amorgante/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: amorgante:multi-arch-ipa
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
..
compare: amorgante:devel
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

15 Commits
multi-arch ... devel

Author SHA256 Message Date
Nicolas Belouin
76036c2dd8 Merge pull request 'update-devel' (#81) from nbelouin/Factory:update-devel into devel 
Reviewed-on: suse-edge/Factory#81
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 15:37:18 +01:00
Nicolas Belouin
0c6db5d5cc Merge branch 'main' into devel 2025-02-25 14:32:32 +01:00
Nicolas Belouin
0b03d14cee Merge pull request 'Add a script to trigger refresh on packages that need one' (#79) from nbelouin/Factory:devel-trigger into devel 
Reviewed-on: suse-edge/Factory#79
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 13:10:39 +01:00
Nicolas Belouin
9f2dc045e9 Add a script to trigger refresh on packages that need one 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-25 11:35:43 +01:00
Denislav Prodanov
f90f614746 update eib image to use package version 2025-01-31 14:59:32 +02:00
Denislav Prodanov
35f06da226 Update edge-image-builder/_service 2025-01-29 09:52:25 +01:00
Denislav Prodanov
8dd6d7d9d7 Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:54:58 +01:00
Denislav Prodanov
f9c5a29a9f Update edge-image-builder/_service 2025-01-28 13:54:39 +01:00
Denislav Prodanov
1b83b54b58 Update edge-image-builder/_service 2025-01-28 13:47:41 +01:00
Denislav Prodanov
c6b64a252f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:43:23 +01:00
Denislav Prodanov
689c80ffcc Update edge-image-builder/_service 2025-01-28 13:39:56 +01:00
Denislav Prodanov
d8745fe060 Update edge-image-builder/_service 2025-01-28 13:35:25 +01:00
Denislav Prodanov
9e39bdcf7f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:30:15 +01:00
Denislav Prodanov
9e376ffb74 Update edge-image-builder/_service 2025-01-28 13:29:50 +01:00
Denislav Prodanov
0fc166ff06 Add _config 2025-01-28 11:37:52 +01:00
47 changed files with 1325 additions and 2434 deletions
Expand all files Collapse all files

30
.gitea/workflows/trigger_devel.yaml
View File

@@ -1,30 +0,0 @@
name: Trigger Devel Packages
on:
schedule:
- cron: "@daily"
jobs:
sync-pr-project:
name: "Trigger source services for devel packages that changed"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py

3
.gitignore vendored
View File

@@ -1,3 +1,4 @@
*/.osc
*/__pycache__
.venv/
.venv/
.idea/

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:Factory"
PROJECT = "isv:SUSE:Edge:Factory:Devel"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "main"
BRANCH = "devel"

1
.obs/render_meta.py
View File

@@ -8,7 +8,6 @@ def render(base_project, subproject, internal, scm_url=None):
context = {
"base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(),
"ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
}
if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest"

65
.obs/trigger_package.py Normal file
View File

@@ -0,0 +1,65 @@
import xml.etree.ElementTree as ET
import subprocess
from sync_packages import get_local_packages
from common import PROJECT
def get_service_repo(package):
with open(f"{package}/_service") as service:
root = ET.parse(service).getroot()
for service in root.findall("service"):
if service.get("mode") in ["manual", "disabled"]:
continue
if service.get("name") not in ["obs_scm", "tar_scm"]:
continue
ref = service.find("param[@name='revision']").text
repo = service.find("param[@name='url']").text
return (repo, ref)
return None
def get_remote_ref(project, package):
files = subprocess.run(["osc", "ls", "-e", project, package], encoding='utf-8' , capture_output=True).stdout.splitlines()
for filename in files:
if filename.startswith("_service") and filename.endswith(".obsinfo"):
obsinfo = subprocess.run(["osc", "cat", project, package, filename], encoding='utf-8' , capture_output=True).stdout.splitlines()
for line in obsinfo:
if line.startswith("commit:"):
return line.split(':')[-1].strip()
def get_upstream_ref(repo, ref):
refs = subprocess.run(["git", "ls-remote", repo, ref, f"{ref}^{{}}"], encoding='utf-8' , capture_output=True).stdout.splitlines()
refpath = ref.split('/')
best = None
for rref in refs:
value = rref.split('\t')
(sha, name) = (value[0].strip(), value[1].strip())
namepath = name.split('/')
if len(namepath) == len(refpath) or len(namepath) - 2 == len(refpath):
if name.endswith(ref) and best is None:
best = sha
if name.endswith("^{}"):
best = sha
return best
def trigger_service(project, package):
subprocess.run(["osc", "service", "remoterun", project, package], encoding="utf-8",check=True)
def main():
packages = get_local_packages()
for package in packages:
try:
(repo, ref) = get_service_repo(package)
print(f"{package} uses {repo} at {ref}")
except: # Package is not using server side scm service
continue
remote_ref = get_remote_ref(PROJECT, package)
upstream_ref = get_upstream_ref(repo, ref)
if upstream_ref != remote_ref:
print(f"\t{package} needs a refresh")
print(f"\tOBS ref is {remote_ref}")
print(f"\tgit ref is {upstream_ref}")
trigger_service(PROJECT, package)
if __name__ == "__main__":
main()

