From 885c6239e7ee00480ef5b55bc796e75100c7a639 Mon Sep 17 00:00:00 2001 From: Akhilesh Verma Date: Fri, 5 Jan 2024 22:53:30 +0530 Subject: [PATCH 01/15] PE-3073: add preloaded content for cluster config (#122) --- Earthfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Earthfile b/Earthfile index a5e78b9..0c4c299 100644 --- a/Earthfile +++ b/Earthfile @@ -138,8 +138,9 @@ build-iso: COPY overlay/files-iso/ /overlay/ COPY --if-exists user-data /overlay/files-iso/config.yaml COPY --if-exists content-*/*.zst /overlay/opt/spectrocloud/content/ - IF [ "$CLUSTERCONFIG" != ""] - COPY --if-exists $CLUSTERCONFIG /overlay/opt/spectrocloud/clusterconfig/spc.tgz + #check if clusterconfig is passed in + IF [ "$CLUSTERCONFIG" != "" ] + COPY --if-exists "$CLUSTERCONFIG" /overlay/opt/spectrocloud/clusterconfig/spc.tgz END WORKDIR /build COPY --platform=linux/${ARCH} --keep-own +iso-image-rootfs/rootfs /build/image From 942f3854660c15324a805a03590f434eb5953478 Mon Sep 17 00:00:00 2001 From: Santhosh Date: Sun, 7 Jan 2024 02:32:12 +0530 Subject: [PATCH 02/15] pe version update, image macro update (#123) --- Earthfile | 6 +++--- README.md | 21 ++++++++++----------- earthly.sh | 2 +- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/Earthfile b/Earthfile index 0c4c299..179b342 100644 --- a/Earthfile +++ b/Earthfile @@ -12,7 +12,7 @@ ARG K8S_DISTRIBUTION ARG CUSTOM_TAG ARG CLUSTERCONFIG ARG ARCH -ARG PE_VERSION=v4.2.1 +ARG PE_VERSION=v4.2.3 ARG SPECTRO_LUET_VERSION=v1.2.0 ARG KAIROS_VERSION=v2.4.3 ARG K3S_FLAVOR_TAG=k3s1 @@ -205,9 +205,9 @@ stylus-image: kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG PROVIDER_BASE=gcr.io/spectro-dev-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED diff --git a/README.md b/README.md index 55fc715..8c2edaf 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ v3.4.1 v3.4.3 v4.1.0 -v4.2.1 +v4.2.3 ``` 4. Checkout the desired tag @@ -90,8 +90,8 @@ git checkout **Sample Output** ```shell -git checkout v4.2.1 -Note: switching to 'v4.2.1'. +git checkout v4.2.3 +Note: switching to 'v4.2.3'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this @@ -160,7 +160,7 @@ To build the provider images To build the fips enabled ubuntu installer image ```shell -./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.1 +./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.3 ``` Output @@ -180,7 +180,7 @@ system.registry: ttl.sh system.repo: ubuntu system.k8sDistribution: k3s system.osName: ubuntu -system.peVersion: v4.2.1 +system.peVersion: v4.2.3 system.customTag: demo system.osVersion: 22 ``` @@ -195,10 +195,10 @@ palette-edge-installer.iso.sha256 # Output REPOSITORY TAG IMAGE ID CREATED SIZE -ttl.sh/ubuntu k3s-1.24.6-v4.2.1-demo cad8acdd2797 17 hours ago 4.62GB -ttl.sh/ubuntu k3s-1.24.6-v4.2.1-demo_linux_amd64 cad8acdd2797 17 hours ago 4.62GB -ttl.sh/ubuntu k3s-1.25.2-v4.2.1-demo f6e490f53971 17 hours ago 4.62GB -ttl.sh/ubuntu k3s-1.25.2-v4.2.1-demo_linux_amd64 f6e490f53971 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.24.6-v4.2.3-demo cad8acdd2797 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.24.6-v4.2.3-demo_linux_amd64 cad8acdd2797 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.25.2-v4.2.3-demo f6e490f53971 17 hours ago 4.62GB +ttl.sh/ubuntu k3s-1.25.2-v4.2.3-demo_linux_amd64 f6e490f53971 17 hours ago 4.62GB ``` Earthly is a multi-architecture build tool. In this example we are building images for AMD64 hardware which is reflected by the tags above. In the future we will support ARM64 builds and those tags will be included. We only need to push the image tag that DOES NOT have the architecture reference i.e `linux_amd64` in the above example. @@ -206,8 +206,7 @@ Earthly is a multi-architecture build tool. In this example we are building ima 11. The provider images are by default not pushed to a registry. You can push the images by using the `docker push` command and reference the created images. ```shell -docker push ttl.sh/ubuntu:k3s-1.25.2-v4.2.1-demo && \ -docker push ttl.sh/ubuntu:k3s-1.24.6-v4.2.1-demodocker push ttl.sh/ubuntu:k3s-1.24.6-v3.4.3-demo +docker push ttl.sh/ubuntu:k3s-1.25.2-v4.2.3-demo ``` > ⚠️ The default registry, [ttl.sh](https://ttl.sh/) is a short-lived registry. Images in the ttl.sh registry have a default time to live of diff --git a/earthly.sh b/earthly.sh index 7584059..ae61db3 100755 --- a/earthly.sh +++ b/earthly.sh @@ -68,7 +68,7 @@ echo -e '\n' echo -e 'pack:' echo -e ' content:' echo -e ' images:' -echo -e ' - image: "{{ .spectro.pack.edge-native-byoi.options.system.registry }}/{{ .spectro.pack.edge-native-byoi.options.system.repo }}:{{ .spectro.pack.edge-native-byoi.options.system.k8sDistribution }}-{{ .spectro.system.kubernetes.version }}-{{ .spectro.pack.edge-native-byoi.options.system.peVersion }}-{{ .spectro.pack.edge-native-byoi.options.system.customTag }}"' +echo -e ' - image: "{{.spectro.pack.edge-native-byoi.options.system.uri}}"' echo -e ' # Below config is default value, please uncomment if you want to modify default values' echo -e ' #drain:' echo -e ' #cordon: true' From aede2e253b989779e103f92901f859c1913b2ae0 Mon Sep 17 00:00:00 2001 From: Nianyu Shen Date: Tue, 9 Jan 2024 23:42:37 -0800 Subject: [PATCH 03/15] PE-3394 ignore custom_tag if empty (#124) * add default value for custom_tag Signed-off-by: Nianyu Shen * Update Earthfile with conditional logic for CUSTOM_TAG Signed-off-by: Nianyu Shen * fix typo Signed-off-by: Nianyu Shen --------- Signed-off-by: Nianyu Shen --- Earthfile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Earthfile b/Earthfile index 179b342..d716162 100644 --- a/Earthfile +++ b/Earthfile @@ -159,7 +159,11 @@ provider-image: # added PROVIDER_K8S_VERSION to fix missing image in ghcr.io/kairos-io/provider-* ARG K8S_VERSION=1.26.4 ARG IMAGE_REPO - ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION-$CUSTOM_TAG + IF [ "$CUSTOM_TAG" != "" ] + ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION-$CUSTOM_TAG + ELSE + ARG IMAGE_PATH=$IMAGE_REGISTRY/$IMAGE_REPO:$K8S_DISTRIBUTION-$K8S_VERSION-$PE_VERSION + END IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] ARG BASE_K8S_VERSION=$K8S_VERSION @@ -347,7 +351,11 @@ iso-image: RUN rm -f /etc/ssh/ssh_host_* /etc/ssh/moduli RUN touch /etc/machine-id \ && chmod 444 /etc/machine-id - SAVE IMAGE palette-installer-image:$PE_VERSION-$CUSTOM_TAG + IF [ "$CUSTOM_TAG" != "" ] + SAVE IMAGE palette-installer-image:$PE_VERSION-$CUSTOM_TAG + ELSE + SAVE IMAGE palette-installer-image:$PE_VERSION + END OS_RELEASE: COMMAND From d5e147bd07e610e456e9796a60d227bf6692f21b Mon Sep 17 00:00:00 2001 From: Piyush Kumar Date: Mon, 29 Jan 2024 22:39:35 +0530 Subject: [PATCH 04/15] remove elemental binary (#127) --- Earthfile | 6 ------ 1 file changed, 6 deletions(-) diff --git a/Earthfile b/Earthfile index d716162..8d6d032 100644 --- a/Earthfile +++ b/Earthfile @@ -54,10 +54,6 @@ IF [[ "$BASE_IMAGE" =~ "ubuntu-20-lts-arm-nvidia-jetson-agx-orin" ]] ARG IS_JETSON=true END -elemental: - FROM quay.io/kairos/packages:elemental-cli-system-0.3.1 - SAVE ARTIFACT /usr/bin/elemental /elemental - build-all-images: IF $FIPS_ENABLED BUILD +build-provider-images-fips @@ -336,8 +332,6 @@ base-image: chmod 444 /etc/machine-id RUN rm /tmp/* -rf - COPY +elemental/elemental /usr/bin/elemental - # Ensure SElinux gets disabled RUN if grep "security=selinux" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/security=selinux //g' /etc/cos/bootargs.cfg; fi &&\ if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi From 98f392b4cb31bbd0a42cb0c9296fd5afbdf6b8c3 Mon Sep 17 00:00:00 2001 From: Chinmay Gabel Date: Thu, 1 Feb 2024 21:03:53 -0800 Subject: [PATCH 05/15] PE-3593: Theming support in Edge Forge to add customizations.json in CanvOS (#129) * PE-3593: Theming support in Edge Forge to add customizations.json in CanvOS --- Earthfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Earthfile