steven.hardy/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: steven.hardy:rm_old_ipa
Branches Tags
steven.hardy:main steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:main suse-edge:devel
...
pull from: steven.hardy:arm_config
Branches Tags
steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:main steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:main suse-edge:devel

77 Commits
rm_old_ipa ... arm_config

Author SHA256 Message Date
Steven Hardy
f61bb1e0e6 Add metal3 images to ARM allowlist 
We need to ensure these build to enable usage of the metal3 chart on ARM
 2025-02-20 09:36:23 +00:00
Nicolas Belouin
a510134ed4 Fix sync action typo 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:40:43 +01:00
Nicolas Belouin
54e0941879 Trigger workflow when it changes 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:36:16 +01:00
Nicolas Belouin
c04b2af72b Fix typo in sync_config action workflow 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:34:44 +01:00
Nicolas Belouin
c57aa3344d Merge pull request 'Add project config to git' (#72) from nbelouin/Factory:add_config into main 
Reviewed-on: suse-edge/Factory#72
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-02-14 14:31:37 +01:00
Nicolas Belouin
c86d724e92 Add project config to git 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-14 14:31:09 +01:00
Steven Hardy
9d97e8a56d metal3-chart: Update to 0.9.2 
Align with https://github.com/suse-edge/charts/pull/182
 2025-02-12 09:12:49 +00:00
Steven Hardy
b912f9d68a ironic-image: update to 26.1.2.2 
Align with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image?linkrev=base&rev=10
https://github.com/suse-edge/charts/pull/182

Fixes a pod restart caused by the runlogwatch.sh script
 2025-02-12 09:06:45 +00:00
Steven Hardy
45443d5b5f ironic-ipa-downloader-image: remove unused _service entry 
This is hard-coded to x86_64 so won't work for ARM, aligns with:
https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image?linkrev=base&rev=6
 2025-02-07 11:25:21 +00:00
Steven Hardy
ac32110ac1 ironic-ipa-ramdisk: migrate tarball to git-lfs 2025-02-06 16:38:13 +00:00
Steven Hardy
5d20bc38e3 metal3-chart: update to 0.9.1 
Align with https://github.com/suse-edge/charts/pull/173 which
added some fixes to enable deployment on aarch64
 2025-02-06 16:36:07 +00:00
Steven Hardy
e085a97d98 ironic-ipa-downloader-image: update to 3.0.1 
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-downloader-image
 2025-02-06 16:36:04 +00:00
Steven Hardy
58c8be887a ironic-ipa-ramdisk: update to 3.0.1 
Update to the latest version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-ipa-ramdisk
 2025-02-06 16:35:57 +00:00
Steven Hardy
0d59ad920e ironic-image: update to 26.1.2.1 
Align with latest 26.1.2.1 version from
https://build.opensuse.org/package/show/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image
 2025-02-05 15:58:26 +00:00
Nicolas Belouin
74133c22f6 Fix service file for frr-k8s-image 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 09:44:56 +01:00
Nicolas Belouin
e85da96001 Merge pull request 'Import missing package: frr-k8s-image' (#67) from nbelouin/Factory:import-frr-k8s-image into main 
Reviewed-on: suse-edge/Factory#67
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-01-17 09:31:28 +01:00
Nicolas Belouin
dab7f36e0b Add package to workflow 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 09:31:10 +01:00
Nicolas Belouin
5490ffcde2 Import missing package: frr-k8s-image 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-17 09:24:32 +01:00
Nicolas Belouin
04b9c07dd5 Merge pull request 'Add an additional tag without the _up suffix to please Rancher for dashboard extensions' (#65) from nbelouin/Factory:add-no-up-tag-extensions into main 
Reviewed-on: suse-edge/Factory#65
Reviewed-by: Jiří Tomášek <jtomasek@noreply.src.opensuse.org>
 2025-01-16 15:47:33 +01:00
Nicolas Belouin
25de5df782 Add an additional tag without the _up suffix to please Rancher for dashboard extensions 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-01-16 15:35:46 +01:00
Nicolas Belouin
3f9b8c9e22 Merge pull request 'Use manifest_repo var to allow for release manifest in separate repo' (#57) from nbelouin/Factory:manifest-repo-var into main 
Reviewed-on: suse-edge/Factory#57
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-23 12:11:01 +01:00
Nicolas Belouin
2a993e342e Use manifest_repo var to allow for release manifest in separate repo 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2024-12-23 11:33:04 +01:00
Steven Hardy
cab6fe1bcb release-manifest: Update to Rancher prime 2.10.1 
2.10.1 was released so update to the prime version
 2024-12-20 09:28:38 +00:00
Ivo Petrov
fde506f9ef Release manifest updates in relation to corner case use-cases (#60) 
Changes:

- Rancher version convention was changed from `v2.10.0` to `2.10.0` to better map to the actual version in the upstream helm chart repo which is without the `v` prefix.

- Rancher's `postDelete` hook has been disabled - done to ensure that we will not hit a corner case where:

   1. The Rancher helm chart upgrade fails, because of a core component not yet being ready
   2. The `helm-controller` schedules a `helm uninstall` which deletes the Rancher Helm release and triggers the `postDelete` hook.
   3. The problematic core component is up and running, so `helm-controller` schedules a `helm install` with the new version.
   4. Due to insufficient resources, or network connection (or other unforeseen problems), the `postDelete` hook is still running and it wrongly removes the new Rancher installation resulting in a missing rancher from the cluster after an upgrade.

The `postDelete` hook ensures that no accidental delete of the Rancher application will happen during an upgrade over a machine with fewer resources.

Reviewed-on: suse-edge/Factory#60
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-19 12:27:23 +01:00
Ivo Petrov
f49e6be155 Bump K8s version in the release manifest (#58) 
- Bumps both RKE2 and K3s versions to the `1.31.3` version that is expected by Rancher `v2.10.1`.

- Bumps the K8s core component versions to the `1.31.3` expected versions.

RKE2 core component versions have been checked against the `Chart Versions` table of the said [release](https://github.com/rancher/rke2/releases/tag/v1.31.3%2Brke2r1).
K3s core component versions have been checked agains the [manifests](https://github.com/k3s-io/k3s/tree/v1.31.3%2Bk3s1/manifests) directory of said release.

Reviewed-on: suse-edge/Factory#58
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-17 09:06:03 +01:00
Ivo Petrov
e820e98a2f Add missing Elemental dashboard chart (#55) 
Reviewed-on: suse-edge/Factory#55
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-12 11:20:22 +01:00
Atanas Dinov
8c31073506 Merge pull request 'Bump upgrade-controller to v0.1.1' (#53) from upgrade-controller-v0.1.1 into main 
Reviewed-on: suse-edge/Factory#53
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-12-11 18:35:11 +01:00
Atanas Dinov
4bba5fd3f2 Bump chart version 2024-12-11 18:35:11 +01:00
Atanas Dinov
383705e9a3 Bump container image version 2024-12-11 18:35:11 +01:00
Atanas Dinov
a752a25191 Bump RPM version 2024-12-11 18:35:11 +01:00
Ivo Petrov
83fec09683 Introduce K8s distribution core component list (#52) 
Introduces the K8s distribution core component list that the upgrade-controller will follow in order to make sure that a specific Kubernetes upgrade has completed successfully.

Relates to the [#116](https://github.com/suse-edge/upgrade-controller/pull/116) upgrade-controller PR.

Reviewed-on: suse-edge/Factory#52
Reviewed-by: Atanas Dinov <atanasdinov@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-12-11 15:45:28 +01:00
Nicolas Belouin
32519595dc IPA ramdisk git LFS fix 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2024-12-10 14:01:55 +01:00
Jiri Tomasek
87c7e1be88 Update akri-dashboard-extension-chart to v1.2.1 2024-12-06 09:47:40 +01:00
Jiri Tomasek
568d5d1590 Update kubevirt-dashboard-extension-chart to v1.2.1 2024-12-06 09:30:28 +01:00
Steven Hardy
fbd596290a release-manifest: Update rancher-turtles chart 
Fix the rancher-turtles-chart version to align with #44
 2024-12-05 17:35:46 +00:00
Steven Hardy
ec6c4745ea Remove CAPM3/IPAM images 
These are now provided by the rancher registry since #44
 2024-12-05 13:11:00 +00:00
Steven Hardy
856ec2ac8e rancher-turtles-airgap-resources-chart: Update to 0.14.1 upstream release 
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10
 2024-12-05 11:35:05 +00:00
Steven Hardy
7721c66ab0 rancher-turtles-chart: Update to 0.14.1 upstream release 
Aligns with https://github.com/suse-edge/charts/pull/174 which
rebases to 0.14.1, which is marked as compatible with Rancher 2.10
 2024-12-05 11:31:40 +00:00
Denislav Prodanov
cf6abb24fb Merge pull request 'fixed versions in eib artifacts' (#42) from dprodanov/Factory:fix-eib-versions into main 
Reviewed-on: suse-edge/Factory#42
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2024-12-04 16:00:26 +01:00
Denislav Prodanov
602249c98d fixed versions in eib artifacts 2024-12-04 16:02:41 +02:00
Steven Hardy
8a93aae7c5 kiwi-builder-image: Align with OBS latest version 
Aligns with the latest fixes in isv:SUSE:Edge:KiwiBuilder/kiwi-builder-10
 2024-12-02 18:19:04 +00:00
Denislav Prodanov
aba448b275 Merge pull request 'updated longhorn and neuvector to latest 105 charts' (#38) from dprodanov/Factory:update-release-manifests into main 
Reviewed-on: suse-edge/Factory#38
Reviewed-by: Ivo Petrov <ipetrov117@noreply.src.opensuse.org>
 2024-11-28 16:05:04 +01:00
Denislav Prodanov
09954e5818 updated longhorn and neuvector to latest 105 charts 2024-11-28 16:57:54 +02:00
Steven Hardy
636493adba rancher-turtles: Fix issue in 0.4.0 chart 
The previous import was based on a pre-merge copy of the following PR
- an issue was discovered during SV validation which required an
additional change to ensure CRDs are created before creating the
ClusterctlConfig CR