4
_config
View File

@@ -87,7 +87,6 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif
%endif
@@ -114,9 +113,6 @@ BuildFlags: onlybuild:release-manifest-image
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif
# Enable reproducible builds

2
_meta
View File

@@ -47,7 +47,7 @@
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %}
<path project="{{ ironic_base }}:2024.2" repository="15.6"/>
<path project="Cloud:OpenStack:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch>
<arch>aarch64</arch>

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.1.0"
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
edge-image-builder-image/_service
View File

@@ -1,5 +1,10 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%PACKAGE_VERSION%</param>
<param name="package">edge-image-builder</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

10
edge-image-builder/_service
View File

@@ -1,12 +1,12 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionformat">@PARENT_TAG@_%h.%ad</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.1.0</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="revision">main</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">
@@ -16,4 +16,4 @@
<service name="go_modules">
<param name="compression">gz</param>
</service>
</services>
</services>

2
edge-image-builder/edge-image-builder.spec
View File

@@ -17,7 +17,7 @@
Name: edge-image-builder
Version: 1.1.0
Version: 0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0

13
ironic-image/Dockerfile
View File

@@ -8,8 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -82,8 +88,7 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

2
ironic-image/configure-ironic.sh
View File

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
fi
fi
IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
boot

2
ironic-image/ironic.conf.j2
View File

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
# Power state is checked every 60 seconds and BMC activity should
# be avoided more often than once every sixty seconds.
send_sensor_data_interval = 160
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp.img
verify_step_priority_override = management.clear_job_queue:90
# We don't use this feature, and it creates an additional load on the database
node_history = False

51
ironic-image/prepare-efi.sh
View File

@@ -2,26 +2,41 @@
set -euxo pipefail
declare -A efi_arch=(
["x86_64"]="X64"
["aarch64"]="AA64"
)
ARCH=$(uname -m)
DEST=${2:-/tmp/esp.img}
OS=${1:-sles}
for arch in "${!efi_arch[@]}"; do
DEST=/tmp/esp-${arch}.img
if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
mdir -i $DEST ::EFI/BOOT;
done
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mkdir -p /boot/efi/EFI/BOOT
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

2
ironic-image/runhttpd
View File

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
# Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/uefi_esp*.img /shared/html/
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
# Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

14
ironic-ipa-downloader-image/Dockerfile
View File

@@ -8,8 +8,15 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
@@ -34,9 +41,8 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

68
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -6,33 +6,12 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
CERTS_CHANGED=1
else
CERTS_CHANGED=0
fi
fi
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
if [ "${CERTS_CHANGED:-1}" = "1" ]; then
# everything is the same exit early
exit 0
fi
fi
IMAGE_CHANGED=0
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
mkdir -p /shared/html/images
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@@ -46,56 +25,47 @@ else
# If we have a CACHEURL and nothing has yet been downloaded
# get header info from the cache
ls -l
if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then
curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
fi
# Download the most recent version of IPA
if [ -e $FFILENAME.headers ] ; then
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
# curl didn't download anything because we have the ETag already
# but we don't have it in the images directory
# Its in the cache, go get it
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then
mv /shared/html/images/$FFILENAME.headers .
curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
fi
else
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME
fi
if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
fi
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd -
chmod 755 "$TMPDIR"
mv "$TMPDIR" "$FILENAME-$ETAG"
ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
IMAGE_CHANGED=0
chmod 755 $TMPDIR
mv $TMPDIR $FILENAME-$ETAG
ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
else
rm -rf "$TMPDIR"
rm -rf $TMPDIR
fi
fi
if [ "${CERTS_CHANGED:-1}" = "0" ] || [ "${IMAGE_CHANGED:-1}" = "0" ]; then
if [ -d "/tmp/ironic-certificates" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
done
cp /tmp/certificates.sha256 /shared/certificates.sha256
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
fi

