steven.hardy/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: steven.hardy:cdi_fix
Branches Tags
steven.hardy:main
steven.hardy:arm_config
steven.hardy:turtles_3.2
steven.hardy:turtles_fix_3.2
steven.hardy:turtles_upgrade_fix
steven.hardy:cdi_fix
steven.hardy:kubevirt_chart
steven.hardy:sriov_update
steven.hardy:capm3_downgrade
steven.hardy:rm_capi_images
steven.hardy:kiwi_fix
steven.hardy:kiwi_builder
steven.hardy:metal3_chart_090
steven.hardy:turtles_013
steven.hardy:rm_old_ipa
steven.hardy:ipa-fix
steven.hardy:kube-rbac-proxy-fix2
steven.hardy:turtles_fix
steven.hardy:metal3_090
steven.hardy:metallb_rbac_proxy
steven.hardy:kube-rbac-proxy-fix
steven.hardy:kube_rbac_proxy
steven.hardy:document-branch
steven.hardy:supportlvl-macro
steven.hardy:run-sync
suse-edge:devel
suse-edge:3.2
suse-edge:main
..
compare: suse-edge:main
Branches Tags
suse-edge:devel
suse-edge:3.2
suse-edge:main
steven.hardy:main
steven.hardy:arm_config
steven.hardy:turtles_3.2
steven.hardy:turtles_fix_3.2
steven.hardy:turtles_upgrade_fix
steven.hardy:cdi_fix
steven.hardy:kubevirt_chart
steven.hardy:sriov_update
steven.hardy:capm3_downgrade
steven.hardy:rm_capi_images
steven.hardy:kiwi_fix
steven.hardy:kiwi_builder
steven.hardy:metal3_chart_090
steven.hardy:turtles_013
steven.hardy:rm_old_ipa
steven.hardy:ipa-fix
steven.hardy:kube-rbac-proxy-fix2
steven.hardy:turtles_fix
steven.hardy:metal3_090
steven.hardy:metallb_rbac_proxy
steven.hardy:kube-rbac-proxy-fix
steven.hardy:kube_rbac_proxy
steven.hardy:document-branch
steven.hardy:supportlvl-macro
steven.hardy:run-sync

78 Commits
cdi_fix ... main

Author SHA256 Message Date
Steven Hardy
eff9a9b0c5 rancher-turtles-chart: Update to 0.16.0 
Align with https://github.com/suse-edge/charts/pull/186
 2025-02-25 15:31:46 +01:00
Steven Hardy
8d336f380b rancher-turtles-airgap-resources-chart: Update to 0.16.0 
Align with https://github.com/suse-edge/charts/pull/186
 2025-02-25 15:31:46 +01:00
Nicolas Belouin
5947d531ab Merge pull request 'Add scheduled workflow for devel branch' (#80) from nbelouin/Factory:trigger-devel-refresh into main 
Reviewed-on: suse-edge/Factory#80
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 15:08:57 +01:00
Nicolas Belouin
15362e9536 Add scheduled workflow for devel branch 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-25 13:26:41 +01:00
Nicolas Belouin
8f20b3433e Fix PR closed workflow 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-24 15:44:23 +01:00
Nicolas Belouin
704eec6875 Merge pull request 'Fix obsinfo tar issues' (#77) from nbelouin/Factory:fix_packages_tar into main 
Reviewed-on: suse-edge/Factory#77
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-24 15:32:13 +01:00
Nicolas Belouin
98c4be017d Add ipcalc, crudini and fakeroot for aarch64 build 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-24 13:50:10 +01:00
Nicolas Belouin
dccf206a98 Fix obsinfo tar issues 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-24 11:21:52 +01:00
Nicolas Belouin
9e41ee25d9 Make wait_obs correctly fail 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-24 11:21:31 +01:00
Nicolas Belouin
d97e434fce PR sha is the wrong one, fix it 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-24 11:16:34 +01:00
Nicolas Belouin
3dea69443d Add more output to wait_obs 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-24 10:47:26 +01:00
Nicolas Belouin
331f08255c Fix gitea not supporting if expressions 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-21 15:38:13 +01:00
Nicolas Belouin
4a99805fde Fix typos in workflows 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-21 15:17:59 +01:00
Nicolas Belouin
6b8a623372 Merge pull request 'Synchronize metadata from template' (#76) from nbelouin/Factory:sync_meta into main 
Reviewed-on: suse-edge/Factory#76
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-02-21 15:04:45 +01:00
Nicolas Belouin
34687fb5e9 Reduce number of maintainers to avoid spam 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-21 09:33:48 +01:00
Nicolas Belouin
5a73d61002 Fix issue with bash being annoying 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-20 15:57:08 +01:00
Rhys Oxenham
4c6d7dea17 Updating Kiwi builder for SL Micro 6.1 builds 2025-02-20 15:38:31 +01:00
Nicolas Belouin
531bb91d27 Merge pull request 'Add metal3 images to ARM allowlist' (#74) from steven.hardy/Factory:arm_config into main 
Reviewed-on: suse-edge/Factory#74
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-02-20 15:34:51 +01:00
Nicolas Belouin
0d3c83fca1 Fix create_project for internal 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-20 14:13:37 +01:00
Nicolas Belouin
4d824b71cc Remove need for workflow 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-20 14:01:04 +01:00
Nicolas Belouin
7f93226cd3 Fix akri tar step 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-20 11:15:35 +01:00
Nicolas Belouin
d6d501ad99 Sync metadata, revamp PR jobs 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-20 11:05:47 +01:00
Steven Hardy
f61bb1e0e6
Add metal3 images to ARM allowlist 
We need to ensure these build to enable usage of the metal3 chart on ARM
 2025-02-20 09:36:23 +00:00
Nicolas Belouin
a510134ed4 Fix sync action typo 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:40:43 +01:00
Nicolas Belouin
54e0941879 Trigger workflow when it changes 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:36:16 +01:00
Nicolas Belouin
c04b2af72b Fix typo in sync_config action workflow 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:34:44 +01:00
Nicolas Belouin
c57aa3344d Merge pull request 'Add project config to git' (#72) from nbelouin/Factory:add_config into main 
Reviewed-on: suse-edge/Factory#72
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-02-14 14:31:37 +01:00
Nicolas Belouin
c86d724e92 Add project config to git 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:31:09 +01:00
Steven Hardy
9d97e8a56d
metal3-chart: Update to 0.9.2 
Align with https://github.com/suse-edge/charts/pull/182
 2025-02-12 09:12:49 +00:00
Steven Hardy
b912f9d68a
ironic-image: update to 26.1.2.2 
Align with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image?linkrev=base&rev=10
https://github.com/suse-edge/charts/pull/182

Fixes a pod restart caused by the runlogwatch.sh script
 2025-02-12 09:06:45 +00:00
Steven Hardy
45443d5b5f
ironic-ipa-downloader-image: remove unused _service entry 
This is hard-coded to x86_64 so won't work for ARM, aligns with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image?linkrev=base&rev=6
 2025-02-07 11:25:21 +00:00
Steven Hardy
ac32110ac1
ironic-ipa-ramdisk: migrate tarball to git-lfs 2025-02-06 16:38:13 +00:00
Steven Hardy
5d20bc38e3
metal3-chart: update to 0.9.1 
Align with https://github.com/suse-edge/charts/pull/173 which
added some fixes to enable deployment on aarch64
 2025-02-06 16:36:07 +00:00
Steven Hardy
e085a97d98
ironic-ipa-downloader-image: update to 3.0.1 
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image
 2025-02-06 16:36:04 +00:00
Steven Hardy
58c8be887a
ironic-ipa-ramdisk: update to 3.0.1 
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-ramdisk
 2025-02-06 16:35:57 +00:00
Steven Hardy
0d59ad920e
ironic-image: update to 26.1.2.1 
Align with latest 26.1.2.1 version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image
 2025-02-05 15:58:26 +00:00
Nicolas Belouin
74133c22f6 Fix service file for frr-k8s-image 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 09:44:56 +01:00
Nicolas Belouin
e85da96001 Merge pull request 'Import missing package: frr-k8s-image' (#67) from nbelouin/Factory:import-frr-k8s-image into main 
Reviewed-on: suse-edge/Factory#67
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-01-17 09:31:28 +01:00
Nicolas Belouin
dab7f36e0b Add package to workflow 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 09:31:10 +01:00
Nicolas Belouin
5490ffcde2 Import missing package: frr-k8s-image 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 09:24:32 +01:00
Nicolas Belouin
04b9c07dd5 Merge pull request 'Add an additional tag without the _up suffix to please Rancher for dashboard extensions' (#65) from nbelouin/Factory:add-no-up-tag-extensions into main 
Reviewed-on: suse-edge/Factory#65
Reviewed-by: Jiří Tomášek <jtomasek@noreply.src.opensuse.org>
 2025-01-16 15:47:33 +01:00
Nicolas Belouin
25de5df782 Add an additional tag without the _up suffix to please Rancher for dashboard extensions 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-16 15:35:46 +01:00
Nicolas Belouin
3f9b8c9e22 Merge pull request 'Use manifest_repo var to allow for release manifest in separate repo' (#57) from nbelouin/Factory:manifest-repo-var into main 
Reviewed-on: suse-edge/Factory#57
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-23 12:11:01 +01:00
Nicolas Belouin
2a993e342e Use manifest_repo var to allow for release manifest in separate repo 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2024-12-23 11:33:04 +01:00
Steven Hardy
cab6fe1bcb
release-manifest: Update to Rancher prime 2.10.1 
2.10.1 was released so update to the prime version
 2024-12-20 09:28:38 +00:00
Ivo Petrov
fde506f9ef Release manifest updates in relation to corner case use-cases (#60) 
Changes:

- Rancher version convention was changed from `v2.10.0` to `2.10.0` to better map to the actual version in the upstream helm chart repo which is without the `v` prefix.

- Rancher's `postDelete` hook has been disabled - done to ensure that we will not hit a corner case where:

   1. The Rancher helm chart upgrade fails, because of a core component not yet being ready
   2. The `helm-controller` schedules a `helm uninstall` which deletes the Rancher Helm release and triggers the `postDelete` hook.
   3. The problematic core component is up and running, so `helm-controller` schedules a `helm install` with the new version.
   4. Due to insufficient resources, or network connection (or other unforeseen problems), the `postDelete` hook is still running and it wrongly removes the new Rancher installation resulting in a missing rancher from the cluster after an upgrade.

The `postDelete` hook ensures that no accidental delete of the Rancher application will happen during an upgrade over a machine with fewer resources.

Reviewed-on: suse-edge/Factory#60
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-19 12:27:23 +01:00
Ivo Petrov
f49e6be155 Bump K8s version in the release manifest (#58) 
- Bumps both RKE2 and K3s versions to the `1.31.3` version that is expected by Rancher `v2.10.1`.

- Bumps the K8s core component versions to the `1.31.3` expected versions.

RKE2 core component versions have been checked against the `Chart Versions` table of the said [release](https://github.com/rancher/rke2/releases/tag/v1.31.3%2Brke2r1).
K3s core component versions have been checked agains the [manifests](https://github.com/k3s-io/k3s/tree/v1.31.3%2Bk3s1/manifests) directory of said release.

