suse-edge/Factory
SHA256
17
0
Fork 17
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: suse-edge:3.2
Branches Tags
suse-edge:main suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:devel steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:main steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync
..
compare: steven.hardy:supportlvl-macro
Branches Tags
steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:main steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync suse-edge:main suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:devel

1 Commits
3.2 ... supportlvl

Author SHA256 Message Date
Denislav Prodanov
d1b19a4e03 added macro to set support level l3 2024-11-07 15:57:22 +02:00
210 changed files with 1635 additions and 13822 deletions
Expand all files Collapse all files

23
.gitea/workflows/check_manifest.yaml
View File

@@ -1,23 +0,0 @@
name: Check Release Manifest Local Charts Versions
on:
pull_request:
branches-ignore:
- "devel"
jobs:
sync-pr-project:
name: "Check Release Manifest Local Charts Versions"
runs-on: tumbleweed
steps:
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: Setup dependencies
run: |
zypper in -y python3-ruamel.yaml
- name: Check release manifest
run: |
python3 .obs/manifest-check.py --check

62
.gitea/workflows/pr_project.yaml
View File

@@ -1,62 +0,0 @@
name: Build PR in OBS
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- closed
branches-ignore:
- "devel"
concurrency:
group: ${{ gitea.workflow }}-${{ gitea.ref }}
cancel-in-progress: true
jobs:
sync-pr-project:
name: "Build PR in OBS"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
zypper in -y python3-jinja2
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: "[if PR is closed] Delete project in OBS"
run: |
if [ "${{ gitea.event.action }}" = "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
osc rdelete -f -r -m "PR closed" "${PROJECT}:Staging:PR-${{ gitea.event.number }}"
fi
- name: "Setup PR project in OBS"
env:
SCM_URL: ${{ gitea.event.pull_request.head.repo.clone_url }}#${{ gitea.head_ref }}
run: |
if [ "${{ gitea.event.action }}" != "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
python3 .obs/render_meta.py --pr ${{ gitea.event.number }} --scm-url "${SCM_URL}" | osc meta prj "${PROJECT}:Staging:PR-${{ gitea.event.number }}" -F -
echo "Project created ${PROJECT}:Staging:PR-${{ gitea.event.number }}"
echo "Follow build at: https://build.opensuse.org/project/monitor/${PROJECT}:Staging:PR-${{ gitea.event.number }}"
fi
- env:
GIT_SHA: ${{ gitea.event.pull_request.head.sha }}
name: "Wait for OBS to build the project"
run: |
if [ "${{ gitea.event.action }}" != "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
export OBS_PROJECT="${PROJECT}:Staging:PR-${{ gitea.event.number }}"
python3 .obs/wait_obs.py
fi

35
.gitea/workflows/sync_config.yaml
View File

@@ -1,35 +0,0 @@
name: Synchronize Project Config
on:
push:
branches-ignore:
- "devel"
paths:
- "_config"
- ".gitea/workflows/sync_config.yaml"
jobs:
sync-prjconf:
name: "Update prjconf in OBS"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- run: |
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
if [ "$(osc meta prjconf "${PROJECT}" | sha256sum)" != "$(cat _config | sha256sum)" ] ; then
osc meta prjconf "${PROJECT}" -F _config
fi

45
.gitea/workflows/sync_meta.yaml
View File

@@ -1,45 +0,0 @@
name: Synchronize Project Metadata
on:
push:
branches-ignore:
- "devel"
paths:
- "*" # Will trigger on new directories and changes to files in root of repository
- ".gitea/workflows/sync_meta.yaml"
- ".obs/common.py"
jobs:
sync-prj-meta:
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
zypper in -y python3-jinja2
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: "Update or create OBS Project"
run: |
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
set -o pipefail
if meta="$(osc meta prj "${PROJECT}" 2>/dev/null | sha256sum)"; then
new_meta="$(python3 .obs/render_meta.py)"
if [ "${meta}" != "$(echo "${new_meta}" | sha256sum)" ]; then
echo "${new_meta}" | osc meta prj "${PROJECT}" -F -
fi
python3 .obs/sync_packages.py
else
# Create the projects
bash .obs/create_projects.sh
fi

28
.obs/add_package.py
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env python3
import yaml
import subprocess
import argparse
import os
@@ -6,6 +7,30 @@ import os.path
from common import PROJECT, REPOSITORY, BRANCH
def add_package_to_workflow(name: str):
modified = False
with open(".obs/workflows.yml", "r") as wf_file:
workflows = yaml.safe_load(wf_file)
if not any(
x
for x in workflows["staging_build"]["steps"]
if x["branch_package"]["source_package"] == name
):
workflows["staging_build"]["steps"].append(
{
"branch_package": {
"source_project": PROJECT,
"target_project": f"{PROJECT}:Staging",
"source_package": name,
}
}
)
modified = True
if modified:
with open(".obs/workflows.yml", "w") as wf_file:
yaml.dump(workflows, wf_file)
def add_package_to_project(name: str):
package_meta = f"""<package name="{name}" project="{PROJECT}">
<title/>
@@ -28,6 +53,7 @@ def add_package(package_name: str):
os.exit(1)
add_package_to_project(package_name)
add_package_to_workflow(package_name)
def main():
@@ -39,7 +65,7 @@ def main():
add_package(args.package)
print("Package created in OBS !")
print("Package created in OBS, you can now push the modified workflow file")
if __name__ == '__main__':

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:3.2"
PROJECT = "isv:SUSE:Edge:Factory"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "3.2"
BRANCH = "main"

37
.obs/create_projects.sh
View File

@@ -1,37 +0,0 @@
#!/bin/bash
show_help() {
echo "Usage: $(basename $0) [--internal]"
echo "options:"
echo "-h, --help display this help and exit"
echo "-i, --internal create project as internal"
exit 0
}
while [[ "$#" -gt 0 ]]; do
case $1 in
-h|--help) show_help;;
-i|--internal) internal="--internal" ;;
*) echo "Unknown parameter passed: $1";show_help ;;
esac
shift
done
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
EXTRA_OSC_ARGS=""
if [ -n "$internal" ]; then
PROJECT="ISV${PROJECT:3}"
EXTRA_OSC_ARGS="-A https://api.suse.de"
python3 .obs/render_meta.py ${internal} Snapshot | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:Snapshot" -F -
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:Snapshot" -F _config
fi
python3 .obs/render_meta.py ${internal} ToTest | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:ToTest" -F -
python3 .obs/render_meta.py ${internal} | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}" -F -
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:ToTest" -F _config
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}" -F _config
if [ -z "$internal" ]; then
python3 .obs/sync_packages.py
fi

16
.obs/delete_package.py
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env python3
import yaml
import subprocess
import argparse
import os
@@ -7,8 +8,20 @@ import os.path
from common import PROJECT
def delete_package_from_workflow(name: str):
with open(".obs/workflows.yml", "r") as wf_file:
workflows = yaml.safe_load(wf_file)
workflows["staging_build"]["steps"] = [
x
for x in workflows["staging_build"]["steps"]
if x["branch_package"]["source_package"] != name
]
with open(".obs/workflows.yml", "w") as wf_file:
yaml.dump(workflows, wf_file)
def delete_package_from_project(name: str):
p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
print(p.stdout)
print(p.stderr)
p.check_returncode()
@@ -20,6 +33,7 @@ def delete_package(package_name: str):
os.exit(1)
delete_package_from_project(package_name)
delete_package_from_workflow(package_name)
def main():

