OVA and template on vSphere
build-node-ova-vsphere-rhel-8: ## Builds RHEL 8 Node OVA and template on vSphere
build-node-ova-vsphere-rockylinux-8: ## Builds RockyLinux 8 Node OVA and template on vSphere
build-node-ova-vsphere-ubuntu-1804: ## Builds Ubuntu 18.04 Node OVA and template on vSphere
build-node-ova-vsphere-ubuntu-2004: ## Builds Ubuntu 20.04 Node OVA and template on vSphere
build-node-ova-vsphere-ubuntu-2204: ## Builds Ubuntu 22.04 Node OVA and template on vSphere
build-node-ova-vsphere-windows-2019: ## Builds for Windows Server 2019 and template on vSphere
build-node-ova-vsphere-windows-2004: ## Builds for Windows Server 2004 SAC and template on vSphere
build-node-ova-vsphere-windows-2022: ## Builds for Windows Server 2022 template on vSphere
build-node-ova-vsphere-ubuntu-2004-efi: ## Builds Ubuntu 20.04 Node OVA and template on vSphere that EFI boots
build-node-ova-vsphere-all: $(NODE_OVA_VSPHERE_BUILD_TARGETS) ## Builds all Node OVAs and templates on vSphere
build-node-ova-vsphere-clone-centos-7: ## Builds CentOS 7 Node OVA and template on vSphere
build-node-ova-vsphere-clone-photon-3: ## Builds Photon 3 Node OVA and template on vSphere
build-node-ova-vsphere-clone-photon-4: ## Builds Photon 4 Node OVA and template on vSphere
build-node-ova-vsphere-clone-rhel-7: ## Builds RHEL 7 Node OVA and template on vSphere
build-node-ova-vsphere-clone-rhel-8: ## Builds RHEL 8 Node OVA and template on vSphere
build-node-ova-vsphere-clone-rockylinux-8: ## Builds RockyLinux 8 Node OVA and template on vSphere
build-node-ova-vsphere-clone-ubuntu-1804: ## Builds Ubuntu 18.04 Node OVA and template on vSphere
build-node-ova-vsphere-clone-ubuntu-2004: ## Builds Ubuntu 20.04 Node OVA and template on vSphere
build-node-ova-vsphere-clone-ubuntu-2204: ## Builds Ubuntu 22.04 Node OVA and template on vSphere
build-node-ova-vsphere-clone-all: $(NODE_OVA_VSPHERE_CLONE_BUILD_TARGETS) ## Builds all Node OVAs and templates on vSphere
build-node-ova-vsphere-base-centos-7: ## Builds base CentOS 7 Node OVA and template on vSphere
build-node-ova-vsphere-base-photon-3: ## Builds base Photon 3 Node OVA and template on vSphere
build-node-ova-vsphere-base-photon-4: ## Builds base Photon 4 Node OVA and template on vSphere
build-node-ova-vsphere-base-rhel-7: ## Builds base RHEL 7 Node OVA and template on vSphere
build-node-ova-vsphere-base-rhel-8: ## Builds base RHEL 8 Node OVA and template on vSphere
build-node-ova-vsphere-base-rockylinux-8: ## Builds base RockyLinux 8 Node OVA and template on vSphere
build-node-ova-vsphere-base-ubuntu-1804: ## Builds base Ubuntu 18.04 Node OVA and template on vSphere
build-node-ova-vsphere-base-ubuntu-2004: ## Builds base Ubuntu 20.04 Node OVA and template on vSphere
build-node-ova-vsphere-base-ubuntu-2204: ## Builds base Ubuntu 22.04 Node OVA and template on vSphere
build-node-ova-vsphere-base-all: $(NODE_OVA_VSPHERE_BASE_BUILD_TARGETS) ## Builds all base Node OVAs and templates on vSphere
build-node-ova-local-vmx-photon-3: ## Builds Photon 3 Node OVA from VMX file w local hypervisor
build-node-ova-local-vmx-photon-4: ## Builds Photon 4 Node OVA from VMX file w local hypervisor
build-node-ova-local-vmx-centos-7: ## Builds Centos 7 Node OVA from VMX file w local hypervisor
build-node-ova-local-vmx-rhel-7: ## Builds RHEL 7 Node OVA from VMX file w local hypervisor
build-node-ova-local-vmx-rhel-8: ## Builds RHEL 8 Node OVA from VMX file w local hypervisor
build-node-ova-local-vmx-rockylinux-8: ## Builds RockyLinux 8 Node OVA from VMX file w local hypervisor
build-node-ova-local-vmx-ubuntu-1804: ## Builds Ubuntu 18.04 Node OVA from VMX file w local hypervisor
build-node-ova-local-vmx-ubuntu-2004: ## Builds Ubuntu 20.04 Node OVA from VMX file w local hypervisor
build-node-ova-local-base-photon-3: ## Builds Photon 3 Base Node OVA w local hypervisor
build-node-ova-local-base-photon-4: ## Builds Photon 4 Base Node OVA w local hypervisor
build-node-ova-local-base-centos-7: ## Builds Centos 7 Base Node OVA w local hypervisor
build-node-ova-local-base-rhel-7: ## Builds RHEL 7 Base Node OVA w local hypervisor
build-node-ova-local-base-rhel-8: ## Builds RHEL 8 Base Node OVA w local hypervisor
build-node-ova-local-base-rockylinux-8: ## Builds RockyLinux 8 Base Node OVA w local hypervisor
build-node-ova-local-base-ubuntu-1804: ## Builds Ubuntu 18.04 Base Node OVA w local hypervisor
build-node-ova-local-base-ubuntu-2004: ## Builds Ubuntu 20.04 Base Node OVA w local hypervisor
build-qemu-flatcar: ## Builds Flatcar QEMU image
build-qemu-ubuntu-1804: ## Builds Ubuntu 18.04 QEMU image
build-qemu-ubuntu-2004: ## Builds Ubuntu 20.04 QEMU image
build-qemu-ubuntu-2004-efi: ## Builds Ubuntu 20.04 QEMU image that EFI boots
build-qemu-ubuntu-2204: ## Builds Ubuntu 22.04 QEMU image
build-qemu-centos-7: ## Builds CentOS 7 QEMU image
build-qemu-rhel-8: ## Builds RHEL 8 QEMU image
build-qemu-rockylinux-8: ## Builds Rocky 8 QEMU image
build-qemu-all: $(QEMU_BUILD_TARGETS) ## Builds all Qemu images
build-raw-flatcar: ## Builds Flatcar RAW image
build-raw-ubuntu-1804: ## Builds Ubuntu 18.04 RAW image
build-raw-ubuntu-2004: ## Builds Ubuntu 20.04 RAW image
build-raw-ubuntu-2004-efi: ## Builds Ubuntu 20.04 RAW image that EFI boots
build-raw-all: $(RAW_BUILD_TARGETS) ## Builds all RAW images
build-oci-ubuntu-1804: ## Builds the OCI ubuntu-1804 image
build-oci-ubuntu-2004: ## Builds the OCI ubuntu-2004 image
build-oci-ubuntu-2204: ## Builds the OCI ubuntu-2204 image
build-oci-oracle-linux-8: ## Builds the OCI Oracle Linux 8.x image
build-oci-oracle-linux-9: ## Builds the OCI Oracle Linux 9.x image
build-oci-windows-2019: ## Builds the OCI Windows Server 2019 image
build-oci-windows-2022: ## Builds the OCI Windows Server 2022 image
build-oci-all: $(OCI_BUILD_TARGETS) ## Builds all OCI image
build-osc-ubuntu-2004: ## Builds Ubuntu 20.04 Outscale Snapshot
build-osc-all: $(OSC_BUILD_TARGETS) ## Builds all Outscale Snapshot
build-vbox-windows-2019: ## Builds for Windows Server 2019 Node VirtualBox w local hypervisor
build-vbox-all: $(VBOX_BUILD_TARGETS) ## Builds all Qemu images
build-nutanix-ubuntu-2004: ## Builds the Nutanix ubuntu-2004 image
build-nutanix-ubuntu-2204: ## Builds the Nutanix ubuntu-2204 image
build-nutanix-rockylinux-8: ## Builds the Nutanix Rocky Linux 8 image
build-nutanix-rockylinux-9: ## Builds the Nutanix Rocky Linux 9 image
build-nutanix-flatcar: ## Builds the Nutanix Flatcar image
build-nutanix-windows-2022: ## Builds the Nutanix Windows 2022 image
build-nutanix-all: $(NUTANIX_BUILD_TARGETS) ## Builds all Nutanix image
## --------------------------------------
## Document dynamic validate targets
## --------------------------------------
##@ Validate packer config
validate-ami-amazon-2: ## Validates Amazon-2 Linux AMI Packer config
validate-ami-centos-7: ## Validates CentOS 7 AMI Packer config
validate-ami-rockylinux-8: ## Validates RockyLinux 8 AMI Packer config
validate-ami-rhel-8: ## Validates RHEL-8 AMI Packer config
validate-ami-flatcar: ## Validates Flatcar AMI Packer config
validate-ami-ubuntu-1804: ## Validates Ubuntu 18.04 AMI Packer config
validate-ami-ubuntu-2004: ## Validates Ubuntu 20.04 AMI Packer config
validate-ami-ubuntu-2204: ## Validates Ubuntu 22.04 AMI Packer config
validate-ami-windows-2019: ## Validates Windows Server 2019 AMI Packer config
validate-ami-windows-2004: ## Validates Windows Server 2004 SAC AMI Packer config
validate-ami-all: $(AMI_VALIDATE_TARGETS) ## Validates all AMIs Packer config
validate-azure-sig-centos-7: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-rhel-8: ## Validates RHEL 8 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-ubuntu-1804: ## Validates Ubuntu 18.04 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-ubuntu-2004: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-ubuntu-2204: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-windows-2019: ## Validate Windows Server 2019 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-windows-2019-containerd: ## Validate Windows Server 2019 with containerd Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-windows-2022-containerd: ## Validate Windows Server 2022 with containerd Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-windows-2004: ## Validate Windows Server 2004 SAC Azure managed image in Shared Image Gallery Packer config
validate-azure-vhd-centos-7: ## Validates CentOS 7 VHD image Azure Packer config
validate-azure-vhd-rhel-8: ## Validates RHEL 8 VHD image Azure Packer config
validate-azure-vhd-ubuntu-1804: ## Validates Ubuntu 18.04 VHD image Azure Packer config
validate-azure-vhd-ubuntu-2004: ## Validates Ubuntu 20.04 VHD image Azure Packer config
validate-azure-vhd-ubuntu-2204: ## Validates Ubuntu 22.04 VHD image Azure Packer config
validate-azure-vhd-windows-2019: ## Validate Windows Server 2019 VHD image Azure Packer config
validate-azure-vhd-windows-2019-containerd: ## Validate Windows Server 2019 VHD with containerd image Azure Packer config
validate-azure-vhd-windows-2022-containerd: ## Validate Windows Server 2022 VHD with containerd image Azure Packer config
validate-azure-vhd-windows-2004: ## Validate Windows Server 2004 SAC VHD image Azure Packer config
validate-azure-sig-centos-7-gen2: ## Validates CentOS 7 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-ubuntu-1804-gen2: ## Validates Ubuntu 18.04 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-ubuntu-2004-gen2: ## Validates Ubuntu 20.04 Azure managed image in Shared Image Gallery Packer config
validate-azure-sig-ubuntu-2204-gen2: ## Validates Ubuntu 22.04 Azure managed image in Shared Image Gallery Packer config
validate-azure-all: $(AZURE_VALIDATE_SIG_TARGETS) $(AZURE_VALIDATE_VHD_TARGETS) $(AZURE_VALIDATE_SIG_GEN2_TARGETS) ## Validates all images for Azure Packer config
validate-do-ubuntu-1804: ## Validates Ubuntu 18.04 DigitalOcean Snapshot Packer config
validate-do-ubuntu-2004: ## Validates Ubuntu 20.04 DigitalOcean Snapshot Packer config
validate-do-centos-7: ## Validates Centos 7 DigitalOcean Snapshot Packer config
validate-do-all: $(DO_VALIDATE_TARGETS) ## Validates all DigitalOcean Snapshot Packer config
validate-gce-ubuntu-1804: ## Validates Ubuntu 18.04 GCE Snapshot Packer config
validate-gce-ubuntu-2004: ## Validates Ubuntu 20.04 GCE Snapshot Packer config
validate-gce-ubuntu-2204: ## Validates Ubuntu 22.04 GCE Snapshot Packer config
validate-gce-all: $(GCE_VALIDATE_TARGETS) ## Validates all GCE Snapshot Packer config
validate-node-ova-local-centos-7: ## Validates CentOS 7 Node OVA Packer config w local hypervisor
validate-node-ova-local-flatcar: ## Validates Flatcar stable Node OVA Packer config w local hypervisor
validate-node-ova-local-photon-3: ## Validates Photon 3 Node OVA Packer config w local hypervisor
validate-node-ova-local-photon-4: ## Validates Photon 4 Node OVA Packer config w local hypervisor
validate-node-ova-local-rhel-7: ## Validates RHEL 7 Node OVA Packer config w local hypervisor
validate-node-ova-local-rhel-8: ## Validates RHEL 8 Node OVA Packer config w local hypervisor
validate-node-ova-local-rockylinux-8: ## Validates RockyLinux 8 Node OVA Packer config w local hypervisor
validate-node-ova-local-ubuntu-1804: ## Validates Ubuntu 18.04 Node OVA Packer config w local hypervisor
validate-node-ova-local-ubuntu-2004: ## Validates Ubuntu 20.04 Node OVA Packer config w local hypervisor
validate-node-ova-local-ubuntu-2204: ## Validates Ubuntu 22.04 Node OVA Packer config w local hypervisor
validate-node-ova-local-windows-2019: ## Validates Windows Server 2019 Node OVA Packer config w local hypervisor
validate-node-ova-local-windows-2004: ## Validates Windows Server 2004 SAC Node OVA Packer config w local hypervisor
validate-node-ova-local-windows-2022: ## Validates Windows Server 2022 Node OVA Packer config w local hypervisor
validate-node-ova-local-all: $(NODE_OVA_LOCAL_VALIDATE_TARGETS) ## Validates all Node OVAs Packer config w local hypervisor
validate-node-ova-local-vmx-photon-3: ## Validates Photon 3 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-photon-4: ## Validates Photon 4 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-centos-7: ## Validates Centos 7 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-rhel-7: ## Validates RHEL 7 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-rhel-8: ## Validates RHEL 8 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-rockylinux-8: ## Validates RockyLinux 8 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-ubuntu-1804: ## Validates Ubuntu 18.04 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-ubuntu-2004: ## Validates Ubuntu 20.04 Node OVA from VMX file w local hypervisor
validate-node-ova-local-vmx-ubuntu-2204: ## Validates Ubuntu 22.04 Node OVA from VMX file w local hypervisor
validate-node-ova-local-base-photon-3: ## Validates Photon 3 Base Node OVA w local hypervisor
validate-node-ova-local-base-photon-4: ## Validates Photon 4 Base Node OVA w local hypervisor
validate-node-ova-local-base-centos-7: ## Validates Centos 7 Base Node OVA w local hypervisor
validate-node-ova-local-base-rhel-7: ## Validates RHEL 7 Base Node OVA w local hypervisor
validate-node-ova-local-base-rhel-8: ## Validates RHEL 8 Base Node OVA w local hypervisor
validate-node-ova-local-base-rockylinux-8: ## Validates RockyLinux 8 Base Node OVA w local hypervisor
validate-node-ova-local-base-ubuntu-1804: ## Validates Ubuntu 18.04 Base Node OVA w local hypervisor
validate-node-ova-local-base-ubuntu-2004: ## Validates Ubuntu 20.04 Base Node OVA w local hypervisor
validate-node-ova-local-base-ubuntu-2204: ## Validates Ubuntu 22.04 Base Node OVA w local hypervisor
validate-qemu-flatcar: ## Validates Flatcar QEMU image packer config
validate-qemu-ubuntu-1804: ## Validates Ubuntu 18.04 QEMU image packer config
validate-qemu-ubuntu-2004: ## Validates Ubuntu 20.04 QEMU image packer config
validate-qemu-ubuntu-2004-efi: ## Validates Ubuntu 20.04 QEMU EFI image packer config
validate-qemu-ubuntu-2204: ## Validates Ubuntu 22.04 QEMU image packer config
validate-qemu-centos-7: ## Validates CentOS 7 QEMU image packer config
validate-qemu-rhel-8: ## Validates RHEL 8 QEMU image
validate-qemu-rockylinux-8: ## Validates Rocky Linux 8 QEMU image packer config
validate-qemu-all: $(QEMU_VALIDATE_TARGETS) ## Validates all Qemu Packer config
validate-raw-flatcar: ## Validates Flatcar RAW image packer config
validate-raw-ubuntu-1804: ## Validates Ubuntu 18.04 RAW image packer config
validate-raw-ubuntu-2004: ## Validates Ubuntu 20.04 RAW image packer config
validate-raw-ubuntu-2004-efi: ## Validates Ubuntu 20.04 RAW EFI image packer config
validate-raw-all: $(RAW_VALIDATE_TARGETS) ## Validates all RAW Packer config
validate-oci-ubuntu-1804: ## Validates the OCI ubuntu-1804 image packer config
validate-oci-ubuntu-2004: ## Validates the OCI ubuntu-2004 image packer config
validate-oci-ubuntu-2204: ## Validates the OCI ubuntu-2204 image packer config
validate-oci-oracle-linux-8: ## Validates the OCI Oracle Linux 8.x image packer config
validate-oci-oracle-linux-9: ## Validates the OCI Oracle Linux 9.x image packer config
validate-oci-windows-2019: ## Validates the OCI Windows 2019 image packer config
validate-oci-windows-2022: ## Validates the OCI Windows 2022 image packer config
validate-oci-all: $(OCI_VALIDATE_TARGETS) ## Validates all OCI image packer config
validate-osc-ubuntu-2004: ## Validates Ubuntu 20.04 Outscale Snapshot Packer config
validate-osc-all: $(OSC_VALIDATE_TARGETS) ## Validates all Outscale Snapshot Packer config
validate-vbox-windows-2019: ## Validates Windows Server 2019 Node VirtualBox Packer config w local hypervisor
validate-vbox-all: $(VBOX_VALIDATE_TARGETS) ## Validates all RAW Packer config
validate-powervs-centos-8: ## Validates the PowerVS CentOS image packer config
validate-powervs-all: $(POWERVS_VALIDATE_TARGETS) ## Validates all PowerVS Packer config
validate-nutanix-ubuntu-2004: ## Validates Ubuntu 20.04 Nutanix Packer config
validate-nutanix-ubuntu-2204: ## Validates Ubuntu 22.04 Nutanix Packer config
validate-nutanix-rockylinux-8: ## Validates Rocky Linux 8 Nutanix Packer config
validate-nutanix-rockylinux-9: ## Validates the Nutanix Rocky Linux 9 Nutanix Packer config
validate-nutanix-flatcar: ## Validates the Nutanix Flatcar Nutanix Packer config
validate-nutanix-windows-2022: ## Validates Windows Server 2022 Nutanix Packer config
validate-nutanix-all: $(NUTANIX_VALIDATE_TARGETS) ## Validates all Nutanix Packer config
validate-all: validate-ami-all \
validate-azure-all \
validate-do-all \
validate-gce-all \
validate-node-ova-local-all \
validate-qemu-all \
validate-raw-all \
validate-oci-all \
validate-osc-all \
validate-vbox-all \
validate-powervs-all \
validate-nutanix-all
validate-all: ## Validates the Packer config for all build targets
## --------------------------------------
## Clean targets
## --------------------------------------
##@ Cleaning
.PHONY: clean
clean: ## Removes all image output directories and packer image cache
clean: $(NODE_OVA_LOCAL_CLEAN_TARGETS) $(QEMU_CLEAN_TARGETS) $(VBOX_CLEAN_TARGETS) clean-packer-cache
.PHONY: clean-ova
clean-ova: ## Removes all ova image output directories (see NOTE at top of help)
clean-ova: $(NODE_OVA_LOCAL_CLEAN_TARGETS)
.PHONY: clean-qemu
clean-qemu: ## Removes all qemu image output directories (see NOTE at top of help)
clean-qemu: $(QEMU_CLEAN_TARGETS)
.PHONY: clean-raw
clean-raw: ## Removes all raw image output directories (see NOTE at top of help)
clean-raw: $(RAW_CLEAN_TARGETS)
.PHONY: clean-vbox
clean-vbox: ## Removes all vbox image output directories (see NOTE at top of help)
clean-vbox: $(VBOX_CLEAN_TARGETS)
.PHONY: clean-packer-cache
clean-packer-cache: ## Removes the packer cache
clean-packer-cache:
rm -fr packer_cache/*
## --------------------------------------
## Docker targets
## --------------------------------------
##@ Docker
.PHONY: docker-pull-prerequisites
docker-pull-prerequisites:
# We must pre-pull images https://github.com/moby/buildkit/issues/1271
docker pull docker/dockerfile:1.1-experimental
docker pull $(BASE_IMAGE)
.PHONY: docker-build
docker-build: docker-pull-prerequisites ## Build the docker image for controller-manager
DOCKER_BUILDKIT=1 docker build --build-arg PASSED_IB_VERSION=$(IB_VERSION) --build-arg ARCH=$(ARCH) --build-arg BASE_IMAGE=$(BASE_IMAGE) . -t $(CONTROLLER_IMG)-$(ARCH):$(TAG)
.PHONY: docker-push
docker-push: ## Push the docker image
docker push $(CONTROLLER_IMG)-$(ARCH):$(TAG)
## --------------------------------------
## Test targets
## --------------------------------------
##@ Testing
.PHONY: test-azure
test-azure: ## Run the tests for Azure builders
$(abspath packer/azure/scripts/ci-azure-e2e.sh)
## --------------------------------------
## Release targets
## --------------------------------------
##@ Release
.PHONY: release-staging
release-staging: ## Builds and push container images to the staging bucket.
TAG=$(IB_VERSION) REGISTRY=$(STAGING_REGISTRY) $(MAKE) docker-build docker-push
## --------------------------------------
## Sort JSON
## --------------------------------------
##@ Sort JSON
.PHONY: json-sort
json_files = $(shell find . -type f -name "*.json" | sort -u)
json-sort: ## Sort all JSON files alphabetically
@for f in $(json_files); do (cat "$$f" | jq -S '.' >> "$$f".sorted && mv "$$f".sorted "$$f") || exit 1 ; done
## --------------------------------------
## Ignition
## --------------------------------------
##@ Ignition
.PHONY: gen-ignition
ignition_files = bootstrap
gen-ignition: deps-ignition ## Generates Ignition files from CLC
for f in $(ignition_files); do (ct < packer/files/flatcar/clc/$$f.yaml | jq '.' > packer/files/flatcar/ignition/$$f.json) || exit 1; done