Reviewed-on: suse-edge/Factory#58
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-17 09:06:03 +01:00
Ivo Petrov
e820e98a2f Add missing Elemental dashboard chart (#55) 
Reviewed-on: suse-edge/Factory#55
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-12 11:20:22 +01:00
Atanas Dinov
8c31073506 Merge pull request 'Bump upgrade-controller to v0.1.1' (#53) from upgrade-controller-v0.1.1 into main 
Reviewed-on: suse-edge/Factory#53
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-11 18:35:11 +01:00
Atanas Dinov
4bba5fd3f2 Bump chart version 2024-12-11 18:35:11 +01:00
Atanas Dinov
383705e9a3 Bump container image version 2024-12-11 18:35:11 +01:00
Atanas Dinov
a752a25191 Bump RPM version 2024-12-11 18:35:11 +01:00
Ivo Petrov
83fec09683 Introduce K8s distribution core component list (#52) 
Introduces the K8s distribution core component list that the upgrade-controller will follow in order to make sure that a specific Kubernetes upgrade has completed successfully.

Relates to the [#116](https://github.com/suse-edge/upgrade-controller/pull/116) upgrade-controller PR.

Reviewed-on: suse-edge/Factory#52
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-11 15:45:28 +01:00
Nicolas Belouin
32519595dc IPA ramdisk git LFS fix 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2024-12-10 14:01:55 +01:00
Jiri Tomasek
87c7e1be88 Update akri-dashboard-extension-chart to v1.2.1 2024-12-06 09:47:40 +01:00
Jiri Tomasek
568d5d1590 Update kubevirt-dashboard-extension-chart to v1.2.1 2024-12-06 09:30:28 +01:00
Steven Hardy
fbd596290a
release-manifest: Update rancher-turtles chart 
Fix the rancher-turtles-chart version to align with #44
 2024-12-05 17:35:46 +00:00
Steven Hardy
ec6c4745ea
Remove CAPM3/IPAM images 
These are now provided by the rancher registry since #44
 2024-12-05 13:11:00 +00:00
Steven Hardy
856ec2ac8e
rancher-turtles-airgap-resources-chart: Update to 0.14.1 upstream release 
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10
 2024-12-05 11:35:05 +00:00
Steven Hardy
7721c66ab0
rancher-turtles-chart: Update to 0.14.1 upstream release 
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10
 2024-12-05 11:31:40 +00:00
Denislav Prodanov
cf6abb24fb Merge pull request 'fixed versions in eib artifacts' (#42) from dprodanov/Factory:fix-eib-versions into main 
Reviewed-on: suse-edge/Factory#42
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2024-12-04 16:00:26 +01:00
Denislav Prodanov
602249c98d fixed versions in eib artifacts 2024-12-04 16:02:41 +02:00
Steven Hardy
8a93aae7c5
kiwi-builder-image: Align with OBS latest version 
Aligns with the latest fixes in isv:SUSE:Edge:KiwiBuilder/kiwi-builder-10
 2024-12-02 18:19:04 +00:00
Denislav Prodanov
aba448b275 Merge pull request 'updated longhorn and neuvector to latest 105 charts' (#38) from dprodanov/Factory:update-release-manifests into main 
Reviewed-on: suse-edge/Factory#38
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
 2024-11-28 16:05:04 +01:00
Denislav Prodanov
09954e5818 updated longhorn and neuvector to latest 105 charts 2024-11-28 16:57:54 +02:00
Steven Hardy
636493adba
rancher-turtles: Fix issue in 0.4.0 chart 
The previous import was based on a pre-merge copy of the following PR
- an issue was discovered during SV validation which required an
additional change to ensure CRDs are created before creating the
ClusterctlConfig CR

https://github.com/suse-edge/charts/pull/166
 2024-11-27 08:23:32 +00:00
Atanas Dinov
f5cc155d16 Fix kubevirt chart build tags 2024-11-22 10:54:32 +01:00
Ivo Petrov
a5633fd239 Remove the suffix from kubectl package name 2024-11-22 10:52:54 +01:00
Steven Hardy
d719b5b6e5 rancher-turtles: image/version fixes 
After further testing I discovered that the cluster-api-controller is
not correctly pinned or using the downstream image, and a similar
problem exists for CAPM3 (but only after upgrade from an older chart)
due to a mistake in the templating.
 2024-11-22 10:52:15 +01:00
Ivo Petrov
dda8040420 Add missing kubectl image (#32) 
Reviewed-on: suse-edge/Factory#32
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-11-22 10:16:53 +01:00
Atanas Dinov
dc44cb42bf Fix service param definitions (#30) 
Reviewed-on: suse-edge/Factory#30
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Co-authored-by: Atanas Dinov <atanas.dinov@suse.com>
Co-committed-by: Atanas Dinov <atanas.dinov@suse.com>
 2024-11-21 17:26:05 +01:00
Nicolas Belouin
ee82509ce9 Merge pull request 'add frr image' (#29) from import-frr into main 
Reviewed-on: suse-edge/Factory#29
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2024-11-21 16:48:00 +01:00
Denislav Prodanov
bfd031153d run sync package 2024-11-20 19:31:00 +02:00
Denislav Prodanov
a8bd38569b add frr image 2024-11-20 16:16:11 +02:00
Denislav Prodanov
cfe2e92d13 Merge pull request 'Bump release manifest to 3.2.0' (#27) from release-manifest-3.2.0-prep into main 
Reviewed-on: suse-edge/Factory#27
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-11-20 10:47:29 +01:00
Atanas Dinov
40010f5c4f
Fix chart tags 2024-11-20 11:18:07 +02:00
Atanas Dinov
729dbefe78
Fix Edge charts versioning 2024-11-19 19:48:50 +02:00
Atanas Dinov
996ee3b221
Bump release manifest to 3.2.0 2024-11-19 17:00:37 +02:00
112 changed files with 3357 additions and 2097 deletions
Show Stats Expand all files Collapse all files

62
.gitea/workflows/pr_project.yaml Normal file
View File

@ -0,0 +1,62 @@
name: Build PR in OBS
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- closed
branches-ignore:
- "devel"
concurrency:
group: ${{ gitea.workflow }}-${{ gitea.ref }}
cancel-in-progress: true
jobs:
sync-pr-project:
name: "Build PR in OBS"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
zypper in -y python3-jinja2
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: "[if PR is closed] Delete project in OBS"
run: |
if [ "${{ gitea.event.action }}" = "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
osc rdelete -f -r -m "PR closed" "${PROJECT}:Staging:PR-${{ gitea.event.number }}"
fi
- name: "Setup PR project in OBS"
env:
SCM_URL: ${{ gitea.event.pull_request.head.repo.clone_url }}#${{ gitea.head_ref }}
run: |
if [ "${{ gitea.event.action }}" != "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
python3 .obs/render_meta.py --pr ${{ gitea.event.number }} --scm-url "${SCM_URL}" | osc meta prj "${PROJECT}:Staging:PR-${{ gitea.event.number }}" -F -
echo "Project created ${PROJECT}:Staging:PR-${{ gitea.event.number }}"
echo "Follow build at: https://build.opensuse.org/project/monitor/${PROJECT}:Staging:PR-${{ gitea.event.number }}"
fi
- env:
GIT_SHA: ${{ gitea.event.pull_request.head.sha }}
name: "Wait for OBS to build the project"
run: |
if [ "${{ gitea.event.action }}" != "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
export OBS_PROJECT="${PROJECT}:Staging:PR-${{ gitea.event.number }}"
python3 .obs/wait_obs.py
fi

35
.gitea/workflows/sync_config.yaml Normal file
View File

@ -0,0 +1,35 @@
name: Synchronize Project Config
on:
push:
branches-ignore:
- "devel"
paths:
- "_config"
- ".gitea/workflows/sync_config.yaml"
jobs:
sync-prjconf:
name: "Update prjconf in OBS"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- run: |
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
if [ "$(osc meta prjconf "${PROJECT}" | sha256sum)" != "$(cat _config | sha256sum)" ] ; then
osc meta prjconf "${PROJECT}" -F _config
fi

45
.gitea/workflows/sync_meta.yaml Normal file
View File

@ -0,0 +1,45 @@
name: Synchronize Project Metadata
on:
push:
branches-ignore:
- "devel"
paths:
- "*" # Will trigger on new directories and changes to files in root of repository
- ".gitea/workflows/sync_meta.yaml"
- ".obs/common.py"
jobs:
sync-prj-meta:
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
zypper in -y python3-jinja2
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: "Update or create OBS Project"
run: |
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
set -o pipefail
if meta="$(osc meta prj "${PROJECT}" 2>/dev/null | sha256sum)"; then
new_meta="$(python3 .obs/render_meta.py)"
if [ "${meta}" != "$(echo "${new_meta}" | sha256sum)" ]; then
echo "${new_meta}" | osc meta prj "${PROJECT}" -F -
fi
python3 .obs/sync_packages.py
else
# Create the projects
bash .obs/create_projects.sh
fi

30
.gitea/workflows/trigger_devel.yaml Normal file
View File

@ -0,0 +1,30 @@
name: Trigger Devel Packages
on:
schedule:
- cron: "@daily"
jobs:
sync-pr-project:
name: "Trigger source services for devel packages that changed"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py

28
.obs/add_package.py
View File

@ -1,5 +1,4 @@
#!/usr/bin/env python3
import yaml
import subprocess
import argparse
import os
@ -7,30 +6,6 @@ import os.path
from common import PROJECT, REPOSITORY, BRANCH
def add_package_to_workflow(name: str):
modified = False
with open(".obs/workflows.yml", "r") as wf_file:
workflows = yaml.safe_load(wf_file)
if not any(
x
for x in workflows["staging_build"]["steps"]
if x["branch_package"]["source_package"] == name
):
workflows["staging_build"]["steps"].append(
{
"branch_package": {
"source_project": PROJECT,
"target_project": f"{PROJECT}:Staging",
"source_package": name,
}
}
)
modified = True
if modified:
with open(".obs/workflows.yml", "w") as wf_file:
yaml.dump(workflows, wf_file)
def add_package_to_project(name: str):
package_meta = f"""<package name="{name}" project="{PROJECT}">
<title/>
@ -53,7 +28,6 @@ def add_package(package_name: str):
os.exit(1)
add_package_to_project(package_name)
add_package_to_workflow(package_name)
def main():
@ -65,7 +39,7 @@ def main():
add_package(args.package)
print("Package created in OBS, you can now push the modified workflow file")
print("Package created in OBS !")
if __name__ == '__main__':