https://github.com/suse-edge/charts/pull/166
 2024-11-27 08:23:32 +00:00
Atanas Dinov
f5cc155d16 Fix kubevirt chart build tags 2024-11-22 10:54:32 +01:00
Ivo Petrov
a5633fd239 Remove the suffix from kubectl package name 2024-11-22 10:52:54 +01:00
Steven Hardy
d719b5b6e5 rancher-turtles: image/version fixes 
After further testing I discovered that the cluster-api-controller is
not correctly pinned or using the downstream image, and a similar
problem exists for CAPM3 (but only after upgrade from an older chart)
due to a mistake in the templating.
 2024-11-22 10:52:15 +01:00
Ivo Petrov
dda8040420 Add missing kubectl image (#32) 
Reviewed-on: suse-edge/Factory#32
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Co-authored-by: Ivo Petrov <ivo.petrov@suse.com>
Co-committed-by: Ivo Petrov <ivo.petrov@suse.com>
 2024-11-22 10:16:53 +01:00
Atanas Dinov
dc44cb42bf Fix service param definitions (#30) 
Reviewed-on: suse-edge/Factory#30
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Co-authored-by: Atanas Dinov <atanas.dinov@suse.com>
Co-committed-by: Atanas Dinov <atanas.dinov@suse.com>
 2024-11-21 17:26:05 +01:00
Nicolas Belouin
ee82509ce9 Merge pull request 'add frr image' (#29) from import-frr into main 
Reviewed-on: suse-edge/Factory#29
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2024-11-21 16:48:00 +01:00
Denislav Prodanov
bfd031153d run sync package 2024-11-20 19:31:00 +02:00
Denislav Prodanov
a8bd38569b add frr image 2024-11-20 16:16:11 +02:00
Denislav Prodanov
cfe2e92d13 Merge pull request 'Bump release manifest to 3.2.0' (#27) from release-manifest-3.2.0-prep into main 
Reviewed-on: suse-edge/Factory#27
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2024-11-20 10:47:29 +01:00
Atanas Dinov
40010f5c4f Fix chart tags 2024-11-20 11:18:07 +02:00
Atanas Dinov
729dbefe78 Fix Edge charts versioning 2024-11-19 19:48:50 +02:00
Steven Hardy
6b530a91d9 Fix missed 302 chart prefixes 
The CDI chart should only use CHART_MAJOR, and the cluster-api-operator
subchart doesn't need to use a prefix
 2024-11-19 16:50:59 +00:00
Atanas Dinov
996ee3b221 Bump release manifest to 3.2.0 2024-11-19 17:00:37 +02:00
Atanas Dinov
5c2204ba3e Add initial release-manifest image (#26) 
Copies over the [current](https://build.suse.de/package/show/ISV:SUSE:Edge:3.1/release-manifest-310-image) release-manifest image used for Edge 3.1.1.

Reviewed-on: suse-edge/Factory#26
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
Co-authored-by: Atanas Dinov <atanas.dinov@suse.com>
Co-committed-by: Atanas Dinov <atanas.dinov@suse.com>
 2024-11-19 14:56:42 +01:00
Denislav Prodanov
f1bf24e9dd Merge pull request 'add templating for chart major versions' (#25) from template-chart-versions into main 
Reviewed-on: suse-edge/Factory#25
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2024-11-18 15:24:48 +01:00
Denislav Prodanov
4ad7e30ea7 updated _service files for the templating 2024-11-18 15:14:29 +02:00
Denislav Prodanov
e9b3caf318 add templating for chart major versions 2024-11-18 15:03:25 +02:00
Denislav Prodanov
ed9a5df069 Merge pull request 'init for chart version updates' (#14) from update-charts-version into main 
Reviewed-on: suse-edge/Factory#14
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2024-11-18 12:55:33 +01:00
Denislav Prodanov
a66325901d init for chart version updates 2024-11-18 11:53:50 +02:00
Steven Hardy
8b6dce500e Update SR-IOV chart to v1.4.0 
Aligning with https://github.com/suse-edge/charts/pull/167
 2024-11-18 10:49:50 +01:00
Steven Hardy
fc3da390e9 Add kubevirt-chart 
Imported from https://github.com/suse-edge/charts/tree/main/charts/kubevirt/0.4.0
 2024-11-15 17:30:49 +00:00
Steven Hardy
fcbe8b9452 capm3: temporarily downgrade to 1.7.2 
To align with the current rancher turtles chart we need to align with
1.7.2, which matches the 1.7.x CAPI core provided by this turtles release
 2024-11-15 17:14:24 +00:00
Steven Hardy
044e5be211 Remove cluster-api-provider-rke2 package/images 
Since #16 this has been replaced by an alternative downstream image:

registry.rancher.com/rancher/cluster-api-provider-rke2-bootstrap
registry.rancher.com/rancher/cluster-api-provider-rke2-controlplane
 2024-11-15 17:10:32 +00:00
Steven Hardy
10f6ffd6c0 Remove cluster-api-operator image 
Since #16 this is replaced by an alternative downstream image:

registry.rancher.com/rancher/cluster-api-operator
 2024-11-15 17:10:30 +00:00
Steven Hardy
9ff2fc03b9 Remove cluster-api core package/image 
Since #16 this is replaced by an alternate downstream image:

registry.rancher.com/rancher/cluster-api-controller
 2024-11-15 17:10:27 +00:00
Steven Hardy
f971f64dd3 kiwi-builder-image: fix quoting issue 2024-11-15 17:06:28 +00:00
Steven Hardy
7a577c3d0b Add kiwi-builder-image 
Add image based on isv:SUSE:Edge:KiwiBuilder/kiwi-builder-10
 2024-11-15 13:48:36 +00:00
Steven Hardy
07c7783780 rancher-turtles-airgap-resources: update to 0.13 release 2024-11-15 14:40:28 +01:00
Steven Hardy
d95a664929 rancher-turtles: Update to 0.13 upstream version 
Aligns with https://github.com/suse-edge/charts/pull/166
 2024-11-15 14:40:28 +01:00
Jiri Tomasek
8159c7a050 Add kubevirt-dashboard-extension-chart v1.2.0 2024-11-15 14:40:04 +01:00
Jiri Tomasek
0790cd828c Add kubevirt-dashboard-extension to obs/workflows 2024-11-15 14:40:04 +01:00
Jiri Tomasek
241b76999f Update akri-dashboard-extension-chart to v1.2.0 2024-11-15 14:38:10 +01:00
Steven Hardy
f3052f1473 metal3-chart: Update to 0.9.0 
Align with https://github.com/suse-edge/charts/pull/165
 2024-11-14 18:20:25 +00:00
152 changed files with 12883 additions and 1142 deletions
Expand all files Collapse all files

33
.gitea/workflows/sync_config.yaml Normal file
View File

@@ -0,0 +1,33 @@
name: Synchronize Project Config
on:
push:
branches:
- "main"
- "3.*"
paths:
- "_config"
- ".gitea/workflows/sync_config.yaml"
jobs:
sync-prjconf:
runs-on: tumbleweed
steps:
- run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<EOF
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
with:
object-format: 'sha256'
- run: |
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
if [ "$(osc meta prjconf "${PROJECT}" | sha256sum)" = "$(cat _config | sha256sum)" ] ; then
osc meta prjconf "${PROJECT}" -F _config
fi

72
.obs/workflows.yml
View File

@@ -66,14 +66,6 @@ staging_build:
source_package: frr-k8s
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubectl
source_project: isv:SUSE:Edge:Factory
@@ -82,10 +74,6 @@ staging_build:
source_package: upgrade-controller
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: nm-configurator
source_project: isv:SUSE:Edge:Factory
@@ -106,38 +94,18 @@ staging_build:
source_package: hauler
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: baremetal-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cdi-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-crd-chart
source_project: isv:SUSE:Edge:Factory
@@ -154,10 +122,6 @@ staging_build:
source_package: ironic-ipa-downloader-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2-controlplane-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller-image
source_project: isv:SUSE:Edge:Factory
@@ -170,10 +134,6 @@ staging_build:
source_package: baremetal-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2-bootstrap-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-network-operator-chart
source_project: isv:SUSE:Edge:Factory
@@ -182,10 +142,6 @@ staging_build:
source_package: metallb-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-speaker-image
source_project: isv:SUSE:Edge:Factory
@@ -230,3 +186,31 @@ staging_build:
source_package: ironic-ipa-ramdisk
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubevirt-dashboard-extension-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kiwi-builder-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubevirt-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: release-manifest-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: frr-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubectl-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: frr-k8s-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging

121
_config Normal file
View File

@@ -0,0 +1,121 @@
Prefer: -libqpid-proton10 -python311-urllib3_1
Macros:
%__python3 /usr/bin/python3.11
%registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
:Macros
%if "%{sub %{lower %_project} 1 14}" != "isv:suse:edge:" || "%{sub %_project 15 21}" == "Factory"
# Here we are in Factory like project so set chart major version to 999
Macros:
%chart_major 999
:Macros
%else
# Here we are in version branch, so set the image prefix and chart major accordingly
Macros:
%project_branch %(echo %{_project} | cut -d ':' -f 4)
%img_prefix %{project_branch}/
%chart_major %(echo %{project_branch} | awk '{split($1,a,"."); print a[1]*100 + a[2]}')
:Macros
%endif
%if %{sub %_project 1 3} == ISV
Macros:
%img_repo registry.suse.com/edge
%chart_repo oci://registry.suse.com/edge
%manifest_repo registry.suse.com/edge
%support_level l3
:Macros
%else
Macros:
%img_repo registry.opensuse.org/isv/suse/edge/containers/images
%manifest_repo registry.opensuse.org/isv/suse/edge/containers/images
%chart_repo oci://registry.opensuse.org/isv/suse/edge/containers/charts
%support_level techpreview
:Macros
%endif
%if "%_repository" == "charts" || "%_repository" == "test_manifest_images"
Macros:
%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
:Macros
%endif
# Missing deps for testsuite
BuildFlags: excludebuild:autoconf:el
BuildFlags: excludebuild:autoconf:testsuite
# Only build manifest embedding images here
%if "%_repository" == "test_manifest_images"
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:release-manifest-image
# Exclude the images selected by the following section
# as the standard repository is a dependency
%ifarch aarch64
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
BuildFlags: excludebuild:baremetal-operator-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:kube-rbac-proxy-image
%endif
%else
# Only a subset of stack is arm64 ready
%ifarch aarch64
BuildFlags: onlybuild:ca-certificates-suse
BuildFlags: onlybuild:cosign
BuildFlags: onlybuild:edge-image-builder
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:endpoint-copier-operator
BuildFlags: onlybuild:endpoint-copier-operator-image
BuildFlags: onlybuild:hauler
BuildFlags: onlybuild:metallb
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:baremetal-operator
BuildFlags: onlybuild:baremetal-operator-image
BuildFlags: onlybuild:ironic-ipa-ramdisk
BuildFlags: onlybuild:ironic-ipa-downloader-image
BuildFlags: onlybuild:ironic-image
BuildFlags: onlybuild:kube-rbac-proxy
BuildFlags: onlybuild:kube-rbac-proxy-image
%endif
%endif
%if "%_repository" == "images" || "%_repository" == "test_manifest_images"
Prefer: container:sles15-image
Type: docker
Repotype: none
Patterntype: none
BuildEngine: podman
Prefer: sles-release
BuildFlags: dockerarg:SLE_VERSION=15.6
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
%endif
%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
Type: helm
Repotype: helm
Patterntype: none
Required: perl-YAML-LibYAML
%endif
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
%endif
# Enable reproducible builds
# https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
Macros:
%source_date_epoch_from_changelog Y
%clamp_mtime_to_source_date_epoch Y
%use_source_date_epoch_as_buildtime Y
%_buildhost reproducible
:Macros