84
.obs/manifest-check.py
View File

@@ -1,84 +0,0 @@
#!/usr/bin/python3
import ruamel.yaml
import pathlib
import argparse
import sys
yaml = ruamel.yaml.YAML()
def get_chart_version(chart_name: str) -> str:
with open(f"./{chart_name}/Chart.yaml") as f:
chart = yaml.load(f)
return chart["version"]
def get_charts(chart):
if not chart["chart"].startswith("%%CHART_REPO%%"):
# Not a locally managed chart
return {}
chart_name = chart["chart"][len("%%CHART_REPO%%/%%IMG_PREFIX%%"):]
charts = { chart_name: chart["version"] }
for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
charts.update(get_charts(child_chart))
return charts
def get_charts_list():
with open("./release-manifest-image/release_manifest.yaml") as f:
manifest = yaml.load(f)
charts = {}
for chart in manifest["spec"]["components"]["workloads"]["helm"]:
charts.update(get_charts(chart))
return charts
def check_charts(fix: bool) -> bool:
success = True
charts = get_charts_list()
to_fix = {}
for chart in charts:
expected_version = get_chart_version(chart)
if expected_version != charts[chart]:
success = False
to_fix[f'%%CHART_REPO%%/%%IMG_PREFIX%%{chart}'] = expected_version
print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
if fix and not success:
fix_charts(to_fix)
return True
return success
def fix_charts(to_fix):
manifest_path = pathlib.Path("./release-manifest-image/release_manifest.yaml")
manifest = yaml.load(manifest_path)
yaml.indent(mapping=2, sequence=4, offset=2)
yaml.width = 4096
for chart_index, chart in enumerate(manifest["spec"]["components"]["workloads"]["helm"]):
changed = False
if chart["chart"] in to_fix.keys():
changed = True
chart["version"] = to_fix[chart["chart"]]
for subchart_index, subchart in enumerate(chart.get("addonCharts", [])):
if subchart["chart"] in to_fix.keys():
changed = True
subchart["version"] = to_fix[subchart["chart"]]
chart["addonCharts"][subchart_index] = subchart
for subchart_index, subchart in enumerate(chart.get("dependencyCharts", [])):
if subchart["chart"] in to_fix.keys():
changed = True
subchart["version"] = to_fix[subchart["chart"]]
chart["dependencyCharts"][subchart_index] = subchart
if changed:
manifest["spec"]["components"]["workloads"]["helm"][chart_index] = chart
yaml.dump(manifest, manifest_path)
def main():
print("Checking charts versions in release manifest")
parser = argparse.ArgumentParser()
parser.add_argument('-c', '--check', action='store_true')
args = parser.parse_args()
if not check_charts(not args.check):
sys.exit(1)
else:
print("All local charts in release manifest are using the right version")
if __name__ == "__main__":
main()

62
.obs/render_meta.py
View File

@@ -1,62 +0,0 @@
import argparse
from jinja2 import Template
from common import PROJECT
def render(base_project, subproject, internal, scm_url=None):
version = base_project.rsplit(':', 1)[-1]
context = {
"base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(),
}
if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest"
context["description"] = (
f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
"project currently going through the automated test layer"
)
if "Factory" in base_project or internal:
context["release_project"] = f"{base_project}:Snapshot"
elif subproject == "Snapshot":
context["project"] = f"{base_project}:Snapshot"
context["release_project"] = f"{base_project.rsplit(':', 1)[0]}:Containers"
context["for_release"] = True
context["description"] = (
f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
"project that passed automated test layer"
)
elif subproject == "":
context["project"] = base_project
context["release_project"] = f"{base_project}:ToTest"
else: # PR case direct python call
context["base_project"] = True
context["project"] = f"{base_project}:{subproject}"
if scm_url is not None:
context["scm_url"] = scm_url
with open("_meta") as meta:
template = Template(meta.read())
return template.render(context)
def main():
parser = argparse.ArgumentParser(
prog='ProgramName',
description='What the program does',
epilog='Text at the bottom of help')
parser.add_argument("subproject", default="", choices=["", "ToTest", "Snapshot"], nargs="?")
parser.add_argument("--internal", action="store_true")
parser.add_argument("--pr")
parser.add_argument("--scm-url")
args = parser.parse_args()
base_project = PROJECT.replace("isv", "ISV", 1) if args.internal else PROJECT
print(render(
base_project=base_project,
subproject=args.subproject if args.pr is None else f"Staging:PR-{args.pr}",
internal=args.internal,
scm_url=args.scm_url,
))
if __name__ == "__main__":
main()

2
.obs/sync_packages.py
View File

@@ -9,7 +9,7 @@ from common import PROJECT
def get_obs_packages() -> Set[str]:
packages = subprocess.run(["osc", "ls", PROJECT], encoding='utf-8' , capture_output=True)
return { p for p in packages.stdout.splitlines() if ":" not in p }
return set(packages.stdout.splitlines())
def get_local_packages() -> Set[str]:
p = pathlib.Path('.')

83
.obs/wait_obs.py
View File

@@ -1,83 +0,0 @@
import xml.etree.ElementTree as ET
import subprocess
import time
import os
import sys
from collections import Counter
def get_buildstatus(project: str) -> ET.Element:
for _ in range(5):
try:
output = subprocess.check_output(["osc", "pr", "--xml", project])
return ET.fromstring(output)
except subprocess.CalledProcessError:
continue
print("Failed to get buildstatus from OBS")
def do_wait(project:str, commit:str) -> ET.Element:
last_state = None
while True:
time.sleep(5)
status = get_buildstatus(project)
if last_state == status.get("state"):
continue
else:
last_state = status.get("state")
scminfo = { e.text for e in status.findall(".//scminfo") }
if len(scminfo) != 1 or scminfo.pop() != commit:
print("Waiting for OBS to sync with SCM")
continue
if not all([ e.get('state') == "published" and e.get('dirty') is None for e in status.findall("./result")]):
print("Waiting for OBS to finish building")
continue
return status
def print_results(status: ET.Element) -> bool:
results = {}
failed = []
for e in status.findall("./result"):
repo = results.get(e.get("repository"), {})
repo[e.get("arch")] = e
results[e.get("repository")] = repo
for repo in results.keys():
print(f"{repo}:")
depth=1
for arch in results[repo].keys():
counts = Counter()
if repo != "charts":
print(f"\t{arch}:")
depth=2
for package in results[repo][arch].findall("./status"):
if package.get("code") in ["excluded", "disabled"]:
continue
if package.get("code") in ["failed", "unresolvable", "broken"]:
details = package.findtext("details")
if details:
failed.append(f"{package.get('package')} ({arch}): {details}")
else:
failed.append(f"{package.get('package')} ({arch})")
counts[package.get("code")] += 1
for (code, count) in counts.items():
print("\t"*depth, f"{code}: {count}")
failed.sort()
if failed:
print("\nPackages failing: ")
for fail in failed:
print("\t", fail)
return len(failed)
def main():
project = os.environ.get("OBS_PROJECT")
sha = os.environ.get("GIT_SHA")
print(f"Waiting for OBS to build {project} for commit {sha}")
status = do_wait(project, sha)
sys.exit(print_results(status))
if __name__ == "__main__":
main()

196
.obs/workflows.yml Normal file
View File

@@ -0,0 +1,196 @@
staging_build:
filters:
event: pull_request
steps:
- branch_package:
source_package: endpoint-copier-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: endpoint-copier-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: endpoint-copier-operator-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-agent-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-dashboard-extension-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-debug-echo-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-onvif-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-opcua-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-udev-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-webhook-configuration-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: obs-service-set_version
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cosign
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: frr-k8s
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubectl
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: nm-configurator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kube-rbac-proxy
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: edge-image-builder
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: hauler
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: baremetal-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cdi-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-crd-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: edge-image-builder-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ironic-ipa-downloader-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2-controlplane-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metal3-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: baremetal-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2-bootstrap-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-network-operator-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-speaker-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ironic-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging

10
.pre-commit-config.yaml
View File

@@ -1,10 +0,0 @@
repos:
- repo: local
hooks:
- id: check-manifest
name: "Check release-manifest"
entry: python3 .obs/manifest-check.py
language: python
additional_dependencies: ['ruamel.yaml']
pass_filenames: false
always_run: true

22
README.md
View File

@@ -5,23 +5,11 @@ Contains the definition of the packages built on OBS for the SUSE Edge Solution
This repository is linked to an OBS project: <https://build.opensuse.org/project/show/isv:SUSE:Edge:Factory>
Every directory in this repository represents a package in that OBS project, those should be synced automatically from this repository.
## Testing a fork or a development branch
## Adding a package
You can create a project in your home space in OBS, use the same prjconf as the one of "isv:SUSE:Edge:Factory", and copy the repositories part of the metadata (adjust self references).
Then add a scmsync stanza to your metadata like this (adjust repository path and branch):
To add a package, first create a directory with your package as you intend it in OBS.
```xml
<scmsync>https://src.opensuse.org/suse-edge/Factory#main</scmsync>
```
Then run the `.obs/add_package.py` script to create the package in the OBS project and add the required elements to the synchronization workflow.
This script is using the `osc` command behind the scenes, so ensure you have it installed and correctly configured, as well as you have the correct permissions to create a new package in the project.
This is done automatically for any PR filed against this repository.
## Cutting a release version branch
1. Do the appropriate git branch command
2. Change the project path in `.obs/common.py` file (e.g. from `isv:SUSE:Edge:Factory` to `isv:SUSE:Edge:3.2`)
3. Change the branch reference in `.obs/common.py` file (e.g. from `main` to `3.2`)
5. Commit those changes to the new branch and push the new branch
9. Go take a few cups of coffee/tea/mate/... while waiting for OBS to build everything
10. Once built do an `osc release` of the project for it to be copied over in the `ToTest` section
11. Hand over to QA to test whatever is in `ToTest`. (You can continue to work on the base branch if needed meanwhile)
You will then get asked to push your changes.