37
.obs/create_projects.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
show_help() {
echo "Usage: $(basename $0) [--internal]"
echo "options:"
echo "-h, --help display this help and exit"
echo "-i, --internal create project as internal"
exit 0
}
while [[ "$#" -gt 0 ]]; do
case $1 in
-h|--help) show_help;;
-i|--internal) internal="--internal" ;;
*) echo "Unknown parameter passed: $1";show_help ;;
esac
shift
done
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
EXTRA_OSC_ARGS=""
if [ -n "$internal" ]; then
PROJECT="ISV${PROJECT:3}"
EXTRA_OSC_ARGS="-A https://api.suse.de"
python3 .obs/render_meta.py ${internal} Snapshot | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:Snapshot" -F -
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:Snapshot" -F _config
fi
python3 .obs/render_meta.py ${internal} ToTest | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:ToTest" -F -
python3 .obs/render_meta.py ${internal} | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}" -F -
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:ToTest" -F _config
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}" -F _config
if [ -z "$internal" ]; then
python3 .obs/sync_packages.py
fi

14
.obs/delete_package.py
View File

@ -1,5 +1,4 @@
#!/usr/bin/env python3
import yaml
import subprocess
import argparse
import os
@ -8,18 +7,6 @@ import os.path
from common import PROJECT
def delete_package_from_workflow(name: str):
with open(".obs/workflows.yml", "r") as wf_file:
workflows = yaml.safe_load(wf_file)
workflows["staging_build"]["steps"] = [
x
for x in workflows["staging_build"]["steps"]
if x["branch_package"]["source_package"] != name
]
with open(".obs/workflows.yml", "w") as wf_file:
yaml.dump(workflows, wf_file)
def delete_package_from_project(name: str):
p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
print(p.stdout)
@ -33,7 +20,6 @@ def delete_package(package_name: str):
os.exit(1)
delete_package_from_project(package_name)
delete_package_from_workflow(package_name)
def main():

62
.obs/render_meta.py Normal file
View File

@ -0,0 +1,62 @@
import argparse
from jinja2 import Template
from common import PROJECT
def render(base_project, subproject, internal, scm_url=None):
version = base_project.rsplit(':', 1)[-1]
context = {
"base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(),
}
if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest"
context["description"] = (
f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
"project currently going through the automated test layer"
)
if "Factory" in base_project or internal:
context["release_project"] = f"{base_project}:Snapshot"
elif subproject == "Snapshot":
context["project"] = f"{base_project}:Snapshot"
context["release_project"] = f"{base_project.rsplit(':', 1)[0]}:Containers"
context["for_release"] = True
context["description"] = (
f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
"project that passed automated test layer"
)
elif subproject == "":
context["project"] = base_project
context["release_project"] = f"{base_project}:ToTest"
else: # PR case direct python call
context["base_project"] = True
context["project"] = f"{base_project}:{subproject}"
if scm_url is not None:
context["scm_url"] = scm_url
with open("_meta") as meta:
template = Template(meta.read())
return template.render(context)
def main():
parser = argparse.ArgumentParser(
prog='ProgramName',
description='What the program does',
epilog='Text at the bottom of help')
parser.add_argument("subproject", default="", choices=["", "ToTest", "Snapshot"], nargs="?")
parser.add_argument("--internal", action="store_true")
parser.add_argument("--pr")
parser.add_argument("--scm-url")
args = parser.parse_args()
base_project = PROJECT.replace("isv", "ISV", 1) if args.internal else PROJECT
print(render(
base_project=base_project,
subproject=args.subproject if args.pr is None else f"Staging:PR-{args.pr}",
internal=args.internal,
scm_url=args.scm_url,
))
if __name__ == "__main__":
main()

2
.obs/sync_packages.py
View File

@ -9,7 +9,7 @@ from common import PROJECT
def get_obs_packages() -> Set[str]:
packages = subprocess.run(["osc", "ls", PROJECT], encoding='utf-8' , capture_output=True)
return set(packages.stdout.splitlines())
return { p for p in packages.stdout.splitlines() if ":" not in p }
def get_local_packages() -> Set[str]:
p = pathlib.Path('.')

83
.obs/wait_obs.py Normal file
View File

@ -0,0 +1,83 @@
import xml.etree.ElementTree as ET
import subprocess
import time
import os
import sys
from collections import Counter
def get_buildstatus(project: str) -> ET.Element:
for _ in range(5):
try:
output = subprocess.check_output(["osc", "pr", "--xml", project])
return ET.fromstring(output)
except subprocess.CalledProcessError:
continue
print("Failed to get buildstatus from OBS")
def do_wait(project:str, commit:str) -> ET.Element:
last_state = None
while True:
time.sleep(5)
status = get_buildstatus(project)
if last_state == status.get("state"):
continue
else:
last_state = status.get("state")
scminfo = { e.text for e in status.findall(".//scminfo") }
if len(scminfo) != 1 or scminfo.pop() != commit:
print("Waiting for OBS to sync with SCM")
continue
if not all([ e.get('state') == "published" and e.get('dirty') is None for e in status.findall("./result")]):
print("Waiting for OBS to finish building")
continue
return status
def print_results(status: ET.Element) -> bool:
results = {}
failed = []
for e in status.findall("./result"):
repo = results.get(e.get("repository"), {})
repo[e.get("arch")] = e
results[e.get("repository")] = repo
for repo in results.keys():
print(f"{repo}:")
depth=1
for arch in results[repo].keys():
counts = Counter()
if repo != "charts":
print(f"\t{arch}:")
depth=2
for package in results[repo][arch].findall("./status"):
if package.get("code") in ["excluded", "disabled"]:
continue
if package.get("code") in ["failed", "unresolvable", "broken"]:
details = package.findtext("details")
if details:
failed.append(f"{package.get('package')} ({arch}): {details}")
else:
failed.append(f"{package.get('package')} ({arch})")
counts[package.get("code")] += 1
for (code, count) in counts.items():
print("\t"*depth, f"{code}: {count}")
failed.sort()
if failed:
print("\nPackages failing: ")
for fail in failed:
print("\t", fail)
return len(failed)
def main():
project = os.environ.get("OBS_PROJECT")
sha = os.environ.get("GIT_SHA")
print(f"Waiting for OBS to build {project} for commit {sha}")
status = do_wait(project, sha)
sys.exit(print_results(status))
if __name__ == "__main__":
main()

220
.obs/workflows.yml
View File

@ -1,220 +0,0 @@
staging_build:
filters:
event: pull_request
steps:
- branch_package:
source_package: endpoint-copier-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: endpoint-copier-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: endpoint-copier-operator-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-agent-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-dashboard-extension-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-debug-echo-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-onvif-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-opcua-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-udev-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-webhook-configuration-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: obs-service-set_version
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cosign
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: frr-k8s
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubectl
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: nm-configurator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kube-rbac-proxy
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: edge-image-builder
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: hauler
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: baremetal-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cdi-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-crd-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: edge-image-builder-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ironic-ipa-downloader-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metal3-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: baremetal-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-network-operator-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-speaker-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ironic-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cri-tools
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: crudini
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: fakeroot
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ipcalc
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: autoconf
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: rancher-turtles-airgap-resources-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: rancher-turtles-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kube-rbac-proxy-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ironic-ipa-ramdisk
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubevirt-dashboard-extension-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kiwi-builder-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubevirt-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: release-manifest-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging

15
README.md
View File

@ -5,15 +5,6 @@ Contains the definition of the packages built on OBS for the SUSE Edge Solution
This repository is linked to an OBS project: <https://build.opensuse.org/project/show/isv:SUSE:Edge:Factory>
Every directory in this repository represents a package in that OBS project, those should be synced automatically from this repository.
## Adding a package
To add a package, first create a directory with your package as you intend it in OBS.
Then run the `.obs/add_package.py` script to create the package in the OBS project and add the required elements to the synchronization workflow.
This script is using the `osc` command behind the scenes, so ensure you have it installed and correctly configured, as well as you have the correct permissions to create a new package in the project.
You will then get asked to push your changes.
## Testing a fork or a development branch
You can create a project in your home space in OBS, use the same prjconf as the one of "isv:SUSE:Edge:Factory", and copy the repositories part of the metadata (adjust self references).
@ -23,16 +14,14 @@ Then add a scmsync stanza to your metadata like this (adjust repository path and
<scmsync>https://src.opensuse.org/suse-edge/Factory#main</scmsync>
```
This is done automatically for any PR filed against this repository.
## Cutting a release version branch
1. Do the appropriate git branch command
2. Change the project path in `.obs/common.py` file (e.g. from `isv:SUSE:Edge:Factory` to `isv:SUSE:Edge:3.2`)
3. Change the branch reference in `.obs/common.py` file (e.g. from `main` to `3.2`)
4. Edit the `.obs/workflows.yml` file to change the references to the correct projects
5. Commit those changes to the new branch and push the new branch
6. Create the base and to-test projects (e.g. `isv:SUSE:Edge:3.2` and `isv:SUSE:Edge:3.2:ToTest`), use the `isv:SUSE:Edge:Factory` projects as example for metadata part
7. Use the prjconf of Factory in all those projects
8. Run the `.obs/sync_packages.py` script to create all the packages in the base project
9. Go take a few cups of coffee/tea/mate/... while waiting for OBS to build everything
10. Once built do an `osc release` of the project for it to be copied over in the `ToTest` section
11. Hand over to QA to test whatever is in `ToTest`. (You can continue to work on the base branch if needed meanwhile)

125
_config Normal file
View File

@ -0,0 +1,125 @@
Prefer: -libqpid-proton10 -python311-urllib3_1
Macros:
%__python3 /usr/bin/python3.11
%registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
:Macros
%if "%{sub %{lower %_project} 1 14}" != "isv:suse:edge:" || "%{sub %_project 15 21}" == "Factory"
# Here we are in Factory like project so set chart major version to 999
Macros:
%chart_major 999
:Macros
%else
# Here we are in version branch, so set the image prefix and chart major accordingly
Macros:
%project_branch %(echo %{_project} | cut -d ':' -f 4)
%img_prefix %{project_branch}/
%chart_major %(echo %{project_branch} | awk '{split($1,a,"."); print a[1]*100 + a[2]}')
:Macros
%endif
%if %{sub %_project 1 3} == ISV
Macros:
%img_repo registry.suse.com/edge
%chart_repo oci://registry.suse.com/edge
%manifest_repo registry.suse.com/edge
%support_level l3
:Macros
%else
Macros:
%img_repo registry.opensuse.org/isv/suse/edge/containers/images
%manifest_repo registry.opensuse.org/isv/suse/edge/containers/images
%chart_repo oci://registry.opensuse.org/isv/suse/edge/containers/charts
%support_level techpreview
:Macros
%endif
%if "%_repository" == "charts" || "%_repository" == "test_manifest_images"
Macros:
%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
:Macros
%endif
# Missing deps for testsuite
BuildFlags: excludebuild:autoconf:el
BuildFlags: excludebuild:autoconf:testsuite
# Only build manifest embedding images here
%if "%_repository" == "test_manifest_images"
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:release-manifest-image
# Exclude the images selected by the following section
# as the standard repository is a dependency
%ifarch aarch64
BuildFlags: excludebuild:baremetal-operator-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
%endif
%else
# Only a subset of stack is arm64 ready
%ifarch aarch64
BuildFlags: onlybuild:autoconf
BuildFlags: onlybuild:baremetal-operator
BuildFlags: onlybuild:baremetal-operator-image
BuildFlags: onlybuild:ca-certificates-suse
BuildFlags: onlybuild:cosign
BuildFlags: onlybuild:crudini
BuildFlags: onlybuild:edge-image-builder
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:endpoint-copier-operator
BuildFlags: onlybuild:endpoint-copier-operator-image
BuildFlags: onlybuild:fakeroot
BuildFlags: onlybuild:hauler
BuildFlags: onlybuild:ipcalc
BuildFlags: onlybuild:ironic-image
BuildFlags: onlybuild:ironic-ipa-downloader-image
BuildFlags: onlybuild:ironic-ipa-ramdisk
BuildFlags: onlybuild:kube-rbac-proxy
BuildFlags: onlybuild:kube-rbac-proxy-image
BuildFlags: onlybuild:metallb
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
%endif
%endif
%if "%_repository" == "images" || "%_repository" == "test_manifest_images"
Prefer: container:sles15-image
Type: docker
Repotype: none
Patterntype: none
BuildEngine: podman
Prefer: sles-release
BuildFlags: dockerarg:SLE_VERSION=15.6
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
%endif
%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
Type: helm
Repotype: helm
Patterntype: none
Required: perl-YAML-LibYAML
%endif
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
%endif
# Enable reproducible builds
# https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
Macros:
%source_date_epoch_from_changelog Y
%clamp_mtime_to_source_date_epoch Y
%use_source_date_epoch_as_buildtime Y
%_buildhost reproducible
:Macros

69
_meta Normal file
View File

@ -0,0 +1,69 @@
{#-
This template is rendered by the render_meta.py script
it is not automatically enforced by OBS
-#}
{%- set maintainers = [
"edge-engineering",
] -%}
<project name="{{ project }}">
<title>{{ title }}</title>
{%- if description is defined %}
<description>{{ description }}</description>
{%- else %}
<description/>
{%- endif %}
{%- if scm_url is defined %}
<scmsync>{{ scm_url }}</scmsync>
{%- endif %}
{%- for maintainer in maintainers %}
<person userid="{{ maintainer }}" role="maintainer"/>
{%- endfor %}
{%- if not base_project %}
<build>
<disable/>
<enable repository="charts"/>
<enable repository="test_manifest_images"/>
</build>
<publish>
<disable repository="phantomcharts"/>
</publish>
<repository name="phantomcharts">
<arch>x86_64</arch>
</repository>
{%- endif %}
{%- for repository in ["images", "test_manifest_images"] %}
<repository name="{{ repository }}">
{%- if release_project is defined and repository == "images" %}
<releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
{%- endif %}
<path project="SUSE:Registry" repository="standard"/>
<path project="SUSE:CA" repository="SLE_15_SP6"/>
<path project="{{ project }}" repository="standard"/>
<arch>x86_64</arch>
<arch>aarch64</arch>
</repository>
{%- endfor %}
<repository name="standard" block="local">
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %}
<path project="Cloud:OpenStack:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch>
<arch>aarch64</arch>
</repository>
<repository name="charts"{{ ' rebuild="local"' if not base_project }}>
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="phantomcharts" trigger="manual"/>
{%- endif %}
<path project="{{ project }}" repository="standard"/>
<arch>x86_64</arch>
</repository>
{%- if for_release %}
<repository name="releasecharts" rebuild="local">
<releasetarget project="{{ release_project }}" repository="charts" trigger="manual"/>
<path project="{{ project }}" repository="standard"/>
<arch>x86_64</arch>
</repository>
{%- endif %}
</project>

11
akri-dashboard-extension-chart/Chart.yaml
View File

@ -1,5 +1,6 @@
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Akri
@ -10,11 +11,11 @@ annotations:
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
apiVersion: v2
appVersion: 1.2.0
appVersion: 1.2.1
description: "SUSE Edge: Akri extension for Rancher Dashboard"
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.0"
version: "%%CHART_MAJOR%%.0.0+up1.2.1"

2
akri-dashboard-extension-chart/templates/cr.yaml
View File

@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.0
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
akri-dashboard-extension-chart/values.yaml
View File

@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

4
akri/_service
View File

@ -10,7 +10,9 @@
<service name="cargo_vendor" mode="manual">
<param name="srcdir">akri</param>
</service>
<service name="tar" mode="buildtime" />
<service name="tar" mode="buildtime">
<param name="obsinfo">akri.obsinfo</param>
</service>
<service name="set_version" mode="buildtime" >
<param name="fromfile">version.txt</param>
<param name="regex">^(.*)$</param>

8
baremetal-operator/_service
View File

@ -12,10 +12,8 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar">
<param name="obsinfo">baremetal-operator.obsinfo</param>
</service>
<service name="go_modules">
</service>
@ -23,7 +21,7 @@
<param name="file">baremetal-operator.spec</param>
<param name="var">SOURCE_COMMIT</param>
<param name="eval">
SOURCE_COMMIT=$(grep commit *.obsinfo | cut -d" " -f2)
SOURCE_COMMIT=$(grep commit baremetal-operator.obsinfo | cut -d" " -f2)
</param>
<param name="verbose">1</param>
</service>

2
baremetal-operator/baremetal-operator.spec
View File

@ -22,7 +22,7 @@ Release: 0.8.0
Summary: Implements a Kubernetes API for managing bare metal hosts
License: Apache-2.0
URL: https://github.com/metal3-io/baremetal-operator
Source: baremetal-operator-%{version}.tar.gz
Source: baremetal-operator-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390

36
cluster-api-provider-metal3-image/Dockerfile
View File

@ -1,36 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-metal3
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/cluster-api-provider-metal3 /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

23
cluster-api-provider-metal3/_service
View File

@ -1,23 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
<param name="scm">git</param>
<param name="revision">v1.7.2</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

54
cluster-api-provider-metal3/cluster-api-provider-metal3.spec
View File

@ -1,54 +0,0 @@
#
# spec file for package cluster-api-provider-metal3
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-provider-metal3
Version: 1.7.2
Release: 0
Summary: Cluster API Infrastructure Provider for Metal3
License: Apache-2.0
URL: https://github.com/metal3-io/cluster-api-provider-metal3
Source: cluster-api-provider-metal3-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API Provider Metal3 is one of the providers for Cluster API and enables
users to deploy a Cluster API based cluster on top of bare metal infrastructure
using Metal3.
%prep
%autosetup -a1 -n cluster-api-provider-metal3-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
-a -ldflags '-extldflags "-static"'
%install
install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-provider-metal3
%changelog

6
cosign/_service
View File

@ -8,10 +8,8 @@
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar">
<param name="obsinfo">cosign.obsinfo</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">

2
cosign/cosign.spec
View File

@ -24,7 +24,7 @@ Release: 0
Summary: Container Signing, Verification and Storage in an OCI registry
License: Apache-2.0
URL: https://github.com/rancher-government-carbide/cosign
Source: cosign-%{version}.tar.gz
Source: cosign-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang-packaging

4
edge-image-builder-image/_service
View File

@ -7,10 +7,14 @@
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="file">artifacts.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
<param name="var">CHART_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

9
edge-image-builder-image/artifacts.yaml
View File

@ -1,11 +1,11 @@
metallb:
chart: metallb-chart
repository: %%CHART_REPO%%/3.1
version: 0.14.9
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
endpoint-copier-operator:
chart: endpoint-copier-operator-chart
repository: %%CHART_REPO%%/3.1
version: 0.2.1
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
kubernetes:
k3s:
selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
@ -13,4 +13,3 @@ kubernetes:
rke2:
selinuxPackage: rke2-selinux
selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch

6
edge-image-builder/_service
View File

@ -9,10 +9,8 @@
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar">
<param name="obsinfo">edge-image-builder.obsinfo</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">

2
edge-image-builder/edge-image-builder.spec
View File

@ -22,7 +22,7 @@ Release: 0
Summary: Edge Image Builder
License: Apache-2.0
URL: https://github.com/suse-edge/edge-image-builder
Source: edge-image-builder-%{version}.tar.gz
Source: edge-image-builder-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) go1.22
BuildRequires: golang-packaging

6
endpoint-copier-operator/_service
View File

@ -12,10 +12,8 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar">
<param name="obsinfo">endpoint-copier-operator.obsinfo</param>
</service>
<service name="go_modules">
</service>

2
endpoint-copier-operator/endpoint-copier-operator.spec
View File

@ -22,7 +22,7 @@ Release: 0.2.0
Summary: Implements a Kubernetes API for copying endpoint resources
License: Apache-2.0
URL: https://github.com/suse-edge/endpoint-copier-operator
Source: endpoint-copier-operator-%{version}.tar.gz
Source: endpoint-copier-operator-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.20
ExcludeArch: s390

58
frr-image/Dockerfile Normal file
View File

@ -0,0 +1,58 @@
# SPDX-License-Identifier: MIT
#!BuildTag: %%IMG_PREFIX%%frr:8.4
#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
#!BuildVersion: 15.5
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.frr
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="FRR Container Image"
LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="8.4"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
#Install frr
USER root
ENV PYTHONDONTWRITEBYTECODE yes
# frr.sh is the entry point. This script examines environment
# variables to direct operation and configure ovn
ADD frr.sh /root/
ADD daemons /etc/frr
ADD frr.conf /etc/frr
ADD vtysh.conf /etc/frr
RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
RUN ln -s /usr/bin/catatonit /sbin/tini
RUN usermod -a -G frrvty frr
COPY docker-start /usr/libexec/frr/docker-start
RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
WORKDIR /root
ENTRYPOINT ["/sbin/tini", "--"]
COPY docker-start /usr/lib/frr/docker-start