b/Earthfile index 8d6d032..95ca1db 100644 --- a/Earthfile +++ b/Earthfile @@ -138,6 +138,13 @@ build-iso: IF [ "$CLUSTERCONFIG" != "" ] COPY --if-exists "$CLUSTERCONFIG" /overlay/opt/spectrocloud/clusterconfig/spc.tgz END + + COPY --if-exists ui.tar /overlay/opt/spectrocloud/emc/ + RUN if [ -f /overlay/opt/spectrocloud/emc/ui.tar ]; then \ + tar -xf /overlay/opt/spectrocloud/emc/ui.tar -C /overlay/opt/spectrocloud/emc && \ + rm -f /overlay/opt/spectrocloud/emc/ui.tar; \ + fi + WORKDIR /build COPY --platform=linux/${ARCH} --keep-own +iso-image-rootfs/rootfs /build/image IF [ "$ARCH" = "arm64" ] From a73e5180f5e860725979b3255c4f79e6a42194b0 Mon Sep 17 00:00:00 2001 From: Piyush Kumar Date: Fri, 2 Feb 2024 15:34:35 +0530 Subject: [PATCH 06/15] add elemental config for backward compatibility (#130) --- Earthfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Earthfile b/Earthfile index 95ca1db..cd92550 100644 --- a/Earthfile +++ b/Earthfile @@ -181,6 +181,7 @@ provider-image: COPY --platform=linux/${ARCH} +kairos-provider-image/ / COPY +stylus-image/etc/kairos/branding /etc/kairos/branding COPY +stylus-image/oem/stylus_config.yaml /etc/kairos/branding/stylus_config.yaml + COPY +stylus-image/etc/elemental/config.yaml /etc/elemental/config.yaml IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] RUN luet install -y container-runtime/containerd END @@ -208,6 +209,7 @@ stylus-image: FROM $STYLUS_BASE SAVE ARTIFACT ./* SAVE ARTIFACT /etc/kairos/branding + SAVE ARTIFACT /etc/elemental/config.yaml SAVE ARTIFACT /oem/stylus_config.yaml kairos-provider-image: From 2e632b9de64545d447ca8feed9acd7fe292f51f6 Mon Sep 17 00:00:00 2001 From: Boobalan Rathinam <57693963+brathina-spectro@users.noreply.github.com> Date: Tue, 13 Feb 2024 12:30:01 -0800 Subject: [PATCH 07/15] Updated SLEM build script for Kairos v2.4.3 (#126) * SLEM build changed * Fix kairos framework version to 2.4.3 * Fix the docker tag name * slem kairos 2.4.3 changes --- slem/Dockerfile | 63 +++++++------------------------------------------ slem/README.md | 9 ++++--- slem/build.sh | 29 +++++++++++++++-------- 3 files changed, 33 insertions(+), 68 deletions(-) diff --git a/slem/Dockerfile b/slem/Dockerfile index eed39be..31ca407 100644 --- a/slem/Dockerfile +++ b/slem/Dockerfile @@ -1,5 +1,6 @@ ARG BASE_IMAGE=registry.suse.com/suse/sle-micro-rancher/5.4:latest FROM $BASE_IMAGE + ADD repos/SUSE* /etc/zypp/repos.d/ ADD services/* /etc/zypp/services.d/ RUN zypper --gpg-auto-import-keys ref @@ -11,7 +12,9 @@ RUN zypper in --force-resolution -y \ polkit \ rng-tools \ nano \ + growpart \ && zypper cc + ADD repos/opensuse* /etc/zypp/repos.d/ RUN zypper --gpg-auto-import-keys ref RUN zypper in --force-resolution -y --no-allow-vendor-change \ @@ -24,63 +27,11 @@ RUN zypper in --force-resolution -y --no-allow-vendor-change \ RUN mkdir -p /run/lock RUN mkdir -p /usr/libexec RUN touch /usr/libexec/.keep -COPY --from=quay.io/kairos/framework:v2.4.3_opensuse-leap / / -RUN mkdir -p /etc/dnf -RUN echo "install_weak_deps=False" > /etc/dnf/dnf.conf +COPY --from=quay.io/kairos/framework:v2.4.3_generic / / -RUN zypper in --force-resolution -y \ - bash-completion \ - conntrack-tools \ - coreutils \ - curl \ - device-mapper \ - dhcp-client \ - dosfstools \ - dracut \ - e2fsprogs \ - fail2ban \ - findutils \ - gawk \ - growpart \ - gptfdisk \ - haveged \ - htop \ - iproute2 \ - iptables \ - iputils \ - issue-generator \ - jq \ - less \ - logrotate \ - lsscsi \ - lvm2 \ - mdadm \ - multipath-tools \ - nano \ -# nohang \ - open-iscsi \ - openssh \ - open-vm-tools \ - parted \ - pigz \ - policycoreutils \ - polkit \ - procps \ - rng-tools \ - rsync \ - squashfs \ - strace \ - sudo \ - systemd \ - systemd-network \ - tar \ - timezone \ - tmux \ - vim \ - which \ - tpm2* \ - && zypper cc \ +# Remove file below to allow dracut to build initrd without dhcp-client +RUN rm -rf /usr/lib/dracut/modules.d/35network-legacy ## Generate initrd RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \ @@ -89,6 +40,8 @@ RUN kernel=$(ls /lib/modules | head -n1) && \ dracut -v -N -f "/boot/initrd-${kernel}" "${kernel}" && \ ln -sf "initrd-${kernel}" /boot/initrd && depmod -a "${kernel}" RUN kernel=$(ls /lib/modules | head -n1) && dracut -f "/boot/initrd-${kernel}" "${kernel}" && ln -sf "initrd-${kernel}" /boot/initrd + +# Cleanup RUN rm -rf /boot/initramfs-* RUN rm -rf /etc/zypp/repos.d/* RUN rm -rf /etc/zypp/services.d/* \ No newline at end of file diff --git a/slem/README.md b/slem/README.md index db10e57..3c73647 100644 --- a/slem/README.md +++ b/slem/README.md @@ -1,6 +1,9 @@ -# slem +# SUSE Linux Enterprise Micro -slem base image needs to built on the slem server. -A registration code is need to build the slem base image. +## Pre-requisites : +* A host with SLES Micro distribution installed +* Registration code to register with SUSEConnect +* If you wish to override the BASE_IMAGE, make sure to use a container image that has zypper installed in it +## Steps to build the image: ./build.sh diff --git a/slem/build.sh b/slem/build.sh index 0832ceb..1e9bffd 100644 --- a/slem/build.sh +++ b/slem/build.sh @@ -1,20 +1,29 @@ #!/bin/bash +if [[ -z "$1" ]]; then + echo "ERROR : Registration code is empty !" + echo "Re-run this utility with SUSE Registration code in the args." + echo "Example : ./build.sh 123456789" + exit 1 +fi +REGISTRATION_CODE=$1 + set -ex -REGISTRATION_CODE=$1 -mkdir /var/slem +mkdir -p /var/slem +yes | cp ./Dockerfile /var/slem cd /var/slem -mkdir repos -mkdir services +mkdir -p repos +mkdir -p services cd repos/ -mkdir SUSE -mkdir opensuse +mkdir -p SUSE +mkdir -p opensuse cd SUSE cp /etc/zypp/repos.d/SUSE*.repo . cd ../../services/ cp /etc/zypp/services.d/*.service . cd ../repos/opensuse/ + cat > opensuse-oss.repo < Date: Thu, 15 Feb 2024 11:06:52 -0800 Subject: [PATCH 08/15] Include SUSE PackageHub repos for additional packages (#133) --- slem/build.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/slem/build.sh b/slem/build.sh index 1e9bffd..e493794 100644 --- a/slem/build.sh +++ b/slem/build.sh @@ -35,5 +35,6 @@ cd ../.. #SUSEConnect -r $REGISTRATION_CODE transactional-update register -r $REGISTRATION_CODE transactional-update -n pkg install docker +transactional-update -n register -p PackageHub/15.5/x86_64 docker build -t slem-base:kairos-v2.4.3 . \ No newline at end of file From e6c452549469107ad06c3439730f1c71d80dfec4 Mon Sep 17 00:00:00 2001 From: Laksh Menroy <96564200+lakshmenroy@users.noreply.github.com> Date: Mon, 19 Feb 2024 12:13:39 +0530 Subject: [PATCH 09/15] edge support - fips and non-fips (#128) --- Earthfile | 42 +++++++++++++++++------------------------- 1 file changed, 17 insertions(+), 25 deletions(-) diff --git a/Earthfile b/Earthfile index cd92550..4d24804 100644 --- a/Earthfile +++ b/Earthfile @@ -13,7 +13,7 @@ ARG CUSTOM_TAG ARG CLUSTERCONFIG ARG ARCH ARG PE_VERSION=v4.2.3 -ARG SPECTRO_LUET_VERSION=v1.2.0 +ARG SPECTRO_LUET_VERSION=v1.2.3 ARG KAIROS_VERSION=v2.4.3 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 @@ -69,37 +69,29 @@ build-all-images: END build-provider-images: - BUILD +provider-image --K8S_VERSION=1.24.6 - BUILD +provider-image --K8S_VERSION=1.25.2 - BUILD +provider-image --K8S_VERSION=1.26.4 - BUILD +provider-image --K8S_VERSION=1.27.2 - BUILD +provider-image --K8S_VERSION=1.25.13 - BUILD +provider-image --K8S_VERSION=1.26.8 - BUILD +provider-image --K8S_VERSION=1.27.5 - BUILD +provider-image --K8S_VERSION=1.27.7 - BUILD +provider-image --K8S_VERSION=1.26.10 - BUILD +provider-image --K8S_VERSION=1.25.15 - BUILD +provider-image --K8S_VERSION=1.28.2 + BUILD +provider-image --K8S_VERSION=1.29.0 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.28.5 build-provider-images-fips: IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - BUILD +provider-image --K8S_VERSION=1.24.13 - BUILD +provider-image --K8S_VERSION=1.25.9 - BUILD +provider-image --K8S_VERSION=1.26.4 - BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.29.0 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.28.5 ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - BUILD +provider-image --K8S_VERSION=1.24.6 - BUILD +provider-image --K8S_VERSION=1.25.2 - BUILD +provider-image --K8S_VERSION=1.25.0 - BUILD +provider-image --K8S_VERSION=1.26.4 - BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.28.5 + BUILD +provider-image --K8S_VERSION=1.29.0 ELSE - BUILD +provider-image --K8S_VERSION=1.24.6 - BUILD +provider-image --K8S_VERSION=1.25.2 - BUILD +provider-image --K8S_VERSION=1.26.4 - BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.26.12 + BUILD +provider-image --K8S_VERSION=1.27.9 + BUILD +provider-image --K8S_VERSION=1.28.5 + BUILD +provider-image --K8S_VERSION=1.29.0 END BASE_ALPINE: From 2b75255d4c0ed04c6bb7194112803e0d441e902f Mon Sep 17 00:00:00 2001 From: Laksh Menroy <96564200+lakshmenroy@users.noreply.github.com> Date: Tue, 20 Feb 2024 12:18:51 +0530 Subject: [PATCH 10/15] restore all the old supported versions in the Earthfile (#134) --- Earthfile | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/Earthfile b/Earthfile index 4d24804..4feaa0b 100644 --- a/Earthfile +++ b/Earthfile @@ -69,6 +69,17 @@ build-all-images: END build-provider-images: + BUILD +provider-image --K8S_VERSION=1.24.6 + BUILD +provider-image --K8S_VERSION=1.25.2 + BUILD +provider-image --K8S_VERSION=1.26.4 + BUILD +provider-image --K8S_VERSION=1.27.2 + BUILD +provider-image --K8S_VERSION=1.25.13 + BUILD +provider-image --K8S_VERSION=1.26.8 + BUILD +provider-image --K8S_VERSION=1.27.5 + BUILD +provider-image --K8S_VERSION=1.27.7 + BUILD +provider-image --K8S_VERSION=1.26.10 + BUILD +provider-image --K8S_VERSION=1.25.15 + BUILD +provider-image --K8S_VERSION=1.28.2 BUILD +provider-image --K8S_VERSION=1.29.0 BUILD +provider-image --K8S_VERSION=1.27.9 BUILD +provider-image --K8S_VERSION=1.26.12 @@ -78,16 +89,29 @@ build-provider-images: build-provider-images-fips: IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] + BUILD +provider-image --K8S_VERSION=1.24.13 + BUILD +provider-image --K8S_VERSION=1.25.9 + BUILD +provider-image --K8S_VERSION=1.26.4 + BUILD +provider-image --K8S_VERSION=1.27.2 BUILD +provider-image --K8S_VERSION=1.29.0 BUILD +provider-image --K8S_VERSION=1.27.9 BUILD +provider-image --K8S_VERSION=1.26.12 BUILD +provider-image --K8S_VERSION=1.28.5 ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] + BUILD +provider-image --K8S_VERSION=1.24.6 + BUILD +provider-image --K8S_VERSION=1.25.2 + BUILD +provider-image --K8S_VERSION=1.25.0 + BUILD +provider-image --K8S_VERSION=1.26.4 + BUILD +provider-image --K8S_VERSION=1.27.2 BUILD +provider-image --K8S_VERSION=1.26.12 BUILD +provider-image --K8S_VERSION=1.27.9 BUILD +provider-image --K8S_VERSION=1.28.5 BUILD +provider-image --K8S_VERSION=1.29.0 ELSE + BUILD +provider-image --K8S_VERSION=1.24.6 + BUILD +provider-image --K8S_VERSION=1.25.2 + BUILD +provider-image --K8S_VERSION=1.26.4 + BUILD +provider-image --K8S_VERSION=1.27.2 BUILD +provider-image --K8S_VERSION=1.26.12 BUILD +provider-image --K8S_VERSION=1.27.9 BUILD +provider-image --K8S_VERSION=1.28.5 From 44c8576ab4428c0fa22f46b855cc13071de1b2a9 Mon Sep 17 00:00:00 2001 From: Chinmay Gabel Date: Wed, 21 Feb 2024 07:55:17 -0800 Subject: [PATCH 11/15] PE-3802: Copy UI theme file to rootfs fix (#135) * fix ui overwrite issue * adding ui files directly into root fs * Revert "adding ui files directly into root fs" This reverts commit 39d43fa756e97dd25415ef8c55aeaa9a0a87e9ed. * testing changes * fix copy to rootfs --- Earthfile | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Earthfile b/Earthfile index 4feaa0b..d065177 100644 --- a/Earthfile +++ b/Earthfile @@ -155,14 +155,17 @@ build-iso: COPY --if-exists "$CLUSTERCONFIG" /overlay/opt/spectrocloud/clusterconfig/spc.tgz END - COPY --if-exists ui.tar /overlay/opt/spectrocloud/emc/ - RUN if [ -f /overlay/opt/spectrocloud/emc/ui.tar ]; then \ - tar -xf /overlay/opt/spectrocloud/emc/ui.tar -C /overlay/opt/spectrocloud/emc && \ - rm -f /overlay/opt/spectrocloud/emc/ui.tar; \ - fi + WORKDIR /build COPY --platform=linux/${ARCH} --keep-own +iso-image-rootfs/rootfs /build/image + + COPY --if-exists ui.tar /build/image/opt/spectrocloud/emc/ + RUN if [ -f /build/image/opt/spectrocloud/emc/ui.tar ]; then \ + tar -xf /build/image/opt/spectrocloud/emc/ui.tar -C /build/image/opt/spectrocloud/emc && \ + rm -f /build/image/opt/spectrocloud/emc/ui.tar; \ + fi + IF [ "$ARCH" = "arm64" ] RUN /entrypoint.sh --name $ISO_NAME build-iso --date=false --overlay-iso /overlay dir:/build/image --debug --output /iso/ --arch $ARCH ELSE IF [ "$ARCH" = "amd64" ] From 589cff29aeda0b6af9dd743869444c2f445957e1 Mon Sep 17 00:00:00 2001 From: Kiran Kilingar Nadumane Date: Thu, 22 Feb 2024 13:13:43 -0800 Subject: [PATCH 12/15] install openssl (#136) --- Earthfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Earthfile b/Earthfile index d065177..c6075d2 100644 --- a/Earthfile +++ b/Earthfile @@ -338,6 +338,10 @@ base-image: RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser END + IF [ "$OS_DISTRIBUTION" = "rhel" ] + RUN yum install -y openssl + END + IF [ "$OS_DISTRIBUTION" = "sles" ] RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser END From e799e09b4d0392d8ab5a6248b0341acf486aa4cc Mon Sep 17 00:00:00 2001 From: Piyush Kumar Date: Fri, 1 Mar 2024 10:43:50 +0530 Subject: [PATCH 13/15] run soft link to grub2-editenv only if file does not exists (#140) --- Earthfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Earthfile b/Earthfile index c6075d2..6461caa 100644 --- a/Earthfile +++ b/Earthfile @@ -300,7 +300,9 @@ base-image: RUN kernel=$(ls /lib/modules | tail -n1) && \ depmod -a "${kernel}" - RUN ln -s /usr/sbin/grub-editenv /usr/bin/grub2-editenv + RUN if [ ! -f /usr/bin/grub2-editenv ]; then \ + ln -s /usr/sbin/grub-editenv /usr/bin/grub2-editenv; \ + fi RUN rm -rf /var/cache/* && \ apt clean From b0744414ffc693e34c7d1afbe8b92d076fa6bff1 Mon Sep 17 00:00:00 2001 From: Kevin Reeuwijk Date: Wed, 6 Mar 2024 16:52:49 +0100 Subject: [PATCH 14/15] Passthrough docker credentials (#137) --- earthly.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/earthly.sh b/earthly.sh index ae61db3..dc98c3c 100755 --- a/earthly.sh +++ b/earthly.sh @@ -11,17 +11,17 @@ function build_with_proxy() { docker stop earthly-buildkitd fi # start earthly buildkitd - docker run -d --privileged --name earthly-buildkitd -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION + docker run -d --privileged --name earthly-buildkitd -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm -t -e GLOBAL_CONFIG="$global_config" -e BUILDKIT_TCP_TRANSPORT_ENABLED=true -e http_proxy=$HTTP_PROXY -e https_proxy=$HTTPS_PROXY -e HTTPS_PROXY=$HTTPS_PROXY -e HTTP_PROXY=$HTTP_PROXY -e NO_PROXY=$NO_PROXY -e no_proxy=$no_proxy -e EARTHLY_GIT_CONFIG=$gitconfig -v "$PROXY_CERT_PATH:/usr/local/share/ca-certificates/sc.crt:ro" -v earthly-tmp:/tmp/earthly:rw -p 8372:8372 gcr.io/spectro-images-public/earthly/buildkitd:$EARTHLY_VERSION # Update the CA certificates in the container docker exec -it earthly-buildkitd update-ca-certificates # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -e EARTHLY_BUILDKIT_HOST=tcp://0.0.0.0:8372 -e BUILDKIT_TLS_ENABLED=false -v "$(pwd)":/workspace -v "$PROXY_CERT_PATH:/workspace/sc.crt:ro" gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } function build_without_proxy() { # Run Earthly in Docker to create artifacts Variables are passed from the .arg file - docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" + docker run --privileged -v ~/.docker/config.json:/root/.docker/config.json -v /var/run/docker.sock:/var/run/docker.sock --rm --env EARTHLY_BUILD_ARGS -t -e GLOBAL_CONFIG="$global_config" -v "$(pwd)":/workspace gcr.io/spectro-images-public/earthly/earthly:$EARTHLY_VERSION --allow-privileged "$@" } global_config="{disable_analytics: true}" From a1f5c687d9db5a581b42ba2214ddc320127dd131 Mon Sep 17 00:00:00 2001 From: Justin Barksdale <3pings@users.noreply.github.com> Date: Wed, 6 Mar 2024 11:18:02 -0500 Subject: [PATCH 15/15] Updated Earthfile for registry variables (#125) --- Earthfile | 107 ++++++++++++++++++++++++------------------------------ 1 file changed, 48 insertions(+), 59 deletions(-) diff --git a/Earthfile b/Earthfile index 6461caa..703e733 100644 --- a/Earthfile +++ b/Earthfile @@ -1,28 +1,36 @@ VERSION 0.6 ARG TARGETOS ARG TARGETARCH -FROM gcr.io/spectro-images-public/canvos/alpine-cert:v1.0.0 -# Variables used in the builds. Update for ADVANCED use cases only -ARG OS_DISTRIBUTION -ARG OS_VERSION -ARG IMAGE_REGISTRY -ARG IMAGE_REPO=$OS_DISTRIBUTION -ARG K8S_DISTRIBUTION -ARG CUSTOM_TAG -ARG CLUSTERCONFIG -ARG ARCH +## Default Image Repos Used in the Builds. +ARG SPECTRO_PUB_REPO=gcr.io/spectro-images-public +ARG SPECTRO_LUET_REPO=gcr.io/spectro-dev-public +ARG KAIROS_BASE_IMAGE_URL=quay.io/kairos +ARG ETCD_REPO=https://github.com/etcd-io +FROM $SPECTRO_PUB_REPO/canvos/alpine-cert:v1.0.0 + +## Spectro Cloud and Kairos Tags ## ARG PE_VERSION=v4.2.3 -ARG SPECTRO_LUET_VERSION=v1.2.3 +ARG SPECTRO_LUET_VERSION=v1.2.0 ARG KAIROS_VERSION=v2.4.3 ARG K3S_FLAVOR_TAG=k3s1 ARG RKE2_FLAVOR_TAG=rke2r1 -ARG BASE_IMAGE_URL=quay.io/kairos ARG OSBUILDER_VERSION=v0.7.11 -ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:$OSBUILDER_VERSION +ARG OSBUILDER_IMAGE=$KAIROS_BASE_IMAGE_URL/osbuilder-tools:$OSBUILDER_VERSION ARG K3S_PROVIDER_VERSION=v4.2.1 ARG KUBEADM_PROVIDER_VERSION=v4.2.1 ARG RKE2_PROVIDER_VERSION=v4.1.1 + +# Variables used in the builds. Update for ADVANCED use cases only Modify in .arg file or via CLI arguements +ARG OS_DISTRIBUTION +ARG OS_VERSION +ARG IMAGE_REGISTRY +ARG IMAGE_REPO=$OS_DISTRIBUTION +ARG K8S_DISTRIBUTION +ARG CUSTOM_TAG +ARG CLUSTERCONFIG +ARG ARCH + ARG FIPS_ENABLED=false ARG HTTP_PROXY ARG HTTPS_PROXY @@ -31,6 +39,9 @@ ARG http_proxy=${HTTP_PROXY} ARG https_proxy=${HTTPS_PROXY} ARG no_proxy=${NO_PROXY} ARG PROXY_CERT_PATH + + + ARG UPDATE_KERNEL=false ARG ETCD_VERSION="v3.5.5" @@ -41,10 +52,10 @@ IF [ "$OS_DISTRIBUTION" = "ubuntu" ] && [ "$BASE_IMAGE" = "" ] ELSE ARG BASE_IMAGE_TAG=$OS_DISTRIBUTION:$OS_VERSION-core-$ARCH-generic-$KAIROS_VERSION END - ARG BASE_IMAGE=$BASE_IMAGE_URL/$BASE_IMAGE_TAG + ARG BASE_IMAGE=$KAIROS_BASE_IMAGE_URL/$BASE_IMAGE_TAG ELSE IF [ "$OS_DISTRIBUTION" = "opensuse-leap" ] && [ "$BASE_IMAGE" = "" ] ARG BASE_IMAGE_TAG=opensuse:leap-$OS_VERSION-core-$ARCH-generic-$KAIROS_VERSION - ARG BASE_IMAGE=$BASE_IMAGE_URL/$BASE_IMAGE_TAG + ARG BASE_IMAGE=$KAIROS_BASE_IMAGE_URL/$BASE_IMAGE_TAG ELSE IF [ "$OS_DISTRIBUTION" = "rhel" ] || [ "$OS_DISTRIBUTION" = "sles" ] # Check for default value for rhel ARG BASE_IMAGE @@ -128,7 +139,7 @@ BASE_ALPINE: download-etcdctl: DO +BASE_ALPINE - RUN curl --retry 5 -Ls https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \ + RUN curl --retry 5 -Ls $ETCD_REPO/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz | tar -xvzf - --strip-components=1 etcd-${ETCD_VERSION}-linux-${TARGETARCH}/etcdctl && \ chmod +x etcdctl SAVE ARTIFACT etcdctl @@ -221,9 +232,9 @@ provider-image: stylus-image: IF [ "$FIPS_ENABLED" = "true" ] - ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-fips-linux-$ARCH:$PE_VERSION + ARG STYLUS_BASE=$SPECTRO_PUB_REPO/stylus-framework-fips-linux-$ARCH:$PE_VERSION ELSE - ARG STYLUS_BASE=gcr.io/spectro-images-public/stylus-framework-linux-$ARCH:$PE_VERSION + ARG STYLUS_BASE=$SPECTRO_PUB_REPO/stylus-framework-linux-$ARCH:$PE_VERSION END FROM $STYLUS_BASE SAVE ARTIFACT ./* @@ -233,15 +244,15 @@ stylus-image: kairos-provider-image: IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-kubeadm:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-kubeadm-fips:$KUBEADM_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-k3s:$K3S_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] && $FIPS_ENABLED - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-rke2-fips:$RKE2_PROVIDER_VERSION ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG PROVIDER_BASE=gcr.io/spectro-images-public/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION + ARG PROVIDER_BASE=$SPECTRO_PUB_REPO/kairos-io/provider-rke2:$RKE2_PROVIDER_VERSION END FROM --platform=linux/${ARCH} $PROVIDER_BASE SAVE ARTIFACT ./* @@ -252,28 +263,8 @@ base-image: --build-arg OS_DISTRIBUTION=$OS_DISTRIBUTION --build-arg HTTP_PROXY=$HTTP_PROXY --build-arg HTTPS_PROXY=$HTTPS_PROXY \ --build-arg NO_PROXY=$NO_PROXY . - IF [ "$IS_JETSON" = "true" ] + IF [ "$IS_JETSON" = "true" ] COPY mount.yaml /system/oem/mount.yaml - END - - IF [ "$ARCH" = "arm64" ] - RUN mkdir -p /etc/luet/repos.conf.d && \ - SPECTRO_LUET_VERSION=$SPECTRO_LUET_VERSION luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo-arm --priority 1 -y && \ - luet repo update - ELSE IF [ "$ARCH" = "amd64" ] - RUN mkdir -p /etc/luet/repos.conf.d && \ - SPECTRO_LUET_VERSION=$SPECTRO_LUET_VERSION luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo --priority 1 -y && \ - luet repo update - END - - IF [ "$K8S_DISTRIBUTION" = "kubeadm" ] || [ "$K8S_DISTRIBUTION" = "kubeadm-fips" ] - ARG BASE_K8S_VERSION=$K8S_VERSION - ELSE IF [ "$K8S_DISTRIBUTION" = "k3s" ] - ARG K8S_DISTRIBUTION_TAG=$K3S_FLAVOR_TAG - ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG - ELSE IF [ "$K8S_DISTRIBUTION" = "rke2" ] - ARG K8S_DISTRIBUTION_TAG=$RKE2_FLAVOR_TAG - ARG BASE_K8S_VERSION=$K8S_VERSION-$K8S_DISTRIBUTION_TAG END IF [ "$OS_DISTRIBUTION" = "ubuntu" ] && [ "$ARCH" = "amd64" ] @@ -314,20 +305,18 @@ base-image: COPY sc.crt /usr/share/pki/trust/anchors RUN update-ca-certificates END - + # Enable or Disable Kernel Updates IF [ "$UPDATE_KERNEL" = "false" ] RUN zypper al kernel-de* END RUN zypper refresh && \ - zypper update -y + zypper update -y IF [ -e "/usr/bin/dracut" ] RUN --no-cache kernel=$(ls /lib/modules | tail -n1) && depmod -a "${kernel}" RUN --no-cache kernel=$(ls /lib/modules | tail -n1) && dracut -f "/boot/initrd-${kernel}" "${kernel}" && ln -sf "initrd-${kernel}" /boot/initrd END - # zypper up kernel-default && \ - # zypper purge-kernels && \ RUN zypper install -y zstd vim iputils bridge-utils curl ethtool tcpdump RUN zypper cc && \ zypper clean @@ -337,23 +326,23 @@ base-image: RUN zypper install -y apparmor-parser apparmor-profiles RUN zypper cc && \ zypper clean - RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser + RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi + END + IF [ "$ARCH" = "arm64" ] + ARG LUET_REPO=luet-repo-arm + ELSE IF [ "$ARCH" = "amd64" ] + ARG LUET_REPO=luet-repo END + RUN mkdir -p /etc/luet/repos.conf.d && \ + SPECTRO_LUET_VERSION=$SPECTRO_LUET_VERSION luet repo add spectro --type docker --url $SPECTRO_LUET_REPO/$LUET_REPO --priority 1 -y && \ + luet repo update IF [ "$OS_DISTRIBUTION" = "rhel" ] RUN yum install -y openssl END IF [ "$OS_DISTRIBUTION" = "sles" ] - RUN cp /sbin/apparmor_parser /usr/bin/apparmor_parser - END - - IF [ "$ARCH" = "arm64" ] - RUN mkdir -p /etc/luet/repos.conf.d && luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo-arm --priority 1 -y && luet repo update - ELSE IF [ "$ARCH" = "amd64" ] - RUN mkdir -p /etc/luet/repos.conf.d && \ - luet repo add spectro --type docker --url gcr.io/spectro-dev-public/luet-repo --priority 1 -y && \ - luet repo update + RUN if [ ! -e /usr/bin/apparmor_parser ]; then cp /sbin/apparmor_parser /usr/bin/apparmor_parser; fi END DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION @@ -400,4 +389,4 @@ OS_RELEASE: # update OS-release file RUN sed -i -n '/KAIROS_/!p' /etc/os-release - RUN envsubst >>/etc/os-release >/etc/os-release