6
akri-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
annotations:
catalog.cattle.io/display-name: Akri
apiVersion: v2
@@ -8,4 +8,4 @@ description: A Helm chart for Akri
icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
name: akri
type: application
version: 0.12.20
version: "%%CHART_MAJOR%%.0.0+up0.12.20"

2
akri-chart/_service
View File

@@ -11,5 +11,7 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

17
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -1,20 +1,21 @@
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Akri
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/kube-version: ">= v1.26.0-0"
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: '>= v2.9.0'
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: '>= 2.0.1'
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
apiVersion: v2
appVersion: 1.1.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
appVersion: 1.2.1
description: "SUSE Edge: Akri extension for Rancher Dashboard"
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
name: akri-dashboard-extension
type: application
version: 1.1.0
version: "%%CHART_MAJOR%%.0.0+up1.2.1"

2
akri-dashboard-extension-chart/_service
View File

@@ -11,5 +11,7 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

2
akri-dashboard-extension-chart/templates/_helpers.tpl
View File

@@ -60,4 +60,4 @@ Pkg annotations
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

4
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

4
akri-dashboard-extension-chart/values.yaml
View File

@@ -7,6 +7,6 @@ plugin:
noAuth: false
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= v2.9.0"
catalog.cattle.io/ui-extensions-version: ">= 2.0.1"
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

6
cdi-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
apiVersion: v2
appVersion: 1.60.1
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: 0.4.0
version: "%%CHART_MAJOR%%.0.0+up0.4.0"

2
cdi-chart/_service
View File

@@ -4,5 +4,7 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

35
cluster-api-operator-image/Dockerfile
View File

@@ -1,35 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-operator shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-operator
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-operator Container Image"
LABEL org.opencontainers.image.description="cluster-api-operator based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-operator_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/cluster-api-operator-controller /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

23
cluster-api-operator/_service
View File

@@ -1,23 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/cluster-api-operator</param>
<param name="scm">git</param>
<param name="revision">v0.12.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

52
cluster-api-operator/cluster-api-operator.spec
View File

@@ -1,52 +0,0 @@
#
# spec file for package cluster-api-operator
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-operator
Version: 0.12.0
Release: 0
Summary: Cluster API Core Controller
License: Apache-2.0
URL: https://github.com/kubernetes-sigs/cluster-api-operator
Source: cluster-api-operator-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API operator
%prep
%autosetup -a1 -n cluster-api-operator-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
-o cluster-api-operator cmd/main.go
%install
install -D -m0755 cluster-api-operator %{buildroot}%{_bindir}/cluster-api-operator-controller
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-operator-controller
%changelog

36
cluster-api-provider-metal3-image/Dockerfile
View File

@@ -1,36 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-metal3
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/cluster-api-provider-metal3 /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

23
cluster-api-provider-metal3/_service
View File

@@ -1,23 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
<param name="scm">git</param>
<param name="revision">v1.8.2</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

54
cluster-api-provider-metal3/cluster-api-provider-metal3.spec
View File

@@ -1,54 +0,0 @@
#
# spec file for package cluster-api-provider-metal3
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-provider-metal3
Version: 1.8.2
Release: 0
Summary: Cluster API Infrastructure Provider for Metal3
License: Apache-2.0
URL: https://github.com/metal3-io/cluster-api-provider-metal3
Source: cluster-api-provider-metal3-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API Provider Metal3 is one of the providers for Cluster API and enables
users to deploy a Cluster API based cluster on top of bare metal infrastructure
using Metal3.
%prep
%autosetup -a1 -n cluster-api-provider-metal3-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
-a -ldflags '-extldflags "-static"'
%install
install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-provider-metal3
%changelog

36
cluster-api-provider-rke2-bootstrap-image/Dockerfile
View File

@@ -1,36 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:v%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-bootstrap shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-rke2
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/rke2-bootstrap-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

36
cluster-api-provider-rke2-controlplane-image/Dockerfile
View File

@@ -1,36 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:v%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-control-plane shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-rke2
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/rke2-control-plane-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

19
cluster-api-provider-rke2-controlplane-image/_service
View File

@@ -1,19 +0,0 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
<param name="package">cluster-api-provider-rke2-control-plane</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

23
cluster-api-provider-rke2/_service
View File

@@ -1,23 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/rancher-sandbox/cluster-api-provider-rke2</param>
<param name="scm">git</param>
<param name="revision">v0.8.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

61
cluster-api-provider-rke2/cluster-api-provider-rke2.spec
View File

@@ -1,61 +0,0 @@
#
# spec file for package cluster-api-provider-rke2
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-provider-rke2
Version: 0.8.0
Release: 0
Summary: Cluster API provider for RKE2
License: Apache-2.0
URL: https://github.com/rancher-sandbox/cluster-api-provider-rke2
Source: cluster-api-provider-rke2-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API provider for RKE2
%package bootstrap
Summary: Cluster API bootstrap controller for RKE2
%description bootstrap
Cluster API bootstrap controller for RKE2
%package control-plane
Summary: Cluster API control-plane controller for RKE2
%description control-plane
Cluster API control-plane controller for RKE2
%prep
%autosetup -a1 -n cluster-api-provider-rke2-%{version}
%build
make managers
%install
install -D -m0755 bin/rke2-bootstrap-manager %{buildroot}%{_bindir}/rke2-bootstrap-manager
install -D -m0755 bin/rke2-control-plane-manager %{buildroot}%{_bindir}/rke2-control-plane-manager
%files bootstrap
%{_bindir}/rke2-bootstrap-manager
%files control-plane
%{_bindir}/rke2-control-plane-manager
%changelog

23
cluster-api/_service
View File

@@ -1,23 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/cluster-api</param>
<param name="scm">git</param>
<param name="revision">v1.8.4</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

51
cluster-api/cluster-api.spec
View File

@@ -1,51 +0,0 @@
#
# spec file for package cluster-api
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api
Version: 1.8.4
Release: 0
Summary: Cluster API Core Controller
License: Apache-2.0
URL: https://github.com/kubernetes-sigs/cluster-api
Source: cluster-api-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API core controller
%prep
%autosetup -a1 -n cluster-api-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
%install
install -D -m0755 cluster-api %{buildroot}%{_bindir}/cluster-api-controller
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-controller
%changelog

4
edge-image-builder-image/_service
View File

@@ -7,10 +7,14 @@
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="file">artifacts.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
<param name="var">CHART_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

9
edge-image-builder-image/artifacts.yaml
View File

@@ -1,11 +1,11 @@
metallb:
chart: metallb-chart
repository: %%CHART_REPO%%/3.1
version: 0.14.9
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
endpoint-copier-operator:
chart: endpoint-copier-operator-chart
repository: %%CHART_REPO%%/3.1
version: 0.2.1
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
kubernetes:
k3s:
selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
@@ -13,4 +13,3 @@ kubernetes:
rke2:
selinuxPackage: rke2-selinux
selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch

6
endpoint-copier-operator-chart/Chart.yaml
View File

@@ -1,8 +1,8 @@
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
apiVersion: v2
appVersion: v0.2.0
description: A Helm chart for Kubernetes
name: endpoint-copier-operator
type: application
version: 0.2.1
version: "%%CHART_MAJOR%%.0.0+up0.2.1"

2
endpoint-copier-operator-chart/_service
View File

@@ -11,5 +11,7 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

58
frr-image/Dockerfile Normal file
View File

@@ -0,0 +1,58 @@
# SPDX-License-Identifier: MIT
#!BuildTag: %%IMG_PREFIX%%frr:8.4
#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
#!BuildVersion: 15.5
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.frr
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="FRR Container Image"
LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="8.4"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
#Install frr
USER root
ENV PYTHONDONTWRITEBYTECODE yes
# frr.sh is the entry point. This script examines environment
# variables to direct operation and configure ovn
ADD frr.sh /root/
ADD daemons /etc/frr
ADD frr.conf /etc/frr
ADD vtysh.conf /etc/frr
RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
RUN ln -s /usr/bin/catatonit /sbin/tini
RUN usermod -a -G frrvty frr
COPY docker-start /usr/libexec/frr/docker-start
RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
WORKDIR /root
ENTRYPOINT ["/sbin/tini", "--"]
COPY docker-start /usr/lib/frr/docker-start
RUN chmod +x /usr/lib/frr/docker-start
CMD ["/usr/lib/frr/docker-start"]

6
ip-address-manager-image/_service → frr-image/_service
View File

@@ -1,12 +1,6 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%ip-address-manager_version%%</param>
<param name="package">ip-address-manager</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