4
OWNERS Normal file
View File

@@ -0,0 +1,4 @@
# See the OWNERS docs at https://go.k8s.io/owners
approvers:
- cluster-api-maintainers

5
README.md Normal file
View File

@@ -0,0 +1,5 @@
# Image Builder for Cluster API
The Image Builder can be used to build images intended for use with Kubernetes [CAPI](https://cluster-api.sigs.k8s.io/) providers. Each provider has its own format of images that it can work with. For example, AWS instances use AMIs, and vSphere uses OVAs.
For detailed documentation, see https://image-builder.sigs.k8s.io/capi/capi.html.

20
ansible.cfg Normal file
View File

@@ -0,0 +1,20 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[defaults]
remote_tmp = /tmp/.ansible
display_skipped_hosts = False
[ssh_connection]
pipelining = False

1
ansible/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
*.pyc

43
ansible/firstboot.yml Normal file
View File

@@ -0,0 +1,43 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
become: yes
vars:
firstboot_custom_roles_pre: ""
firstboot_custom_roles_post: ""
tasks:
- include_role:
name: "{{ role }}"
loop: "{{ firstboot_custom_roles_pre.split() }}"
loop_control:
loop_var: role
when: firstboot_custom_roles_pre != ""
- include_role:
name: firstboot
- include_role:
name: "{{ role }}"
loop: "{{ firstboot_custom_roles_post.split() }}"
loop_control:
loop_var: role
when: firstboot_custom_roles_post != ""
environment:
http_proxy: "{{ http_proxy | default('') }}"
https_proxy: "{{ https_proxy | default('') }}"
no_proxy: "{{ no_proxy | default('') }}"
HTTP_PROXY: "{{ http_proxy | default('') }}"
HTTPS_PROXY: "{{ https_proxy | default('') }}"
NO_PROXY: "{{ no_proxy | default('') }}"

56
ansible/node.yml Normal file
View File

@@ -0,0 +1,56 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
become: yes
vars:
node_custom_roles_pre: ""
node_custom_roles_post: ""
custom_role_names: ""
tasks:
- include_role:
name: "{{ role }}"
loop: "{{ node_custom_roles_pre.split() }}"
loop_control:
loop_var: role
when: node_custom_roles_pre != ""
- include_role:
name: node
- include_role:
name: providers
- include_role:
name: containerd
- include_role:
name: kubernetes
- include_role:
name: load_additional_components
when: load_additional_components | bool
- include_role:
name: "{{ role }}"
loop: "{{ custom_role_names.split() + node_custom_roles_post.split() }}"
loop_control:
loop_var: role
when: custom_role_names != "" or node_custom_roles_post != ""
- include_role:
name: sysprep
environment:
http_proxy: "{{ http_proxy | default('') }}"
https_proxy: "{{ https_proxy | default('') }}"
no_proxy: "{{ no_proxy | default('') }}"
HTTP_PROXY: "{{ http_proxy | default('') }}"
HTTPS_PROXY: "{{ https_proxy | default('') }}"
NO_PROXY: "{{ no_proxy | default('') }}"
PYTHONPATH: "{{ python_path }}"