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image">
<image schemaversion="7.4" name="openstack-ironic-image-301">
<description type="system">
<author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact>

6
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -148,8 +148,10 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR
zstd initrdtmp -o initrd-%{_arch}.zst
INITRD=`ls *.zst | head -1`
gzip -9 -f initrdtmp
INITRDGZ=`ls *.gz | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

6
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -5,7 +5,6 @@
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1
data:
@@ -20,9 +19,8 @@ data:
{{- $protocol = "http" }}
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs"
kind: ConfigMap
metadata:
name: baremetal-operator-ironic

6
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -12,7 +12,6 @@ data:
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -40,9 +39,8 @@ data:
{{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs
DEPLOY_ARCHITECTURE: {{ $deployArch }}
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

3
metal3-chart/values.yaml
View File

@@ -63,9 +63,6 @@ global:
# Name for the MariaDB service
databaseServiceName: metal3-mariadb
# Architecture for deployed nodes (either x86_64 or arm64)
deployArchitecture: x86_64
# In a multi-node cluster use the node selector to ensure the pods
# all run on the same host where the dnsmasqDNSServer and provisioningIP
# and /opt/media exist. Uncomment the nodeSelector and update the

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1
apiVersion: v2
appVersion: 0.16.0
appVersion: 0.14.1
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.0+up0.16.0"
version: "%%CHART_MAJOR%%.0.0+up0.14.1"

7
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

1426
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

File diff suppressed because it is too large Load Diff

46
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,6 +154,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -299,6 +300,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -437,6 +439,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -492,6 +495,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -578,20 +582,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
This field may not be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -738,6 +742,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -888,6 +893,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1023,6 +1029,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1078,6 +1085,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1164,20 +1172,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
This field may not be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -1218,7 +1226,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1361,6 +1369,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1514,6 +1523,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1654,6 +1664,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1709,6 +1720,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1908,6 +1920,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2066,6 +2079,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2203,6 +2217,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2258,6 +2273,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2527,7 +2543,7 @@ data:
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.9.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2741,16 +2757,10 @@ data:
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.11.0
name: v0.9.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

90
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,6 +154,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -299,6 +300,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -416,6 +418,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -461,6 +464,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -533,6 +537,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -588,6 +593,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -721,6 +727,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -797,6 +804,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -927,6 +935,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -971,7 +980,6 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@@ -985,6 +993,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1015,6 +1024,7 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
@@ -1191,20 +1201,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
This field may not be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -1377,6 +1387,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1527,6 +1538,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1628,7 +1640,6 @@ data:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties:
apiVersion:
description: API version of the referent.
@@ -1642,6 +1653,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1692,6 +1704,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1729,7 +1742,7 @@ data:
additionalProperties:
type: string
description: |-
annotations is an unstructured key value map stored with a resource that may be
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
@@ -1770,6 +1783,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1803,7 +1817,6 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after
@@ -1843,6 +1856,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1898,6 +1912,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2028,6 +2043,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2104,6 +2120,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2234,6 +2251,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2278,7 +2296,6 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@@ -2292,6 +2309,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2322,6 +2340,7 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
@@ -2471,6 +2490,7 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
status:
@@ -2504,20 +2524,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
This field may not be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -2589,7 +2609,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.14.0
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2776,6 +2796,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2934,6 +2955,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3036,7 +3058,6 @@ data:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties:
apiVersion:
description: API version of the referent.
@@ -3050,6 +3071,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3100,6 +3122,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3137,7 +3160,7 @@ data:
additionalProperties:
type: string
description: |-
annotations is an unstructured key value map stored with a resource that may be
Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
@@ -3178,6 +3201,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3211,7 +3235,6 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to
@@ -3252,6 +3275,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3307,6 +3331,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3441,6 +3466,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3519,6 +3545,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3652,6 +3679,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3696,7 +3724,6 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@@ -3710,6 +3737,7 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3740,6 +3768,7 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time
@@ -3898,6 +3927,7 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
required:
@@ -3937,20 +3967,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
This field may not be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -4263,7 +4293,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.9.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4318,7 +4348,7 @@ data:
volumes:
- name: cert
secret:
secretName: rke2-controlplane-webhook-service-cert
secretName: rke2-control-plane-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
@@ -4334,7 +4364,7 @@ data:
issuerRef:
kind: Issuer
name: rke2-control-plane-selfsigned-issuer
secretName: rke2-controlplane-webhook-service-cert
secretName: rke2-control-plane-webhook-service-cert
subject:
organizations:
- Rancher by SUSE
@@ -4484,16 +4514,10 @@ data:
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.11.0
name: v0.9.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.16.0
digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70
generated: "2025-01-30T10:14:58.692942399Z"
version: 0.14.0
digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
generated: "2024-12-03T09:34:12.871417074Z"

