diff --git a/Earthfile b/Earthfile index e84f0ef..5eeeb87 100644 --- a/Earthfile +++ b/Earthfile @@ -1,28 +1,36 @@ VERSION 0.6 ARG TARGETOS ARG TARGETARCH -FROM gcr.io/spectro-images-public/canvos/alpine-cert:v1.0.0 -# Variables used in the builds. Update for ADVANCED use cases only -ARG OS_DISTRIBUTION -ARG OS_VERSION -ARG IMAGE_REGISTRY -ARG IMAGE_REPO=$OS_DISTRIBUTION -ARG K8S_DISTRIBUTION -ARG CUSTOM_TAG -ARG CLUSTERCONFIG -ARG ARCH -ARG PE_VERSION=v4.2.1 +## Default Image Repos Used in the Builds. +ARG SPECTRO_PUB_REPO=gcr.io/spectro-images-public +ARG SPECTRO_LUET_REPO=gcr.io/spectro-dev-public +ARG KAIROS_BASE_IMAGE_URL=quay.io/kairos +ARG ETCD_REPO=https://github.com/etcd-io +FROM $SPECTRO_PUB_REPO/canvos/alpine-cert:v1.0.0 + +## Spectro Cloud and Kairos Tags ## +ARG PE_VERSION=v4.2.3 ARG SPECTRO_LUET_VERSION=v1.2.0 ARG KAIROS_VERSION=v2.4.3 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 -ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.7.11 -ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION +ARG OSBUILDER_IMAGE=$KAIROS_BASE_IMAGE_URL/osbuilder-tools:$OSBUILDER_VERSION ARG K3S_PROVIDER_VERSION=v4.2.1 ARG KUBEADM_PROVIDER_VERSION=v4.2.1 ARG RKE2_PROVIDER_VERSION=v4.1.1 + +# Variables used in the builds. Update for ADVANCED use cases only Modify in .arg file or via CLI arguements +ARG OS_DISTRIBUTION +ARG OS_VERSION +ARG IMAGE_REGISTRY +ARG IMAGE_REPO=$OS_DISTRIBUTION +ARG K8S_DISTRIBUTION +ARG CUSTOM_TAG +ARG CLUSTERCONFIG +ARG ARCH + ARG FIPS_ENABLED=false ARG HTTP_PROXY ARG HTTPS_PROXY @@ -31,6 +39,9 @@ ARG http_proxy=${HTTP_PROXY} ARG https_proxy=${HTTPS_PROXY} ARG no_proxy=${NO_PROXY} ARG PROXY_CERT_PATH + + + ARG UPDATE_KERNEL=false ARG TWO_NODE=false ARG KINE_VERSION=0.11.4 @@ -42,10 +53,10 @@ IF [ "$OS_DISTRIBUTION" = "ubuntu" ] && [ "$BASE_IMAGE" = "" ] ELSE ARG BASE_IMAGE_TAG=$OS_DISTRIBUTION:$OS_VERSION-core-$ARCH-generic-$KAIROS_VERSION END - ARG BASE_IMAGE=$BASE_IMAGE_URL/$BASE_IMAGE_TAG + ARG BASE_IMAGE=$KAIROS_BASE_IMAGE_URL/$BASE_IMAGE_TAG ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$BASE_IMAGE" = "" ] ARG BASE_IMAGE_TAG=opensuse:leap-$OS_VERSION-core-$ARCH-generic-$KAIROS_VERSION - ARG BASE_IMAGE=$BASE_IMAGE_URL/$BASE_IMAGE_TAG + ARG BASE_IMAGE=$KAIROS_BASE_IMAGE_URL/$BASE_IMAGE_TAG ELSE IF [ "$OS_DISTRIBUTION" = "rhel" ] || [ "$OS_DISTRIBUTION" = "sles" ] # Check for default value for rhel ARG BASE_IMAGE @@ -55,10 +66,6 @@ IF [[ "$BASE_IMAGE" =~ "ubuntu-20-lts-arm-nvidia-jetson-agx-orin" ]] ARG IS_JETSON=true END -elemental: - FROM quay.io/kairos/packages:elemental-cli-system-0.3.1 - SAVE ARTIFACT /usr/bin/elemental /elemental - build-all-images: IF $FIPS_ENABLED BUILD +build-provider-images-fips @@ -74,18 +81,21 @@ build-all-images: END build-provider-images: - # BUILD +provider-image --K8S_VERSION=1.24.6 - # BUILD +provider-image --K8S_VERSION=1.25.2 - # BUILD +provider-image --K8S_VERSION=1.26.4 - # BUILD +provider-image --K8S_VERSION=1.27.2 - # BUILD +provider-image --K8S_VERSION=1.25.13 - # BUILD +provider-image --K8S_VERSION=1.26.8 - # BUILD +provider-image --K8S_VERSION=1.27.5 - # BUILD +provider-image --K8S_VERSION=1.27.7 - # BUILD +provider-image --K8S_VERSION=1.26.10 - # BUILD +provider-image --K8S_VERSION=1.25.15 - # BUILD +provider-image --K8S_VERSION=1.28.2 - BUILD +provider-image --K8S_VERSION=1.28.4 + BUILD +provider-image --K8S_VERSION=1.24.6 + BUILD +provider-image --K8S_VERSION=1.25.2 + BUILD +provider-image --K8S_VERSION=1.26.4 + BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.25.13 + BUILD +provider-image --K8S_VERSION=1.26.8 + BUILD +provider-image --K8S_VERSION=1.27.5 + BUILD +provider-image --K8S_VERSION=1.27.7 + BUILD +provider-image --K8S_VERSION=1.26.10 + BUILD +provider-image --K8S_VERSION=1.25.15 + BUILD +provider-image --K8S_VERSION=1.28.2 + BUILD +provider-image --K8S_VERSION=1.29.0 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.28.5 BUILD +provider-image --K8S_VERSION=1.29.0 build-provider-images-fips: @@ -94,17 +104,29 @@ build-provider-images-fips: BUILD +provider-image --K8S_VERSION=1.25.9 BUILD +provider-image --K8S_VERSION=1.26.4 BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.29.0 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.28.5 ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] BUILD +provider-image --K8S_VERSION=1.24.6 BUILD +provider-image --K8S_VERSION=1.25.2 BUILD +provider-image --K8S_VERSION=1.25.0 BUILD +provider-image --K8S_VERSION=1.26.4 BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.28.5 + BUILD +provider-image --K8S_VERSION=1.29.0 ELSE BUILD +provider-image --K8S_VERSION=1.24.6 BUILD +provider-image --K8S_VERSION=1.25.2 BUILD +provider-image --K8S_VERSION=1.26.4 BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.28.5 + BUILD +provider-image --K8S_VERSION=1.29.0 END BASE_ALPINE: @@ -117,7 +139,7 @@ BASE_ALPINE: download-etcdctl: DO +BASE_ALPINE - RUN curl --retry 5 -Ls https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \ + RUN curl --retry 5 -Ls $ETCD_REPO/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \ chmod +x etcdctl SAVE ARTIFACT etcdctl @@ -139,11 +161,22 @@ build-iso: COPY overlay/files-iso/ /overlay/ COPY --if-exists user-data /overlay/files-iso/config.yaml COPY --if-exists content-*/*.zst /overlay/opt/spectrocloud/content/ - IF [ "$CLUSTERCONFIG" != ""] - COPY --if-exists $CLUSTERCONFIG /overlay/opt/spectrocloud/clusterconfig/spc.tgz + #check if clusterconfig is passed in + IF [ "$CLUSTERCONFIG" != "" ] + COPY --if-exists "$CLUSTERCONFIG" /overlay/opt/spectrocloud/clusterconfig/spc.tgz END + + + WORKDIR /build COPY --platform=linux/${ARCH} --keep-own +iso-image-rootfs/rootfs /build/image + + COPY --if-exists ui.tar /build/image/opt/spectrocloud/emc/ + RUN if [ -f /build/image/opt/spectrocloud/emc/ui.tar ]; then \ + tar -xf /build/image/opt/spectrocloud/emc/ui.tar -C /build/image/opt/spectrocloud/emc && \ + rm -f /build/image/opt/spectrocloud/emc/ui.tar; \ + fi + IF [ "$ARCH" = "arm64" ] RUN /entrypoint.sh --name $ISO_NAME build-iso --date=false --overlay-iso /overlay dir:/build/image --debug --output /iso/ --arch $ARCH ELSE IF [ "$ARCH" = "amd64" ] @@ -159,7 +192,11 @@ provider-image: # added PROVIDER_K8S_VERSION to fix missing image in ghcr.io/kairos-io/provider-* ARG K8S_VERSION=1.26.4 ARG IMAGE_REPO - ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION-$CUSTOM_TAG + IF [ "$CUSTOM_TAG" != "" ] + ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION-$CUSTOM_TAG + ELSE + ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION + END IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] ARG BASE_K8S_VERSION=$K8S_VERSION @@ -174,6 +211,7 @@ provider-image: COPY --platform=linux/${ARCH} +kairos-provider-image/ / COPY +stylus-image/etc/kairos/branding /etc/kairos/branding COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml + COPY +stylus-image/etc/elemental/config.yaml /etc/elemental/config.yaml IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] RUN luet install -y container-runtime/containerd END @@ -194,26 +232,27 @@ provider-image: stylus-image: IF [ "$FIPS_ENABLED" = "true" ] - ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION + ARG STYLUS_BASE=$SPECTRO_PUB_REPO/stylus-framework-fips-linux-$ARCH:$PE_VERSION ELSE - ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-linux-$ARCH:$PE_VERSION + ARG STYLUS_BASE=$SPECTRO_PUB_REPO/stylus-framework-linux-$ARCH:$PE_VERSION END FROM $STYLUS_BASE SAVE ARTIFACT ./* SAVE ARTIFACT /etc/kairos/branding + SAVE ARTIFACT /etc/elemental/config.yaml SAVE ARTIFACT /oem/stylus_config.yaml kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION END FROM --platform=linux/${ARCH} $PROVIDER_BASE SAVE ARTIFACT ./* @@ -224,28 +263,8 @@ base-image: --build-arg OS_DISTRIBUTION=$OS_DISTRIBUTION --build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTPS_PROXY \ --build-arg NO_PROXY=$NO_PROXY . - IF [ "$IS_JETSON" = "true" ] + IF [ "$IS_JETSON" = "true" ] COPY mount.yaml /system/oem/mount.yaml - END - - IF [ "$ARCH" = "arm64" ] - RUN mkdir -p /etc/luet/repos.conf.d && \ - SPECTRO_LUET_VERSION=$SPECTRO_LUET_VERSION luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo-arm --priority 1 -y && \ - luet repo update - ELSE IF [ "$ARCH" = "amd64" ] - RUN mkdir -p /etc/luet/repos.conf.d && \ - SPECTRO_LUET_VERSION=$SPECTRO_LUET_VERSION luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo --priority 1 -y && \ - luet repo update - END - - IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG BASE_K8S_VERSION=$K8S_VERSION - ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG K8S_DISTRIBUTION_TAG=$K3S_FLAVOR_TAG - ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG - ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG K8S_DISTRIBUTION_TAG=$RKE2_FLAVOR_TAG - ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG END # OS == Ubuntu @@ -273,7 +292,9 @@ base-image: RUN kernel=$(ls /lib/modules | tail -n1) && \ depmod -a "${kernel}" - RUN ln -s /usr/sbin/grub-editenv /usr/bin/grub2-editenv + RUN if [ ! -f /usr/bin/grub2-editenv ]; then \ + ln -s /usr/sbin/grub-editenv /usr/bin/grub2-editenv; \ + fi RUN rm -rf /var/cache/* && \ apt clean @@ -295,26 +316,24 @@ base-image: COPY sc.crt /usr/share/pki/trust/anchors RUN update-ca-certificates END - + # Enable or Disable Kernel Updates IF [ "$UPDATE_KERNEL" = "false" ] RUN zypper al kernel-de* END - RUN zypper refresh && \ - zypper update -y + RUN zypper refresh && zypper update -y - IF [ -e "/usr/bin/dracut" ] - RUN --no-cache kernel=$(ls /lib/modules | tail -n1) && depmod -a "${kernel}" - RUN --no-cache kernel=$(ls /lib/modules | tail -n1) && dracut -f "/boot/initrd-${kernel}" "${kernel}" && ln -sf "initrd-${kernel}" /boot/initrd - END - # zypper up kernel-default && \ - # zypper purge-kernels && \ + IF [ -e "/usr/bin/dracut" ] + RUN --no-cache kernel=$(ls /lib/modules | tail -n1) && depmod -a "${kernel}" + RUN --no-cache kernel=$(ls /lib/modules | tail -n1) && dracut -f "/boot/initrd-${kernel}" "${kernel}" && ln -sf "initrd-${kernel}" /boot/initrd + END IF $TWO_NODE RUN zypper --non-interactive --quiet addrepo --refresh -p 90 http://download.opensuse.org/repositories/server:database:postgresql/openSUSE_Tumbleweed/ PostgreSQL && \ zypper --gpg-auto-import-keys ref && \ zypper install -y postgresql-16 postgresql-server-16 postgresql-contrib iputils END + RUN zypper install -y zstd vim iputils bridge-utils curl ethtool tcpdump && \ zypper cc && \ zypper clean @@ -324,19 +343,23 @@ base-image: RUN zypper install -y apparmor-parser apparmor-profiles RUN zypper cc && \ zypper clean - RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser + RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi END + IF [ "$ARCH" = "arm64" ] + ARG LUET_REPO=luet-repo-arm + ELSE IF [ "$ARCH" = "amd64" ] + ARG LUET_REPO=luet-repo + END + RUN mkdir -p /etc/luet/repos.conf.d && \ + SPECTRO_LUET_VERSION=$SPECTRO_LUET_VERSION luet repo add spectro --type docker --url $SPECTRO_LUET_REPO/$LUET_REPO --priority 1 -y && \ + luet repo update - IF [ "$OS_DISTRIBUTION" = "sles" ] - RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser + IF [ "$OS_DISTRIBUTION" = "rhel" ] + RUN yum install -y openssl END - IF [ "$ARCH" = "arm64" ] - RUN mkdir -p /etc/luet/repos.conf.d && luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo-arm --priority 1 -y && luet repo update - ELSE IF [ "$ARCH" = "amd64" ] - RUN mkdir -p /etc/luet/repos.conf.d && \ - luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo --priority 1 -y && \ - luet repo update + IF [ "$OS_DISTRIBUTION" = "sles" ] + RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi END DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION @@ -349,8 +372,6 @@ base-image: chmod 444 /etc/machine-id RUN rm /tmp/* -rf - COPY +elemental/elemental /usr/bin/elemental - # Ensure SElinux gets disabled RUN if grep "security=selinux" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/security=selinux //g' /etc/cos/bootargs.cfg; fi &&\ if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi @@ -372,7 +393,11 @@ iso-image: RUN rm -f /etc/ssh/ssh_host_* /etc/ssh/moduli RUN touch /etc/machine-id \ && chmod 444 /etc/machine-id - SAVE IMAGE palette-installer-image:$PE_VERSION-$CUSTOM_TAG + IF [ "$CUSTOM_TAG" != "" ] + SAVE IMAGE palette-installer-image:$PE_VERSION-$CUSTOM_TAG + ELSE + SAVE IMAGE palette-installer-image:$PE_VERSION + END OS_RELEASE: COMMAND @@ -389,4 +414,4 @@ OS_RELEASE: # update OS-release file RUN sed -i -n '/KAIROS_/!p' /etc/os-release - RUN envsubst >>/etc/os-release >/etc/os-release **Sample Output** ```shell -git checkout v4.2.1 -Note: switching to 'v4.2.1'. +git checkout v4.2.3 +Note: switching to 'v4.2.3'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this @@ -160,7 +160,7 @@ To build the provider images To build the fips enabled ubuntu installer image ```shell -./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.1 +./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.3 ``` Output @@ -180,7 +180,7 @@ system.registry: ttl.sh system.repo: ubuntu system.k8sDistribution: k3s system.osName: ubuntu -system.peVersion: v4.2.1 +system.peVersion: v4.2.3 