32
ansible/python.yml Normal file
View File

@@ -0,0 +1,32 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
# Gathering facts requires Python to be available, so it's a chicken and egg
# problem as this playbook installs Python.
gather_facts: no
become: yes
tasks:
- include_role:
name: python
environment:
http_proxy: "{{ http_proxy | default('') }}"
https_proxy: "{{ https_proxy | default('') }}"
no_proxy: "{{ no_proxy | default('') }}"
HTTP_PROXY: "{{ http_proxy | default('') }}"
HTTPS_PROXY: "{{ https_proxy | default('') }}"
NO_PROXY: "{{ no_proxy | default('') }}"
PYTHONPATH: "{{ python_path }}"

15
ansible/roles/containerd/defaults/main.yml Normal file
View File

@@ -0,0 +1,15 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
containerd_config_file: "etc/containerd/config.toml"

18
ansible/roles/containerd/tasks/debian.yml Normal file
View File

@@ -0,0 +1,18 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install libseccomp2 package
apt:
name: libseccomp2
state: present

169
ansible/roles/containerd/tasks/main.yml Normal file
View File

@@ -0,0 +1,169 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: debian.yml
when: ansible_os_family == "Debian"
- import_tasks: redhat.yml
when: ansible_os_family == "RedHat"
- import_tasks: photon.yml
when: ansible_os_family == "VMware Photon OS"
# TODO(vincepri): Use deb/rpm packages once available.
# See https://github.com/containerd/containerd/issues/1508 for context.
- name: download containerd
get_url:
url: "{{ containerd_url }}"
checksum: "sha256:{{ containerd_sha256 }}"
dest: /tmp/containerd.tar.gz
mode: 0600
- name: download containerd-wasm-shims
get_url:
url: "{{ containerd_wasm_shims_url }}"
checksum: "sha256:{{ containerd_wasm_shims_sha256 }}"
dest: /tmp/containerd_wasm_shims.tar.gz
mode: 0600
when: containerd_wasm_shims_runtimes | length > 0
- name: Create a directory if it does not exist
file:
path: "{{ sysusr_prefix }}/bin"
state: directory
mode: 0755
# TODO(vincepri): This unpacks the entire tar in the root directory
# we should find a better way to check what's being unpacked and where.
- name: unpack containerd
unarchive:
remote_src: True
src: /tmp/containerd.tar.gz
dest: /
extra_opts:
- --no-overwrite-dir
when: ansible_os_family != "Flatcar"
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
- name: unpack containerd-wasm-shims
unarchive:
remote_src: True
src: /tmp/containerd_wasm_shims.tar.gz
dest: "{{ sysusr_prefix }}/bin"
extra_opts:
- --no-overwrite-dir
when: ansible_os_family != "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
- name: unpack containerd for Flatcar to /opt/bin
unarchive:
remote_src: True
src: /tmp/containerd.tar.gz
dest: /
extra_opts:
- --absolute-names
- --transform
- 's@usr@opt@'
- --transform
- 's@sbin@bin@'
- --transform
- 's@opt/local@opt@'
when: ansible_os_family == "Flatcar"
# install containerd Wasm shims when the runtimes are not empty -- current known runtimes are 'slight' and 'spin'
# see: https://github.com/kubernetes-sigs/image-builder/pull/1037
- name: unpack containerd-wasm-shims for Flatcar to /opt/bin
unarchive:
remote_src: True
src: /tmp/containerd_wasm_shims.tar.gz
dest: "{{ sysusr_prefix }}/bin"
extra_opts:
- --no-overwrite-dir
when: ansible_os_family == "Flatcar" and (containerd_wasm_shims_runtimes | length > 0)
# Remove /opt/cni directory, as we will install cni later
- name: delete /opt/cni directory
file:
path: /opt/cni
state: absent
# Remove /etc/cni directory, as we will configure cni later
- name: delete /etc/cni directory
file:
path: /etc/cni
state: absent
- name: Creates unit file directory
file:
path: /etc/systemd/system/containerd.service.d
state: directory
- name: Create systemd unit drop-in file for containerd to run from /opt/bin
template:
dest: /etc/systemd/system/containerd.service.d/10-opt-bin-custom.conf
src: etc/systemd/system/containerd-flatcar.conf
mode: 0600
when: ansible_os_family == "Flatcar"
- name: Create containerd memory pressure drop in file
template:
dest: /etc/systemd/system/containerd.service.d/memory-pressure.conf
src: etc/systemd/system/containerd.service.d/memory-pressure.conf
mode: 0644
- name: Create containerd max tasks drop in file
template:
dest: /etc/systemd/system/containerd.service.d/max-tasks.conf
src: etc/systemd/system/containerd.service.d/max-tasks.conf
mode: 0644
- name: Create containerd http proxy conf file if needed
template:
dest: /etc/systemd/system/containerd.service.d/http-proxy.conf
src: etc/systemd/system/containerd.service.d/http-proxy.conf
mode: 0644
when: http_proxy is defined or https_proxy is defined
- name: Creates containerd config directory
file:
path: /etc/containerd
state: directory
- name: Copy in containerd config file {{ containerd_config_file }}
template:
dest: /etc/containerd/config.toml
src: "{{ containerd_config_file }}"
mode: 0644
- name: Copy in crictl config
template:
dest: /etc/crictl.yaml
src: etc/crictl.yaml
- name: start containerd service
systemd:
name: containerd
daemon_reload: yes
enabled: True
state: restarted
- name: delete tarball
file:
path: /tmp/containerd.tar.gz
state: absent
- name: delete tarball
file:
path: /tmp/containerd_wasm_shims.tar.gz
state: absent

16
ansible/roles/containerd/tasks/photon.yml Normal file
View File

@@ -0,0 +1,16 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install libseccomp package
command: tdnf install libseccomp -y

19
ansible/roles/containerd/tasks/redhat.yml Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install libseccomp package
yum:
name: libseccomp
state: present
lock_timeout: 60

33
ansible/roles/containerd/templates/etc/containerd/config.toml Normal file
View File

@@ -0,0 +1,33 @@
## template: jinja
# Use config version 2 to enable new configuration fields.
# Config file is parsed as version 1 by default.
version = 2
{% if 'imports' not in containerd_additional_settings | b64decode %}
imports = ["/etc/containerd/conf.d/*.toml"]
{% endif %}
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "{{ pause_image }}"
{% if kubernetes_semver is version('v1.21.0', '>=') %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
{% if 'spin' in containerd_wasm_shims_runtimes %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.spin]
runtime_type = "io.containerd.spin.v1"
{% endif %}
{% if 'slight' in containerd_wasm_shims_runtimes %}
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.slight]
runtime_type = "io.containerd.slight.v1"
{% endif %}
{% endif %}
{% if packer_builder_type.startswith('azure') %}
[plugins."io.containerd.grpc.v1.cri".registry.headers]
X-Meta-Source-Client = ["azure/capz"]
{% endif %}
{{containerd_additional_settings | b64decode}}

1
ansible/roles/containerd/templates/etc/crictl.yaml Normal file
View File

@@ -0,0 +1 @@
runtime-endpoint: unix://{{ containerd_cri_socket }}

6
ansible/roles/containerd/templates/etc/systemd/system/containerd-flatcar.conf Normal file
View File

@@ -0,0 +1,6 @@
[Service]
Environment=PATH=/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
ExecStartPre=mkdir -p /run/docker/libcontainerd
ExecStartPre=ln -fs /run/containerd/containerd.sock /run/docker/libcontainerd/docker-containerd.sock
ExecStart=
ExecStart=/opt/bin/containerd --config /etc/containerd/config.toml

10
ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/http-proxy.conf Normal file
View File

@@ -0,0 +1,10 @@
[Service]
{% if http_proxy %}
Environment="HTTP_PROXY={{ http_proxy }}"
{% endif %}
{% if https_proxy %}
Environment="HTTPS_PROXY={{ https_proxy }}"
{% endif %}
{% if no_proxy %}
Environment="NO_PROXY={{ no_proxy }}"
{% endif %}

3
ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/max-tasks.conf Normal file
View File

@@ -0,0 +1,3 @@
[Service]
# Do not limit the number of tasks that can be spawned by containerd
TasksMax=infinity

8
ansible/roles/containerd/templates/etc/systemd/system/containerd.service.d/memory-pressure.conf Normal file
View File

@@ -0,0 +1,8 @@
[Service]
# Decreases the likelihood that containerd is killed due to memory
# pressure.
#
# Please see the following link for more information about the
# OOMScoreAdjust configuration property:
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#OOMScoreAdjust=
OOMScoreAdjust=-999

2
ansible/roles/firstboot/README.md Normal file
View File

@@ -0,0 +1,2 @@
This role is to be used for operating systems that require some operations
that require a reboot.

1
ansible/roles/firstboot/defaults Symbolic link
View File

@@ -0,0 +1 @@
../node/defaults

26
ansible/roles/firstboot/meta/main.yml Normal file
View File

@@ -0,0 +1,26 @@
# Copyright 2022 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
dependencies:
- role: setup
vars:
rpms: ""
debs: ""
when: ansible_os_family == "VMware Photon OS"
- role: setup
vars:
rpms: "{{ ( ( common_rpms + rh7_rpms + lookup('vars', 'common_' + build_target + '_rpms') ) if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else ( common_rpms + rh8_rpms + lookup('vars', 'common_' + build_target + '_rpms') ) ) }}"
debs: "{{ common_debs + lookup('vars', 'common_' + build_target + '_debs') }}"
when: packer_builder_type is search('qemu')

19
ansible/roles/firstboot/tasks/main.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include_tasks: photon.yml
when: ansible_os_family == "VMware Photon OS"
- include_tasks: qemu.yml
when: packer_builder_type is search('qemu')

24
ansible/roles/firstboot/tasks/photon.yml Normal file
View File

@@ -0,0 +1,24 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# no-op task just to have something for the role to do. Right now
# all the work happens in the setup role
# - meta: noop
- name: Set transparent huge pages to madvise
lineinfile:
path: /boot/photon.cfg
backrefs: yes
regexp: "^(?!.*transparent_hugepage=madvise)(photon_cmdline.*)"
line: '\1 transparent_hugepage=madvise'

17
ansible/roles/firstboot/tasks/qemu.yml Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2022 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# no-op task just to have something for the role to do. Right now
# all the work happens in the setup role
- meta: noop

41
ansible/roles/kubernetes/defaults/main.yml Normal file
View File

@@ -0,0 +1,41 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
kubernetes_goarch: "amd64"
kubernetes_bins:
- kubeadm
- kubectl
- kubelet
kubernetes_primary_imgs:
- kube-apiserver.tar
- kube-controller-manager.tar
- kube-scheduler.tar
- kube-proxy.tar
kubernetes_additional_imgs:
- pause.tar
- coredns.tar
- etcd.tar
kubernetes_load_additional_imgs: false
kubernetes_imgs: "{{ kubernetes_primary_imgs | union(kubernetes_additional_imgs) if kubernetes_load_additional_imgs | bool else kubernetes_primary_imgs }}"
kubernetes_cni_http_checksum: "sha1:{{ kubernetes_cni_http_source }}/{{ kubernetes_cni_semver }}/cni-plugins-{{ kubernetes_goarch }}-{{ kubernetes_cni_semver }}.tgz.sha1"
kubeadm_template: "etc/kubeadm.yml"
kubelet_extra_args: "--pod-infra-container-image={{ pause_image }}"

54
ansible/roles/kubernetes/tasks/crictl-url.yml Normal file
View File

@@ -0,0 +1,54 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Download crictl checksum
get_url:
url: "{{ crictl_sha256 }}"
dest: /tmp/crictl.tar.gz.sha256
mode: 0600
- name: Register checksum value for crictl
slurp:
src: /tmp/crictl.tar.gz.sha256
register: csum
- name: download crictl
vars:
sha256: "{{ csum['content'] | b64decode | trim }}"
get_url:
url: "{{ crictl_url }}"
checksum: "sha256:{{ sha256 }}"
dest: /tmp/crictl.tar.gz
mode: 0600
- name: Create "{{ sysusrlocal_prefix }}/bin" directory
file:
state: directory
path: "{{ sysusrlocal_prefix }}/bin"
mode: 0755
owner: root
group: root
- name: unpack crictl
unarchive:
remote_src: True
src: /tmp/crictl.tar.gz
dest: "{{ sysusrlocal_prefix }}/bin"
extra_opts:
- --no-overwrite-dir
- name: Remove crictl tarball
file:
state: absent
path: /tmp/crictl.tar.gz

36
ansible/roles/kubernetes/tasks/debian.yml Normal file
View File

@@ -0,0 +1,36 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Add the Kubernetes repo key
apt_key:
url: "{{ kubernetes_deb_gpg_key }}"
state: present
- name: Add the Kubernetes repo
apt_repository:
repo: "deb {{ kubernetes_deb_repo }} main"
update_cache: True
state: present
mode: 0644
filename: kubernetes
- name: Install Kubernetes
apt:
name: "{{ packages }}"
vars:
packages:
- "kubelet={{ kubernetes_deb_version }}"
- "kubeadm={{ kubernetes_deb_version }}"
- "kubectl={{ kubernetes_deb_version }}"
- "kubernetes-cni={{ kubernetes_cni_deb_version }}"