8
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,7 +12,7 @@ annotations:
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.16.0
appVersion: 0.14.1
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.0+up0.16.0"
version: "%%CHART_MAJOR%%.0.0+up0.14.1"

112
rancher-turtles-chart/questions.yml
View File

@@ -1,44 +1,78 @@
namespace: rancher-turtles-system
questions:
- variable: rancherTurtles.features.default
default: "false"
description: "Customize install settings"
label: Customize install settings
- variable: rancherTurtles.features.default
default: "false"
description: "Customize install settings"
label: Customize install settings
type: boolean
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.features.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.agent-tls-mode.enabled
default: false
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters"
type: boolean
label: Enable Agent TLS Mode
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.kubectlImage
default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
description: "Specify the image to use when running kubectl in jobs"
type: string
label: Kubectl Image
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.cluster-api-operator.kubectlImage
default: "rancher/kubectl:v1.30.3"
description: "Specify the image to use when cleaning up the Cluster API Operator manifests"
type: string
label: Cleanup Image
group: "CAPI Operator cleanup settings"
- variable: rancherTurtles.features.rancher-webhook.cleanup
default: true
description: "Specify that the Rancher embedded cluster api webhooks should be removed"
type: boolean
label: Cleanup Rancher Embedded CAPI Webhooks
group: "Rancher webhook cleanup settings"
show_subquestion_if: true
subquestions:
- variable: rancherTurtles.features.rancher-webhook.kubectlImage
default: "rancher/kubectl:v1.30.3"
description: "Specify the image to use when cleaning up the webhooks"
type: string
label: Webhook Cleanup Image
group: "Rancher webhook cleanup settings"
- variable: rancherTurtles.features.rancher-kubeconfigs.label
default: false
description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels"
type: boolean
label: Label Rancher Kubeconfigs
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.managementv3-cluster.enabled
default: true
description: "Use v3/management cluster manifest for import, instead of v1/provisioning"
type: boolean
label: Use management v3 cluster manifest
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.managementv3-cluster-migration.enabled
default: false
description: "Automatically migrate between provisioning and management clusters on upgrade"
type: boolean
label: All imported clusters will use new cluster manifest, replacing old cluster manifest.
group: "Rancher Turtles Features Settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.propagate-labels.enabled
default: false
description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher"
type: boolean
label: Propagate CAPI Labels
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"

7
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -35,17 +35,10 @@ data:
cluster:
patchResource: true
setOwnerReferences: true
hostNetwork: true
selector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
namespaceSelector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
{{- end }}

4
rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
@@ -55,7 +55,7 @@ spec:
serviceAccountName: pre-upgrade-job
containers:
- name: rancher-clusterctl-configmap-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args:
- delete
- configmap