82
frr-image/daemons Normal file
View File

@@ -0,0 +1,82 @@
# This file tells the frr package which daemons to start.
#
# Entries are in the format: <daemon>=(yes|no|priority)
# 0, "no" = disabled
# 1, "yes" = highest priority
# 2 .. 10 = lower priorities
#
# For daemons which support multiple instances, a 2nd line listing
# the instances can be added. Eg for ospfd:
# ospfd=yes
# ospfd_instances="1,2"
#
# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
# They're used to start the FRR daemons in more than one step
# (for example start one or two at network initialization and the
# rest later). The number of FRR daemons being small, priorities
# must be between 1 and 9, inclusive (or the initscript has to be
# changed). /etc/init.d/frr then can be started as
#
# /etc/init.d/frr <start|stop|restart|<priority>>
#
# where priority 0 is the same as 'stop', priority 10 or 'start'
# means 'start all'
#
# Sample configurations for these daemons can be found in
# /usr/share/doc/frr/examples/.
#
# ATTENTION:
#
# When activation a daemon at the first time, a config file, even if it is
# empty, has to be present *and* be owned by the user and group "frr", else
# the daemon will not be started by /etc/init.d/frr. The permissions should
# be u=rw,g=r,o=.
# When using "vtysh" such a config file is also needed. It should be owned by
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
#
watchfrr_enable=yes
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
#
zebra=yes
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
nhrpd=no
eigrpd=no
sharpd=no
pbrd=no
staticd=yes
bfdd=yes
fabricd=no
#
# Command line options for the daemons
#
zebra_options=("-A 127.0.0.1")
bgpd_options=("-A 127.0.0.1")
ospfd_options=("-A 127.0.0.1")
ospf6d_options=("-A ::1")
ripd_options=("-A 127.0.0.1")
ripngd_options=("-A ::1")
isisd_options=("-A 127.0.0.1")
pimd_options=("-A 127.0.0.1")
nhrpd_options=("-A 127.0.0.1")
eigrpd_options=("-A 127.0.0.1")
sharpd_options=("-A 127.0.0.1")
pbrd_options=("-A 127.0.0.1")
staticd_options=("-A 127.0.0.1")
bfdd_options=("-A 127.0.0.1")
fabricd_options=("-A 127.0.0.1")
#
# If the vtysh_enable is yes, then the unified config is read
# and applied if it exists. If no unified frr.conf exists
# then the per-daemon <daemon>.conf files are used)
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
# it is highly suggested to have this set to yes
vtysh_enable=yes

4
frr-image/docker-start Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
source /usr/lib/frr/frrcommon.sh
/usr/lib/frr/watchfrr $(daemon_list)

53
frr-image/frr.conf Normal file
View File

@@ -0,0 +1,53 @@
frr defaults traditional
log file /var/log/frr/frr.log
log syslog informational
log stdout debugging
ipv6 forwarding
service integrated-vtysh-config
!
debug bgp updates in
debug bgp updates out
debug bgp zebra
!
interface eth0
no ipv6 nd suppress-ra
ipv6 nd ra-interval 10
!
router bgp OCPASN
bgp router-id OCPROUTERID
bgp bestpath as-path multipath-relax
bgp bestpath compare-routerid
!
neighbor OCPnodes peer-group
neighbor OCPnodes description Internal OCP Nodes
neighbor OCPnodes remote-as OCPASN
neighbor OCPnodes bfd
neighbor OCPnodes capability extended-nexthop
!neighbor eth0 interface peer-group OCPnodes
!neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
neighbor OCPPEER peer-group OCPnodes
!
address-family ipv4 unicast
redistribute connected
neighbor OCPnodes activate
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor OCPnodes activate
neighbor OCPnodes nexthop-local unchanged
exit-address-family
!
!
bfd
peer OCPPEER vrf default interface eth0
receive-interval 2000
transmit-interval 2000
echo-mode
echo-interval 3000
no shutdown
exit
!
line vty
!

124
frr-image/frr.sh Normal file
View File

@@ -0,0 +1,124 @@
#!/bin/bash
#set -euo pipefail
# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
set -x
fi
# The argument to the command is the operation to be performed
# frr-node display display_env
# a cmd must be provided, there is no default
cmd=${1:-""}
# The frr user id, by default it is going to be frr:frr
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# This script is the entrypoint to the image.
# frr.sh version (update when API between daemonset and script changes - v.x.y)
frr_version="3"
# The daemonset version must be compatible with this script.
# The default when FRR_DAEMONSET_VERSION is not set is version 3
frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
# hostname is the host's hostname when using host networking,
# This is useful on the master
# otherwise it is the container ID (useful for debugging).
frr_pod_host=${K8S_NODE:-$(hostname)}
# The ovs user id, by default it is going to be root:root
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# frr.conf variables
ocp_asn=${OCPASN:-65000}
ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
ocp_peer=${OCPPEER:-"10.10.10.1"}
FRR_ETCDIR=/etc/frr
FRR_RUNDIR=/var/run/frr
FRR_LOGDIR=/var/log/frr
# =========================================
setup_frr_permissions() {
chown -R ${frr_user_id} ${FRR_RUNDIR}
chown -R ${frr_user_id} ${FRR_LOGDIR}
chown -R ${frr_user_id} ${FRR_ETCDIR}
}
# =========================================
display_version() {
echo " =================== hostname: ${frr_pod_host}"
echo " =================== daemonset version ${frr_daemonset_version}"
if [[ -f /root/git_info ]]; then
disp_ver=$(cat /root/git_info)
return
fi
}
display_env() {
echo FRR_USER_ID ${frr_user_id}
echo FRR_OPTIONS ${frr_options}
echo frr.sh version ${frr_version}
echo ocp_asn ${ocp_asn}
echo ocp_routerid ${ocp_routerid}
echo ocp_peer ${ocp_peer}
}
# frr-node - all nodes
frr-node() {
trap 'kill $(jobs -p) ; exit 0' TERM
rm -f ${FRR_RUNDIR}/frr.pid
echo "=============== frr-node ========== update frr.conf"
sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
#chown -R frr:frr /etc/frr
chown -R frr:frr ${FRR_RUNDIR}
echo "=============== frr-node ========== starting"
# /usr/lib/frr/frrinit.sh start
# bash -x /usr/lib/frr/frrinit.sh start
bash -x
/usr/lib/frr/frrinit.sh start
frrResult=$?
echo "=============== frrinit result is ${frrResult} "
# Sleep forever
exec tail -f /dev/null
}
echo "================== frr.sh --- version: ${frr_version} ================"
display_version
display_env
case ${cmd} in
"frr-node")
frr-node
;;
"display_env")
display_env
exit 0
;;
"display")
display
exit 0
;;
*)
echo "invalid command ${cmd}"
echo "valid v3 commands: frr-node display_env display "
exit 0
;;
esac
exit 0

0
frr-image/vtysh.conf Normal file
View File

23
cluster-api-controller-image/Dockerfile → frr-k8s-image/Dockerfile
View File

@@ -1,26 +1,25 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:v%%cluster-api_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api shadow; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends frr-k8s; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api
# labelprefix=com.suse.application.endpoint-copier-operator
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api Container Image"
LABEL org.opencontainers.image.description="cluster-api based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api_version%%"
LABEL org.opencontainers.image.title="SLE frr-k8s Container Image"
LABEL org.opencontainers.image.description="frr-k8s based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%frr-k8s_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,8 +28,6 @@ LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
#Install frr-k8s
COPY --from=base /installroot /
RUN mv /usr/bin/cluster-api-controller /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]
ENTRYPOINT ["/frr-k8s"]

4
cluster-api-controller-image/_service → frr-k8s-image/_service
View File

@@ -3,8 +3,8 @@
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api_version%%</param>
<param name="package">cluster-api</param>
<param name="regex">%%frr-k8s_version%%</param>
<param name="package">frr-k8s</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">

36
ip-address-manager-image/Dockerfile
View File

@@ -1,36 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ip-address-manager
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/ip-address-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

23
ip-address-manager/_service
View File

@@ -1,23 +0,0 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/ip-address-manager</param>
<param name="scm">git</param>
<param name="revision">v1.8.1</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

51
ip-address-manager/ip-address-manager.spec
View File

@@ -1,51 +0,0 @@
#
# spec file for package ip-address-manager
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: ip-address-manager
Version: 1.8.1
Release: 0
Summary: Metal3 IPAM controller
License: Apache-2.0
URL: https://github.com/metal3-io/ip-address-manager
Source: ip-address-manager-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Metal3 IPAM controller
%prep
%autosetup -a1 -n ip-address-manager-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
%install
install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
%files
%license LICENSE
%doc README.md
%{_bindir}/ip-address-manager
%changelog

37
ironic-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
@@ -8,7 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
RUN set -euo pipefail; zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -16,8 +23,16 @@ RUN /bin/prepare-efi.sh
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs crudini openstack-ironic
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
# DATABASE
RUN mkdir -p /installroot/var/lib/ironic && \
/installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
@@ -31,8 +46,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.0"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%"
LABEL org.opencontainers.image.version="26.1.2.2"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -64,7 +79,15 @@ RUN mkdir -p $GRUB_DIR
# IRONIC #
RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
fi
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY ironic.conf.j2 /etc/ironic/

29
ironic-image/prepare-efi.sh
View File

@@ -6,22 +6,37 @@ ARCH=$(uname -m)
DEST=${2:-/tmp/esp.img}
OS=${1:-sles}
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mkdir -p /boot/efi/EFI/BOOT
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
mkdir -p /boot/efi/EFI/$OS
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
#mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

8
ironic-image/runlogwatch.sh
View File

@@ -3,6 +3,14 @@
# Ramdisk logs path
LOG_DIR="/shared/log/ironic/deploy"
# The ironic container creates the directory, wait for
# it to exist before running inotifywait or it can fail causing
# a spurious restart
while [ ! -d "${LOG_DIR}" ]; do
echo "Waiting for ${LOG_DIR}"
sleep 5
done
inotifywait -m "${LOG_DIR}" -e close_write |
while read -r path _action file; do
echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"

17
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,7 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN cp /usr/bin/getopt /installroot/
@@ -19,11 +26,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.0"
LABEL org.opencontainers.image.version="3.0.1"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

6
ironic-ipa-downloader-image/_service
View File

@@ -1,12 +1,6 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%ironic-ipa-ramdisk-x86_64_version%%</param>
<param name="package">ironic-ipa-ramdisk-x86_64</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

6
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -8,10 +8,10 @@ export no_proxy=${no_proxy:-$NO_PROXY}
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - openstack-ironic-image-x86_64 package
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.x86_64*.kernel /shared/html/images/ironic-python-agent.kernel
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@@ -68,4 +68,4 @@ if [ -d "/tmp/ironic-certificates" ]; then
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
fi
fi

16
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-201">
<image schemaversion="7.4" name="openstack-ironic-image-301">
<description type="system">
<author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact>
@@ -116,8 +116,9 @@
<package name="vim"/>
<package name="grub2"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-i386-pc"/>
<package name="syslinux"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="syslinux" arch="x86_64"/>
<package name="lvm2"/>
<package name="plymouth"/>
<package name="fontconfig"/>
@@ -135,12 +136,10 @@
<package name="openstack-ironic-python-agent"/>
<package name="hdparm"/>
<package name="qemu-tools"/>
<package name="python311-proliantutils" arch="x86_64"/>
<package name="python311-proliantutils"/>
<package name="lshw"/>
<package name="dmidecode" arch="aarch64"/>
<package name="dmidecode" arch="x86_64"/>
<package name="efibootmgr" arch="aarch64" />
<package name="efibootmgr" arch="x86_64" />
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="open-iscsi"/>
<package name="hwinfo"/>
@@ -157,7 +156,6 @@
</packages>
<packages type="kis">
<package name="gfxboot-branding-SLE"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>

12
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.0
Version: 3.0.1
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@@ -49,7 +49,12 @@ BuildRequires: fontconfig
BuildRequires: fonts-config
BuildRequires: gptfdisk
BuildRequires: grub2
%ifarch x86_64
BuildRequires: grub2-x86_64-efi
%endif
%ifarch aarch64
BuildRequires: grub2-arm64-efi
%endif
BuildRequires: haveged
BuildRequires: hdparm
BuildRequires: hwinfo
@@ -93,19 +98,14 @@ BuildRequires: plymouth-dracut
BuildRequires: plymouth-theme-bgrt
BuildRequires: dracut-kiwi-oem-dump
BuildRequires: dracut-kiwi-oem-repart
BuildRequires: gfxboot-branding-SLE
BuildRequires: grub2-branding-SLE
BuildRequires: open-iscsi
BuildRequires: plymouth-branding-SLE
BuildRequires: lshw
BuildRequires: kbd
%ifarch aarch64
BuildRequires: dmidecode
BuildRequires: efibootmgr
%endif
%ifarch x86_64
BuildRequires: dmidecode
BuildRequires: efibootmgr
BuildRequires: syslinux
%endif

BIN
ironic-ipa-ramdisk/root.tar.bz2
View File

Binary file not shown.