29
ansible/roles/kubernetes/tasks/ecrpull.yml Normal file
View File

@@ -0,0 +1,29 @@
# TODO: This task will be deprecated once https://github.com/containerd/cri/issues/1131 is fixed
- name: Create kubeadm config file
template:
dest: /etc/kubeadm.yml
src: etc/kubeadm.yml
mode: 0600
- name: Get images list
shell: 'kubeadm config images list --config /etc/kubeadm.yml'
register: images_list
- name: Log into ECR
command: >
aws ecr get-authorization-token
--registry-ids {{ kubernetes_container_registry.split('.')[0] }}
--region {{ kubernetes_container_registry.split('.')[3] }}
--output text
--query 'authorizationData[].authorizationToken'
register: credentials
- name: Pull images
command: "crictl pull --creds {{ credentials.stdout | b64decode }} {{ item }}"
loop: "{{ images_list.stdout_lines }}"
- name: Delete kubeadm config
file:
path: /etc/kubeadm.yml
state: absent
when: ansible_os_family != "Flatcar"

14
ansible/roles/kubernetes/tasks/kubeadmpull.yml Normal file
View File

@@ -0,0 +1,14 @@
- name: Create kubeadm config file
template:
dest: /etc/kubeadm.yml
src: "{{ kubeadm_template }}"
mode: 0600
- name: Kubeadm pull images
shell: 'kubeadm config images pull --config /etc/kubeadm.yml --cri-socket {{ containerd_cri_socket }}'
- name: Delete kubeadm config
file:
path: /etc/kubeadm.yml
state: absent
when: ansible_os_family != "Flatcar"

75
ansible/roles/kubernetes/tasks/main.yml Normal file
View File

@@ -0,0 +1,75 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: debian.yml
when: kubernetes_source_type == "pkg" and ansible_os_family == "Debian"
- import_tasks: redhat.yml
when: kubernetes_source_type == "pkg" and ansible_os_family == "RedHat"
- import_tasks: photon.yml
when: kubernetes_source_type == "pkg" and ansible_os_family == "VMware Photon OS"
- name: Symlink cri-tools
file:
src: "/usr/local/bin/{{ item }}"
dest: "/usr/bin/{{ item }}"
mode: 0777
state: link
force: yes
loop:
- ctr
- crictl
- critest
when: ansible_os_family != "Flatcar"
- import_tasks: url.yml
when: kubernetes_source_type == "http" and kubernetes_cni_source_type == "http"
# must include crictl-url.yml after installing containerd,
# as the cri-containerd tarball also includes crictl.
- import_tasks: crictl-url.yml
when: crictl_source_type == "http"
- name: Create kubelet default config file
template:
src: etc/sysconfig/kubelet
dest: "{{ '/etc/default/kubelet' if ansible_os_family == 'Debian' else '/etc/sysconfig/kubelet'}}"
owner: root
group: root
mode: 0644
- name: Enable kubelet service
systemd:
name: kubelet
daemon_reload: yes
enabled: True
state: stopped
- name: Create the Kubernetes version file
template:
dest: /etc/kubernetes-version
src: etc/kubernetes-version
mode: 0644
# TODO: This section will be deprecated once https://github.com/containerd/cri/issues/1131 is fixed. It is used to support ECR with containerd.
- name: Check if Kubernetes container registry is using Amazon ECR
set_fact:
ecr: '{{ kubernetes_container_registry is regex("^[0-9]{12}.dkr.ecr.[^.]+.amazonaws.com$") }}'
- import_tasks: kubeadmpull.yml
when: (kubernetes_source_type == "pkg" and ecr != true) or ansible_os_family == "Flatcar"
- import_tasks: ecrpull.yml
when: kubernetes_source_type != "http" and ecr == true

24
ansible/roles/kubernetes/tasks/photon.yml Normal file
View File

@@ -0,0 +1,24 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Add the kubernetes repo
template:
dest: /etc/yum.repos.d/kubernetes.repo
src: etc/yum.repos.d/kubernetes.repo
mode: 0644
- name: Install Kubernetes
command: tdnf install {{ packages }} --nogpgcheck -y
vars:
packages: "kubelet-{{ kubernetes_rpm_version }} kubeadm-{{ kubernetes_rpm_version }} kubectl-{{ kubernetes_rpm_version }} kubernetes-cni-{{kubernetes_cni_rpm_version }}"

34
ansible/roles/kubernetes/tasks/redhat.yml Normal file
View File

@@ -0,0 +1,34 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Add the Kubernetes repo
yum_repository:
name: kubernetes
description: the kubernetes yum repo
baseurl: "{{ kubernetes_rpm_repo }}"
gpgcheck: "{{ kubernetes_rpm_gpg_check }}"
gpgkey: "{{ kubernetes_rpm_gpg_key }}"
- name: Install Kubernetes
yum:
name: "{{ packages }}"
allow_downgrade: True
state: present
lock_timeout: 60
vars:
packages:
- "kubelet-{{ kubernetes_rpm_version }}"
- "kubeadm-{{ kubernetes_rpm_version }}"
- "kubectl-{{ kubernetes_rpm_version }}"
- "kubernetes-cni-{{kubernetes_cni_rpm_version }}"

115
ansible/roles/kubernetes/tasks/url.yml Normal file
View File

@@ -0,0 +1,115 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Create CNI directory
file:
state: directory
path: /opt/cni/bin
mode: 0755
owner: root
group: root
- name: Download CNI tarball
get_url:
url: "{{ kubernetes_cni_http_source }}/{{ kubernetes_cni_semver }}/cni-plugins-linux-{{ kubernetes_goarch }}-{{ kubernetes_cni_semver }}.tgz"
checksum: "{{ kubernetes_cni_http_checksum }}"
dest: /tmp/cni.tar.gz
mode: 0755
owner: root
group: root
- name: Install CNI
unarchive:
remote_src: yes
dest: /opt/cni/bin
src: /tmp/cni.tar.gz
- name: Remove CNI tarball
file:
state: absent
path: /tmp/cni.tar.gz
- name: Download Kubernetes binaries
get_url:
url: "{{ kubernetes_http_source }}/{{ kubernetes_semver }}/bin/linux/{{ kubernetes_goarch }}/{{ item }}"
# TODO(akutz) Write a script to separately download the checksum
# and verify the associated file using the correct
# checksum file format
#checksum: "sha1:{{ kubernetes_http_source }}/bin/linux/amd64/{{ item }}.sha1"
dest: "{{ sysusr_prefix }}/bin/{{ item }}"
mode: 0755
owner: root
group: root
loop: "{{ kubernetes_bins }}"
- name: Download Kubernetes images
get_url:
url: "{{ kubernetes_http_source }}/{{ kubernetes_semver }}/bin/linux/{{ kubernetes_goarch }}/{{ item }}"
# TODO(akutz) Write a script to separately download the checksum
# and verify the associated file using the correct
# checksum file format
#checksum: "sha1:{{ kubernetes_http_source }}/bin/linux/amd64/{{ item }}.sha1"
dest: "/tmp/{{ item }}"
mode: 0600
loop: "{{ kubernetes_imgs }}"
- name: Load Kubernetes images
shell: 'CONTAINERD_NAMESPACE="k8s.io" {{ sysusr_prefix }}/bin/ctr --address={{ containerd_cri_socket }} images import /tmp/{{ item }}'
loop: "{{ kubernetes_imgs }}"
- name: Remove Kubernetes images
file:
state: absent
path: "/tmp/{{ item }}"
loop: "{{ kubernetes_imgs }}"
- name: Create Kubernetes manifests directory
file:
state: directory
path: /etc/kubernetes/manifests
mode: 0755
owner: root
group: root
- name: Create kubelet sysconfig directory
file:
state: directory
path: /etc/sysconfig
mode: 0755
owner: root
group: root
- name: Create kubelet drop-in directory
file:
state: directory
path: "{{ systemd_prefix }}/system/kubelet.service.d"
mode: 0755
owner: root
group: root
- name: Create kubelet kubeadm drop-in file
template:
src: usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
dest: "{{ systemd_prefix }}/system/kubelet.service.d/10-kubeadm.conf"
owner: root
group: root
mode: 0644
- name: Create kubelet systemd file
template:
src: usr/lib/systemd/system/kubelet.service
dest: "{{ systemd_prefix }}/system/kubelet.service"
owner: root
group: root
mode: 0644

11
ansible/roles/kubernetes/templates/etc/kubeadm.yml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
imageRepository: {{ kubernetes_container_registry }}
kubernetesVersion: {{ kubernetes_semver }}
dns:
imageRepository: {{ kubernetes_container_registry }}/coredns
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
nodeRegistration:
criSocket: {{ containerd_cri_socket }}

1
ansible/roles/kubernetes/templates/etc/kubernetes-version Normal file
View File

@@ -0,0 +1 @@
{{ kubernetes_semver }}

1
ansible/roles/kubernetes/templates/etc/sysconfig/kubelet Normal file
View File

@@ -0,0 +1 @@
KUBELET_EXTRA_ARGS={{ kubelet_extra_args }}

7
ansible/roles/kubernetes/templates/etc/yum.repos.d/kubernetes.repo Normal file
View File

@@ -0,0 +1,7 @@
[kubernetes]
name=kubernetes
description=the kubernetes yum repo
baseurl={{ kubernetes_rpm_repo }}
gpgcheck={{ kubernetes_rpm_gpg_check }}
gpgkey={{ kubernetes_rpm_gpg_key }}
enabled=1

14
ansible/roles/kubernetes/templates/usr/lib/systemd/system/kubelet.service Normal file
View File

@@ -0,0 +1,14 @@
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home/
Wants=network-online.target
After=network-online.target
[Service]
ExecStart={{ sysusr_prefix }}/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target

11
ansible/roles/kubernetes/templates/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf Normal file
View File

@@ -0,0 +1,11 @@
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart={{ sysusr_prefix }}/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

22
ansible/roles/load_additional_components/defaults/main.yml Normal file
View File

@@ -0,0 +1,22 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
additional_registry_images: ""
additional_registry_images_list: ""
additional_url_images: ""
additional_url_images_list: ""
additional_executables: ""
additional_executables_list: ""
additional_executables_destination_path: ""

22
ansible/roles/load_additional_components/tasks/executables.yml Normal file
View File

@@ -0,0 +1,22 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Download additional executables
get_url:
url: "{{ item }}"
dest: "{{ additional_executables_destination_path }}"
mode: 0711
loop: "{{ additional_executables_list.split(',') }}"
retries: 5
delay: 3

23
ansible/roles/load_additional_components/tasks/main.yml Normal file
View File

@@ -0,0 +1,23 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: executables.yml
when: additional_executables | bool
- import_tasks: registry.yml
when: additional_registry_images | bool
- import_tasks: url.yml
when: additional_url_images | bool

19
ansible/roles/load_additional_components/tasks/registry.yml Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Pull additional images from registry
shell: 'CONTAINERD_NAMESPACE="k8s.io" {{ sysusr_prefix }}/bin/ctr --address={{ containerd_cri_socket }} images pull {{ item }}'
loop: "{{ additional_registry_images_list.split(',') }}"
retries: 5
delay: 3

37
ansible/roles/load_additional_components/tasks/url.yml Normal file
View File

@@ -0,0 +1,37 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Create temporary download dir
file:
path: /tmp/images
state: directory
- name: Download additional images from url
get_url:
url: "{{ item }}"
dest: "/tmp/images/"
mode: 0600
register: images
loop: "{{ additional_url_images_list.split(',') }}"
retries: 5
delay: 3
- name: Load additional images
shell: 'CONTAINERD_NAMESPACE="k8s.io" {{ sysusr_prefix }}/bin/ctr --address={{ containerd_cri_socket }} images import --no-unpack {{ item.dest }}'
loop: "{{ images.results }}"
- name: Remove downloaded files
file:
state: absent
path: "/tmp/images"

118
ansible/roles/node/defaults/main.yml Normal file
View File

@@ -0,0 +1,118 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
common_rpms:
- audit
- ca-certificates
- conntrack-tools
- chrony
- curl
- jq
- python3-pip
- socat
- sysstat
- yum-utils
# Used for AmazonLinux-2 distributions
al2_rpms:
- ebtables
- python-netifaces
- python-requests
# Used for RedHat based distributions == 7 (ex. RHEL-7, CentOS-7 etc.)
rh7_rpms:
- ebtables
- python-netifaces
- python-requests
# Used for RedHat based distributions == 8 (ex. RHEL-8, RockyLinux-8 etc.)
rh8_rpms:
- nftables
- python3-netifaces
- python3-requests
common_debs:
- auditd
- apt-transport-https
- conntrack
- chrony
- curl
- ebtables
- jq
- gnupg
- libnetfilter-acct1
- libnetfilter-cttimeout1
- libnetfilter-log1
- python3-distutils
- python3-netifaces
- python3-pip
- socat
common_photon_rpms:
- audit
- apparmor-parser
- conntrack-tools
- chrony
- dbus-python3
- distrib-compat
- ebtables
- net-tools
- openssl-c_rehash
- python3-pygobject
- python3-pip
- rng-tools
- socat
- tar
- unzip
- curl
photon_3_rpms:
- python-netifaces
- python-requests
- jq
# Creating photon_4_rpms for adding future packages if needed.
# Since empty list errors out, jq is added.
photon_4_rpms:
- jq
common_virt_rpms:
- open-vm-tools
common_virt_debs:
- linux-cloud-tools-virtual
- linux-tools-virtual
- open-vm-tools
common_virt_photon_rpms:
- open-vm-tools
common_raw_rpms: []
common_raw_debs:
- linux-cloud-tools-generic
- linux-tools-generic
common_raw_photon_rpms: []
#photon does not have backward compatibility for legacy distro behavior for sysctl.conf by default
#as it uses systemd-sysctl. set this var so we can use for sysctl conf file value.
sysctl_conf_file: "{{ '/etc/sysctl.d/99-sysctl.conf' if ansible_os_family == 'VMware Photon OS' else '/etc/sysctl.conf' }}"
pause_image: "registry.k8s.io/pause:3.9"
containerd_additional_settings: null
leak_local_mdns_to_dns: false
build_target: "virt"
cloud_cfg_file: "/etc/cloud/cloud.cfg"
external_binary_path: "{{ '/opt/bin' if ansible_os_family == 'Flatcar' else '/usr/local/bin' }}"