system.customTag: demo system.osVersion: 22 ``` @@ -195,10 +195,10 @@ palette-edge-installer.iso.sha256 # Output REPOSITORY TAG IMAGE ID CREATED SIZE -ttl.sh/ubuntu k3s-1.24.6-v4.2.1-demo cad8acdd2797 17 hours ago 4.62GB -ttl.sh/ubuntu k3s-1.24.6-v4.2.1-demo_linux_amd64 cad8acdd2797 17 hours ago 4.62GB -ttl.sh/ubuntu k3s-1.25.2-v4.2.1-demo f6e490f53971 17 hours ago 4.62GB -ttl.sh/ubuntu k3s-1.25.2-v4.2.1-demo_linux_amd64 f6e490f53971 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.24.6-v4.2.3-demo cad8acdd2797 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.24.6-v4.2.3-demo_linux_amd64 cad8acdd2797 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.25.2-v4.2.3-demo f6e490f53971 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.25.2-v4.2.3-demo_linux_amd64 f6e490f53971 17 hours ago 4.62GB ``` Earthly is a multi-architecture build tool. In this example we are building images for AMD64 hardware which is reflected by the tags above. In the future we will support ARM64 builds and those tags will be included. We only need to push the image tag that DOES NOT have the architecture reference i.e `linux_amd64` in the above example. @@ -206,8 +206,7 @@ Earthly is a multi-architecture build tool. In this example we are building ima 11. The provider images are by default not pushed to a registry. You can push the images by using the `docker push` command and reference the created images. ```shell -docker push ttl.sh/ubuntu:k3s-1.25.2-v4.2.1-demo && \ -docker push ttl.sh/ubuntu:k3s-1.24.6-v4.2.1-demodocker push ttl.sh/ubuntu:k3s-1.24.6-v3.4.3-demo +docker push ttl.sh/ubuntu:k3s-1.25.2-v4.2.3-demo ``` > ⚠️ The default registry, [ttl.sh](https://ttl.sh/) is a short-lived registry. Images in the ttl.sh registry have a default time to live of diff --git a/earthly.sh b/earthly.sh index 7584059..dc98c3c 100755 --- a/earthly.sh +++ b/earthly.sh @@ -11,17 +11,17 @@ function build_with_proxy() { docker stop earthly-buildkitd fi # start earthly buildkitd - docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION + docker run -d --privileged --name earthly-buildkitd -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } function build_without_proxy() { # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } global_config="{disable_analytics: true}" @@ -68,7 +68,7 @@ echo -e '\n' echo -e 'pack:' echo -e ' content:' echo -e ' images:' -echo -e ' - image: "{{ .spectro.pack.edge-native-byoi.options.system.registry }}/{{ .spectro.pack.edge-native-byoi.options.system.repo }}:{{ .spectro.pack.edge-native-byoi.options.system.k8sDistribution }}-{{ .spectro.system.kubernetes.version }}-{{ .spectro.pack.edge-native-byoi.options.system.peVersion }}-{{ .spectro.pack.edge-native-byoi.options.system.customTag }}"' +echo -e ' - image: "{{.spectro.pack.edge-native-byoi.options.system.uri}}"' echo -e ' # Below config is default value, please uncomment if you want to modify default values' echo -e ' #drain:' echo -e ' #cordon: true' diff --git a/slem/Dockerfile b/slem/Dockerfile index eed39be..31ca407 100644 --- a/slem/Dockerfile +++ b/slem/Dockerfile @@ -1,5 +1,6 @@ ARG BASE_IMAGE=registry.suse.com/suse/sle-micro-rancher/5.4:latest FROM $BASE_IMAGE + ADD repos/SUSE* /etc/zypp/repos.d/ ADD services/* /etc/zypp/services.d/ RUN zypper --gpg-auto-import-keys