6
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers:
- args:
- --leader-elect
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}}
- --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
{{- range .Values.rancherTurtles.managerArguments }}
- {{ . }}
{{- end }}
@@ -67,10 +67,10 @@ spec:
resources:
limits:
cpu: 500m
memory: 256Mi
memory: 128Mi
requests:
cpu: 10m
memory: 128Mi
memory: 64Mi
serviceAccountName: rancher-turtles-manager
terminationGracePeriodSeconds: 10
tolerations:

2
rancher-turtles-chart/templates/metal3-infrastructure.yaml
View File

@@ -22,7 +22,7 @@ metadata:
spec:
providers:
- name: metal3
url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml"
url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
type: InfrastructureProvider
---
apiVersion: turtles-capi.cattle.io/v1alpha1

18
rancher-turtles-chart/templates/post-delete-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "cluster-api-operator" "cleanup" }}
{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
@@ -41,7 +41,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: post-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
roleRef:
kind: ClusterRole
name: post-delete-job-delete-webhooks
@@ -62,7 +62,7 @@ spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -90,7 +90,7 @@ spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -119,7 +119,7 @@ spec:
restartPolicy: Never
containers:
- name: delete-capi-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -128,7 +128,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
- --ignore-not-found=true
- name: delete-capi-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -137,7 +137,7 @@ spec:
- capi-kubeadm-bootstrap-system
- --ignore-not-found=true
- name: delete-capi-kubeadm-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -146,7 +146,7 @@ spec:
- capi-kubeadm-control-plane-system
- --ignore-not-found=true
- name: delete-rke2-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -155,7 +155,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
- --ignore-not-found=true
- name: delete-rke2-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
command: ["kubectl"]
args:
- delete

20
rancher-turtles-chart/templates/post-upgrade-job.yaml
View File

@@ -1,9 +1,10 @@
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: post-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
@@ -23,6 +24,13 @@ rules:
verbs:
- list
- delete
- apiGroups:
- management.cattle.io
resources:
- clusters
verbs:
- list
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -34,7 +42,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: post-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
roleRef:
kind: ClusterRole
name: post-upgrade-job-delete-clusters
@@ -44,7 +52,6 @@ apiVersion: batch/v1
kind: Job
metadata:
name: post-upgrade-delete-clusters
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2"
@@ -55,12 +62,17 @@ spec:
serviceAccountName: post-upgrade-job
containers:
- name: post-upgrade-delete-clusters
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args:
- delete
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }}
- clusters.provisioning.cattle.io
{{- else }}
- clusters.management.cattle.io
{{- end }}
- --selector=cluster-api.cattle.io/owned
- -A
- --ignore-not-found=true
- --wait
restartPolicy: OnFailure
{{- end }}

10
rancher-turtles-chart/templates/pre-delete-job.yaml
View File

@@ -1,10 +1,10 @@
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2"
@@ -35,7 +35,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: pre-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
roleRef:
kind: ClusterRole
name: pre-delete-job-delete-capiproviders
@@ -45,7 +45,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-capiprovider-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-1"
@@ -56,7 +56,7 @@ spec:
serviceAccountName: pre-delete-job
containers:
- name: rancher-capiprovider-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args:
- delete
- capiproviders

14
rancher-turtles-chart/templates/pre-install-job.yaml
View File

@@ -1,3 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
{{- if index .Values "rancherTurtles" "rancherInstalled"}}
---
apiVersion: management.cattle.io/v3
@@ -10,13 +11,14 @@ metadata:
spec:
value: false
{{- end }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
{{- end }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-install-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
@@ -47,7 +49,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: pre-install-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
namespace: rancher-turtles-system
roleRef:
kind: ClusterRole
name: pre-install-job-delete-webhooks
@@ -57,7 +59,6 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-mutatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
@@ -68,7 +69,7 @@ spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args:
- delete
- mutatingwebhookconfigurations.admissionregistration.k8s.io
@@ -80,7 +81,6 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-validatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
@@ -91,7 +91,7 @@ spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args:
- delete
- validatingwebhookconfigurations.admissionregistration.k8s.io