155
_config
View File

@@ -1,155 +0,0 @@
Prefer: -libqpid-proton10 -python311-urllib3_1
Macros:
%__python3 /usr/bin/python3.11
%registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
:Macros
%if "%{sub %{lower %_project} 1 14}" != "isv:suse:edge:" || "%{sub %_project 15 21}" == "Factory"
# Here we are in Factory like project so set chart major version to 999
Macros:
%chart_major 999
:Macros
%else
# Here we are in version branch, so set the image prefix and chart major accordingly
Macros:
%project_branch %(echo %{_project} | cut -d ':' -f 4)
%img_prefix %{project_branch}/
%chart_major %(echo %{project_branch} | awk '{split($1,a,"."); print a[1]*100 + a[2]}')
:Macros
%endif
%if %{sub %_project 1 3} == ISV
Macros:
%img_repo registry.suse.com/edge
%chart_repo oci://registry.suse.com/edge
%manifest_repo registry.suse.com/edge
%support_level l3
:Macros
%else
Macros:
%img_repo registry.opensuse.org/isv/suse/edge/containers/images
%manifest_repo registry.opensuse.org/isv/suse/edge/containers/images
%chart_repo oci://registry.opensuse.org/isv/suse/edge/containers/charts
%support_level techpreview
:Macros
%endif
%if "%_repository" == "charts" || "%_repository" == "test_manifest_images"
Macros:
%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
:Macros
%endif
# Missing deps for testsuite
BuildFlags: excludebuild:autoconf:el
BuildFlags: excludebuild:autoconf:testsuite
# Only build manifest embedding images here
%if "%_repository" == "test_manifest_images"
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:release-manifest-image
# Exclude the images selected by the following section
# as the standard repository is a dependency
%ifarch aarch64
BuildFlags: excludebuild:baremetal-operator-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
%endif
%else
# Only a subset of stack is arm64 ready
%ifarch aarch64
BuildFlags: onlybuild:autoconf
BuildFlags: onlybuild:baremetal-operator
BuildFlags: onlybuild:baremetal-operator-image
BuildFlags: onlybuild:ca-certificates-suse
BuildFlags: onlybuild:cosign
BuildFlags: onlybuild:crudini
BuildFlags: onlybuild:edge-image-builder
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:endpoint-copier-operator
BuildFlags: onlybuild:endpoint-copier-operator-image
BuildFlags: onlybuild:fakeroot
BuildFlags: onlybuild:hauler
BuildFlags: onlybuild:ipcalc
BuildFlags: onlybuild:ironic-image
BuildFlags: onlybuild:ironic-ipa-downloader-image
BuildFlags: onlybuild:ironic-ipa-ramdisk
BuildFlags: onlybuild:kube-rbac-proxy
BuildFlags: onlybuild:kube-rbac-proxy-image
BuildFlags: onlybuild:metallb
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
%endif
%endif
%if "%_repository" == "images" || "%_repository" == "test_manifest_images"
Prefer: container:sles15-image
Type: docker
Repotype: none
Patterntype: none
BuildEngine: podman
Prefer: sles-release
BuildFlags: dockerarg:SLE_VERSION=15.6
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
%endif
%if "%_repository" == "images_6.0"
Prefer: container:sles15-image
Type: docker
BuildEngine: podman
Repotype: none
Patterntype: none
BuildFlags: dockerarg:SLE_VERSION=16.0
BuildFlags: onlybuild:kiwi-builder-image
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
# Exclude the images selected by the aarch64 section
%ifarch aarch64
BuildFlags: excludebuild:baremetal-operator-image
BuildFlags: excludebuild:edge-image-builder-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
%endif
%else
BuildFlags: excludebuild:kiwi-builder-image
%endif
%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
Type: helm
Repotype: helm
Patterntype: none
Required: perl-YAML-LibYAML
%endif
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
%endif
# Enable reproducible builds
# https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
Macros:
%source_date_epoch_from_changelog Y
%clamp_mtime_to_source_date_epoch Y
%use_source_date_epoch_as_buildtime Y
%_buildhost reproducible
:Macros

74
_meta
View File

@@ -1,74 +0,0 @@
{#-
This template is rendered by the render_meta.py script
it is not automatically enforced by OBS
-#}
{%- set maintainers = [
"edge-engineering",
] -%}
<project name="{{ project }}">
<title>{{ title }}</title>
{%- if description is defined %}
<description>{{ description }}</description>
{%- else %}
<description/>
{%- endif %}
{%- if scm_url is defined %}
<scmsync>{{ scm_url }}</scmsync>
{%- endif %}
{%- for maintainer in maintainers %}
<person userid="{{ maintainer }}" role="maintainer"/>
{%- endfor %}
{%- if not base_project %}
<build>
<disable/>
<enable repository="charts"/>
<enable repository="test_manifest_images"/>
</build>
<publish>
<disable repository="phantomcharts"/>
</publish>
<repository name="phantomcharts">
<arch>x86_64</arch>
</repository>
{%- endif %}
{%- for repository in ["images", "images_6.0", "test_manifest_images"] %}
<repository name="{{ repository }}">
{%- if release_project is defined and repository != "test_manifest_images" %}
<releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
{%- endif %}
<path project="SUSE:Registry" repository="standard"/>
{%- if repository == "images_6.0" %}
<path project="SUSE:CA" repository="16.0"/>
<path project="SUSE:ALP:Products:Marble:6.0" repository="standard"/>
{%- else %}
<path project="SUSE:CA" repository="SLE_15_SP6"/>
<path project="{{ project }}" repository="standard"/>
{%- endif %}
<arch>x86_64</arch>
<arch>aarch64</arch>
</repository>
{%- endfor %}
<repository name="standard" block="local">
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %}
<path project="Cloud:OpenStack:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch>
<arch>aarch64</arch>
</repository>
<repository name="charts"{{ ' rebuild="local"' if not base_project }}>
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="phantomcharts" trigger="manual"/>
{%- endif %}
<path project="{{ project }}" repository="standard"/>
<arch>x86_64</arch>
</repository>
{%- if for_release %}
<repository name="releasecharts" rebuild="local">
<releasetarget project="{{ release_project }}" repository="charts" trigger="manual"/>
<path project="{{ project }}" repository="standard"/>
<arch>x86_64</arch>
</repository>
{%- endif %}
</project>

6
akri-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20-%RELEASE%
annotations:
catalog.cattle.io/display-name: Akri
apiVersion: v2
@@ -8,4 +8,4 @@ description: A Helm chart for Akri
icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
name: akri
type: application
version: "%%CHART_MAJOR%%.0.0+up0.12.20"
version: 0.12.20

2
akri-chart/_service
View File

@@ -11,7 +11,5 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

17
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -1,21 +1,20 @@
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Akri
catalog.cattle.io/kube-version: ">= v1.26.0-0"
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/rancher-version: '>= v2.9.0'
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/ui-extensions-version: '>= 2.0.1'
apiVersion: v2
appVersion: 302.0.0+up1.2.1
appVersion: 1.1.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
version: 1.1.0