RUN chmod +x /usr/lib/frr/docker-start
CMD ["/usr/lib/frr/docker-start"]

6
cluster-api-provider-metal3-image/_service → frr-image/_service
View File

@ -1,12 +1,6 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-metal3_version%%</param>
<param name="package">cluster-api-provider-metal3</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

82
frr-image/daemons Normal file
View File

@ -0,0 +1,82 @@
# This file tells the frr package which daemons to start.
#
# Entries are in the format: <daemon>=(yes|no|priority)
# 0, "no" = disabled
# 1, "yes" = highest priority
# 2 .. 10 = lower priorities
#
# For daemons which support multiple instances, a 2nd line listing
# the instances can be added. Eg for ospfd:
# ospfd=yes
# ospfd_instances="1,2"
#
# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
# They're used to start the FRR daemons in more than one step
# (for example start one or two at network initialization and the
# rest later). The number of FRR daemons being small, priorities
# must be between 1 and 9, inclusive (or the initscript has to be
# changed). /etc/init.d/frr then can be started as
#
# /etc/init.d/frr <start|stop|restart|<priority>>
#
# where priority 0 is the same as 'stop', priority 10 or 'start'
# means 'start all'
#
# Sample configurations for these daemons can be found in
# /usr/share/doc/frr/examples/.
#
# ATTENTION:
#
# When activation a daemon at the first time, a config file, even if it is
# empty, has to be present *and* be owned by the user and group "frr", else
# the daemon will not be started by /etc/init.d/frr. The permissions should
# be u=rw,g=r,o=.
# When using "vtysh" such a config file is also needed. It should be owned by
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
#
watchfrr_enable=yes
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
#
zebra=yes
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
nhrpd=no
eigrpd=no
sharpd=no
pbrd=no
staticd=yes
bfdd=yes
fabricd=no
#
# Command line options for the daemons
#
zebra_options=("-A 127.0.0.1")
bgpd_options=("-A 127.0.0.1")
ospfd_options=("-A 127.0.0.1")
ospf6d_options=("-A ::1")
ripd_options=("-A 127.0.0.1")
ripngd_options=("-A ::1")
isisd_options=("-A 127.0.0.1")
pimd_options=("-A 127.0.0.1")
nhrpd_options=("-A 127.0.0.1")
eigrpd_options=("-A 127.0.0.1")
sharpd_options=("-A 127.0.0.1")
pbrd_options=("-A 127.0.0.1")
staticd_options=("-A 127.0.0.1")
bfdd_options=("-A 127.0.0.1")
fabricd_options=("-A 127.0.0.1")
#
# If the vtysh_enable is yes, then the unified config is read
# and applied if it exists. If no unified frr.conf exists
# then the per-daemon <daemon>.conf files are used)
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
# it is highly suggested to have this set to yes
vtysh_enable=yes

4
frr-image/docker-start Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
source /usr/lib/frr/frrcommon.sh
/usr/lib/frr/watchfrr $(daemon_list)

53
frr-image/frr.conf Normal file
View File

@ -0,0 +1,53 @@
frr defaults traditional
log file /var/log/frr/frr.log
log syslog informational
log stdout debugging
ipv6 forwarding
service integrated-vtysh-config
!
debug bgp updates in
debug bgp updates out
debug bgp zebra
!
interface eth0
no ipv6 nd suppress-ra
ipv6 nd ra-interval 10
!
router bgp OCPASN
bgp router-id OCPROUTERID
bgp bestpath as-path multipath-relax
bgp bestpath compare-routerid
!
neighbor OCPnodes peer-group
neighbor OCPnodes description Internal OCP Nodes
neighbor OCPnodes remote-as OCPASN
neighbor OCPnodes bfd
neighbor OCPnodes capability extended-nexthop
!neighbor eth0 interface peer-group OCPnodes
!neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
neighbor OCPPEER peer-group OCPnodes
!
address-family ipv4 unicast
redistribute connected
neighbor OCPnodes activate
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor OCPnodes activate
neighbor OCPnodes nexthop-local unchanged
exit-address-family
!
!
bfd
peer OCPPEER vrf default interface eth0
receive-interval 2000
transmit-interval 2000
echo-mode
echo-interval 3000
no shutdown
exit
!
line vty
!

124
frr-image/frr.sh Normal file
View File

@ -0,0 +1,124 @@
#!/bin/bash
#set -euo pipefail
# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
set -x
fi
# The argument to the command is the operation to be performed
# frr-node display display_env
# a cmd must be provided, there is no default
cmd=${1:-""}
# The frr user id, by default it is going to be frr:frr
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# This script is the entrypoint to the image.
# frr.sh version (update when API between daemonset and script changes - v.x.y)
frr_version="3"
# The daemonset version must be compatible with this script.
# The default when FRR_DAEMONSET_VERSION is not set is version 3
frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
# hostname is the host's hostname when using host networking,
# This is useful on the master
# otherwise it is the container ID (useful for debugging).
frr_pod_host=${K8S_NODE:-$(hostname)}
# The ovs user id, by default it is going to be root:root
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# frr.conf variables
ocp_asn=${OCPASN:-65000}
ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
ocp_peer=${OCPPEER:-"10.10.10.1"}
FRR_ETCDIR=/etc/frr
FRR_RUNDIR=/var/run/frr
FRR_LOGDIR=/var/log/frr
# =========================================
setup_frr_permissions() {
chown -R ${frr_user_id} ${FRR_RUNDIR}
chown -R ${frr_user_id} ${FRR_LOGDIR}
chown -R ${frr_user_id} ${FRR_ETCDIR}
}
# =========================================
display_version() {
echo " =================== hostname: ${frr_pod_host}"
echo " =================== daemonset version ${frr_daemonset_version}"
if [[ -f /root/git_info ]]; then
disp_ver=$(cat /root/git_info)
return
fi
}
display_env() {
echo FRR_USER_ID ${frr_user_id}
echo FRR_OPTIONS ${frr_options}
echo frr.sh version ${frr_version}
echo ocp_asn ${ocp_asn}
echo ocp_routerid ${ocp_routerid}
echo ocp_peer ${ocp_peer}
}
# frr-node - all nodes
frr-node() {
trap 'kill $(jobs -p) ; exit 0' TERM
rm -f ${FRR_RUNDIR}/frr.pid
echo "=============== frr-node ========== update frr.conf"
sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
#chown -R frr:frr /etc/frr
chown -R frr:frr ${FRR_RUNDIR}
echo "=============== frr-node ========== starting"
# /usr/lib/frr/frrinit.sh start
# bash -x /usr/lib/frr/frrinit.sh start
bash -x
/usr/lib/frr/frrinit.sh start
frrResult=$?
echo "=============== frrinit result is ${frrResult} "
# Sleep forever
exec tail -f /dev/null
}
echo "================== frr.sh --- version: ${frr_version} ================"
display_version
display_env
case ${cmd} in
"frr-node")
frr-node
;;
"display_env")
display_env
exit 0
;;
"display")
display
exit 0
;;
*)
echo "invalid command ${cmd}"
echo "valid v3 commands: frr-node display_env display "
exit 0
;;
esac
exit 0

0
frr-image/vtysh.conf Normal file
View File

23
ip-address-manager-image/Dockerfile → frr-k8s-image/Dockerfile
View File

@ -1,26 +1,25 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends frr-k8s; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ip-address-manager
# labelprefix=com.suse.application.endpoint-copier-operator
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
LABEL org.opencontainers.image.title="SLE frr-k8s Container Image"
LABEL org.opencontainers.image.description="frr-k8s based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%frr-k8s_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@ -29,8 +28,6 @@ LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
#Install frr-k8s
COPY --from=base /installroot /
RUN mv /usr/bin/ip-address-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]
ENTRYPOINT ["/frr-k8s"]

4
ip-address-manager-image/_service → frr-k8s-image/_service
View File

@ -3,8 +3,8 @@
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%ip-address-manager_version%%</param>
<param name="package">ip-address-manager</param>
<param name="regex">%%frr-k8s_version%%</param>
<param name="package">frr-k8s</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">

6
frr-k8s/_service
View File

@ -12,10 +12,8 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar">
<param name="obsinfo">frr-k8s.obsinfo</param>
</service>
<service name="go_modules">
</service>

2
frr-k8s/frr-k8s.spec
View File

@ -22,7 +22,7 @@ Release: 0.0.14
Summary: A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
License: Apache-2.0
URL: https://github.com/metallb/frr-k8s
Source: frr-k8s-%{version}.tar.gz
Source: frr-k8s-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390

6
hauler/_service
View File

@ -8,10 +8,8 @@
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar">
<param name="obsinfo">hauler.obsinfo</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">

2
hauler/hauler.spec
View File

@ -23,7 +23,7 @@ Release: 0
Summary: Airgap Swiss Army Knife
License: Apache-2.0
URL: https://github.com/hauler-dev/hauler
Source: hauler-%{version}.tar.gz
Source: hauler-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang-packaging
BuildRequires: cosign

23
ip-address-manager/_service
View File

@ -1,23 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/ip-address-manager</param>
<param name="scm">git</param>
<param name="revision">v1.7.2</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

51
ip-address-manager/ip-address-manager.spec
View File

@ -1,51 +0,0 @@
#
# spec file for package ip-address-manager
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: ip-address-manager
Version: 1.7.2
Release: 0
Summary: Metal3 IPAM controller
License: Apache-2.0
URL: https://github.com/metal3-io/ip-address-manager
Source: ip-address-manager-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Metal3 IPAM controller
%prep
%autosetup -a1 -n ip-address-manager-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
%install
install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
%files
%license LICENSE
%doc README.md
%{_bindir}/ip-address-manager
%changelog

37
ironic-image/Dockerfile
View File

@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
@ -8,7 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
RUN set -euo pipefail; zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@ -16,8 +23,16 @@ RUN /bin/prepare-efi.sh
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs crudini openstack-ironic
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
# DATABASE
RUN mkdir -p /installroot/var/lib/ironic && \
/installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
@ -31,8 +46,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.0"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%"
LABEL org.opencontainers.image.version="26.1.2.2"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@ -64,7 +79,15 @@ RUN mkdir -p $GRUB_DIR
# IRONIC #
RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
fi
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY ironic.conf.j2 /etc/ironic/

29
ironic-image/prepare-efi.sh
View File

@ -6,22 +6,37 @@ ARCH=$(uname -m)
DEST=${2:-/tmp/esp.img}
OS=${1:-sles}
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mkdir -p /boot/efi/EFI/BOOT
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
mkdir -p /boot/efi/EFI/$OS
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
#mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

8
ironic-image/runlogwatch.sh
View File

@ -3,6 +3,14 @@
# Ramdisk logs path
LOG_DIR="/shared/log/ironic/deploy"
# The ironic container creates the directory, wait for
# it to exist before running inotifywait or it can fail causing
# a spurious restart
while [ ! -d "${LOG_DIR}" ]; do
echo "Waiting for ${LOG_DIR}"
sleep 5
done
inotifywait -m "${LOG_DIR}" -e close_write |
while read -r path _action file; do
echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"

17
ironic-ipa-downloader-image/Dockerfile
View File

@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@ -8,7 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN cp /usr/bin/getopt /installroot/
@ -19,11 +26,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.0"
LABEL org.opencontainers.image.version="3.0.1"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

6
ironic-ipa-downloader-image/_service
View File

@ -1,12 +1,6 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%ironic-ipa-ramdisk-x86_64_version%%</param>
<param name="package">ironic-ipa-ramdisk-x86_64</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

6
ironic-ipa-downloader-image/get-resource.sh
View File

@ -8,10 +8,10 @@ export no_proxy=${no_proxy:-$NO_PROXY}
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - openstack-ironic-image-x86_64 package
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.x86_64*.kernel /shared/html/images/ironic-python-agent.kernel
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@ -68,4 +68,4 @@ if [ -d "/tmp/ironic-certificates" ]; then
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
fi
fi

16
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-201">
<image schemaversion="7.4" name="openstack-ironic-image-301">
<description type="system">
<author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact>
@ -116,8 +116,9 @@
<package name="vim"/>
<package name="grub2"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-i386-pc"/>
<package name="syslinux"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="syslinux" arch="x86_64"/>
<package name="lvm2"/>
<package name="plymouth"/>
<package name="fontconfig"/>
@ -135,12 +136,10 @@
<package name="openstack-ironic-python-agent"/>
<package name="hdparm"/>
<package name="qemu-tools"/>
<package name="python311-proliantutils" arch="x86_64"/>
<package name="python311-proliantutils"/>
<package name="lshw"/>
<package name="dmidecode" arch="aarch64"/>
<package name="dmidecode" arch="x86_64"/>
<package name="efibootmgr" arch="aarch64" />
<package name="efibootmgr" arch="x86_64" />
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="open-iscsi"/>
<package name="hwinfo"/>
@ -157,7 +156,6 @@
</packages>
<packages type="kis">
<package name="gfxboot-branding-SLE"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>

12
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.0
Version: 3.0.1
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@ -49,7 +49,12 @@ BuildRequires: fontconfig
BuildRequires: fonts-config
BuildRequires: gptfdisk
BuildRequires: grub2
%ifarch x86_64
BuildRequires: grub2-x86_64-efi
%endif
%ifarch aarch64
BuildRequires: grub2-arm64-efi
%endif
BuildRequires: haveged
BuildRequires: hdparm
BuildRequires: hwinfo
@ -93,19 +98,14 @@ BuildRequires: plymouth-dracut
BuildRequires: plymouth-theme-bgrt
BuildRequires: dracut-kiwi-oem-dump
BuildRequires: dracut-kiwi-oem-repart
BuildRequires: gfxboot-branding-SLE
BuildRequires: grub2-branding-SLE