345
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

File diff suppressed because it is too large Load Diff

90
rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
View File

@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdmachinesnapshots.turtles-capi.cattle.io
@@ -116,7 +116,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdsnapshotrestores.turtles-capi.cattle.io
@@ -195,20 +195,20 @@ spec:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
This field may not be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -235,7 +235,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: etcd-restore
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
@@ -438,7 +438,29 @@ rules:
- cluster.x-k8s.io
resources:
- clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
verbs:
- create
@@ -477,8 +499,6 @@ rules:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots
- etcdsnapshotrestores
- rke2etcdmachinesnapshotconfigs
verbs:
- create
- delete
@@ -491,15 +511,63 @@ rules:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
- etcdsnapshotrestores/finalizers
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs/status
verbs:
- get

38
rancher-turtles-chart/values.yaml
View File

@@ -1,24 +1,35 @@
rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0
imageVersion: v0.14.1
imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system
managerArguments: []
imagePullSecrets: []
rancherInstalled: false
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
rancherInstalled: true
features:
cluster-api-operator:
cleanup: true
kubectlImage: rancher/kubectl:v1.30.3
embedded-capi:
disabled: false
rancher-webhook:
cleanup: false
kubectlImage: rancher/kubectl:v1.30.3
rancher-kubeconfigs:
label: false
managementv3-cluster:
enabled: true
managementv3-cluster-migration:
enabled: false
propagate-labels:
enabled: false
etcd-snapshot-restore:
enabled: false
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0
imageVersion: v0.14.1
imagePullPolicy: IfNotPresent
# beta feature, see documentation for more information on feature stages
addon-provider-fleet:
enabled: false
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
cluster-api-operator:
enabled: true
cert-manager:
@@ -42,7 +53,6 @@ cluster-api-operator:
- mountPath: /config
name: clusterctl-config
readOnly: true
cleanup: true
cluster-api:
enabled: true
configSecret:
@@ -50,34 +60,30 @@ cluster-api-operator:
defaultName: capi-env-variables
core:
namespace: capi-system
imageUrl: ""
fetchConfig:
url: ""
selector: ""
rke2:
enabled: true
version: ""
bootstrap:
namespace: rke2-bootstrap-system
imageUrl: ""
fetchConfig:
url: ""
selector: ""
controlPlane:
namespace: rke2-control-plane-system
imageUrl: ""
fetchConfig:
url: ""
selector: ""
metal3:
enabled: true
version: "v1.9.2"
version: "v1.8.2"
infrastructure:
namespace: capm3-system
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2"
imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-controller:v1.8.2"
fetchConfig:
url: ""
selector: ""
ipam:
namespace: capm3-system
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3"
imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-ipam-controller:v1.8.1"

BIN
shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm
View File

Binary file not shown.

BIN
shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm
View File

Binary file not shown.

1099
shim-noarch/shim.changes
View File

File diff suppressed because it is too large Load Diff

90
shim-noarch/shim.spec
View File

@@ -1,90 +0,0 @@
#
# spec file for package shim
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%undefine _debuginfo_subpackages
%undefine _build_create_debug
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
%define sysefibasedir %{_datadir}/efi
Name: shim
Version: 15.7
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
Source: shim-15.7-150300.4.16.1.x86_64.rpm
Source1: shim-15.7-150300.4.16.1.aarch64.rpm
Requires: perl-Bootloader
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%description
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%package aarch64
Provides: shim(aarch64)
Group: System/Boot
Summary: UEFI shim loader
%package x86_64
Provides: shim(x86_64)
Group: System/Boot
Summary: UEFI shim loader
%description aarch64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%description x86_64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%prep
rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories
rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories
%build
%install
# purely repackaged
cp -a * %{buildroot}
rm -rf %{buildroot}/usr/lib64/efi
rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
%files aarch64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/aarch64
%{sysefibasedir}/aarch64/shim.efi
%{sysefibasedir}/aarch64/shim-*.efi
%{sysefibasedir}/aarch64/shim-*.der
%{sysefibasedir}/aarch64/MokManager.efi
%{sysefibasedir}/aarch64/fallback.efi
%files x86_64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/x86_64
%{sysefibasedir}/x86_64/shim.efi
%{sysefibasedir}/x86_64/shim-*.efi
%{sysefibasedir}/x86_64/shim-*.der
%{sysefibasedir}/x86_64/MokManager.efi
%{sysefibasedir}/x86_64/fallback.efi
%changelog