2
akri-dashboard-extension-chart/_service
View File

@@ -11,7 +11,5 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

2
akri-dashboard-extension-chart/templates/_helpers.tpl
View File

@@ -38,7 +38,7 @@ Common labels
helm.sh/chart: {{ include "extension-server.chart" . }}
{{ include "extension-server.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

4
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/302.0.0+up1.2.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

4
akri-dashboard-extension-chart/values.yaml
View File

@@ -7,6 +7,6 @@ plugin:
noAuth: false
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/rancher-version: ">= v2.9.0"
catalog.cattle.io/ui-extensions-version: ">= 2.0.1"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

4
akri/_service
View File

@@ -10,9 +10,7 @@
<service name="cargo_vendor" mode="manual">
<param name="srcdir">akri</param>
</service>
<service name="tar" mode="buildtime">
<param name="obsinfo">akri.obsinfo</param>
</service>
<service name="tar" mode="buildtime" />
<service name="set_version" mode="buildtime" >
<param name="fromfile">version.txt</param>
<param name="regex">^(.*)$</param>

10
baremetal-operator/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/baremetal-operator</param>
<param name="scm">git</param>
<param name="revision">v0.8.0</param>
<param name="revision">v0.6.1</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
@@ -12,8 +12,10 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">baremetal-operator.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
@@ -21,7 +23,7 @@
<param name="file">baremetal-operator.spec</param>
<param name="var">SOURCE_COMMIT</param>
<param name="eval">
SOURCE_COMMIT=$(grep commit baremetal-operator.obsinfo | cut -d" " -f2)
SOURCE_COMMIT=$(grep commit *.obsinfo | cut -d" " -f2)
</param>
<param name="verbose">1</param>
</service>

8
baremetal-operator/baremetal-operator.spec
View File

@@ -17,14 +17,14 @@
Name: baremetal-operator
Version: 0.8.0
Release: 0.8.0
Version: 0.6.1
Release: 0.6.1
Summary: Implements a Kubernetes API for managing bare metal hosts
License: Apache-2.0
URL: https://github.com/metal3-io/baremetal-operator
Source: baremetal-operator-%{version}.tar
Source: baremetal-operator-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}

6
cdi-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0-%RELEASE%
apiVersion: v2
appVersion: 1.60.1
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: "%%CHART_MAJOR%%.0.0+up0.4.0"
version: 0.4.0

2
cdi-chart/_service
View File

@@ -4,7 +4,5 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

23
frr-k8s-image/Dockerfile → cluster-api-controller-image/Dockerfile
View File

@@ -1,25 +1,26 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:v%%cluster-api_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends frr-k8s; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.endpoint-copier-operator
# labelprefix=com.suse.application.cluster-api
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE frr-k8s Container Image"
LABEL org.opencontainers.image.description="frr-k8s based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%frr-k8s_version%%"
LABEL org.opencontainers.image.title="SLE cluster-api Container Image"
LABEL org.opencontainers.image.description="cluster-api based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -28,6 +29,8 @@ LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
#Install frr-k8s
COPY --from=base /installroot /
ENTRYPOINT ["/frr-k8s"]
RUN mv /usr/bin/cluster-api-controller /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

4
frr-k8s-image/_service → cluster-api-controller-image/_service
View File

@@ -3,8 +3,8 @@
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%frr-k8s_version%%</param>
<param name="package">frr-k8s</param>
<param name="regex">%%cluster-api_version%%</param>
<param name="package">cluster-api</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">

24
kube-rbac-proxy-image/Dockerfile → cluster-api-operator-image/Dockerfile
View File

@@ -1,25 +1,25 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends kube-rbac-proxy; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-operator shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.kube-rbac-proxy
# labelprefix=com.suse.application.cluster-api-operator
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE kube-rbac-proxy Container Image"
LABEL org.opencontainers.image.description="kube-rbac-proxy based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%kube-rbac-proxy_version%%"
LABEL org.opencontainers.image.title="SLE cluster-api-operator Container Image"
LABEL org.opencontainers.image.description="cluster-api-operator based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-operator_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,7 +29,7 @@ LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
#Install kube-rbac-proxy
EXPOSE 8080
USER 65532:65532
ENTRYPOINT ["/kube-rbac-proxy"]
RUN mv /usr/bin/cluster-api-operator-controller /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

6
frr-image/_service → cluster-api-operator-image/_service
View File

@@ -1,6 +1,12 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-operator_version%%</param>
<param name="package">cluster-api-operator</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

23
cluster-api-operator/_service Normal file
View File

@@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/cluster-api-operator</param>
<param name="scm">git</param>
<param name="revision">v0.12.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

52
cluster-api-operator/cluster-api-operator.spec Normal file
View File

@@ -0,0 +1,52 @@
#
# spec file for package cluster-api-operator
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-operator
Version: 0.12.0
Release: 0
Summary: Cluster API Core Controller
License: Apache-2.0
URL: https://github.com/kubernetes-sigs/cluster-api-operator
Source: cluster-api-operator-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API operator
%prep
%autosetup -a1 -n cluster-api-operator-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
-o cluster-api-operator cmd/main.go
%install
install -D -m0755 cluster-api-operator %{buildroot}%{_bindir}/cluster-api-operator-controller
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-operator-controller
%changelog

36
cluster-api-provider-metal3-image/Dockerfile Normal file
View File

@@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-metal3
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/cluster-api-provider-metal3 /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

7
kubectl-image/_service → cluster-api-provider-metal3-image/_service
View File

@@ -1,5 +1,12 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-metal3_version%%</param>
<param name="package">cluster-api-provider-metal3</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

23
cluster-api-provider-metal3/_service Normal file
View File

@@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
<param name="scm">git</param>
<param name="revision">v1.8.2</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

54
cluster-api-provider-metal3/cluster-api-provider-metal3.spec Normal file
View File

@@ -0,0 +1,54 @@
#
# spec file for package cluster-api-provider-metal3
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-provider-metal3
Version: 1.8.2
Release: 0
Summary: Cluster API Infrastructure Provider for Metal3
License: Apache-2.0
URL: https://github.com/metal3-io/cluster-api-provider-metal3
Source: cluster-api-provider-metal3-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API Provider Metal3 is one of the providers for Cluster API and enables
users to deploy a Cluster API based cluster on top of bare metal infrastructure
using Metal3.
%prep
%autosetup -a1 -n cluster-api-provider-metal3-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
-a -ldflags '-extldflags "-static"'
%install
install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-provider-metal3
%changelog

36
cluster-api-provider-rke2-bootstrap-image/Dockerfile Normal file
View File

@@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:v%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-bootstrap shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-rke2
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/rke2-bootstrap-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

19
cluster-api-provider-rke2-bootstrap-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
<param name="package">cluster-api-provider-rke2-bootstrap</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

36
cluster-api-provider-rke2-controlplane-image/Dockerfile Normal file
View File

@@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:v%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-control-plane shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-rke2
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/rke2-control-plane-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

19
cluster-api-provider-rke2-controlplane-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
<param name="package">cluster-api-provider-rke2-control-plane</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

23
cluster-api-provider-rke2/_service Normal file
View File

@@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/rancher-sandbox/cluster-api-provider-rke2</param>
<param name="scm">git</param>
<param name="revision">v0.8.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

61
cluster-api-provider-rke2/cluster-api-provider-rke2.spec Normal file
View File

@@ -0,0 +1,61 @@
#
# spec file for package cluster-api-provider-rke2
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-provider-rke2
Version: 0.8.0
Release: 0
Summary: Cluster API provider for RKE2
License: Apache-2.0
URL: https://github.com/rancher-sandbox/cluster-api-provider-rke2
Source: cluster-api-provider-rke2-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API provider for RKE2
%package bootstrap
Summary: Cluster API bootstrap controller for RKE2
%description bootstrap
Cluster API bootstrap controller for RKE2
%package control-plane
Summary: Cluster API control-plane controller for RKE2
%description control-plane
Cluster API control-plane controller for RKE2
%prep
%autosetup -a1 -n cluster-api-provider-rke2-%{version}
%build
make managers
%install
install -D -m0755 bin/rke2-bootstrap-manager %{buildroot}%{_bindir}/rke2-bootstrap-manager
install -D -m0755 bin/rke2-control-plane-manager %{buildroot}%{_bindir}/rke2-control-plane-manager
%files bootstrap
%{_bindir}/rke2-bootstrap-manager
%files control-plane
%{_bindir}/rke2-control-plane-manager
%changelog