35
kiwi-builder-image/Dockerfile Normal file
View File

@@ -0,0 +1,35 @@
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0-%RELEASE%
FROM registry.suse.com/bci/kiwi:10.1.16
MAINTAINER SUSE LLC (https://www.suse.com/)
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.akri
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.0"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
# Configure Kiwi to use kpartx
RUN echo -e "mapper:\n - part_mapper: kpartx" > /etc/kiwi.yml
# Copy build script into image and make it executable
ADD build-image.sh /usr/bin/build-image
RUN chmod a+x /usr/bin/build-image
# Make a directory for the standard SL Micro Kiwi definition and config file and copy them in
RUN mkdir -p /micro-sdk/defs
ADD SL-Micro.kiwi /micro-sdk/defs
ADD SL-Micro.kiwi.4096 /micro-sdk/defs
ADD config.sh /micro-sdk/defs

59
kiwi-builder-image/README Normal file
View File

@@ -0,0 +1,59 @@
###########################
Kiwi SDK Image Instructions
###########################
Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
# setenforce 0
Next, download the podman image:
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0
Make a local output directory (where the images will reside):
# mkdir output
Then, to build a standard "Base" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
To build a "Base" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-SelfInstall
Then, to build a standard "Default" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default
To build a "Default" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-RT
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall -b
# mkdir mydefs/
# cp /path/to/SL-Micro.kiwi mydefs/
# cp /path/to/config.sh mydefs/
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
All output will be in the local $(pwd)/output directory, for example:
# ls -1 output/
SLE-Micro.x86_64-6.0.changes
SLE-Micro.x86_64-6.0.packages
SLE-Micro.x86_64-6.0.raw
SLE-Micro.x86_64-6.0.verified
build
kiwi.result
kiwi.result.json
Note, if you want to rebuild the image, you'll need to empty the output directory, or Kiwi will error due to existing output files:
# rm -rf output/*

777
kiwi-builder-image/SL-Micro.kiwi Normal file
View File

@@ -0,0 +1,777 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
<!-- OBS-Milestone: %current_milestone -->
<!-- OBS-BcntSyncTag: SL-Micro -->
<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
<description type="system">
<author>SUSE</author>
<contact>crc@suse.com</contact>
<specification>SL Micro</specification>
</description>
<profiles>
<!-- Profiles used as dependencies of actual image profiles -->
<!-- Flavors -->
<profile name="full" description="SL Micro as KVM and Container host"/>
<profile name="container-host" description="SL Micro as Container host"/>
<profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
<!-- Platforms - support profiles -->
<profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
<profile name="self_install" description="Self Installing ISO media"/>
<!-- Platforms -->
<profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86"/>
</profile>
<profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-encrypted"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86"/>
</profile>
<profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
>
<luksformat>
<option name="--cipher" value="aes"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">4</size>
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="s390-dasd">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="s390-fba">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
format="vmdk"
firmware="uefi"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">20</size>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/>
<!-- <package name="k3s-install"/> -->
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
<package name="system-user-tss"/>
<package name="libtss2-fapi1"/>
<package name="libtss2-tcti-device0"/>
<package name="tpm2.0-tools"/>
<package name="tpm2-0-tss"/>
<package name="fde-firstboot"/>
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="ecs_anywhere">
<package name="amazon-ssm-agent"/>
<package name="amazon-ecs-init"/>
<package name="aws-cli"/>
<package name="docker"/>
</packages>
<!-- Ignition / Combustion everywhere, cloud-init only in selected images
<packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
<packages type="image">
<package name="ignition"/>
<package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
<package name="SL-Micro-release"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="NetworkManager-tui"/>
<package name="growpart-generator"/>
<package name="suse-build-key"/>
<!-- for debugging -->
<package name="less"/>
<package name="vim-small"/>
<namedCollection name="micro_defaults"/>
<package name="patterns-micro-defaults"/>
<package name="NetworkManager"/>
<package name="NetworkManager-branding-SLE"/>
<package name="ModemManager"/>
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
</packages>
<packages type="image" profiles="bootloader">
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
<!-- obsoleted by kiwi-settings
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
<!-- bsc#1221936 -->
<packages type="image" profiles="x86-vmware">
<package name="open-vm-tools"/>
</packages>
<!-- bsc#1221727-->
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
</image>

784
kiwi-builder-image/SL-Micro.kiwi.4096 Normal file
View File

@@ -0,0 +1,784 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
<!-- OBS-Milestone: %current_milestone -->
<!-- OBS-BcntSyncTag: SL-Micro -->
<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
<description type="system">
<author>SUSE</author>
<contact>crc@suse.com</contact>
<specification>SL Micro</specification>
</description>
<profiles>
<!-- Profiles used as dependencies of actual image profiles -->
<!-- Flavors -->
<profile name="full" description="SL Micro as KVM and Container host"/>
<profile name="container-host" description="SL Micro as Container host"/>
<profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
<!-- Platforms - support profiles -->
<profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
<profile name="self_install" description="Self Installing ISO media"/>
<!-- Platforms -->
<profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86"/>
</profile>
<profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-encrypted"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86"/>
</profile>
<profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
target_blocksize="4096"
efipartsize="200"
>
<luksformat>
<option name="--cipher" value="aes"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">4</size>
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="s390-dasd">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="s390-fba">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
format="vmdk"
firmware="uefi"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">20</size>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
<package name="system-user-tss"/>
<package name="libtss2-fapi1"/>
<package name="libtss2-tcti-device0"/>
<package name="tpm2.0-tools"/>
<package name="tpm2-0-tss"/>
<package name="fde-firstboot"/>
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="ecs_anywhere">
<package name="amazon-ssm-agent"/>
<package name="amazon-ecs-init"/>
<package name="aws-cli"/>
<package name="docker"/>
</packages>
<!-- Ignition / Combustion everywhere, cloud-init only in selected images
<packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
<packages type="image">
<package name="ignition"/>
<package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
<package name="SL-Micro-release"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="NetworkManager-tui"/>
<package name="growpart-generator"/>
<package name="suse-build-key"/>
<!-- for debugging -->
<package name="less"/>
<package name="vim-small"/>
<namedCollection name="micro_defaults"/>
<package name="patterns-micro-defaults"/>
<package name="NetworkManager"/>
<package name="NetworkManager-branding-SLE"/>
<package name="ModemManager"/>
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
</packages>
<packages type="image" profiles="bootloader">
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
<!-- obsoleted by kiwi-settings
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
<!-- bsc#1221936 -->
<packages type="image" profiles="x86-vmware">
<package name="open-vm-tools"/>
</packages>
<!-- bsc#1221727-->
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
</image>

12
cluster-api-provider-rke2-bootstrap-image/_service → kiwi-builder-image/_service
View File

@@ -1,11 +1,11 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
<param name="package">cluster-api-provider-rke2-bootstrap</param>
<param name="parse-version">patch</param>
<service name="replace_using_env" mode="buildtime">
<param name="file">README</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>

93
kiwi-builder-image/build-image.sh Normal file
View File

@@ -0,0 +1,93 @@
#!/usr/bin/env bash
# Copyright (c) 2024 SUSE LLC
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# Set image build defaults, blocksize is an empty string
PROFILE="Base"
LARGEBLOCK=false
# Print usage
usage(){
cat <<-EOF
==============================
SLE Micro 6.0 Kiwi SDK Builder
==============================
Usage: ${0} [-p <profile>] [-b]
Profile Options (-p):
* Base: RAW Disk Image with podman
* Base-SelfInstall: SelfInstall ISO with podman
* Default: RAW Disk Image with podman and kvm
* Default-SelfInstall: SelfInstall ISO with podman and kvm
* Base-RT: RAW Disk Image with kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
NOTE: If both options are omitted, the "Base" profile with a standard "512" blocksize is used.
EOF
}
# Grab CLI options and handle
while getopts 'p:bh' OPTION; do
case "${OPTION}" in
p)
PROFILE="${OPTARG}"
;;
b)
LARGEBLOCK=true
;;
?)
usage && exit 2
;;
esac
done
# To avoid wasting time, perform the loop creation test first, and exit with a warning to re-run.
# This only happens when the container hasn't been ran on the host before, and is avoided by mounting /dev/ into the image.
qemu-img create /tmp/output/test.img 1M
if LOOP=$(losetup -f --show /tmp/output/test.img); then
rm -f /tmp/output/test.img
losetup -d $LOOP
else
echo -e "\nERROR: Early loop device test failed, please retry the container run."
exit 1
fi
# Grab local SLE Micro repos and create a list to use as part of the image build
REPOS=`for i in $(cat /micro-sdk/repos/*.repo | awk '/baseurl/ {split($0,string,"="); print string[2]}'); do echo -n "--add-repo $i "; done`
if $LARGEBLOCK; then
mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
fi
# Build the image
kiwi-ng --debug --profile $PROFILE system build \
--description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
# Print output
RESULT=$?
if [ $RESULT -eq 0 ]; then
echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
else
echo -e "\n\nERROR: Failed to build the image, please see above logs."
fi