BuildRequires: open-iscsi
BuildRequires: plymouth-branding-SLE
BuildRequires: lshw
BuildRequires: kbd
%ifarch aarch64
BuildRequires: dmidecode
BuildRequires: efibootmgr
%endif
%ifarch x86_64
BuildRequires: dmidecode
BuildRequires: efibootmgr
BuildRequires: syslinux
%endif

BIN
ironic-ipa-ramdisk/root.tar.bz2
View File

Binary file not shown.

11
kiwi-builder-image/Dockerfile
View File

@ -1,5 +1,6 @@
#!BuildTag: kiwi-builder:10.1
FROM registry.suse.com/bci/kiwi:10.1.10
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1-%RELEASE%
FROM registry.suse.com/bci/kiwi:10.1.16
MAINTAINER SUSE LLC (https://www.suse.com/)
# Define labels according to https://en.opensuse.org/Building_derived_containers
@ -11,7 +12,7 @@ LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.1"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@ -20,10 +21,6 @@ LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
# Install required packages for Kiwi to function as expected
# Should be provided via https://github.com/SUSE/BCI-dockerfile-generator/pull/1770
# RUN zypper in -y gawk && zypper clean -a
# Configure Kiwi to use kpartx
RUN echo -e "mapper:\n - part_mapper: kpartx" > /etc/kiwi.yml

32
kiwi-builder-image/README
View File

@ -2,46 +2,54 @@
Kiwi SDK Image Instructions
###########################
Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
Please ensure that you're running this on a registered SUSE Linux Micro 6.1 system, and make sure that SELinux is disabled:
# setenforce 0
Next, download the podman image:
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1
Make a local output directory (where the images will reside):
# mkdir output
Then, to build a standard "Base" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
To build a "Base" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-SelfInstall
Then, to build a standard "Default" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default
To build a SelfInstall ISO, you can add additional flags, for example:
To build a "Default" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Base-RT
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-RT
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall -b
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall -b
# mkdir mydefs/
# cp /path/to/SL-Micro.kiwi mydefs/
# cp /path/to/config.sh mydefs/
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
All output will be in the local $(pwd)/output directory, for example:
# ls -1 output/
SLE-Micro.x86_64-6.0.changes
SLE-Micro.x86_64-6.0.packages
SLE-Micro.x86_64-6.0.raw
SLE-Micro.x86_64-6.0.verified
SLE-Micro.x86_64-6.1.changes
SLE-Micro.x86_64-6.1.packages
SLE-Micro.x86_64-6.1.raw
SLE-Micro.x86_64-6.1.verified
build
kiwi.result
kiwi.result.json

388
kiwi-builder-image/SL-Micro.kiwi
View File

@ -33,6 +33,12 @@
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@ -63,6 +69,21 @@
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@ -140,6 +161,15 @@
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
@ -164,6 +194,14 @@
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
@ -184,10 +222,47 @@
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -198,7 +273,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -211,7 +286,7 @@
luks_pbkdf="pbkdf2"
>
<luksformat>
<option name="--cipher" value="aes"/>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
@ -230,7 +305,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -241,7 +316,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -266,7 +341,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -276,11 +351,12 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -304,8 +380,8 @@
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<preferences profiles="rpi,aarch64-rt">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -320,11 +396,11 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
@ -344,8 +420,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -355,12 +431,13 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
efipartsize="128"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -385,22 +462,22 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@ -423,7 +500,7 @@
<preferences profiles="s390-dasd">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -434,9 +511,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
@ -461,7 +538,7 @@
<preferences profiles="s390-fba">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -472,9 +549,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@ -495,9 +572,47 @@
</type>
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
installpxe="true"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<oemconfig>
<oem-multipath-scan>true</oem-multipath-scan>
</oemconfig>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -532,7 +647,7 @@
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -543,7 +658,7 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -567,9 +682,9 @@
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -580,8 +695,8 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -592,7 +707,7 @@
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
@ -603,6 +718,161 @@
</type>
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
@ -616,7 +886,7 @@
<package name="patterns-base-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
@ -628,7 +898,6 @@
<package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/>
<!-- <package name="k3s-install"/> -->
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
@ -647,9 +916,7 @@
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
@ -703,7 +970,7 @@
<package name="NetworkManager"/>
<package name="NetworkManager-branding-SLE"/>
<package name="ModemManager"/>
<!-- FIXME does not build without control file which is obsolete
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
</packages>
@ -713,7 +980,8 @@
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
@ -721,46 +989,44 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
<package name="dracut-kiwi-oem-dump"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<!-- FCP is usually used multipathed. -->
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="coreutils"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
@ -774,4 +1040,14 @@
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

373
kiwi-builder-image/SL-Micro.kiwi.4096
View File

@ -33,6 +33,12 @@
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@ -63,6 +69,21 @@
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@ -140,6 +161,15 @@
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
@ -164,6 +194,14 @@
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fcp"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
@ -184,10 +222,47 @@
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="container-host"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss"/>
</profile>
<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss"/>
</profile>
<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-512ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
<requires profile="full"/>
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -198,7 +273,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -213,7 +288,7 @@
efipartsize="200"
>
<luksformat>
<option name="--cipher" value="aes"/>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
@ -232,7 +307,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -243,7 +318,7 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -270,7 +345,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -280,11 +355,12 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -310,8 +386,8 @@
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<preferences profiles="rpi,aarch64-rt">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -326,7 +402,7 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
@ -350,8 +426,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -361,12 +437,13 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -391,22 +468,22 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@ -429,7 +506,7 @@
<preferences profiles="s390-dasd">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -440,9 +517,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
@ -467,7 +544,7 @@
<preferences profiles="s390-fba">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -478,9 +555,9 @@
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
@ -501,9 +578,47 @@
</type>
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
installpxe="true"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext4"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<oemconfig>
<oem-multipath-scan>true</oem-multipath-scan>
</oemconfig>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -538,7 +653,7 @@
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -549,7 +664,7 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -577,7 +692,7 @@
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@ -589,7 +704,7 @@
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@ -600,7 +715,7 @@
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
@ -611,6 +726,161 @@
</type>
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
disk_start_sector="256" -->
<!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
<type
image="oem"
installiso="true"
installpxe="true"
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<installmedia>
<initrd action="omit">
<dracut module="drm"/>
</initrd>
</installmedia>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/powerpc-ieee1275"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
@ -655,8 +925,6 @@
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
@ -720,7 +988,8 @@
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
@ -728,46 +997,44 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
<package name="dracut-kiwi-oem-dump"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<!-- FCP is usually used multipathed. -->
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="coreutils"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
@ -781,4 +1048,14 @@
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
</image>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

56
kiwi-builder-image/build-image.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
@ -21,43 +21,45 @@
#
# Set image build defaults, blocksize is an empty string
PROFILE="Default"
PROFILE="Base"
LARGEBLOCK=false
# Print usage
usage(){
cat <<-EOF
==============================
SLE Micro 6.0 Kiwi SDK Builder
==============================
cat <<-EOF
=====================================
SUSE Linux Micro 6.1 Kiwi SDK Builder
=====================================
Usage: ${0} [-p <profile>] [-b]
Usage: ${0} [-p <profile>] [-b]
Profile Options (-p):
* Default: RAW Disk Image with kernel-default
* Default-SelfInstall: SelfInstall ISO with kernel-default
* Base-RT: RAW Disk Image with kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
Profile Options (-p):
* Base: RAW Disk Image with podman
* Base-SelfInstall: SelfInstall ISO with podman
* Default: RAW Disk Image with podman and kvm
* Default-SelfInstall: SelfInstall ISO with podman and kvm
* Base-RT: RAW Disk Image with kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
NOTE: If both options are omitted, the "Default" profile with a standard "512" blocksize is used.
EOF
NOTE: If both options are omitted, the "Base" profile with a standard "512" blocksize is used.
EOF
}
# Grab CLI options and handle
while getopts 'p:bh' OPTION; do
case "${OPTION}" in
p)
PROFILE="${OPTARG}"
;;
b)
LARGEBLOCK=true
;;
?)
usage && exit 2
;;
esac
case "${OPTION}" in
p)
PROFILE="${OPTARG}"
;;
b)
LARGEBLOCK=true
;;
?)
usage && exit 2
;;
esac
done
# To avoid wasting time, perform the loop creation test first, and exit with a warning to re-run.
@ -88,4 +90,4 @@ if [ $RESULT -eq 0 ]; then
echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
else
echo -e "\n\nERROR: Failed to build the image, please see above logs."
fi
fi

27
kiwi-builder-image/config.sh
View File

@ -35,14 +35,6 @@ mkdir /var/lib/misc/reconfig_system
#--------------------------------------
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#======================================
# This is a workaround - someone,
# somewhere needs to load the xts crypto
# module, otherwise luksOpen will fail while
# creating the image.
#--------------------------------------
modprobe xts || true
#======================================
# add missing fonts
#--------------------------------------
@ -139,9 +131,6 @@ for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
rpm --import $i || true
done
# Temporary workaround for bsc#1212187
echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
#======================================
# Enable kubelet if installed
#--------------------------------------
@ -170,8 +159,18 @@ if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
fi
# Enable jeos-firstboot if installed, disabled by combustion/ignition
if rpm -q --whatprovides jeos-firstboot >/dev/null; then
# Enable multipathd for MP images
if [ "${kiwi_oemmultipath_scan-false}" = 'true' ]; then
systemctl enable multipathd.service
fi
# On those s390 targets the console is not capable of running jeos-firstboot,
# use systemd-firstboot as minimal alternative.
if [[ "$kiwi_profiles" =~ s390-(dasd|fba|fcp) ]]; then
systemctl enable systemd-firstboot
# Enable prompting for the root password
echo 'root:!unprovisioned' | chpasswd -e
elif rpm -q --whatprovides jeos-firstboot >/dev/null; then
mkdir -p /var/lib/YaST2
touch /var/lib/YaST2/reconfig_system
systemctl enable jeos-firstboot.service
@ -281,7 +280,7 @@ if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
options smsc95xx turbo_mode=N
EOF
cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
cat > /etc/sysctl.d/50-rpi3.conf <<-EOF
# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
vm.min_free_kbytes = 2048
EOF

6
kube-rbac-proxy/_service
View File

@ -12,10 +12,8 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar" >
<param name="obsinfo">kube-rbac-proxy.obsinfo</param>
</service>
<service name="go_modules">
</service>

2
kube-rbac-proxy/kube-rbac-proxy.spec
View File

@ -22,7 +22,7 @@ Release: 0.18.1
Summary: The kube-rbac-proxy is a small HTTP proxy for a single upstream
License: Apache-2.0
URL: https://github.com/brancz/kube-rbac-proxy
Source: kube-rbac-proxy-%{version}.tar.gz
Source: kube-rbac-proxy-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.23
ExcludeArch: s390

34
kubectl-image/Dockerfile Normal file
View File

@ -0,0 +1,34 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends kubectl; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.kubectl
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE kubectl image"
LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.30.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
ENTRYPOINT ["/usr/bin/kubectl"]

12
kubectl-image/_service Normal file
View File

@ -0,0 +1,12 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

2
kubectl/kubectl.spec
View File

@ -1,6 +1,6 @@
%global debug_package %{nil}
Name: kubectl-1303
Name: kubectl
Version: 1.30.3
Release: 0
Summary: Command-line utility for interacting with a Kubernetes cluster

4
kubevirt-chart/Chart.yaml
View File

@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
apiVersion: v2
appVersion: 1.3.1
description: A Helm chart for KubeVirt

11
kubevirt-dashboard-extension-chart/Chart.yaml
View File

@ -1,5 +1,6 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: KubeVirt
@ -10,11 +11,11 @@ annotations:
catalog.cattle.io/rancher-version: '>= 2.10.0-0'
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: '>= 3.0.0'
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
apiVersion: v2
appVersion: 1.2.0
appVersion: 1.2.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.0"
version: "%%CHART_MAJOR%%.0.0+up1.2.1"

2
kubevirt-dashboard-extension-chart/templates/cr.yaml
View File

@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.0
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
kubevirt-dashboard-extension-chart/values.yaml
View File

@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

14
metal3-chart/Chart.yaml
View File

@ -1,16 +1,16 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2-%RELEASE%
apiVersion: v2
appVersion: 0.9.0
appVersion: 0.9.2
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
repository: file://./charts/baremetal-operator
version: 0.6.0
version: 0.6.1
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.8.0
version: 0.9.1
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@ -20,9 +20,9 @@ dependencies:
condition: global.enable_metal3_media_server
name: media
repository: file://./charts/media
version: 0.6.0
version: 0.6.1
description: A Helm chart that installs all of the dependencies needed for Metal3
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.0+up0.9.0"
version: "%%CHART_MAJOR%%.0.0+up0.9.2"

2
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@ -3,4 +3,4 @@ appVersion: 0.8.0
description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator
type: application
version: 0.6.0
version: 0.6.1

15
metal3-chart/charts/baremetal-operator/templates/tests/test-connection.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "baremetal-operator.fullname" . }}-test-connection"
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "baremetal-operator.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

2
metal3-chart/charts/ironic/Chart.yaml
View File

@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.8.0
version: 0.9.1

4
metal3-chart/charts/ironic/values.yaml
View File

@ -56,11 +56,11 @@ images:
ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 26.1.2.0
tag: 26.1.2.2
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.0
tag: 3.0.1
nameOverride: ""
fullnameOverride: ""

2
metal3-chart/charts/media/Chart.yaml
View File

@ -3,4 +3,4 @@ appVersion: 1.16.0
description: A Helm chart for Media, used by Metal3
name: media
type: application
version: 0.6.0
version: 0.6.1

15
metal3-chart/charts/media/templates/tests/test-connection.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "media.fullname" . }}-test-connection"
labels:
{{- include "media.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "media.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

2
metal3-chart/charts/media/values.yaml
View File

@ -24,7 +24,7 @@ replicaCount: 1
image:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 26.1.2.0
tag: 26.1.2.2
imagePullSecrets: []
nameOverride: ""

6
metallb/_service
View File

@ -12,10 +12,8 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service mode="buildtime" name="tar">
<param name="obsinfo">metallb.obsinfo</param>
</service>
<service name="go_modules">
</service>

2
metallb/metallb.spec
View File

@ -22,7 +22,7 @@ Release: 0.14.8
Summary: Load Balancer for bare metal Kubernetes clusters
License: Apache-2.0
URL: https://github.com/metallb/metallb
Source: %{name}-%{version}.tar.gz
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390

4
nm-configurator/_service
View File

@ -9,7 +9,9 @@
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="tar">
<param name="obsinfo">nm-configurator.obsinfo</param>
</service>
<service mode="buildtime" name="set_version"/>
<service mode="manual" name="cargo_vendor">
<param name="src">nm-configurator</param>

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.13.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.13.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
apiVersion: v2
appVersion: 0.13.0
appVersion: 0.16.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.0+up0.13.0"
version: "%%CHART_MAJOR%%.0.0+up0.16.0"

10
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

1562
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

File diff suppressed because it is too large Load Diff

52
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@ -32,7 +32,6 @@ data:
strategy: Webhook
webhook:
clientConfig:
caBundle: Cg==
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
@ -155,7 +154,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -301,7 +299,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -440,7 +437,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -496,7 +492,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -583,20 +578,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@ -743,7 +738,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -894,7 +888,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1030,7 +1023,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1086,7 +1078,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1173,20 +1164,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@ -1227,7 +1218,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@ -1237,7 +1228,6 @@ data:
strategy: Webhook
webhook:
clientConfig:
caBundle: Cg==
service:
name: rke2-bootstrap-webhook-service
namespace: rke2-bootstrap-system
@ -1371,7 +1361,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1525,7 +1514,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1666,7 +1654,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1722,7 +1709,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1922,7 +1908,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2081,7 +2066,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2219,7 +2203,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2275,7 +2258,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2545,7 +2527,7 @@ data:
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@ -2574,6 +2556,7 @@ data:
privileged: false
runAsGroup: 65532
runAsUser: 65532
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
@ -2755,10 +2738,19 @@ data:
- major: 0
minor: 8
contract: v1beta1
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.8.0
name: v0.11.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

96
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@ -32,7 +32,6 @@ data:
strategy: Webhook
webhook:
clientConfig:
caBundle: Cg==
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
@ -155,7 +154,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -301,7 +299,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -419,7 +416,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -465,7 +461,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -538,7 +533,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -594,7 +588,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -728,7 +721,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -805,7 +797,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -936,7 +927,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -981,6 +971,7 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@ -994,7 +985,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1025,7 +1015,6 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
@ -1202,20 +1191,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@ -1388,7 +1377,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1539,7 +1527,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1641,6 +1628,7 @@ data:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties:
apiVersion:
description: API version of the referent.
@ -1654,7 +1642,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1705,7 +1692,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1743,7 +1729,7 @@ data:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
@ -1784,7 +1770,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1818,6 +1803,7 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after
@ -1857,7 +1843,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -1913,7 +1898,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2044,7 +2028,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2121,7 +2104,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2252,7 +2234,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2297,6 +2278,7 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@ -2310,7 +2292,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2341,7 +2322,6 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
@ -2491,7 +2471,6 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
status:
@ -2525,20 +2504,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@ -2610,7 +2589,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@ -2620,7 +2599,6 @@ data:
strategy: Webhook
webhook:
clientConfig:
caBundle: Cg==
service:
name: rke2-control-plane-webhook-service
namespace: rke2-control-plane-system
@ -2798,7 +2776,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -2957,7 +2934,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3060,6 +3036,7 @@ data:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties:
apiVersion:
description: API version of the referent.
@ -3073,7 +3050,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3124,7 +3100,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3162,7 +3137,7 @@ data:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
@ -3203,7 +3178,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3237,6 +3211,7 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to
@ -3277,7 +3252,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3333,7 +3307,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3468,7 +3441,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3547,7 +3519,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3681,7 +3652,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3726,6 +3696,7 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@ -3739,7 +3710,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@ -3770,7 +3740,6 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time
@ -3929,7 +3898,6 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
required:
@ -3969,20 +3937,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@ -4295,7 +4263,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@ -4331,6 +4299,7 @@ data:
privileged: false
runAsGroup: 65532
runAsUser: 65532
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
@ -4349,7 +4318,7 @@ data:
volumes:
- name: cert
secret:
secretName: rke2-control-plane-webhook-service-cert
secretName: rke2-controlplane-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
@ -4365,7 +4334,7 @@ data:
issuerRef:
kind: Issuer
name: rke2-control-plane-selfsigned-issuer
secretName: rke2-control-plane-webhook-service-cert
secretName: rke2-controlplane-webhook-service-cert
subject:
organizations:
- Rancher by SUSE
@ -4512,10 +4481,19 @@ data:
- major: 0
minor: 8
contract: v1beta1
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.8.0
name: v0.11.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.14.0
digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
generated: "2024-10-28T11:44:34.392387979Z"
version: 0.16.0
digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70
generated: "2025-01-30T10:14:58.692942399Z"

10
rancher-turtles-chart/Chart.yaml
View File

@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.13.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.13.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@ -7,12 +7,12 @@ annotations:
catalog.cattle.io/namespace: rancher-turtles-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.9.0-1'
catalog.cattle.io/rancher-version: '>= 2.10.0-1'
catalog.cattle.io/release-name: rancher-turtles
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.13.0
appVersion: 0.16.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.0+up0.13.0"
version: "%%CHART_MAJOR%%.0.0+up0.16.0"

112
rancher-turtles-chart/questions.yml
View File

@ -1,78 +1,44 @@
namespace: rancher-turtles-system
questions:
- variable: rancherTurtles.features.default
default: "false"
description: "Customize install settings"
label: Customize install settings
type: boolean
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
- variable: rancherTurtles.features.default
default: "false"
description: "Customize install settings"
label: Customize install settings
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.features.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: rancherTurtles.features.cluster-api-operator.kubectlImage
default: "rancher/kubectl:v1.30.3"
description: "Specify the image to use when cleaning up the Cluster API Operator manifests"
type: string
label: Cleanup Image
group: "CAPI Operator cleanup settings"
- variable: rancherTurtles.features.rancher-webhook.cleanup
default: true
description: "Specify that the Rancher embedded cluster api webhooks should be removed"
type: boolean
label: Cleanup Rancher Embedded CAPI Webhooks
group: "Rancher webhook cleanup settings"
show_subquestion_if: true
subquestions:
- variable: rancherTurtles.features.rancher-webhook.kubectlImage
default: "rancher/kubectl:v1.30.3"
description: "Specify the image to use when cleaning up the webhooks"
type: string
label: Webhook Cleanup Image
group: "Rancher webhook cleanup settings"
- variable: rancherTurtles.features.rancher-kubeconfigs.label
default: false
description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels"
type: boolean
label: Label Rancher Kubeconfigs
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.managementv3-cluster.enabled
default: true
description: "Use v3/management cluster manifest for import, instead of v1/provisioning"
type: boolean
label: Use management v3 cluster manifest
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.managementv3-cluster-migration.enabled
default: false
description: "Automatically migrate between provisioning and management clusters on upgrade"