23
cluster-api/_service Normal file
View File

@@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/cluster-api</param>
<param name="scm">git</param>
<param name="revision">v1.8.4</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

51
cluster-api/cluster-api.spec Normal file
View File

@@ -0,0 +1,51 @@
#
# spec file for package cluster-api
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api
Version: 1.8.4
Release: 0
Summary: Cluster API Core Controller
License: Apache-2.0
URL: https://github.com/kubernetes-sigs/cluster-api
Source: cluster-api-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API core controller
%prep
%autosetup -a1 -n cluster-api-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
%install
install -D -m0755 cluster-api %{buildroot}%{_bindir}/cluster-api-controller
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-controller
%changelog

6
cosign/_service
View File

@@ -8,8 +8,10 @@
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">cosign.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">

2
cosign/cosign.spec
View File

@@ -24,7 +24,7 @@ Release: 0
Summary: Container Signing, Verification and Storage in an OCI registry
License: Apache-2.0
URL: https://github.com/rancher-government-carbide/cosign
Source: cosign-%{version}.tar
Source: cosign-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang-packaging

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.2-rc1
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.2-rc1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.1.2-rc1"
LABEL org.opencontainers.image.version="1.1.0"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.2-rc1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

4
edge-image-builder-image/_service
View File

@@ -7,14 +7,10 @@
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="file">artifacts.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
<param name="var">CHART_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

9
edge-image-builder-image/artifacts.yaml
View File

@@ -1,11 +1,11 @@
metallb:
chart: metallb-chart
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
version: "%%CHART_MAJOR%%.0.1+up0.14.9"
repository: %%CHART_REPO%%/3.1
version: 0.14.9
endpoint-copier-operator:
chart: endpoint-copier-operator-chart
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
repository: %%CHART_REPO%%/3.1
version: 0.2.1
kubernetes:
k3s:
selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
@@ -13,3 +13,4 @@ kubernetes:
rke2:
selinuxPackage: rke2-selinux
selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch

13
edge-image-builder/_service
View File

@@ -1,19 +1,18 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.1.2-rc1</param>
<!-- Uncomment and set this For Pre-Release Version -->
<param name="version">1.1.2~rc0</param>
<!-- Uncomment and this for regular version -->
<!-- <param name="versionformat">@PARENT_TAG@</param> -->
<param name="revision">v1.1.0</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">edge-image-builder.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">

4
edge-image-builder/edge-image-builder.spec
View File

@@ -17,12 +17,12 @@
Name: edge-image-builder
Version: 1.1.2~rc1
Version: 1.1.0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0
URL: https://github.com/suse-edge/edge-image-builder
Source: edge-image-builder-%{version}.tar
Source: edge-image-builder-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) go1.22
BuildRequires: golang-packaging

6
endpoint-copier-operator-chart/Chart.yaml
View File

@@ -1,8 +1,8 @@
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1-%RELEASE%
apiVersion: v2
appVersion: v0.2.0
description: A Helm chart for Kubernetes
name: endpoint-copier-operator
type: application
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
version: 0.2.1

2
endpoint-copier-operator-chart/_service
View File

@@ -11,7 +11,5 @@
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

6
endpoint-copier-operator/_service
View File

@@ -12,8 +12,10 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">endpoint-copier-operator.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>

2
endpoint-copier-operator/endpoint-copier-operator.spec
View File

@@ -22,7 +22,7 @@ Release: 0.2.0
Summary: Implements a Kubernetes API for copying endpoint resources
License: Apache-2.0
URL: https://github.com/suse-edge/endpoint-copier-operator
Source: endpoint-copier-operator-%{version}.tar
Source: endpoint-copier-operator-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.20
ExcludeArch: s390

58
frr-image/Dockerfile
View File

@@ -1,58 +0,0 @@
# SPDX-License-Identifier: MIT
#!BuildTag: %%IMG_PREFIX%%frr:8.4
#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
#!BuildVersion: 15.5
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.frr
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="FRR Container Image"
LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="8.4"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
#Install frr
USER root
ENV PYTHONDONTWRITEBYTECODE yes
# frr.sh is the entry point. This script examines environment
# variables to direct operation and configure ovn
ADD frr.sh /root/
ADD daemons /etc/frr
ADD frr.conf /etc/frr
ADD vtysh.conf /etc/frr
RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
RUN ln -s /usr/bin/catatonit /sbin/tini
RUN usermod -a -G frrvty frr
COPY docker-start /usr/libexec/frr/docker-start
RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
WORKDIR /root
ENTRYPOINT ["/sbin/tini", "--"]
COPY docker-start /usr/lib/frr/docker-start
RUN chmod +x /usr/lib/frr/docker-start
CMD ["/usr/lib/frr/docker-start"]

82
frr-image/daemons
View File

@@ -1,82 +0,0 @@
# This file tells the frr package which daemons to start.
#
# Entries are in the format: <daemon>=(yes|no|priority)
# 0, "no" = disabled
# 1, "yes" = highest priority
# 2 .. 10 = lower priorities
#
# For daemons which support multiple instances, a 2nd line listing
# the instances can be added. Eg for ospfd:
# ospfd=yes
# ospfd_instances="1,2"
#
# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
# They're used to start the FRR daemons in more than one step
# (for example start one or two at network initialization and the
# rest later). The number of FRR daemons being small, priorities
# must be between 1 and 9, inclusive (or the initscript has to be
# changed). /etc/init.d/frr then can be started as
#
# /etc/init.d/frr <start|stop|restart|<priority>>
#
# where priority 0 is the same as 'stop', priority 10 or 'start'
# means 'start all'
#
# Sample configurations for these daemons can be found in
# /usr/share/doc/frr/examples/.
#
# ATTENTION:
#
# When activation a daemon at the first time, a config file, even if it is
# empty, has to be present *and* be owned by the user and group "frr", else
# the daemon will not be started by /etc/init.d/frr. The permissions should
# be u=rw,g=r,o=.
# When using "vtysh" such a config file is also needed. It should be owned by
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
#
watchfrr_enable=yes
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
#
zebra=yes
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
nhrpd=no
eigrpd=no
sharpd=no
pbrd=no
staticd=yes
bfdd=yes
fabricd=no
#
# Command line options for the daemons
#
zebra_options=("-A 127.0.0.1")
bgpd_options=("-A 127.0.0.1")
ospfd_options=("-A 127.0.0.1")
ospf6d_options=("-A ::1")
ripd_options=("-A 127.0.0.1")
ripngd_options=("-A ::1")
isisd_options=("-A 127.0.0.1")
pimd_options=("-A 127.0.0.1")
nhrpd_options=("-A 127.0.0.1")
eigrpd_options=("-A 127.0.0.1")
sharpd_options=("-A 127.0.0.1")
pbrd_options=("-A 127.0.0.1")
staticd_options=("-A 127.0.0.1")
bfdd_options=("-A 127.0.0.1")
fabricd_options=("-A 127.0.0.1")
#
# If the vtysh_enable is yes, then the unified config is read
# and applied if it exists. If no unified frr.conf exists
# then the per-daemon <daemon>.conf files are used)
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
# it is highly suggested to have this set to yes
vtysh_enable=yes

4
frr-image/docker-start
View File

@@ -1,4 +0,0 @@
#!/bin/bash
source /usr/lib/frr/frrcommon.sh
/usr/lib/frr/watchfrr $(daemon_list)

53
frr-image/frr.conf
View File

@@ -1,53 +0,0 @@
frr defaults traditional
log file /var/log/frr/frr.log
log syslog informational
log stdout debugging
ipv6 forwarding
service integrated-vtysh-config
!
debug bgp updates in
debug bgp updates out
debug bgp zebra
!
interface eth0
no ipv6 nd suppress-ra
ipv6 nd ra-interval 10
!
router bgp OCPASN
bgp router-id OCPROUTERID
bgp bestpath as-path multipath-relax
bgp bestpath compare-routerid
!
neighbor OCPnodes peer-group
neighbor OCPnodes description Internal OCP Nodes
neighbor OCPnodes remote-as OCPASN
neighbor OCPnodes bfd
neighbor OCPnodes capability extended-nexthop
!neighbor eth0 interface peer-group OCPnodes
!neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
neighbor OCPPEER peer-group OCPnodes
!
address-family ipv4 unicast
redistribute connected
neighbor OCPnodes activate
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor OCPnodes activate
neighbor OCPnodes nexthop-local unchanged
exit-address-family
!
!
bfd
peer OCPPEER vrf default interface eth0
receive-interval 2000
transmit-interval 2000
echo-mode
echo-interval 3000
no shutdown
exit
!
line vty
!