317
kiwi-builder-image/config.sh Normal file
View File

@@ -0,0 +1,317 @@
#!/bin/bash
# Copyright (c) 2023 SUSE LLC
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
set -euxo pipefail
mkdir /var/lib/misc/reconfig_system
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#======================================
# This is a workaround - someone,
# somewhere needs to load the xts crypto
# module, otherwise luksOpen will fail while
# creating the image.
#--------------------------------------
modprobe xts || true
#======================================
# add missing fonts
#--------------------------------------
CONSOLE_FONT="eurlatgr.psfu"
#======================================
# prepare for setting root pw, timezone
#--------------------------------------
echo ** "reset machine settings"
sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow
rm /etc/machine-id
rm /var/lib/zypp/AnonymousUniqueId
#======================================
# Setup baseproduct link
#--------------------------------------
suseSetupProduct
#======================================
# Specify default runlevel
#--------------------------------------
baseSetRunlevel 3
#======================================
# Add missing gpg keys to rpm
#--------------------------------------
suseImportBuildKey
#======================================
# If SELinux is installed, configure it like transactional-update setup-selinux
#--------------------------------------
if [[ -e /etc/selinux/config ]]; then
# Check if we don't have selinux already enabled.
grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q security=selinux || \
sed -i -e 's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 security=selinux selinux=1"|g' "/etc/default/grub"
# Adjust selinux config
sed -i -e 's|^SELINUX=.*|SELINUX=enforcing|g' \
-e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \
"/etc/selinux/config"
# Move an /.autorelabel file from initial installation to writeable location
test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel
fi
##======================================
## Enable DHCP on eth0
##--------------------------------------
#cat >/etc/sysconfig/network/ifcfg-eth0 <<EOF
#BOOTPROTO='dhcp'
#MTU=''
#REMOTE_IPADDR=''
#STARTMODE='auto'
#ETHTOOL_OPTIONS=''
#USERCONTROL='no'
#EOF
systemctl enable NetworkManager
systemctl enable ModemManager
#======================================
# Enable cloud-init
#--------------------------------------
suseInsertService cloud-init-local
suseInsertService cloud-init
suseInsertService cloud-config
suseInsertService cloud-final
# Enable chrony
suseInsertService chronyd
#======================================
# Sysconfig Update
#--------------------------------------
echo '** Update sysconfig entries...'
echo FONT="$CONSOLE_FONT" >> /etc/vconsole.conf
# fix security level (boo#1171174)
sed -e '/^PERMISSION_SECURITY=s/easy/paranoid/' /etc/sysconfig/security
chkstat --set --system
#======================================
# SSL Certificates Configuration
#--------------------------------------
echo '** Rehashing SSL Certificates...'
update-ca-certificates
#======================================
# Import trusted rpm keys
#--------------------------------------
for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
# importing can fail if it already exists
rpm --import $i || true
done
# Temporary workaround for bsc#1212187
echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
#======================================
# Enable kubelet if installed
#--------------------------------------
if [ -e /usr/lib/systemd/system/kubelet.service ]; then
suseInsertService kubelet
fi
# Adjust zypp conf
# https://github.com/openSUSE/libzypp/issues/212
# in yast that's done in packager/cfa/zypp_conf.rb
sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
sed -i 's/^multiversion =.*/multiversion =/g' /etc/zypp/zypp.conf
#=====================================
# Configure snapper
#-------------------------------------
if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
echo "creating initial snapper config ..."
cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root
baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root
# Adjust parameters
sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root
sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root
sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
fi
# Enable jeos-firstboot if installed, disabled by combustion/ignition
if rpm -q --whatprovides jeos-firstboot >/dev/null; then
mkdir -p /var/lib/YaST2
touch /var/lib/YaST2/reconfig_system
systemctl enable jeos-firstboot.service
fi
# Enable cloud-init if installed
if rpm -q --whatprovides cloud-init >/dev/null; then
systemctl enable cloud-init
systemctl enable cloud-init-local
fi
# The %post script can't edit /etc/fstab sys due to https://github.com/OSInside/kiwi/issues/945
# so use the kiwi custom hack
cat >/etc/fstab.script <<"EOF"
#!/bin/sh
set -eux
/usr/sbin/setup-fstab-for-overlayfs
# If /var is on a different partition than /...
if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
# ... set options for autoexpanding /var
gawk -i inplace '$2 == "/var" { $4 = $4",x-growpart.grow,x-systemd.growfs" } { print $0 }' /etc/fstab
fi
EOF
chmod a+x /etc/fstab.script
# To make x-systemd.growfs work from inside the initrd
cat >/etc/dracut.conf.d/50-microos-growfs.conf <<"EOF"
install_items+=" /usr/lib/systemd/systemd-growfs "
EOF
#======================================
# Add repos from control.xml
#--------------------------------------
if [ -x /usr/sbin/add-yast-repos ]; then
add-yast-repos
zypper --non-interactive rm -u live-add-yast-repos
fi
#======================================
# Configure SelfInstall specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"SelfInstall"* ]]; then
cat > /etc/systemd/system/selfinstallbootloader.service <<-EOF
[Unit]
Description=
After=systemd-machine-id-commit.service
Before=jeos-firstboot.service
[Service]
Type=oneshot
ExecStart=rm /etc/systemd/system/selfinstallbootloader.service
ExecStart=rm /etc/systemd/system/default.target.wants/selfinstallbootloader.service
ExecStart=/sbin/transactional-update bootloader
ExecStart=/sbin/transactional-update apply
[Install]
WantedBy=default.target
EOF
ln -s /etc/systemd/system/selfinstallbootloader.service /etc/systemd/system/default.target.wants/selfinstallbootloader.service
fi
#======================================
# Boot TimeOut Configuration for iSCSI
#--------------------------------------
cat > /etc/systemd/system/iscsi-init-delay.service <<-EOF
[Unit]
# Workaround for boo#1198457 delay gen-initiatorname after local-fs
Description=One time delay for the iscsid.service
ConditionPathExists=!/etc/iscsi/initiatorname.iscsi
ConditionPathExists=/sbin/iscsi-gen-initiatorname
DefaultDependencies=no
RequiresMountsFor=/etc/iscsi
After=local-fs.target
Before=iscsi-init.service
[Install]
WantedBy=default.target
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=/sbin/iscsi-gen-initiatorname
EOF
ln -s /etc/systemd/system/iscsi-init-delay.service /etc/systemd/system/default.target.wants/iscsi-init-delay.service
#======================================
# Configure Pine64 specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"Pine64" ]]; then
echo 'add_drivers+=" fixed sunxi-mmc axp20x-regulator axp20x-rsb "' > /etc/dracut.conf.d/sunxi_modules.conf
fi
#======================================
# Configure Raspberry Pi specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
# Add necessary kernel modules to initrd (will disappear with bsc#1084272)
echo 'add_drivers+=" bcm2835_dma dwc2 "' > /etc/dracut.conf.d/raspberrypi_modules.conf
# Add necessary kernel modules to initrd (will disappear with boo#1162669)
echo 'add_drivers+=" pcie-brcmstb "' >> /etc/dracut.conf.d/raspberrypi_modules.conf
# Work around network issues
cat > /etc/modprobe.d/50-rpi3.conf <<-EOF
# Prevent too many page allocations (bsc#1012449)
options smsc95xx turbo_mode=N
EOF
cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
vm.min_free_kbytes = 2048
EOF
fi
#======================================
# Configure Vagrant specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
# create vagrant user
useradd vagrant
# allow password-less sudo
echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant
# add vagrant's insecure key
mkdir -p /home/vagrant/.ssh
chmod 0700 /home/vagrant/.ssh
cat > /home/vagrant/.ssh/authorized_keys << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
EOF
chmod 0600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant /home/vagrant
fi
#======================================
# cloud-init specific settings
#--------------------------------------
# We do not want cloud-init to run in an environment when there is no data
# source found. bsc#1222113
if [[ "$kiwi_profiles" =~ ^(x86-qcow|x86-vmware|aarch64-qcow)$ ]]; then
echo "policy: search,found=all,maybe=disabled,notfound=disabled" > /etc/cloud/ds-identify.cfg
fi
exit 0

34
kubectl-image/Dockerfile Normal file
View File

@@ -0,0 +1,34 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends kubectl; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.kubectl
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE kubectl image"
LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.30.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
ENTRYPOINT ["/usr/bin/kubectl"]

7
cluster-api-operator-image/_service → kubectl-image/_service
View File

@@ -1,12 +1,5 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-operator_version%%</param>
<param name="package">cluster-api-operator</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

2
kubectl/kubectl.spec
View File

@@ -1,6 +1,6 @@
%global debug_package %{nil}
Name: kubectl-1303
Name: kubectl
Version: 1.30.3
Release: 0
Summary: Command-line utility for interacting with a Kubernetes cluster

9
kubevirt-chart/Chart.yaml Normal file
View File

@@ -0,0 +1,9 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
apiVersion: v2
appVersion: 1.3.1
description: A Helm chart for KubeVirt
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: kubevirt
type: application
version: "%%CHART_MAJOR%%.0.0+up0.4.0"

10
kubevirt-chart/_service Normal file
View File

@@ -0,0 +1,10 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

1
kubevirt-chart/app-readme.md Normal file
View File

@@ -0,0 +1 @@
KubeVirt is a virtual machine management add-on for Kubernetes. The aim is to provide a common ground for virtualization solutions on top of Kubernetes.