10
ansible/roles/node/files/etc/audit/rules.d/containerd.rules Normal file
View File

@@ -0,0 +1,10 @@
-w /var/lib/containerd/ -p rwxa -k containerd
-w /etc/containerd/ -p rwxa -k containerd
-w /etc/systemd/system/containerd.service -p rwxa -k containerd
-w /etc/systemd/system/containerd.service.d/ -p rwxa -k containerd
-w /run/containerd/ -p rwxa -k containerd
-w /usr/local/bin/containerd-shim -p rwxa -k containerd
-w /usr/local/bin/containerd-shim-runc-v1 -p rwxa -k containerd
-w /usr/local/bin/containerd-shim-runc-v2 -p rwxa -k containerd
-w /usr/local/sbin/runc -p rwxa -k containerd
-w /usr/local/bin/containerd -p rwxa -k containerd

10
ansible/roles/node/files/etc/audit/rules.d/containerd.rules-flatcar Normal file
View File

@@ -0,0 +1,10 @@
-w /var/lib/containerd/ -p rwxa -k containerd
-w /etc/containerd/ -p rwxa -k containerd
-w /etc/systemd/system/containerd.service -p rwxa -k containerd
-w /etc/systemd/system/containerd.service.d/ -p rwxa -k containerd
-w /run/containerd/ -p rwxa -k containerd
-w /opt/bin/containerd-shim -p rwxa -k containerd
-w /opt/bin/containerd-shim-runc-v1 -p rwxa -k containerd
-w /opt/bin/containerd-shim-runc-v2 -p rwxa -k containerd
-w /opt/bin/runc -p rwxa -k containerd
-w /opt/bin/containerd -p rwxa -k containerd

38
ansible/roles/node/files/usr/local/bin/etcd-network-tuning.sh Executable file
View File

@@ -0,0 +1,38 @@
#!/bin/bash
# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o errexit # exits immediately on any unexpected error (does not bypass traps)
set -o nounset # will error if variables are used without first being defined
set -o pipefail # any non-zero exit code in a piped command causes the pipeline to fail with that code
trap on_exit ERR
on_exit() {
echo "Error setting etcd network tuning parameters for interface: ${DEV}" | systemd-cat -p emerg -t etcd-tuning
}
if [ "$#" -ne 1 ]; then
echo "Error: Usage: $0 <dev>" | systemd-cat -p emerg -t etcd-tuning
exit 1
fi
DEV=$1
echo "Setting etcd network tuning parameters for interface: ${DEV}" | systemd-cat -p info -t etcd-tuning
tc qdisc add dev ${DEV} root handle 1: prio bands 3
tc filter add dev ${DEV} parent 1: protocol ip prio 1 u32 match ip sport 2380 0xffff flowid 1:1
tc filter add dev ${DEV} parent 1: protocol ip prio 1 u32 match ip dport 2380 0xffff flowid 1:1
tc filter add dev ${DEV} parent 1: protocol ip prio 2 u32 match ip sport 2379 0xffff flowid 1:1
tc filter add dev ${DEV} parent 1: protocol ip prio 2 u32 match ip dport 2379 0xffff flowid 1:1

38
ansible/roles/node/meta/main.yml Normal file
View File

@@ -0,0 +1,38 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
dependencies:
- role: setup
vars:
rpms: "{{ common_rpms + al2_rpms + lookup('vars', 'common_' + build_target + '_rpms') }}"
debs: "{{ common_debs }}"
when: ansible_distribution == "Amazon"
- role: setup
vars:
rpms: "{{ common_rpms }}"
debs: "{{ common_debs }}"
when: packer_builder_type == "oracle-oci" and ansible_architecture == "aarch64"
- role: setup
vars:
rpms: "{{ ( common_photon_rpms + photon_3_rpms + lookup('vars', 'common_' + build_target + '_photon_rpms') ) if (ansible_os_family == 'VMware Photon OS' and ansible_distribution_major_version == '3') else (common_photon_rpms + photon_4_rpms + lookup('vars', 'common_' + build_target + '_photon_rpms')) }}"
when: ansible_distribution == "VMware Photon OS"
- role: setup
vars:
rpms: "{{ ( ( common_rpms + rh7_rpms + lookup('vars', 'common_' + build_target + '_rpms') ) if (ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7') else ( common_rpms + rh8_rpms + lookup('vars', 'common_' + build_target + '_rpms') ) ) }}"
debs: "{{ common_debs + lookup('vars', 'common_' + build_target + '_debs') }}"
when: ansible_distribution != "VMware Photon OS" and ansible_distribution != "Amazon" and not (packer_builder_type == "oracle-oci" and ansible_architecture == "aarch64") and
not packer_builder_type is search('qemu')

28
ansible/roles/node/tasks/amazonLinux2.yml Normal file
View File

@@ -0,0 +1,28 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Ensure sysstat is running and comes on at reboot
service:
name: sysstat
state: started
enabled: yes
# images need to be immutable once built
# https://aws.amazon.com/amazon-linux-ami/faqs/
- name: Disable security updates on boot
lineinfile:
path: "{{ cloud_cfg_file }}"
regexp: "^repo_upgrade: security"
line: 'repo_upgrade: none'

133
ansible/roles/node/tasks/main.yml Normal file
View File

@@ -0,0 +1,133 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: photon.yml
when: ansible_os_family == "VMware Photon OS"
- import_tasks: amazonLinux2.yml
when: ansible_distribution == "Amazon"
# This is required until https://github.com/ansible/ansible/issues/77537 is fixed and used.
- name: Override Flatcar's OS family
set_fact:
ansible_os_family: Flatcar
when: ansible_os_family == "Flatcar Container Linux by Kinvolk"
tags:
- facts
- name: Ensure overlay module is present
modprobe:
name: overlay
state: present
- name: Ensure br_netfilter module is present
modprobe:
name: br_netfilter
state: present
- name: Persist required kernel modules
copy:
content: |
overlay
br_netfilter
dest: /etc/modules-load.d/kubernetes.conf
mode: 0644
- name: Set and persist kernel params
sysctl:
name: "{{ item.param }}"
value: "{{ item.val }}"
state: present
sysctl_set: yes
sysctl_file: "{{ sysctl_conf_file }}"
reload: yes
loop:
- { param: net.bridge.bridge-nf-call-iptables, val: 1 }
- { param: net.bridge.bridge-nf-call-ip6tables, val: 1 }
- { param: net.ipv4.ip_forward, val: 1 }
- { param: net.ipv6.conf.all.forwarding, val: 1 }
- { param: net.ipv6.conf.all.disable_ipv6, val: 0 }
- { param: net.ipv4.tcp_congestion_control, val: bbr }
- { param: vm.overcommit_memory, val: 1 }
- { param: kernel.panic, val: 10 }
- { param: kernel.panic_on_oops, val: 1 }
- name: Disable swap memory
shell: |
swapoff -a
when: ansible_memory_mb.swap.total != 0
- name: Edit fstab file to disable swap
shell: sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
when: ansible_memory_mb.swap.total != 0
- name: Disable conntrackd service
systemd:
name: conntrackd
state: stopped
enabled: false
when: ansible_os_family != "Debian" and ansible_os_family != "Flatcar"
- name: Ensure auditd is running and comes on at reboot
service:
name: auditd
state: started
enabled: yes
- name: configure auditd rules for containerd
copy:
src: etc/audit/rules.d/containerd.rules
dest: /etc/audit/rules.d/containerd.rules
owner: root
group: root
mode: 0644
when: ansible_os_family != "Flatcar"
- name: configure auditd rules for containerd (Flatcar)
copy:
src: etc/audit/rules.d/containerd.rules-flatcar
dest: /etc/audit/rules.d/containerd.rules
owner: root
group: root
mode: 0644
when: ansible_os_family == "Flatcar"
- name: Ensure reverse packet filtering is set as strict
sysctl:
name: net.ipv4.conf.all.rp_filter
value: "1"
state: present
sysctl_set: yes
reload: yes
when: ansible_distribution == "Ubuntu"
- name: Set transparent huge pages to madvise
lineinfile:
path: /etc/default/grub
backrefs: yes
regexp: "^(?!.*transparent_hugepage=madvise)(GRUB_CMDLINE_LINUX=.*)(\"$)"
line: '\1 transparent_hugepage=madvise"'
when: ansible_os_family == "RedHat"
- name: Copy udev etcd network tuning rules
template:
src: etc/udev/rules.d/90-etcd-tuning.rules
dest: /etc/udev/rules.d/90-etcd-tuning.rules
mode: 0744
- name: Copy etcd network tuning script
copy:
src: usr/local/bin/etcd-network-tuning.sh
dest: "{{ external_binary_path }}/etcd-network-tuning.sh"
mode: 0755

53
ansible/roles/node/tasks/photon.yml Normal file
View File

@@ -0,0 +1,53 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Leak mDNS to DNS (cloud-init-nics) (enable .local domain lookups)
ini_file:
path: /etc/systemd/network/10-cloud-init-nics.network
section: Network
option: Domains
value: "~local"
when: leak_local_mdns_to_dns
- name: Leak mDNS to DNS (dhcp) (enable .local domain lookups)
ini_file:
path: /etc/systemd/network/99-dhcp-en.network
section: Network
option: Domains
value: "~local"
when: leak_local_mdns_to_dns
- name: Double TCP small queue limit to be the same as Ubuntu
sysctl:
name: net.ipv4.tcp_limit_output_bytes
value: "524288"
state: present
sysctl_set: yes
reload: yes
sysctl_file: "{{ sysctl_conf_file }}"
- name: Disable Apparmor service
systemd:
name: apparmor
daemon_reload: yes
enabled: false
state: stopped
- name: Disable Apparmor in kernel
lineinfile:
path: /boot/photon.cfg
backrefs: yes
regexp: "^(?!.*apparmor=0)(photon_cmdline.*)"
line: '\1 apparmor=0'

15
ansible/roles/node/templates/etc/udev/rules.d/90-etcd-tuning.rules Normal file
View File

@@ -0,0 +1,15 @@
# Copyright 2022 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="pci|xen|vmbus" RUN+="{{ external_binary_path }}/etcd-network-tuning.sh $name"

17
ansible/roles/providers/defaults/main.yml Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
networkd_dispatcher_download_url: "https://gitlab.com/craftyguy/networkd-dispatcher/-/archive/2.1/networkd-dispatcher-2.1.tar.bz2"
packer_builder_type: ""
build_target: "virt"

8
ansible/roles/providers/files/etc/azure/iptables Normal file
View File

@@ -0,0 +1,8 @@
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -d 168.63.129.16/32 -p tcp -m tcp --dport 80 -m comment --comment "block traffic to 168.63.129.16 for cve-2021-27075" -j DROP
-A OUTPUT -d 168.63.129.16/32 -p tcp -m owner --uid-owner 0 -j ACCEPT
-A OUTPUT -d 168.63.129.16/32 -p tcp -m conntrack --ctstate INVALID,NEW -j DROP
COMMIT

67
ansible/roles/providers/files/etc/cloud/cloud.cfg.d/05_logging.cfg Normal file
View File

@@ -0,0 +1,67 @@
## This yaml formated config file handles setting
## logger information. The values that are necessary to be set
## are seen at the bottom. The top '_log' are only used to remove
## redundency in a syslog and fallback-to-file case.
##
## The 'log_cfgs' entry defines a list of logger configs
## Each entry in the list is tried, and the first one that
## works is used. If a log_cfg list entry is an array, it will
## be joined with '\n'.
_log:
- &log_base |
[loggers]
keys=root,cloudinit
[handlers]
keys=consoleHandler,cloudLogHandler
[formatters]
keys=simpleFormatter,arg0Formatter
[logger_root]
level=DEBUG
formatter=arg0Formatter
handlers=consoleHandler,cloudLogHandler
[logger_cloudinit]
level=DEBUG
qualname=cloudinit
handlers=
propagate=1
[handler_consoleHandler]
class=StreamHandler
level=WARNING
formatter=arg0Formatter
args=(sys.stderr,)
[formatter_arg0Formatter]
format=%(asctime)s - %(filename)s[%(levelname)s]: %(message)s
[formatter_simpleFormatter]
format=[CLOUDINIT]%(asctime)s - %(filename)s[%(levelname)s]: %(message)s
- &log_file |
[handler_cloudLogHandler]
class=FileHandler
level=DEBUG
formatter=arg0Formatter
args=('/var/log/cloud-init.log',)
- &log_syslog |
[handler_cloudLogHandler]
class=handlers.SysLogHandler
level=DEBUG
formatter=simpleFormatter
args=("/dev/log", handlers.SysLogHandler.LOG_USER)
log_cfgs:
# These will be joined into a string that defines the configuration
- [ *log_base, *log_syslog ]
# These will be joined into a string that defines the configuration
- [ *log_base, *log_file ]
# A file path can also be used
# - /etc/log.conf
# this tells cloud-init to redirect its stdout and stderr to
# 'tee -a /var/log/cloud-init-output.log' so the user can see output
# there without needing to look on the console.
output: {all: '| python3 -c ''import sys,time;sys.stdout.write("".join(( " ".join((time.strftime("[%Y-%m-%d %H:%M:%S]", time.localtime()), line)) for line in sys.stdin )))'' | tee -a /var/log/cloud-init-output.log'}