ref @@ -11,7 +12,9 @@ RUN zypper in --force-resolution -y \ polkit \ rng-tools \ nano \ + growpart \ && zypper cc + ADD repos/opensuse* /etc/zypp/repos.d/ RUN zypper --gpg-auto-import-keys ref RUN zypper in --force-resolution -y --no-allow-vendor-change \ @@ -24,63 +27,11 @@ RUN zypper in --force-resolution -y --no-allow-vendor-change \ RUN mkdir -p /run/lock RUN mkdir -p /usr/libexec RUN touch /usr/libexec/.keep -COPY --from=quay.io/kairos/framework:v2.4.3_opensuse-leap / / -RUN mkdir -p /etc/dnf -RUN echo "install_weak_deps=False" > /etc/dnf/dnf.conf +COPY --from=quay.io/kairos/framework:v2.4.3_generic / / -RUN zypper in --force-resolution -y \ - bash-completion \ - conntrack-tools \ - coreutils \ - curl \ - device-mapper \ - dhcp-client \ - dosfstools \ - dracut \ - e2fsprogs \ - fail2ban \ - findutils \ - gawk \ - growpart \ - gptfdisk \ - haveged \ - htop \ - iproute2 \ - iptables \ - iputils \ - issue-generator \ - jq \ - less \ - logrotate \ - lsscsi \ - lvm2 \ - mdadm \ - multipath-tools \ - nano \ -# nohang \ - open-iscsi \ - openssh \ - open-vm-tools \ - parted \ - pigz \ - policycoreutils \ - polkit \ - procps \ - rng-tools \ - rsync \ - squashfs \ - strace \ - sudo \ - systemd \ - systemd-network \ - tar \ - timezone \ - tmux \ - vim \ - which \ - tpm2* \ - && zypper cc \ +# Remove file below to allow dracut to build initrd without dhcp-client +RUN rm -rf /usr/lib/dracut/modules.d/35network-legacy ## Generate initrd RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \ @@ -89,6 +40,8 @@ RUN kernel=$(ls /lib/modules | head -n1) && \ dracut -v -N -f "/boot/initrd-${kernel}" "${kernel}" && \ ln -sf "initrd-${kernel}" /boot/initrd && depmod -a "${kernel}" RUN kernel=$(ls /lib/modules | head -n1) && dracut -f "/boot/initrd-${kernel}" "${kernel}" && ln -sf "initrd-${kernel}" /boot/initrd + +# Cleanup RUN rm -rf /boot/initramfs-* RUN rm -rf /etc/zypp/repos.d/* RUN rm -rf /etc/zypp/services.d/* \ No newline at end of file diff --git a/slem/README.md b/slem/README.md index db10e57..3c73647 100644 --- a/slem/README.md +++ b/slem/README.md @@ -1,6 +1,9 @@ -# slem +# SUSE Linux Enterprise Micro -slem base image needs to built on the slem server. -A registration code is need to build the slem base image. +## Pre-requisites : +* A host with SLES Micro distribution installed +* Registration code to register with SUSEConnect +* If you wish to override the BASE_IMAGE, make sure to use a container image that has zypper installed in it +## Steps to build the image: ./build.sh diff --git a/slem/build.sh b/slem/build.sh index 0832ceb..e493794 100644 --- a/slem/build.sh +++ b/slem/build.sh @@ -1,20 +1,29 @@ #!/bin/bash +if [[ -z "$1" ]]; then + echo "ERROR : Registration code is empty !" + echo "Re-run this utility with SUSE Registration code in the args." + echo "Example : ./build.sh 123456789" + exit 1 +fi +REGISTRATION_CODE=$1 + set -ex -REGISTRATION_CODE=$1 -mkdir /var/slem +mkdir -p /var/slem +yes | cp ./Dockerfile /var/slem cd /var/slem -mkdir repos -mkdir services +mkdir -p repos +mkdir -p services cd repos/ -mkdir SUSE -mkdir opensuse +mkdir -p SUSE +mkdir -p opensuse cd SUSE cp /etc/zypp/repos.d/SUSE*.repo . cd ../../services/ cp /etc/zypp/services.d/*.service . cd ../repos/opensuse/ + cat > opensuse-oss.repo <