124
frr-image/frr.sh
View File

@@ -1,124 +0,0 @@
#!/bin/bash
#set -euo pipefail
# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
set -x
fi
# The argument to the command is the operation to be performed
# frr-node display display_env
# a cmd must be provided, there is no default
cmd=${1:-""}
# The frr user id, by default it is going to be frr:frr
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# This script is the entrypoint to the image.
# frr.sh version (update when API between daemonset and script changes - v.x.y)
frr_version="3"
# The daemonset version must be compatible with this script.
# The default when FRR_DAEMONSET_VERSION is not set is version 3
frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
# hostname is the host's hostname when using host networking,
# This is useful on the master
# otherwise it is the container ID (useful for debugging).
frr_pod_host=${K8S_NODE:-$(hostname)}
# The ovs user id, by default it is going to be root:root
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# frr.conf variables
ocp_asn=${OCPASN:-65000}
ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
ocp_peer=${OCPPEER:-"10.10.10.1"}
FRR_ETCDIR=/etc/frr
FRR_RUNDIR=/var/run/frr
FRR_LOGDIR=/var/log/frr
# =========================================
setup_frr_permissions() {
chown -R ${frr_user_id} ${FRR_RUNDIR}
chown -R ${frr_user_id} ${FRR_LOGDIR}
chown -R ${frr_user_id} ${FRR_ETCDIR}
}
# =========================================
display_version() {
echo " =================== hostname: ${frr_pod_host}"
echo " =================== daemonset version ${frr_daemonset_version}"
if [[ -f /root/git_info ]]; then
disp_ver=$(cat /root/git_info)
return
fi
}
display_env() {
echo FRR_USER_ID ${frr_user_id}
echo FRR_OPTIONS ${frr_options}
echo frr.sh version ${frr_version}
echo ocp_asn ${ocp_asn}
echo ocp_routerid ${ocp_routerid}
echo ocp_peer ${ocp_peer}
}
# frr-node - all nodes
frr-node() {
trap 'kill $(jobs -p) ; exit 0' TERM
rm -f ${FRR_RUNDIR}/frr.pid
echo "=============== frr-node ========== update frr.conf"
sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
#chown -R frr:frr /etc/frr
chown -R frr:frr ${FRR_RUNDIR}
echo "=============== frr-node ========== starting"
# /usr/lib/frr/frrinit.sh start
# bash -x /usr/lib/frr/frrinit.sh start
bash -x
/usr/lib/frr/frrinit.sh start
frrResult=$?
echo "=============== frrinit result is ${frrResult} "
# Sleep forever
exec tail -f /dev/null
}
echo "================== frr.sh --- version: ${frr_version} ================"
display_version
display_env
case ${cmd} in
"frr-node")
frr-node
;;
"display_env")
display_env
exit 0
;;
"display")
display
exit 0
;;
*)
echo "invalid command ${cmd}"
echo "valid v3 commands: frr-node display_env display "
exit 0
;;
esac
exit 0

0
frr-image/vtysh.conf
View File

6
frr-k8s/_service
View File

@@ -12,8 +12,10 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">frr-k8s.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>

2
frr-k8s/frr-k8s.spec
View File

@@ -22,7 +22,7 @@ Release: 0.0.14
Summary: A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
License: Apache-2.0
URL: https://github.com/metallb/frr-k8s
Source: frr-k8s-%{version}.tar
Source: frr-k8s-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390

6
hauler/_service
View File

@@ -8,8 +8,10 @@
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">hauler.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">

2
hauler/hauler.spec
View File

@@ -23,7 +23,7 @@ Release: 0
Summary: Airgap Swiss Army Knife
License: Apache-2.0
URL: https://github.com/hauler-dev/hauler
Source: hauler-%{version}.tar
Source: hauler-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang-packaging
BuildRequires: cosign

36
ip-address-manager-image/Dockerfile Normal file
View File

@@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ip-address-manager
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/ip-address-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

4
kube-rbac-proxy-image/_service → ip-address-manager-image/_service
View File

@@ -3,8 +3,8 @@
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%kube-rbac-proxy_version%%</param>
<param name="package">kube-rbac-proxy</param>
<param name="regex">%%ip-address-manager_version%%</param>
<param name="package">ip-address-manager</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">

23
ip-address-manager/_service Normal file
View File

@@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/ip-address-manager</param>
<param name="scm">git</param>
<param name="revision">v1.8.1</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

51
ip-address-manager/ip-address-manager.spec Normal file
View File

@@ -0,0 +1,51 @@
#
# spec file for package ip-address-manager
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: ip-address-manager
Version: 1.8.1
Release: 0
Summary: Metal3 IPAM controller
License: Apache-2.0
URL: https://github.com/metal3-io/ip-address-manager
Source: ip-address-manager-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Metal3 IPAM controller
%prep
%autosetup -a1 -n ip-address-manager-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
%install
install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
%files
%license LICENSE
%doc README.md
%{_bindir}/ip-address-manager
%changelog

57
ironic-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
@@ -8,14 +8,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
RUN set -euo pipefail; zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -23,20 +16,7 @@ RUN /bin/prepare-efi.sh
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
# DATABASE
RUN mkdir -p /installroot/var/lib/ironic && \
/installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
zypper --installroot /installroot --non-interactive remove sqlite3
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api
FROM micro AS final
MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -46,8 +26,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.3"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%"
LABEL org.opencontainers.image.version="24.1.2.0"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -68,8 +48,8 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
COPY mkisofs_wrapper /usr/bin/mkisofs
RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
RUN mkdir -p /tftpboot
RUN mkdir -p $GRUB_DIR
@@ -79,19 +59,11 @@ RUN mkdir -p $GRUB_DIR
# IRONIC #
RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
fi
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/
COPY network-data-schema-empty.json /etc/ironic/
# DNSMASQ
@@ -101,7 +73,14 @@ COPY dnsmasq.conf.j2 /etc/
COPY httpd.conf.j2 /etc/httpd/conf/
COPY httpd-modules.conf /etc/httpd/conf.modules.d/
COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
# IRONIC-INSPECTOR #
RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"
COPY ironic-inspector.conf.j2 /etc/ironic-inspector/
COPY inspector-apache.conf.j2 /etc/httpd/conf.d/
# Workaround
# Removing the 010-ironic.conf file that comes with the package

35
ironic-image/apache2-ipxe.conf.j2
View File

@@ -1,35 +0,0 @@
Listen {{ env.IPXE_TLS_PORT }}
<VirtualHost *:{{ env.IPXE_TLS_PORT }}>
ErrorLog /dev/stderr
LogLevel debug
CustomLog /dev/stdout combined
SSLEngine on
SSLProtocol {{ env.IPXE_SSL_PROTOCOL }}
SSLCertificateFile {{ env.IPXE_CERT_FILE }}
SSLCertificateKeyFile {{ env.IPXE_KEY_FILE }}
<Directory "/shared/html">
Order Allow,Deny
Allow from all
</Directory>
<Directory "/shared/html/(redfish|ilo|images)/">
Order Deny,Allow
Deny from all
</Directory>
</VirtualHost>
<Location ~ "^/grub.*/">
SSLRequireSSL
</Location>
<Location ~ "^/pxelinux.cfg/">
SSLRequireSSL
</Location>
<Location ~ "^/.*\.conf/">
SSLRequireSSL
</Location>
<Location ~ "^/(([0-9]|[a-z]).*-){4}([0-9]|[a-z]).*/">
SSLRequireSSL
</Location>