2
ansible/roles/providers/files/etc/cloud/cloud.cfg.d/99_metadata.cfg Normal file
View File

@@ -0,0 +1,2 @@
disable-ec2-metadata: false
datasource_list: [ Outscale ]

26
ansible/roles/providers/files/etc/networkd-dispatcher/no-carrier.d/20-chrony.j2 Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
# This is a networkd-dispatcher script for chronyd to handle its NTP
# sources. It sets the NTP sources online or offline when a network
# interface is configured or removed. On DHCP change, chrony will
# update its NTP sources passed from DHCP options.
export LC_ALL=C
DHCP_SERVER_FILE={{ server_dir }}/chrony.servers.$IFACE
clear_servers_from_dhcp() {
if [ -f "$DHCP_SERVER_FILE" ]; then
rm -f "$DHCP_SERVER_FILE"
{{ chrony_helper_dir }}/chrony-helper update-daemon || :
fi
}
if [ "$STATE" = "no-carrier" ]; then
clear_servers_from_dhcp
# The onoffline command tells chronyd to switch all sources to
# the online (routable) or offline (off) status according to the current network configuration.
chronyc onoffline > /dev/null 2>&1
fi
exit 0

26
ansible/roles/providers/files/etc/networkd-dispatcher/off.d/20-chrony.j2 Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
# This is a networkd-dispatcher script for chronyd to handle its NTP
# sources. It sets the NTP sources online or offline when a network
# interface is configured or removed. On DHCP change, chrony will
# update its NTP sources passed from DHCP options.
export LC_ALL=C
DHCP_SERVER_FILE={{ server_dir }}/chrony.servers.$IFACE
clear_servers_from_dhcp() {
if [ -f "$DHCP_SERVER_FILE" ]; then
rm -f "$DHCP_SERVER_FILE"
{{ chrony_helper_dir }}/chrony-helper update-daemon || :
fi
}
if [ "$STATE" = "off" ]; then
clear_servers_from_dhcp
# The onoffline command tells chronyd to switch all sources to
# the online (routable) or offline (off) status according to the current network configuration.
chronyc onoffline > /dev/null 2>&1
fi
exit 0

27
ansible/roles/providers/files/etc/networkd-dispatcher/routable.d/20-chrony.j2 Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
# This is a networkd-dispatcher script for chronyd to handle its NTP
# sources. It sets the NTP sources online or offline when a network
# interface is configured or removed. On DHCP change, chrony will
# update its NTP sources passed from DHCP options.
export LC_ALL=C
DHCP_SERVER_FILE={{ server_dir }}/chrony.servers.$IFACE
add_servers_from_dhcp() {
if [ -f "$DHCP_SERVER_FILE" ]; then
rm -f "$DHCP_SERVER_FILE"
fi
echo "$json" | jq -r 'select(.NTP !=null) .NTP[]' >> $DHCP_SERVER_FILE
{{ chrony_helper_dir }}/chrony-helper update-daemon || :
}
if [ "$STATE" = "routable" ]; then
add_servers_from_dhcp
# The onoffline command tells chronyd to switch all sources to
# the online (routable) or offline (off) status according to the current network configuration.
chronyc onoffline > /dev/null 2>&1
fi
exit 0

3
ansible/roles/providers/files/etc/systemd/system/cloud-config.service.d/boot-order.conf Normal file
View File

@@ -0,0 +1,3 @@
[Unit]
After=containerd.service
Wants=containerd.service

3
ansible/roles/providers/files/etc/systemd/system/cloud-final.service.d/boot-order.conf Normal file
View File

@@ -0,0 +1,3 @@
[Unit]
After=containerd.service
Wants=containerd.service

12
ansible/roles/providers/files/etc/systemd/system/modify-cloud-init-cfg.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Modify cloud-init config
After=cloud-final.service
AssertFileIsExecutable=/usr/local/bin/modify-cloud-init-cfg.sh
[Install]
WantedBy=cloud-init.target
[Service]
Type=simple
ExecStart=/usr/local/bin/modify-cloud-init-cfg.sh
SuccessExitStatus=0

3
ansible/roles/providers/files/etc/vmware-tools/tools.conf Normal file
View File

@@ -0,0 +1,3 @@
[guestinfo]
exclude-nics=antrea-*,cali*,cilium*,lxc*,ovs-system,br*,flannel*,veth*,vxlan_sys_*,genev_sys_*,gre_sys_*,stt_sys_*,????????-??????

BIN
ansible/roles/providers/files/tmp/cloud-init_22.2-outscale.deb Normal file
View File

Binary file not shown.

1
ansible/roles/providers/files/usr/lib/python3/dist-packages/cloudinit/feature_overrides.py Normal file
View File

@@ -0,0 +1 @@
ERROR_ON_USER_DATA_FAILURE = False

251
ansible/roles/providers/files/usr/libexec/chrony-helper Normal file
View File

@@ -0,0 +1,251 @@
#!/bin/bash
# This script configures running chronyd to use NTP servers obtained from
# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
# externally (e.g. by a dhclient script). Files with servers from DNS SRV
# records are updated here using the dig utility. The script can also list
# and set static sources in the chronyd configuration file.
chronyc=/usr/bin/chronyc
chrony_conf=/etc/chrony.conf
chrony_service=chronyd.service
helper_dir=/var/run/chrony-helper
added_servers_file=$helper_dir/added_servers
network_sysconfig_file=/etc/sysconfig/network
dhclient_servers_files=/var/lib/dhclient/chrony.servers.*
dnssrv_servers_files=$helper_dir/dnssrv@*
dnssrv_timer_prefix=chrony-dnssrv@
chrony_command() {
$chronyc -a -n -m "$1"
}
is_running() {
chrony_command "tracking" &> /dev/null
}
is_update_needed() {
for file in $dhclient_servers_files $dnssrv_servers_files \
$added_servers_file; do
[ -e "$file" ] && return 0
done
return 1
}
update_daemon() {
local all_servers_with_args all_servers added_servers
if ! is_running; then
rm -f $added_servers_file
return 0
fi
all_servers_with_args=$(
cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null)
all_servers=$(
echo "$all_servers_with_args" |
while read server serverargs; do
echo "$server"
done | sort -u)
added_servers=$( (
cat $added_servers_file 2> /dev/null
echo "$all_servers_with_args" |
while read server serverargs; do
[ -z "$server" ] && continue
chrony_command "add server $server $serverargs" &> /dev/null &&
echo "$server"
done) | sort -u)
comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") |
while read server; do
chrony_command "delete $server" &> /dev/null
done
added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers"))
[ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file ||
rm -f $added_servers_file
}
get_dnssrv_servers() {
local name=$1
if ! command -v dig &> /dev/null; then
echo "Missing dig (DNS lookup utility)" >&2
return 1
fi
(
. $network_sysconfig_file &> /dev/null
output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null)
[ $? -ne 0 ] && return 0
echo "$output" | while read prio weight port target; do
server=${target%.}
[ -z "$server" ] && continue
echo "$server port $port ${NTPSERVERARGS:-iburst}"
done
)
}
check_dnssrv_name() {
local name=$1
if [ -z "$name" ]; then
echo "No DNS SRV name specified" >&2
return 1
fi
if [ "${name:0:9}" != _ntp._udp ]; then
echo "DNS SRV name $name doesn't start with _ntp._udp" >&2
return 1
fi
}
update_dnssrv_servers() {
local name=$1
local srv_file=$helper_dir/dnssrv@$name servers
check_dnssrv_name "$name" || return 1
servers=$(get_dnssrv_servers "$name")
[ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file"
}
set_dnssrv_timer() {
local state=$1 name=$2
local srv_file=$helper_dir/dnssrv@$name servers
local timer=$dnssrv_timer_prefix$(systemd-escape "$name").timer
check_dnssrv_name "$name" || return 1
if [ "$state" = enable ]; then
systemctl enable "$timer"
systemctl start "$timer"
elif [ "$state" = disable ]; then
systemctl stop "$timer"
systemctl disable "$timer"
rm -f "$srv_file"
fi
}
list_dnssrv_timers() {
systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \
sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" |
while read -r name; do
systemd-escape --unescape "$name"
done
}
prepare_helper_dir() {
mkdir -p $helper_dir
exec 100> $helper_dir/lock
if ! flock -w 20 100; then
echo "Failed to lock $helper_dir" >&2
return 1
fi
}
is_source_line() {
local pattern="^[ \t]*(server|pool|peer|refclock)[ \t]+[^ \t]+"
[[ "$1" =~ $pattern ]]
}
list_static_sources() {
while read line; do
is_source_line "$line" && echo "$line" || :
done < $chrony_conf
}
set_static_sources() {
local new_config tmp_conf
new_config=$(
sources=$(
while read line; do
is_source_line "$line" && echo "$line"
done)
while read line; do
if ! is_source_line "$line"; then
echo "$line"
continue
fi
tmp_sources=$(
local removed=0
echo "$sources" | while read line2; do
[ "$removed" -ne 0 -o "$line" != "$line2" ] && \
echo "$line2" || removed=1
done)
[ "$sources" == "$tmp_sources" ] && continue
sources=$tmp_sources
echo "$line"
done < $chrony_conf
echo "$sources"
)
tmp_conf=${chrony_conf}.tmp
cp -a $chrony_conf $tmp_conf &&
echo "$new_config" > $tmp_conf &&
mv $tmp_conf $chrony_conf || return 1
systemctl try-restart $chrony_service
}
print_help() {
echo "Usage: $0 COMMAND"
echo
echo "Commands:"
echo " update-daemon"
echo " update-dnssrv-servers NAME"
echo " enable-dnssrv NAME"
echo " disable-dnssrv NAME"
echo " list-dnssrv"
echo " list-static-sources"
echo " set-static-sources < sources.list"
echo " is-running"
echo " command CHRONYC-COMMAND"
}
case "$1" in
update-daemon|add-dhclient-servers|remove-dhclient-servers)
is_update_needed || exit 0
prepare_helper_dir && update_daemon
;;
update-dnssrv-servers)
prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon
;;
enable-dnssrv)
set_dnssrv_timer enable "$2"
;;
disable-dnssrv)
set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon
;;
list-dnssrv)
list_dnssrv_timers
;;
list-static-sources)
list_static_sources
;;
set-static-sources)
set_static_sources
;;
is-running)
is_running
;;
command|forced-command)
chrony_command "$2"
;;
*)
print_help
exit 2
esac
exit $?

3
ansible/roles/providers/files/usr/local/bin/modify-cloud-init-cfg.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
sed -i 's/preserve_hostname'":"' false/preserve_hostname'":"' true/' /etc/cloud/cloud.cfg

74
ansible/roles/providers/tasks/aws.yml Normal file
View File

@@ -0,0 +1,74 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: upgrade pip to latest
pip:
name: pip
executable: pip3
state: latest
- name: install aws clients
pip:
name: "{{ packages }}"
executable: pip3
vars:
packages:
- awscli
when: ansible_distribution != "Amazon"
# Remove after https://github.com/aws/amazon-ssm-agent/issues/235 is fixed.
- name: install aws agents RPM on Redhat distributions
package:
name: "{{ item }}"
state: present
disable_gpg_check: true
with_items:
- "{{ amazon_ssm_agent_rpm }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution != "Amazon"
- name: install aws agents RPM
package:
name: "{{ item }}"
state: present
with_items:
- amazon-ssm-agent
- awscli
when: ansible_distribution == "Amazon"
- name: Ensure ssm agent is running RPM
service:
name: amazon-ssm-agent
state: started
enabled: yes
when: ansible_os_family == "RedHat"
- name: install aws agents Ubuntu
shell: snap install amazon-ssm-agent --classic
when: ansible_distribution == "Ubuntu"
- name: Ensure ssm agent is running Ubuntu
service:
name: snap.amazon-ssm-agent.amazon-ssm-agent.service
state: started
enabled: yes
when: ansible_distribution == "Ubuntu"
- name: Disable Hyper-V KVP protocol daemon on Ubuntu
systemd:
name: hv-kvp-daemon
state: stopped
enabled: false
when: ansible_os_family == "Debian"