6586
kubevirt-chart/crds/kubevirt.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

2
kubevirt-chart/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,2 @@
Verify that all KubeVirt components are installed correctly:
kubectl get all -n {{ .Release.Namespace }}

62
kubevirt-chart/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "kubevirt.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kubevirt.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kubevirt.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "kubevirt.labels" -}}
helm.sh/chart: {{ include "kubevirt.chart" . }}
{{ include "kubevirt.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kubevirt.selectorLabels" -}}
app.kubernetes.io/name: {{ include "kubevirt.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "kubevirt.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "kubevirt.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
kubevirt-chart/templates/_hooks.tpl Normal file
View File

@@ -0,0 +1,47 @@
{{/* Hook annotations */}}
{{- define "kubevirt.hook.annotations" -}}
annotations:
"helm.sh/hook": {{ .hookType }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": {{ .hookWeight | quote }}
{{- end -}}
{{/* Namespace modifying hook annotations */}}
{{- define "kubevirt.namespaceHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-install") . }}
{{- end -}}
{{/* CRD upgrading hook annotations */}}
{{- define "kubevirt.crdUpgradeHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-upgrade") . }}
{{- end -}}
{{/* Custom resource uninstalling hook annotations */}}
{{- define "kubevirt.crUninstallHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-delete") . }}
{{- end -}}
{{/* CRD uninstalling hook annotations */}}
{{- define "kubevirt.crdUninstallHook.annotations" -}}
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "post-delete") . }}
{{- end -}}
{{/* Namespace modifying hook name */}}
{{- define "kubevirt.namespaceHook.name" -}}
{{ include "kubevirt.fullname" . }}-namespace-modify
{{- end }}
{{/* CRD upgrading hook name */}}
{{- define "kubevirt.crdUpgradeHook.name" -}}
{{ include "kubevirt.fullname" . }}-crd-upgrade
{{- end }}
{{/* Custom resource uninstalling hook name */}}
{{- define "kubevirt.crUninstallHook.name" -}}
{{ include "kubevirt.fullname" . }}-uninstall
{{- end }}
{{/* CRD uninstalling hook name */}}
{{- define "kubevirt.crdUninstallHook.name" -}}
{{ include "kubevirt.fullname" . }}-crd-uninstall
{{- end }}

55
kubevirt-chart/templates/crd-uninstall-hooks.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
resourceNames:
- "kubevirts.kubevirt.io"
verbs: [ "delete" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUninstallHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "kubevirt.crdUninstallHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUninstallHook.name" . }}
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "kubevirt.crdUninstallHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.crdUninstallHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.crdUninstallHook.name" . }}
image: {{ .Values.hookImage }}
args:
- delete
- customresourcedefinitions
- kubevirts.kubevirt.io
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}

80
kubevirt-chart/templates/crd-upgrade-hooks.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ .Release.Namespace }}
name: kubevirt-crd-manifest
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 1) }}
data:
crd: |-
{{ $.Files.Get "crds/kubevirt.yaml" | nindent 4 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
rules:
- apiGroups: [ "" ]
resources: [ "configmaps" ]
resourceNames:
- "kubevirt-crd-manifest"
verbs: [ "get" ]
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
resourceNames:
- "kubevirts.kubevirt.io"
verbs: [ "get", "patch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 3) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 4) }}
spec:
template:
metadata:
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.crdUpgradeHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.crdUpgradeHook.name" . }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
image: {{ .Values.hookImage }}
args:
- apply
- -f
- /etc/manifests/crd.yaml
volumeMounts:
- name: crd-volume
mountPath: /etc/manifests
volumes:
- name: crd-volume
configMap:
name: kubevirt-crd-manifest
items:
- key: crd
path: crd.yaml

1361
kubevirt-chart/templates/kubevirt-operator.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

71
kubevirt-chart/templates/kubevirt-uninstall-hooks.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "kubevirt.io" ]
resources: [ "kubevirts" ]
resourceNames:
- "kubevirt"
verbs: [ "get", "list", "delete" ]
- apiGroups: [ "apps" ]
resources: [ "deployments", "daemonsets" ]
verbs: [ "get", "list" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
roleRef:
kind: Role
name: {{ template "kubevirt.crUninstallHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.crUninstallHook.name" . }}
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "kubevirt.crUninstallHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.crUninstallHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.crUninstallHook.name" . }}
image: {{ .Values.hookImage }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
args:
- delete
- kubevirt
- kubevirt
- name: {{ template "kubevirt.crUninstallHook.name" . }}-cleanup
image: {{ .Values.hookImage }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
args:
- wait
- --for=delete
- deployments/virt-api
- deployments/virt-controller
- daemonsets/virt-handler
- --timeout=60s

32
kubevirt-chart/templates/kubevirt.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: kubevirt.io/v1
kind: KubeVirt
metadata:
name: kubevirt
namespace: {{ .Release.Namespace }}
spec:
{{- with .Values.kubevirt.configuration }}
configuration:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.kubevirt.customizeComponents }}
customizeComponents:
{{- toYaml . | nindent 4 }}
{{- end }}
imagePullPolicy: {{ .Values.kubevirt.imagePullPolicy }}
{{- with .Values.kubevirt.infra }}
infra:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.kubevirt.uninstallStrategy }}
uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
{{- end }}
{{- with .Values.kubevirt.workloadUpdateStrategy }}
workloadUpdateStrategy:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.kubevirt.monitorNamespace }}
monitorNamespace: {{ .Values.kubevirt.monitorNamespace }}
{{- end }}
{{- if .Values.kubevirt.monitorAccount }}
monitorAccount: {{ .Values.kubevirt.monitorAccount }}
{{- end }}

60
kubevirt-chart/templates/namespace-hooks.yaml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
rules:
- apiGroups: [ "" ]
resources: [ "namespaces" ]
resourceNames:
- {{ .Release.Namespace | quote }}
verbs: [ "get", "patch" ]
- apiGroups: [ "management.cattle.io" ] # Rancher
resources: [ "projects" ]
verbs: [ "updatepsa" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.namespaceHook.name" . }}
roleRef:
kind: ClusterRole
name: {{ template "kubevirt.namespaceHook.name" . }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "kubevirt.namespaceHook.name" . }}
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }}
spec:
template:
metadata:
name: {{ template "kubevirt.namespaceHook.name" . }}
spec:
serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }}
restartPolicy: {{ .Values.hookRestartPolicy }}
containers:
- name: {{ template "kubevirt.namespaceHook.name" . }}
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
image: {{ .Values.hookImage }}
args:
- label
- namespace
- {{ .Release.Namespace }}
- kubevirt.io=
- pod-security.kubernetes.io/enforce=privileged

34
kubevirt-chart/values.yaml Normal file
View File

@@ -0,0 +1,34 @@
operator:
image: registry.suse.com/suse/sles/15.6/virt-operator
version: 1.3.1-150600.5.9.1
pullPolicy: IfNotPresent
kubevirt:
# Holds kubevirt configurations. Same as the virt-configMap.
configuration: {}
customizeComponents: {}
# The ImagePullPolicy to use.
imagePullPolicy: IfNotPresent
# Selectors and tolerations that should apply to KubeVirt infrastructure components.
infra: {}
# Specifies if KubeVirt can be deleted if workloads are still present.
# This is mainly a precaution to avoid accidental data loss.
uninstallStrategy: ""
# WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates.
workloadUpdateStrategy: {}
# Optionally enable ServiceMonitor for prometheus, see
# https://kubevirt.io/user-guide/user_workloads/component_monitoring/
monitorAccount: ""
monitorNamespace: ""
hookImage: rancher/kubectl:v1.30.2
hookRestartPolicy: OnFailure
hookSecurityContext:
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL

21
kubevirt-dashboard-extension-chart/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: '>= 2.10.0-0'
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
apiVersion: v2
appVersion: 1.2.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"

6
kubevirt-dashboard-extension-chart/README.md Normal file
View File

@@ -0,0 +1,6 @@
# SUSE Edge: KubeVirt extension for Rancher Dashboard
An Edge focused extension for Rancher Dashboard allowing to monitor and interact virtual machine based workloads.
For more information on SUSE Edge see https://suse-edge.github.io/ \
For more information on Kubevirt see https://kubevirt.io/

17
kubevirt-dashboard-extension-chart/_service Normal file
View File

@@ -0,0 +1,17 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">values.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

63
kubevirt-dashboard-extension-chart/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "extension-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "extension-server.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "extension-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "extension-server.labels" -}}
helm.sh/chart: {{ include "extension-server.chart" . }}
{{ include "extension-server.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "extension-server.selectorLabels" -}}
app.kubernetes.io/name: {{ include "extension-server.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Pkg annotations
*/}}
{{- define "extension-server.pluginMetadata" -}}
{{- with .Values.plugin.metadata }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}

14
kubevirt-dashboard-extension-chart/templates/cr.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: catalog.cattle.io/v1
kind: UIPlugin
metadata:
name: {{ include "extension-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{ include "extension-server.labels" . | nindent 4 }}
spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

12
kubevirt-dashboard-extension-chart/values.yaml Normal file
View File

@@ -0,0 +1,12 @@
nameOverride: ""
fullnameOverride: ""
plugin:
enabled: true
versionOverride: ""
noCache: false
noAuth: false
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

15
metal3-chart/Chart.yaml
View File

@@ -1,17 +1,18 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2-%RELEASE%
apiVersion: v2
appVersion: 1.16.0
appVersion: 0.9.2
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
repository: file://./charts/baremetal-operator
version: 0.5.0
version: 0.6.1
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.7.0
version: 0.9.1
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
repository: file://./charts/mariadb
version: 0.5.4
@@ -19,9 +20,9 @@ dependencies:
condition: global.enable_metal3_media_server
name: media
repository: file://./charts/media
version: 0.5.0
version: 0.6.1
description: A Helm chart that installs all of the dependencies needed for Metal3
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: 0.8.1
version: "%%CHART_MAJOR%%.0.0+up0.9.2"

2
metal3-chart/_service
View File

@@ -11,5 +11,7 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

4
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 0.6.1
appVersion: 0.8.0
description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator
type: application
version: 0.5.0
version: 0.6.1

7
metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml
View File

@@ -39,11 +39,6 @@ spec:
name: BMC
priority: 1
type: string
- description: The type of hardware detected
jsonPath: .status.hardwareProfile
name: Hardware_Profile
priority: 1
type: string
- description: Whether the host is online or not
jsonPath: .spec.online
name: Online
@@ -740,6 +735,7 @@ spec:
type: object
hardwareProfile:
description: The name of the profile matching the hardware details.
Hardware profiles are deprecated and should not be relied on.
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
@@ -1136,7 +1132,6 @@ spec:
required:
- errorCount
- errorMessage
- hardwareProfile
- operationalStatus
- poweredOn
- provisioning

2
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -3,14 +3,12 @@
{{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicInspectorHost := print $ironicIP ":5050" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
apiVersion: v1
data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
IRONIC_INSPECTOR_ENDPOINT: "{{ $protocol }}://{{ $ironicInspectorHost }}/v1/"
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}

11
metal3-chart/charts/baremetal-operator/templates/deployment.yaml
View File

@@ -78,14 +78,6 @@ spec:
mountPath: "/opt/metal3/auth/ironic/password"
subPath: password
readOnly: true
- name: ironic-inspector-basic-auth
mountPath: "/opt/metal3/auth/ironic-inspector/username"
subPath: username
readOnly: true
- name: ironic-inspector-basic-auth
mountPath: "/opt/metal3/auth/ironic-inspector/password"
subPath: password
readOnly: true
{{- end }}
{{- if .Values.global.enable_tls }}
- name: cacert
@@ -116,9 +108,6 @@ spec:
- name: ironic-basic-auth
secret:
secretName: ironic-basic-auth
- name: ironic-inspector-basic-auth
secret:
secretName: ironic-inspector-basic-auth
{{- end }}
{{- if .Values.global.enable_tls }}
- name: cacert