2
ironic-image/apache2-vmedia.conf.j2
View File

@@ -9,7 +9,7 @@ Listen {{ env.VMEDIA_TLS_PORT }}
SSLProtocol {{ env.IRONIC_VMEDIA_SSL_PROTOCOL }}
SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
<Directory "/shared">
AllowOverride None
Require all granted

46
ironic-image/auth-common.sh
View File

@@ -2,39 +2,36 @@
set -euxo pipefail
export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
export INSPECTOR_HTPASSWD=${INSPECTOR_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
export IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
# Backward compatibility
if [[ "${IRONIC_DEPLOYMENT:-}" == "Conductor" ]]; then
export IRONIC_EXPOSE_JSON_RPC=true
else
export IRONIC_EXPOSE_JSON_RPC="${IRONIC_EXPOSE_JSON_RPC:-false}"
fi
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
IRONIC_HTPASSWD_FILE=/etc/ironic/htpasswd
if [[ -f "/auth/ironic/htpasswd" ]]; then
IRONIC_HTPASSWD=$(</auth/ironic/htpasswd)
fi
export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
INSPECTOR_HTPASSWD_FILE=/etc/ironic-inspector/htpasswd
configure_client_basic_auth()
{
local auth_config_file="/auth/$1/auth-config"
local dest="${2:-/etc/ironic/ironic.conf}"
if [[ -f "${auth_config_file}" ]]; then
# Merge configurations in the "auth" directory into the default ironic configuration file
# Merge configurations in the "auth" directory into the default ironic configuration file because there is no way to choose the configuration file
# when running the api as a WSGI app.
crudini --merge "${dest}" < "${auth_config_file}"
fi
}
configure_json_rpc_auth()
{
if [[ "${IRONIC_EXPOSE_JSON_RPC}" == "true" ]]; then
if [[ -z "${IRONIC_HTPASSWD}" ]]; then
echo "FATAL: enabling JSON RPC requires authentication"
exit 1
export JSON_RPC_AUTH_STRATEGY="noauth"
if [[ -n "${IRONIC_HTPASSWD}" ]]; then
if [[ "${IRONIC_DEPLOYMENT}" == "Conductor" ]]; then
export JSON_RPC_AUTH_STRATEGY="http_basic"
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
else
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
fi
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
fi
}
@@ -51,9 +48,24 @@ configure_ironic_auth()
fi
}
configure_inspector_auth()
{
local config=/etc/ironic-inspector/ironic-inspector.conf
if [[ -n "${INSPECTOR_HTPASSWD}" ]]; then
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "false" ]]; then
crudini --set "${config}" DEFAULT auth_strategy http_basic
crudini --set "${config}" DEFAULT http_basic_auth_user_file "${INSPECTOR_HTPASSWD_FILE}"
fi
fi
}
write_htpasswd_files()
{
if [[ -n "${IRONIC_HTPASSWD:-}" ]]; then
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
fi
if [[ -n "${INSPECTOR_HTPASSWD:-}" ]]; then
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
fi
}

57
ironic-image/configure-ironic.sh
View File

@@ -2,13 +2,14 @@
set -euxo pipefail
IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
# Define the VLAN interfaces to be included in introspection report, e.g.
# all - all VLANs on all interfaces using LLDP information
# <interface> - all VLANs on a particular interface using LLDP information
# <interface.vlan> - a particular VLAN on an interface, not relying on LLDP
export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}}
export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
# shellcheck disable=SC1091
. /bin/tls-common.sh
@@ -19,17 +20,13 @@ export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_I
export HTTP_PORT=${HTTP_PORT:-80}
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
if [[ "$IRONIC_USE_MARIADB" == "true" ]]; then
MARIADB_PASSWORD=${MARIADB_PASSWORD}
MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
MARIADB_USER=${MARIADB_USER:-ironic}
MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
fi
MARIADB_PASSWORD=${MARIADB_PASSWORD}
MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
MARIADB_USER=${MARIADB_USER:-ironic}
MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
fi
# TODO(dtantsur): remove the explicit default once we get
@@ -40,6 +37,9 @@ if [[ "$NUMPROC" -lt 4 ]]; then
fi
export NUMWORKERS=${NUMWORKERS:-$NUMPROC}
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-true}
# Whether to enable fast_track provisioning or not
export IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
@@ -58,14 +58,16 @@ wait_for_interface_or_ip
export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
export IRONIC_INSPECTOR_BASE_URL=${IRONIC_INSPECTOR_BASE_URL:-"${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_ACCESS_PORT}"}
if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
export IRONIC_EXTERNAL_CALLBACK_URL=${IRONIC_EXTERNAL_CALLBACK_URL:-"${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"}
export IRONIC_EXTERNAL_CALLBACK_URL="${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"}
export IRONIC_EXTERNAL_HTTP_URL="https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"
else
export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"}
export IRONIC_EXTERNAL_HTTP_URL="http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"
fi
export IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE="https://${IRONIC_EXTERNAL_IP}:${IRONIC_INSPECTOR_ACCESS_PORT}"
fi
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
@@ -88,32 +90,13 @@ mkdir -p /shared/ironic_prometheus_exporter
configure_json_rpc_auth
if [[ -f /proc/sys/crypto/fips_enabled ]]; then
ENABLE_FIPS_IPA=$(cat /proc/sys/crypto/fips_enabled)
export ENABLE_FIPS_IPA
fi
# The original ironic.conf is empty, and can be found in ironic.conf_orig
render_j2_config /etc/ironic/ironic.conf.j2 /etc/ironic/ironic.conf
if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
configure_client_basic_auth ironic-inspector
fi
configure_client_basic_auth ironic-rpc
# Make sure ironic traffic bypasses any proxies
export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
PROBE_CURL_ARGS=
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
if [[ "${IRONIC_PRIVATE_PORT}" == "unix" ]]; then
PROBE_URL="http://127.0.0.1:6385"
PROBE_CURL_ARGS="--unix-socket /shared/ironic.sock"
else
PROBE_URL="http://127.0.0.1:${IRONIC_PRIVATE_PORT}"
fi
else
PROBE_URL="${IRONIC_BASE_URL}"
fi
export PROBE_CURL_ARGS
export PROBE_URL
PROBE_KIND=readiness render_j2_config /bin/ironic-probe.j2 /bin/ironic-readiness
PROBE_KIND=liveness render_j2_config /bin/ironic-probe.j2 /bin/ironic-liveness

21
ironic-image/configure-nonroot.sh
View File

@@ -10,12 +10,12 @@ useradd -r -g ${NONROOT_GID} \
-d /var/lib/ironic \
-s /sbin/nologin \
${USER}
# create ironic's http_root directory
mkdir -p /shared/html
chown "${NONROOT_UID}":"${NONROOT_GID}" /shared/html
# we'll bind mount shared ca and ironic certificate dirs here
# we'll bind mount shared ca and ironic/inspector certificate dirs here
# that need to have correct ownership as the entire ironic in BMO
# deployment shares a single fsGroup in manifest's securityContext
mkdir -p /certs/ca
@@ -26,15 +26,17 @@ chmod 2775 /certs{,/ca}
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/apache2
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /run
# ironic and httpd related changes
mkdir -p /etc/httpd/conf.d
# ironic, inspector and httpd related changes
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic /etc/httpd /etc/httpd
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic-inspector
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/log
chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
chmod 2775 /etc/ironic /etc/ironic-inspector /etc/httpd/conf /etc/httpd/conf.d
chmod 664 /etc/ironic/* /etc/ironic-inspector/* /etc/httpd/conf/* /etc/httpd/conf.d/*
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic
chmod 664 /var/lib/ironic/ironic.sqlite
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic-inspector
chmod 2775 /var/lib/ironic /var/lib/ironic-inspector
chmod 664 /var/lib/ironic/ironic.db /var/lib/ironic-inspector/ironic-inspector.db
# dnsmasq, and the capabilities required to run it as non-root user
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/dnsmasq.conf /var/lib/dnsmasq
@@ -46,8 +48,3 @@ chmod 664 /etc/dnsmasq.conf /var/lib/dnsmasq/dnsmasq.leases
touch /var/lib/ca-certificates/ca-bundle.pem.new
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ca-certificates/
chmod -R +w /var/lib/ca-certificates/
# probes that are created before start
touch /bin/ironic-{readi,live}ness
chown root:"${NONROOT_GID}" /bin/ironic-{readi,live}ness
chmod 775 /bin/ironic-{readi,live}ness