67
ansible/roles/providers/tasks/azure.yml Normal file
View File

@@ -0,0 +1,67 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: redhat.yml
when: ansible_os_family == "RedHat"
- import_tasks: debian.yml
when: ansible_os_family == "Debian"
- name: Configure PTP
lineinfile:
path: /etc/chrony/chrony.conf
create: yes
line: refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0
- name: Ensure makestep parameter set as per Azure recommendation
lineinfile:
path: /etc/chrony/chrony.conf
regexp: '^makestep'
line: makestep 1.0 -1
- name: Install iptables persistence
apt:
name: "{{ packages }}"
state: present
force_apt_get: yes
vars:
packages:
- iptables-persistent
when: ansible_os_family == "Debian"
- name: Block traffic to 168.63.129.16 port 80 for cve-2021-27075
copy:
src: files/etc/azure/iptables
dest: /etc/iptables/rules.v4
owner: root
group: root
mode: 0644
when: ansible_os_family == "Debian"
- name: Load iptable rules from file
community.general.iptables_state:
state: restored
path: /etc/iptables/rules.v4
when: ansible_os_family == "Debian"
- name: Install netbase and nfs-common
apt:
name: "{{ packages }}"
state: present
force_apt_get: yes
vars:
packages:
- netbase
- nfs-common
when: ansible_os_family == "Debian"

39
ansible/roles/providers/tasks/cloudstack.yml Normal file
View File

@@ -0,0 +1,39 @@
# Copyright 2022 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Add CloudStack Datasource
copy:
dest: /etc/cloud/cloud.cfg.d/cloudstack.cfg
content: |-
datasource_list: ['CloudStack']
datasource:
CloudStack:
max_wait: 120
timeout: 50
owner: root
group: root
mode: 0644
- name: Run dracut cmd to regenerate initramfs with all drivers - needed when converting to different hypervisor templates
shell: dracut --force --no-hostonly
when: ansible_os_family == "RedHat"
- name: Add draut cmd to regenerate initramfs with only necessary drivers on first boot
lineinfile:
state: present
path: /etc/cloud/cloud.cfg.d/cloudstack.cfg
line: |-
bootcmd:
- dracut --force
when: ansible_os_family == "RedHat"

34
ansible/roles/providers/tasks/debian.yml Normal file
View File

@@ -0,0 +1,34 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: upgrade pip to latest
pip:
name: pip
executable: pip3
state: latest
- name: upgrade pyOpenSSL and cryptography
pip:
name:
- pyOpenSSL==22.0.*
- cryptography==38.0.*
executable: pip3
- name: install Azure clients
pip:
executable: pip3
name: "{{ packages }}"
vars:
packages:
- azure-cli

47
ansible/roles/providers/tasks/googlecompute.yml Normal file
View File

@@ -0,0 +1,47 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Download gcloud SDK
get_url:
url: https://sdk.cloud.google.com/
dest: /tmp/install-gcloud.sh
mode: 0700
- name: Execute install-gcloud.sh
shell: bash -o errexit -o pipefail /tmp/install-gcloud.sh --disable-prompts --install-dir=/
- name: Remove install-gcloud.sh
file:
path: /tmp/install-gcloud.sh
state: absent
- name: Find all files in /google-cloud-sdk/bin/
find:
paths: /google-cloud-sdk/bin/
register: find
- name: Create symlinks to /bin
become: True
file:
src: "{{ item.path }}"
path: "/bin/{{ item.path | basename }}"
state: link
with_items: "{{ find.files }}"
- name: Disable Hyper-V KVP protocol daemon on Ubuntu
systemd:
name: hv-kvp-daemon
state: stopped
enabled: false
when: ansible_os_family == "Debian"

120
ansible/roles/providers/tasks/main.yml Normal file
View File

@@ -0,0 +1,120 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- include_tasks: aws.yml
when: packer_builder_type.startswith('amazon')
- include_tasks: azure.yml
when: packer_builder_type.startswith('azure')
- include_tasks: outscale.yml
when: packer_builder_type.startswith('outscale')
- include_tasks: vmware.yml
when: packer_builder_type is search('vmware') or
packer_builder_type is search('vsphere')
- include_tasks: googlecompute.yml
when: packer_builder_type.startswith('googlecompute')
- include_tasks: oci.yml
when: packer_builder_type.startswith('oracle-oci')
- include_tasks: qemu.yml
when: packer_builder_type is search('qemu') and
build_target is not search('raw')
- include_tasks: cloudstack.yml
when: packer_builder_type is search('qemu') and
provider is defined and
provider is search('cloudstack')
- include_tasks: raw.yml
when: packer_builder_type is search('qemu') and
build_target is search('raw')
- include_tasks: nutanix.yml
when: packer_builder_type is search('nutanix')
# Create a boot order configuration
# b/w containerd and cloud final, cloud config services
- name: Creates unit file directory for cloud-final
file:
path: /etc/systemd/system/cloud-final.service.d
state: directory
- name: Create cloud-final boot order drop in file
copy:
dest: /etc/systemd/system/cloud-final.service.d/boot-order.conf
src: etc/systemd/system/cloud-final.service.d/boot-order.conf
owner: root
group: root
mode: "0755"
- name: Creates unit file directory for cloud-config
file:
path: /etc/systemd/system/cloud-config.service.d
state: directory
- name: Create cloud-final boot order drop in file
copy:
dest: /etc/systemd/system/cloud-config.service.d/boot-order.conf
src: etc/systemd/system/cloud-config.service.d/boot-order.conf
owner: root
group: root
mode: "0755"
# Some OS might disable cloud-final service on boot (rhel 7).
# Enable all cloud-init services on boot.
- name: Make sure all cloud init services are enabled
service:
name: "{{ item }}"
enabled: yes
with_items:
- cloud-final
- cloud-config
- cloud-init
- cloud-init-local
when: ansible_os_family != "Flatcar"
- name: Create cloud-init config file
copy:
src: files/etc/cloud/cloud.cfg.d/05_logging.cfg
dest: /etc/cloud/cloud.cfg.d/05_logging.cfg
owner: root
group: root
mode: 0644
when: ansible_os_family != "Flatcar"
- name: set cloudinit feature flags
copy:
src: usr/lib/python3/dist-packages/cloudinit/feature_overrides.py
dest: /usr/lib/python3/dist-packages/cloudinit/feature_overrides.py
owner: root
group: root
mode: 0644
when: ansible_os_family == "Debian"
- name: Ensure chrony is running
systemd:
enabled: yes
state: started
daemon_reload: yes
name: chronyd
when: (packer_builder_type.startswith('amazon') or
packer_builder_type.startswith('azure') or
packer_builder_type is search('vmware') or
packer_builder_type is search('vsphere')) and
ansible_os_family != "Flatcar"

76
ansible/roles/providers/tasks/nutanix.yml Normal file
View File

@@ -0,0 +1,76 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install cloud-init packages
apt:
name: "{{ packages }}"
state: present
force_apt_get: yes
vars:
packages:
- cloud-init
- cloud-guest-utils
- cloud-initramfs-copymods
- cloud-initramfs-dyn-netconf
when: ansible_os_family == "Debian"
- name: Install cloud-init packages
yum:
name: "{{ packages }}"
state: present
vars:
packages:
- cloud-init
- cloud-utils-growpart
when: ansible_os_family == "RedHat"
- name: Install CSI prerequisites on Ubuntu
apt:
name: "{{ packages }}"
state: present
force_apt_get: yes
vars:
packages:
- nfs-common
- open-iscsi
- lvm2
- xfsprogs
when: ansible_os_family == "Debian"
- name: Install CSI prerequisites on RedHat
yum:
name: "{{ packages }}"
state: present
vars:
packages:
- iscsi-initiator-utils
- nfs-utils
- lvm2
- xfsprogs
when: ansible_os_family == "RedHat"
- name: Enable iSCSI initiator daemon on Ubuntu or RedHat
systemd:
name: iscsid
state: started
enabled: true
when: ansible_os_family == "Debian" or
ansible_os_family == "RedHat"
- name: Disable Hyper-V KVP protocol daemon on Ubuntu
systemd:
name: hv-kvp-daemon
state: stopped
enabled: false
when: ansible_os_family == "Debian"

34
ansible/roles/providers/tasks/oci.yml Normal file
View File

@@ -0,0 +1,34 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Remove the default input reject all iptable rule
lineinfile:
path: /etc/iptables/rules.v4
state: absent
regexp: "-A INPUT -j REJECT --reject-with icmp-host-prohibited"
when: ansible_distribution == "Ubuntu"
- name: Remove the default input reject all iptable rule
lineinfile:
path: /etc/iptables/rules.v4
state: absent
regexp: "-A FORWARD -j REJECT --reject-with icmp-host-prohibited"
when: ansible_distribution == "Ubuntu"
- name: Disable firewalld service
systemd:
name: firewalld
state: stopped
enabled: false
when: ansible_distribution == "OracleLinux"

24
ansible/roles/providers/tasks/outscale.yml Normal file
View File

@@ -0,0 +1,24 @@
- name: Download cloud-int outscale package for Ubuntu
copy:
src: files/tmp/cloud-init_22.2-outscale.deb
dest: /tmp/cloud-init_22.2-outscale.deb
owner: root
group: root
mode: 0755
when: ansible_distribution == "Ubuntu"
- name: Install cloud-init outscale package
apt:
deb: /tmp/cloud-init_22.2-outscale.deb
force: True
force_apt_get: True
when: ansible_distribution == "Ubuntu"
- name: Change cloud-init metadata outscale config in Ubuntu
copy:
src: files/etc/cloud/cloud.cfg.d/99_metadata.cfg
dest: /etc/cloud/cloud.cfg.d/99_metadata.cfg
owner: root
group: root
mode: 0644
when: ansible_distribution == "Ubuntu"

49
ansible/roles/providers/tasks/qemu.yml Normal file
View File

@@ -0,0 +1,49 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install cloud-init packages
apt:
name: "{{ packages }}"
state: present
force_apt_get: yes
vars:
packages:
- cloud-init
- cloud-guest-utils
- cloud-initramfs-copymods
- cloud-initramfs-dyn-netconf
when: ansible_os_family == "Debian"
- name: Install cloud-init packages
yum:
name: "{{ packages }}"
state: present
vars:
packages:
- cloud-init
- cloud-utils-growpart
when: ansible_os_family == "RedHat"
#- name: Unlock password
# replace:
# path: /etc/cloud/cloud.cfg
# regexp: '(?i)lock_passwd: True'
# replace: 'lock_passwd: False'
- name: Disable Hyper-V KVP protocol daemon on Ubuntu
systemd:
name: hv-kvp-daemon
state: stopped
enabled: false
when: ansible_os_family == "Debian"

57
ansible/roles/providers/tasks/raw.yml Normal file
View File

@@ -0,0 +1,57 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install cloud-init packages
apt:
name: "{{ packages }}"
state: present
force_apt_get: yes
vars:
packages:
- cloud-init
- cloud-guest-utils
- cloud-initramfs-copymods
- cloud-initramfs-dyn-netconf
when: ansible_os_family == "Debian"
- name: Install cloud-init packages
yum:
name: "{{ packages }}"
state: present
vars:
packages:
- cloud-init
- cloud-utils-growpart
when: ansible_os_family == "RedHat"
#- name: Unlock password
# replace:
# path: /etc/cloud/cloud.cfg
# regexp: '(?i)lock_passwd: True'
# replace: 'lock_passwd: False'
- name: Symlink /usr/libexec/cloud-init to /usr/lib/cloud-init
file:
src: /usr/libexec/cloud-init
dest: /usr/lib/cloud-init
mode: 0777
state: link
when: ansible_os_family == "RedHat"
- name: Disable Hyper-V KVP protocol daemon on Ubuntu
systemd:
name: hv-kvp-daemon
state: stopped
enabled: false
when: ansible_os_family == "Debian"

30
ansible/roles/providers/tasks/redhat.yml Normal file
View File

@@ -0,0 +1,30 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: import the Microsoft repository key
command: rpm --import https://packages.microsoft.com/keys/microsoft.asc
- name: Add the yum repository for the azure cli
yum_repository:
name: azure_cli
description: Azure CLI
baseurl: https://packages.microsoft.com/yumrepos/azure-cli
gpgkey: https://packages.microsoft.com/keys/microsoft.asc
gpgcheck: yes
enabled: yes
- name: install Azure CLI
package:
name: azure-cli
state: present