15
metal3-chart/charts/baremetal-operator/templates/tests/test-connection.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "baremetal-operator.fullname" . }}-test-connection"
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "baremetal-operator.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

4
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -28,11 +28,11 @@ images:
baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent
tag: "0.6.1"
tag: "0.8.0"
rbacProxy:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
pullPolicy: IfNotPresent
tag: "v0.14.2"
tag: "0.18.1"
imagePullSecrets: []
nameOverride: "manger"

4
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 24.1.2
appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.7.0
version: 0.9.1

3
metal3-chart/charts/ironic/templates/_helpers.tpl
View File

@@ -77,9 +77,6 @@ Get ironic CA volumeMounts
- name: cert-ironic-ca
mountPath: "/certs/ca/ironic"
readOnly: true
- name: cert-ironic-inspector-ca
mountPath: "/certs/ca/ironic-inspector"
readOnly: true
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia-ca
mountPath: "/certs/ca/vmedia"

13
metal3-chart/charts/ironic/templates/certificates.yaml
View File

@@ -25,19 +25,6 @@ spec:
kind: Issuer
name: ca-issuer
secretName: ironic-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ironic-inspector-cert
spec:
commonName: ironic-inspector-cert
ipAddresses:
- {{ .Values.global.ironicIP }}
issuerRef:
kind: Issuer
name: ca-issuer
secretName: ironic-inspector-cert
{{- if .Values.global.enable_vmedia_tls }}
---
apiVersion: cert-manager.io/v1

16
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -10,7 +10,6 @@ data:
{{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicInspectorHost := print $ironicIP ":5050" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
@@ -25,15 +24,11 @@ data:
{{- end }}
HTTP_PORT: "6180"
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
USE_IRONIC_INSPECTOR: "true"
USE_IRONIC_INSPECTOR: "false"
IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
IRONIC_API_HOST: {{ $ironicApiHost }}
IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
IRONIC_INSPECTOR_BASE_URL: {{ $protocol }}://{{ $ironicInspectorHost }}
IRONIC_INSPECTOR_ENDPOINT: {{ $protocol }}://{{ $ironicInspectorHost }}/v1/
IRONIC_INSPECTOR_HOST: {{ $ironicInspectorHost }}
IRONIC_INSPECTOR_HTTPD_SERVER_NAME: {{ $ironicInspectorHost }}
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
@@ -55,11 +50,9 @@ data:
{{- if .Values.global.provisioningIP }}
PROVISIONING_IP: {{ .Values.global.provisioningIP }}
{{- end }}
IRONIC_INSPECTOR_VLAN_INTERFACES: all
IRONIC_ILO_USE_SWIFT: "false"
IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
IRONIC_FAST_TRACK: "true"
IRONIC_USE_MARIADB: "true"
LISTEN_ALL_INTERFACES: "true"
{{- if .Values.global.ironicIP }}
IRONIC_IP: {{ .Values.global.ironicIP }}
@@ -69,7 +62,6 @@ data:
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
IPA_INSECURE: "0"
IRONIC_REVERSE_PROXY_SETUP: "true"
INSPECTOR_REVERSE_PROXY_SETUP: "true"
{{- if ( .Values.global.enable_vmedia_tls ) }}
VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
{{- end }}
@@ -81,6 +73,10 @@ data:
{{- end }}
{{- if ( .Values.global.enable_basicAuth ) }}
AUTH_STRATEGY: "http_basic"
INSPECTOR_AUTH_STRATEGY: "http_basic"
{{- end }}
{{- if .Values.global.enable_mariadb }}
MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
IRONIC_USE_MARIADB: "true"
{{- else }}
IRONIC_USE_MARIADB: "false"
{{- end }}

117
metal3-chart/charts/ironic/templates/deployment.yaml
View File

@@ -41,10 +41,7 @@ spec:
name: ironic-bmo
livenessProbe:
exec:
command:
- /bin/sh
- -c
- curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
@@ -62,10 +59,7 @@ spec:
{{- end }}
readinessProbe:
exec:
command:
- /bin/sh
- -c
- curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
@@ -78,9 +72,6 @@ spec:
- name: cert-ironic
mountPath: "/certs/ironic"
readOnly: true
- name: cert-ironic-inspector
mountPath: "/certs/ironic-inspector"
readOnly: true
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia
mountPath: "/certs/vmedia"
@@ -90,73 +81,6 @@ spec:
name: cert-ironic-ca
readOnly: true
{{- end }}
- name: ironic-inspector
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runironic-inspector
envFrom:
- configMapRef:
name: ironic-bmo
env:
{{- if .Values.global.enable_basicAuth }}
- name: INSPECTOR_HTPASSWD
valueFrom:
secretKeyRef:
name: ironic-inspector-basic-auth
key: htpasswd
{{- end }}
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: ironic-mariadb
livenessProbe:
exec:
command:
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
- containerPort: 5050
name: inspector
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_basicAuth }}
- mountPath: "/auth/ironic/auth-config"
name: ironic-basic-auth
subPath: auth-config
readOnly: true
- mountPath: "/auth/ironic-inspector/auth-config"
name: ironic-inspector-basic-auth
subPath: auth-config
readOnly: true
{{- end }}
{{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
- name: cert-ironic-inspector
mountPath: "/certs/ironic-inspector"
readOnly: true
{{- end }}
- name: ironic-log-watch
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
@@ -184,37 +108,33 @@ spec:
name: ironic-basic-auth
key: htpasswd
{{- end }}
{{- if .Values.global.enable_mariadb }}
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: ironic-mariadb
{{- end }}
livenessProbe:
exec:
command:
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
failureThreshold: 10
command: ["/bin/ironic-liveness"]
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
ports:
- containerPort: 6385
name: api
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
failureThreshold: 10
command: ["/bin/ironic-readiness"]
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_basicAuth }}
@@ -222,10 +142,6 @@ spec:
name: ironic-basic-auth
subPath: auth-config
readOnly: true
- mountPath: "/auth/ironic-inspector/auth-config"
name: ironic-inspector-basic-auth
subPath: auth-config
readOnly: true
{{- end }}
{{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
@@ -308,15 +224,16 @@ spec:
{{- end }}
volumes:
- name: ironic-data-volume
{{- if .Values.persistence.ironic.size }}
persistentVolumeClaim:
claimName: ironic-shared-volume
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.global.enable_basicAuth }}
- name: ironic-basic-auth
secret:
secretName: ironic-basic-auth
- name: ironic-inspector-basic-auth
secret:
secretName: ironic-inspector-basic-auth
{{- if .Values.global.enable_tls }}
- name: trusted-certs
projected:
@@ -333,12 +250,6 @@ spec:
- name: cert-ironic
secret:
secretName: ironic-cert
- name: cert-ironic-inspector-ca
secret:
secretName: ironic-cacert
- name: cert-ironic-inspector
secret:
secretName: ironic-inspector-cert
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia-ca
secret:

2
metal3-chart/charts/ironic/templates/pvc.yaml
View File

@@ -1,3 +1,4 @@
{{- if .Values.persistence.ironic.size }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
@@ -22,3 +23,4 @@ spec:
storageClassName: {{ .Values.persistence.ironic.storageClass }}
{{- end }}
volumeMode: Filesystem
{{- end }}

29
metal3-chart/charts/ironic/templates/secrets-basic-auth.yaml
View File

@@ -29,34 +29,5 @@ data:
htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
auth-config: |
{{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
---
{{- $ironicInspectorUsername := "" -}}
{{- $ironicInspectorPassword := "" -}}
{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
# Check if the secret is deployed and has a password
{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
# If not, check if a username and password are provided in values.yaml
{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
{{- else }}
# If no username and password are provided in values.yaml, generate new ones
{{- $ironicInspectorUsername = "ironic" -}}
{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $inspectorSecretName }}
type: Opaque
data:
username: {{ $ironicInspectorUsername | b64enc }}
password: {{ $ironicInspectorPassword | b64enc }}
htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername $ironicInspectorPassword) }}
auth-config: |
{{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
{{- end }}

13
metal3-chart/charts/ironic/values.yaml
View File

@@ -56,11 +56,11 @@ images:
ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 24.1.2.0
tag: 26.1.2.2
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 2.0.0
tag: 3.0.1
nameOverride: ""
fullnameOverride: ""
@@ -102,10 +102,6 @@ service:
port: 6185
protocol: TCP
targetPort: 6185
- name: inspector
port: 5050
protocol: TCP
targetPort: 5050
- name: api
port: 6385
protocol: TCP
@@ -144,8 +140,9 @@ persistence:
# storageClass for the ironic shared volume
# Ensure the storageClass is defined
storageClass: ""
# size of the ironic shared volume
size: "1Gi"
# size of the ironic shared volume e.g "1Gi"
# When unset persistent storage is disabled and emptyDir is enabled
size: ""
# accessMode of the ironic shared volume PVC
# If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
accessMode: ""

2
metal3-chart/charts/media/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 1.16.0
description: A Helm chart for Media, used by Metal3
name: media
type: application
version: 0.5.0
version: 0.6.1

15
metal3-chart/charts/media/templates/tests/test-connection.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "media.fullname" . }}-test-connection"
labels:
{{- include "media.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "media.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

2
metal3-chart/charts/media/values.yaml
View File

@@ -24,7 +24,7 @@ replicaCount: 1
image:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 24.1.2.0
tag: 26.1.2.2
imagePullSecrets: []
nameOverride: ""

7
metal3-chart/values.yaml
View File

@@ -6,6 +6,9 @@ global:
# IP on which the Ironic services will be exposed
ironicIP: ""
# whether to enable mariadb (default is sqlite)
enable_mariadb: false
# whether to enable media server.
enable_metal3_media_server: false
@@ -28,8 +31,6 @@ global:
auth:
ironicUsername: ""
ironicPassword: ""
ironicInspectorUsername: ""
ironicInspectorPassword: ""
# whether to have additional trusted CA
# NOTE: If enabled, a secret with name tls-ca-additional should be deployed
@@ -125,6 +126,4 @@ metal3-baremetal-operator:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator"
rbacProxy:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
tag: "v0.18.0"

Some files were not shown because too many files have changed in this diff Show More