type: boolean
label: All imported clusters will use new cluster manifest, replacing old cluster manifest.
group: "Rancher Turtles Features Settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.propagate-labels.enabled
default: false
description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher"
type: boolean
label: Propagate CAPI Labels
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.agent-tls-mode.enabled
default: false
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters"
type: boolean
label: Enable Agent TLS Mode
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.kubectlImage
default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
description: "Specify the image to use when running kubectl in jobs"
type: string
label: Kubectl Image
group: "Rancher Turtles Features Settings"

7
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@ -35,10 +35,17 @@ data:
cluster:
patchResource: true
setOwnerReferences: true
hostNetwork: true
selector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
namespaceSelector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
{{- end }}

4
rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml
View File

@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
@ -55,7 +55,7 @@ spec:
serviceAccountName: pre-upgrade-job
containers:
- name: rancher-clusterctl-configmap-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- configmap

6
rancher-turtles-chart/templates/deployment.yaml
View File

@ -26,7 +26,7 @@ spec:
containers:
- args:
- --leader-elect
- --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}}
{{- range .Values.rancherTurtles.managerArguments }}
- {{ . }}
{{- end }}
@ -67,10 +67,10 @@ spec:
resources:
limits:
cpu: 500m
memory: 128Mi
memory: 256Mi
requests:
cpu: 10m
memory: 64Mi
memory: 128Mi
serviceAccountName: rancher-turtles-manager
terminationGracePeriodSeconds: 10
tolerations:

29
rancher-turtles-chart/templates/metal3-infrastructure.yaml
View File

@ -2,17 +2,6 @@
{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: ClusterctlConfig
metadata:
name: clusterctl-config
namespace: rancher-turtles-system
spec:
providers:
- name: metal3
url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
type: InfrastructureProvider
---
apiVersion: v1
kind: Namespace
metadata:
@ -23,6 +12,20 @@ metadata:
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: ClusterctlConfig
metadata:
name: clusterctl-config
namespace: rancher-turtles-system
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "1"
spec:
providers:
- name: metal3
url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml"
type: InfrastructureProvider
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: metal3
@ -33,8 +36,8 @@ metadata:
spec:
name: metal3
type: infrastructure
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "version" }}
version: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "version" }}
{{- end }}
configSecret:
{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}

18
rancher-turtles-chart/templates/post-delete-job.yaml
View File

@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }}
{{- if index .Values "cluster-api-operator" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
@ -41,7 +41,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: post-delete-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: post-delete-job-delete-webhooks
@ -62,7 +62,7 @@ spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@ -90,7 +90,7 @@ spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@ -119,7 +119,7 @@ spec:
restartPolicy: Never
containers:
- name: delete-capi-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@ -128,7 +128,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
- --ignore-not-found=true
- name: delete-capi-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@ -137,7 +137,7 @@ spec:
- capi-kubeadm-bootstrap-system
- --ignore-not-found=true
- name: delete-capi-kubeadm-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@ -146,7 +146,7 @@ spec:
- capi-kubeadm-control-plane-system
- --ignore-not-found=true
- name: delete-rke2-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@ -155,7 +155,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
- --ignore-not-found=true
- name: delete-rke2-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete

20
rancher-turtles-chart/templates/post-upgrade-job.yaml
View File

@ -1,10 +1,9 @@
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: post-upgrade-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
@ -24,13 +23,6 @@ rules:
verbs:
- list
- delete
- apiGroups:
- management.cattle.io
resources:
- clusters
verbs:
- list
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@ -42,7 +34,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: post-upgrade-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: post-upgrade-job-delete-clusters
@ -52,6 +44,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: post-upgrade-delete-clusters
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2"
@ -62,17 +55,12 @@ spec:
serviceAccountName: post-upgrade-job
containers:
- name: post-upgrade-delete-clusters
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }}
- clusters.provisioning.cattle.io
{{- else }}
- clusters.management.cattle.io
{{- end }}
- --selector=cluster-api.cattle.io/owned
- -A
- --ignore-not-found=true
- --wait
restartPolicy: OnFailure
{{- end }}

10
rancher-turtles-chart/templates/pre-delete-job.yaml
View File

@ -1,10 +1,10 @@
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-delete-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2"
@ -35,7 +35,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: pre-delete-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-delete-job-delete-capiproviders
@ -45,7 +45,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-capiprovider-cleanup
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-1"
@ -56,7 +56,7 @@ spec:
serviceAccountName: pre-delete-job
containers:
- name: rancher-capiprovider-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- capiproviders

14
rancher-turtles-chart/templates/pre-install-job.yaml
View File

@ -1,4 +1,3 @@
{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
{{- if index .Values "rancherTurtles" "rancherInstalled"}}
---
apiVersion: management.cattle.io/v3
@ -11,14 +10,13 @@ metadata:
spec:
value: false
{{- end }}
{{- end }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-install-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
@ -49,7 +47,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: pre-install-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-install-job-delete-webhooks
@ -59,6 +57,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-mutatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
@ -69,7 +68,7 @@ spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- mutatingwebhookconfigurations.admissionregistration.k8s.io
@ -81,6 +80,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-validatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
@ -91,7 +91,7 @@ spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- validatingwebhookconfigurations.admissionregistration.k8s.io

337
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

File diff suppressed because it is too large Load Diff

237
rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
View File

@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdmachinesnapshots.turtles-capi.cattle.io
@ -45,77 +45,65 @@ spec:
properties:
clusterName:
type: string
configRef:
type: string
location:
type: string
machineName:
type: string
required:
- clusterName
- configRef
- location
- machineName
type: object
x-kubernetes-validations:
- message: ETCD snapshot location can't be empty.
rule: size(self.location)>0
rule: size(self.clusterName)>0
status:
default: {}
description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore
properties:
conditions:
description: Conditions provide observations of the operational state
of a Cluster API resource.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
manual:
type: boolean
error:
type: string
phase:
description: ETCDSnapshotPhase is a string representation of the phase
of the etcd snapshot
type: string
s3Snapshots:
items:
properties:
creationTime:
description: CreationTime is the timestamp when the snapshot
was taken by etcd.
format: date-time
type: string
location:
type: string
name:
type: string
required:
- location
- name
type: object
type: array
snapshotFileName:
type: string
snapshots:
items:
properties:
creationTime:
description: CreationTime is the timestamp when the snapshot
was taken by etcd.
format: date-time
type: string
location:
type: string
machineName:
type: string
name:
type: string
required:
- location
- machineName
- name
type: object
type: array
type: object
type: object
served: true
@ -127,8 +115,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdsnapshotrestores.turtles-capi.cattle.io
@ -207,20 +195,20 @@ spec:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@ -246,8 +234,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
@ -306,8 +294,6 @@ spec:
type: string
insecure:
type: boolean
location:
type: string
region:
type: string
s3CredentialSecret:
@ -337,7 +323,7 @@ metadata:
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-manager
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
@ -351,7 +337,7 @@ metadata:
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-leader-election-role
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
rules:
- apiGroups:
- ""
@ -452,29 +438,7 @@ rules:
- cluster.x-k8s.io
resources:
- clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
verbs:
- create
@ -513,57 +477,7 @@ rules:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs
verbs:
- create
@ -576,12 +490,16 @@ rules:
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
- etcdsnapshotrestores/finalizers
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
- etcdsnapshotrestores/status
- rke2etcdmachinesnapshotconfigs/status
verbs:
- get
@ -600,7 +518,7 @@ metadata:
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@ -608,7 +526,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rancher-turtles-etcdsnapshotrestore-manager
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@ -629,7 +547,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rancher-turtles-etcdsnapshotrestore-manager
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: v1
kind: Service
@ -637,7 +555,7 @@ metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
ports:
- port: 443
@ -652,7 +570,7 @@ metadata:
control-plane: controller-manager
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-controller-manager
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
replicas: 1
selector:
@ -671,7 +589,7 @@ spec:
- args:
- --leader-elect
command:
- /manager
- ./etcd-snapshot-restore
env:
- name: POD_NAMESPACE
valueFrom:
@ -685,8 +603,13 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/turtles-etcd-snapshot-restore:dev
imagePullPolicy: IfNotPresent
{{- $imageVersion := index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" -}}
{{- if contains "sha256:" $imageVersion }}
image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}@{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }}
{{- else }}
image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}:{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }}
{{- end }}
imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imagePullPolicy" }}'
livenessProbe:
httpGet:
path: /healthz
@ -733,11 +656,11 @@ metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-serving-cert
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
dnsNames:
- rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc
- rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc.cluster.local
- rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc
- rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local
issuerRef:
kind: Issuer
name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
@ -749,7 +672,7 @@ metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
selfSigned: {}
---
@ -757,7 +680,7 @@ apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration
@ -767,7 +690,7 @@ webhooks:
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
failurePolicy: Fail
name: systemagentrke2config.kb.io
@ -787,7 +710,7 @@ apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration
@ -797,7 +720,7 @@ webhooks:
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
failurePolicy: Fail
matchPolicy: Equivalent
@ -818,7 +741,7 @@ webhooks:
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
failurePolicy: Fail
matchPolicy: Equivalent

39
rancher-turtles-chart/values.yaml
View File

@ -1,32 +1,24 @@
rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.13.0
imageVersion: v0.16.0
imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system
managerArguments: []
imagePullSecrets: []
rancherInstalled: true
rancherInstalled: false
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
features:
cluster-api-operator:
cleanup: true
kubectlImage: rancher/kubectl:v1.30.3
embedded-capi:
disabled: false
rancher-webhook:
cleanup: false
kubectlImage: rancher/kubectl:v1.30.3
rancher-kubeconfigs:
label: false
managementv3-cluster:
enabled: true
managementv3-cluster-migration:
enabled: false
propagate-labels:
enabled: false
etcd-snapshot-restore:
enabled: false
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0
imagePullPolicy: IfNotPresent
# beta feature, see documentation for more information on feature stages
addon-provider-fleet:
enabled: false
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
cluster-api-operator:
enabled: true
cert-manager:
@ -50,6 +42,7 @@ cluster-api-operator:
- mountPath: /config
name: clusterctl-config
readOnly: true
cleanup: true
cluster-api:
enabled: true
configSecret:
@ -66,25 +59,25 @@ cluster-api-operator:
version: ""
bootstrap:
namespace: rke2-bootstrap-system
imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0"
imageUrl: ""
fetchConfig:
url: ""
selector: ""
controlPlane:
namespace: rke2-control-plane-system
imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-controlplane:v0.8.0"
imageUrl: ""
fetchConfig:
url: ""
selector: ""
metal3:
enabled: true
version: ""
version: "v1.9.2"
infrastructure:
namespace: capm3-system
imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:1.7.2"
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2"
fetchConfig:
url: ""
selector: ""
ipam:
namespace: capm3-system
imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%images/ip-address-manager:1.7.2"
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3"

Some files were not shown because too many files have changed in this diff Show More