79
ansible/roles/providers/tasks/vmware-photon.yml Normal file
View File

@@ -0,0 +1,79 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install cloud-init and tools for VMware Photon OS
command: tdnf install {{ packages }} -y
vars:
packages: "cloud-init cloud-utils python3-netifaces"
- name: Remove cloud-init /etc/cloud/cloud.cfg.d/99-disable-networking-config.cfg
file:
path: /etc/cloud/cloud.cfg.d/99-disable-networking-config.cfg
state: absent
- name: Install networkd-dispatcher service (Download from source)
unarchive:
src: "{{ networkd_dispatcher_download_url }}"
dest: /tmp
remote_src: yes
- name: Create needed directories
file:
path: "{{ item.dir }}"
state: directory
loop:
- { dir: /etc/conf.d }
- { dir: /etc/networkd-dispatcher/carrier.d }
- { dir: /etc/networkd-dispatcher/configured.d }
- { dir: /etc/networkd-dispatcher/configuring.d }
- { dir: /etc/networkd-dispatcher/degraded.d }
- { dir: /etc/networkd-dispatcher/dormant.d }
- { dir: /etc/networkd-dispatcher/no-carrier.d }
- { dir: /etc/networkd-dispatcher/off.d }
- { dir: /etc/networkd-dispatcher/routable.d }
- name: Install networkd-dispatcher service (Move files)
command: mv "{{ item.src }}" "{{ item.dest }}"
loop:
- { src: /tmp/networkd-dispatcher-2.1/networkd-dispatcher, dest: /usr/bin }
- { src: /tmp/networkd-dispatcher-2.1/networkd-dispatcher.service, dest: /etc/systemd/system }
- { src: /tmp/networkd-dispatcher-2.1/networkd-dispatcher.conf, dest: /etc/conf.d }
- name: Install networkd-dispatcher service (Run networkd-dispatcher)
systemd:
name: networkd-dispatcher
state: started
enabled: yes
- name: Copy networkd-dispatcher scripts to add DHCP provided NTP servers
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: a+x
vars:
server_dir: "/var/lib/dhclient"
chrony_helper_dir: "/usr/libexec"
loop:
- { src: files/etc/networkd-dispatcher/routable.d/20-chrony.j2, dest: /etc/networkd-dispatcher/routable.d/20-chrony }
- { src: files/etc/networkd-dispatcher/off.d/20-chrony.j2, dest: /etc/networkd-dispatcher/off.d/20-chrony }
- { src: files/etc/networkd-dispatcher/no-carrier.d/20-chrony.j2, dest: /etc/networkd-dispatcher/no-carrier.d/20-chrony }
- name: Copy chrony-helper script
copy:
src: files/usr/libexec/chrony-helper
dest: /usr/libexec/chrony-helper
owner: root
group: root
mode: a+x

51
ansible/roles/providers/tasks/vmware-redhat.yml Normal file
View File

@@ -0,0 +1,51 @@
# Copyright 2022 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install cloud-init packages
yum:
name: "{{ packages }}"
state: present
vars:
packages:
- cloud-init
- cloud-utils-growpart
- python2-pip
# pip on CentOS needs to be upgraded, but since it's still
# Python 2.7, need < 21.0
- name: Upgrade pip
pip:
name: pip<21.0
state: forcereinstall
when: ansible_distribution_major_version == '7'
# Directly installing Guestinfo datasource is needed so long as
# cloud-init is < 21.3
- name: Download cloud-init datasource for VMware Guestinfo
get_url:
url: '{{ guestinfo_datasource_script }}'
dest: /tmp/cloud-init-vmware.sh
mode: 0700
- name: Execute cloud-init-vmware.sh
shell: bash -o errexit -o pipefail /tmp/cloud-init-vmware.sh
environment:
REPO_SLUG: '{{ guestinfo_datasource_slug }}'
GIT_REF: '{{ guestinfo_datasource_ref }}'
- name: Remove cloud-init-vmware.sh
file:
path: /tmp/cloud-init-vmware.sh
state: absent

45
ansible/roles/providers/tasks/vmware-ubuntu.yml Normal file
View File

@@ -0,0 +1,45 @@
# Copyright 2021 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Install cloud-init packages
apt:
name: "{{ packages }}"
state: present
force_apt_get: yes
vars:
packages:
- cloud-init
- cloud-guest-utils
- cloud-initramfs-copymods
- cloud-initramfs-dyn-netconf
- name: Disable Hyper-V KVP protocol daemon on Ubuntu
systemd:
name: hv-kvp-daemon
state: stopped
enabled: false
- name: Copy networkd-dispatcher scripts to add DHCP provided NTP servers
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: a+x
vars:
server_dir: "/var/lib/dhcp"
chrony_helper_dir: "/usr/lib/chrony"
loop:
- { src: files/etc/networkd-dispatcher/routable.d/20-chrony.j2, dest: /etc/networkd-dispatcher/routable.d/20-chrony }
- { src: files/etc/networkd-dispatcher/off.d/20-chrony.j2, dest: /etc/networkd-dispatcher/off.d/20-chrony }
- { src: files/etc/networkd-dispatcher/no-carrier.d/20-chrony.j2, dest: /etc/networkd-dispatcher/no-carrier.d/20-chrony }

57
ansible/roles/providers/tasks/vmware.yml Normal file
View File

@@ -0,0 +1,57 @@
# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- include_tasks: vmware-photon.yml
when: ansible_os_family == "VMware Photon OS"
- include_tasks: vmware-ubuntu.yml
when: ansible_os_family == "Debian"
- include_tasks: vmware-redhat.yml
when: ansible_os_family == "RedHat"
- name: Create provider vmtools config drop-in file
copy:
src: files/etc/vmware-tools/tools.conf
dest: /etc/vmware-tools/tools.conf
owner: root
group: root
mode: 0644
when: ansible_os_family != "Flatcar"
- name: Create service to modify cloud-init config
copy:
src: files/etc/systemd/system/modify-cloud-init-cfg.service
dest: /etc/systemd/system/modify-cloud-init-cfg.service
owner: root
group: root
mode: 0644
when: ansible_os_family != "Flatcar"
- name: Copy cloud-init modification script
copy:
src: files/usr/local/bin/modify-cloud-init-cfg.sh
dest: /usr/local/bin/modify-cloud-init-cfg.sh
owner: root
group: root
mode: 0755
when: ansible_os_family != "Flatcar"
- name: Enable modify-cloud-init-cfg.service
systemd:
name: modify-cloud-init-cfg.service
daemon_reload: yes
enabled: True
state: stopped
when: ansible_os_family != "Flatcar"

19
ansible/roles/python/defaults/main.yml Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
pypy_python_version: "3.6"
pypy_version: "7.2.0"
pypy_download_path: "/tmp/pypy.tar.bz2"
pypy_install_path: "/opt"

30
ansible/roles/python/tasks/flatcar.yml Normal file
View File

@@ -0,0 +1,30 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Check if pypy is installed
raw: "[ -f {{ pypy_install_path }}/pypy/bin/pypy ] && echo 'true' || echo 'false'"
register: pypy_installed
- name: Install pypy
block:
- name: Download pypy archive
raw: "curl https://github.com/squeaky-pl/portable-pypy/releases/download/pypy{{ pypy_python_version }}-{{ pypy_version }}/pypy{{ pypy_python_version }}-{{ pypy_version }}-linux_x86_64-portable.tar.bz2 -L --output {{ pypy_download_path }}"
- name: Extract archive
raw: "tar -xjf {{ pypy_download_path }} -C {{ pypy_install_path }}"
- name: Rename pypy folder
raw: "mv {{ pypy_install_path }}/pypy{{ pypy_python_version }}-{{ pypy_version }}-linux_x86_64-portable/ {{ pypy_install_path }}/pypy"
- name: Delete downloaded archive
raw: "rm -f {{ pypy_download_path }}"
when:
- pypy_installed.stdout_lines[0] == "false"

22
ansible/roles/python/tasks/main.yml Normal file
View File

@@ -0,0 +1,22 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Get distribution name from lsb-release
raw: "grep DISTRIB_ID /etc/lsb-release || echo '/etc/lsb-release not found'"
register: distrib_id
- include_tasks: flatcar.yml
# We can't use ansible_os_family fact here for consistency, as facts gathering
# is disabled in the playbook which includes this role. See playbook for more details.
when: distrib_id.stdout_lines[0] is search("Flatcar")

27
ansible/roles/setup/defaults/main.yml Normal file
View File

@@ -0,0 +1,27 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
debs: ""
extra_debs: ""
pinned_debs: []
redhat_epel_rpm: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm"
epel_rpm_gpg_key: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7"
rpms: ""
extra_rpms: ""
disable_public_repos: false
external_binary_path: "{{ '/opt/bin' if ansible_os_family == 'Flatcar' else '/usr/local/bin' }}"
extra_repos: ""
pip_conf_file: ""

3
ansible/roles/setup/files/etc/systemd/system-environment-generators/10-flatcar-path Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
. /etc/profile
echo "PATH=$PATH"

11
ansible/roles/setup/files/etc/systemd/system/usr-libexec.mount Normal file
View File

@@ -0,0 +1,11 @@
[Unit]
Description=Kubernetes flex volume plugin directory
[Mount]
What=overlay
Where=/usr/libexec
Type=overlay
Options=lowerdir=/usr/libexec,workdir=/opt/libexec.work,upperdir=/opt/libexec
[Install]
WantedBy=multi-user.target

28
ansible/roles/setup/tasks/bootstrap-flatcar.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# Flatcar ships without Python installed
- name: Check if bootstrap is needed
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
environment: {}
failed_when: false
changed_when: false
tags:
- facts
- name: Set the ansible_python_interpreter fact
set_fact:
ansible_python_interpreter: "{{ external_binary_path }}/python"
tags:
- facts
# Some tasks are not compatible with Flatcar, so to centralize and deduplicate the logic of checking
# if we run on Flatcar, we define it here.
#
# This is required until https://github.com/ansible/ansible/issues/77537 is fixed and used.
- name: Override Flatcar's OS family
set_fact:
ansible_os_family: Flatcar
when: ansible_os_family == "Flatcar Container Linux by Kinvolk"
tags:
- facts

105
ansible/roles/setup/tasks/debian.yml Normal file
View File

@@ -0,0 +1,105 @@
# Copyright 2018 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Put templated sources.list in place
template:
src: etc/apt/sources.list.j2
dest: /etc/apt/sources.list
mode: 0644
# OCI Base images have the required apt sources list embedded inside the image, adding the sources list
# from this repo leads to build failures(especially in Arm), hence ignoring the step.
when: packer_builder_type != "oracle-oci"
- name: Put templated apt.conf.d/90proxy in place when defined
template:
src: etc/apt/apt.conf.d/90proxy
dest: /etc/apt/apt.conf.d/90proxy
mode: 0644
when: http_proxy is defined or https_proxy is defined
- name: Ensure cloud-final is in a running state
service:
name: cloud-final
state: started
check_mode: yes
register: cloudfinalstatus
until: cloudfinalstatus.status.ActiveState == "active"
retries: 5
delay: 10
when: packer_builder_type == "oracle-oci" and extra_repos != ""
- name: Find existing repo files
find:
depth: 1
paths:
- /etc/apt
- /etc/apt/sources.list.d
patterns: '*.list'
register: repo_files
when: disable_public_repos|bool
- name: Disable repos
command: "mv {{ item.path }} {{ item.path }}.disabled"
loop: "{{ repo_files.files }}"
when: disable_public_repos|bool
- name: Install extra repos
copy:
src: "{{ item }}"
dest: "/etc/apt/sources.list.d/{{ item | basename }}"
mode: 0644
loop: "{{ extra_repos.split() }}"
when: extra_repos != ""
- name: perform a dist-upgrade
apt:
force_apt_get: True
update_cache: True
upgrade: dist
register: apt_lock_status
until: apt_lock_status is not failed
retries: 5
delay: 10
- name: install baseline dependencies
apt:
force_apt_get: True
update_cache: True
name: "{{ debs }}"
state: latest
register: apt_lock_status
until: apt_lock_status is not failed
retries: 5
delay: 10
- name: install extra debs
apt:
force_apt_get: True
name: "{{ extra_debs.split() }}"
state: latest
register: apt_lock_status
until: apt_lock_status is not failed
retries: 5
delay: 10
- name: install pinned debs
apt:
force_apt_get: True
name: "{{ pinned_debs }}"
state: present
force: yes
register: apt_lock_status
until: apt_lock_status is not failed
retries: 5
delay: 10

55
ansible/roles/setup/tasks/flatcar.yml Normal file
View File

@@ -0,0 +1,55 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- include_tasks: bootstrap-flatcar.yml
- name: Create /opt/libexec overlay directories
file:
path: "{{ item }}"
state: directory
with_items:
- /opt/libexec
- /opt/libexec.work
- name: Create usr-libexec.mount unit
copy:
src: etc/systemd/system/usr-libexec.mount
dest: /etc/systemd/system/usr-libexec.mount
owner: root
group: root
mode: "0644"
- name: Enable usr-libexec.mount unit
systemd:
daemon_reload: yes
enabled: yes
name: usr-libexec.mount
- name: Create system-environment-generators directory
file:
path: /etc/systemd/system-environment-generators
state: directory
- name: Add env generator that includes system PATH on service path
copy:
src: etc/systemd/system-environment-generators/10-flatcar-path
dest: /etc/systemd/system-environment-generators/10-flatcar-path
owner: root
group: root
mode: "0755"
- name: Enable systemd-timesyncd unit
systemd:
enabled: yes
name: systemd-timesyncd.service

36
ansible/roles/setup/tasks/main.yml Normal file
View File

@@ -0,0 +1,36 @@
# Copyright 2020 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: debian.yml
when: ansible_os_family == "Debian"
- import_tasks: flatcar.yml
# This task overrides ansible_os_family to "Flatcar" as a workaround for
# regression between Flatcar and Ansible, so rest of the code can use just
# "Flatcar" for comparison, which is the correct value.
when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
- import_tasks: redhat.yml
when: ansible_os_family == "RedHat"
- import_tasks: photon.yml
when: ansible_os_family == "VMware Photon OS"
# Copy in pip config file when defined
- name: Install pip config file
copy:
src: "{{ pip_conf_file }}"
dest: /etc/pip.conf
mode: 0644
when: pip_conf_file != ""

Some files were not shown because too many files have changed in this diff Show More