12
ironic-image/dnsmasq.conf.j2
View File

@@ -29,23 +29,13 @@ dhcp-option=option{% if ":" in env["DNS_IP"] %}6{% endif %}:dns-server,{{ env["D
# IPv4 Configuration:
dhcp-match=ipxe,175
# Client is already running iPXE; move to next stage of chainloading
{%- if env.IPXE_TLS_SETUP == "true" %}
# iPXE with (U)EFI
dhcp-boot=tag:efi,tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/snponly.efi
# iPXE with BIOS
dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/undionly.kpxe
{% else %}
dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/boot.ipxe
{% endif %}
# Note: Need to test EFI booting
dhcp-match=set:efi,option:client-arch,7
dhcp-match=set:efi,option:client-arch,9
dhcp-match=set:efi,option:client-arch,11
# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader do the same also if iPXE ROM boots but TLS is enabled
{%- if env.IPXE_TLS_SETUP == "true" %}
dhcp-boot=tag:efi,tag:ipxe,snponly.efi
{% endif %}
# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader
dhcp-boot=tag:efi,tag:!ipxe,snponly.efi
# Client is running PXE over BIOS; send BIOS version of iPXE chainloader

25
ironic-image/httpd-ironic-api.conf.j2
View File

@@ -19,6 +19,8 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
<VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
{% endif %}
{% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
{% if env.IRONIC_PRIVATE_PORT == "unix" %}
ProxyPass "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
ProxyPassReverse "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
@@ -27,8 +29,14 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
ProxyPassReverse "/" "http://127.0.0.1:{{ env.IRONIC_PRIVATE_PORT }}/"
{% endif %}
{% else %}
WSGIDaemonProcess ironic user=ironic group=ironic threads=10 display-name=%{GROUP}
WSGIScriptAlias / /usr/bin/ironic-api-wsgi
{% endif %}
SetEnv APACHE_RUN_USER ironic-suse
SetEnv APACHE_RUN_GROUP ironic-suse
WSGIProcessGroup ironic-suse
ErrorLog /dev/stderr
LogLevel debug
@@ -41,6 +49,7 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
SSLCertificateKeyFile {{ env.IRONIC_KEY_FILE }}
{% endif %}
{% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
<Location />
{% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
AuthType Basic
@@ -49,6 +58,22 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
Require valid-user
{% endif %}
</Location>
{% else %}
<Directory /usr/bin >
WSGIProcessGroup ironic
WSGIApplicationGroup %{GLOBAL}
AllowOverride None
{% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
AuthType Basic
AuthName "Restricted WSGI area"
AuthUserFile "/etc/ironic/htpasswd"
Require valid-user
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
<Location ~ "^/(v1/?)?$" >
Require all granted

1
ironic-image/httpd-modules.conf
View File

@@ -5,6 +5,7 @@ LoadModule dir_module /usr/lib64/apache2/mod_dir.so
LoadModule authz_core_module /usr/lib64/apache2/mod_authz_core.so
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule wsgi_module /usr/lib64/apache2/mod_wsgi.so
LoadModule ssl_module /usr/lib64/apache2/mod_ssl.so
LoadModule env_module /usr/lib64/apache2/mod_env.so
LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so

2
ironic-image/httpd.conf.j2
View File

@@ -1,6 +1,6 @@
ServerRoot "/etc/httpd"
{%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
Listen {{ env.HTTP_PORT }}
Listen [::]:{{ env.HTTP_PORT }}
{% else %}
Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
{% endif %}

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
kernel --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
boot

81
ironic-image/ipxe_config.template
View File

@@ -1,81 +0,0 @@
#!ipxe
set attempts:int32 10
set i:int32 0
goto deploy
:deploy
imgfree
{%- if pxe_options.deployment_aki_path %}
{%- set aki_path_https_elements = pxe_options.deployment_aki_path.split(':') %}
{%- set aki_port_and_path = aki_path_https_elements[2].split('/') %}
{%- set aki_afterport = aki_port_and_path[1:]|join('/') %}
{%- set aki_path_https = ['https:', aki_path_https_elements[1], ':8084/', aki_afterport]|join %}
{%- endif %}
{%- if pxe_options.deployment_ari_path %}
{%- set ari_path_https_elements = pxe_options.deployment_ari_path.split(':') %}
{%- set ari_port_and_path = ari_path_https_elements[2].split('/') %}
{%- set ari_afterport = ari_port_and_path[1:]|join('/') %}
{%- set ari_path_https = ['https:', ari_path_https_elements[1], ':8084/', ari_afterport]|join %}
{%- endif %}
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} selinux=0 troubleshoot=0 text {{ pxe_options.pxe_append_params|default("", true) }} BOOTIF=${mac} initrd={{ pxe_options.initrd_filename|default("deploy_ramdisk", true) }} || goto retry
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto retry
boot
:retry
iseq ${i} ${attempts} && goto fail ||
inc i
echo No response, retrying in ${i} seconds.
sleep ${i}
goto deploy
:fail
echo Failed to get a response after ${attempts} attempts
echo Powering off in 30 seconds.
sleep 30
poweroff
:boot_anaconda
imgfree
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} text {{ pxe_options.pxe_append_params|default("", true) }} inst.ks={{ pxe_options.ks_cfg_url }} {% if pxe_options.repo_url %}inst.repo={{ pxe_options.repo_url }}{% else %}inst.stage2={{ pxe_options.stage2_url }}{% endif %} initrd=ramdisk || goto boot_anaconda
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_anaconda
boot
:boot_ramdisk
imgfree
{%- if pxe_options.boot_iso_url %}
sanboot {{ pxe_options.boot_iso_url }}
{%- else %}
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} root=/dev/ram0 text {{ pxe_options.pxe_append_params|default("", true) }} {{ pxe_options.ramdisk_opts|default('', true) }} initrd=ramdisk || goto boot_ramdisk
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_ramdisk
boot
{%- endif %}
{%- if pxe_options.boot_from_volume %}
:boot_iscsi
imgfree
{% if pxe_options.username %}set username {{ pxe_options.username }}{% endif %}
{% if pxe_options.password %}set password {{ pxe_options.password }}{% endif %}
{% if pxe_options.iscsi_initiator_iqn %}set initiator-iqn {{ pxe_options.iscsi_initiator_iqn }}{% endif %}
sanhook --drive 0x80 {{ pxe_options.iscsi_boot_url }} || goto fail_iscsi_retry
{%- if pxe_options.iscsi_volumes %}{% for i, volume in enumerate(pxe_options.iscsi_volumes) %}
set username {{ volume.username }}
set password {{ volume.password }}
{%- set drive_id = 129 + i %}
sanhook --drive {{ '0x%x' % drive_id }} {{ volume.url }} || goto fail_iscsi_retry
{%- endfor %}{% endif %}
{% if pxe_options.iscsi_volumes %}set username {{ pxe_options.username }}{% endif %}
{% if pxe_options.iscsi_volumes %}set password {{ pxe_options.password }}{% endif %}
sanboot --no-describe || goto fail_iscsi_retry
:fail_iscsi_retry
echo Failed to attach iSCSI volume(s), retrying in 10 seconds.
sleep 10
goto boot_iscsi
{%- endif %}
:boot_whole_disk
sanboot --no-describe || exit 0

25
ironic-image/ironic-common.sh
View File

@@ -6,7 +6,6 @@ IRONIC_IP="${IRONIC_IP:-}"
PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
PROVISIONING_IP="${PROVISIONING_IP:-}"
PROVISIONING_MACS="${PROVISIONING_MACS:-}"
IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
get_provisioning_interface()
{
@@ -73,10 +72,7 @@ wait_for_interface_or_ip()
render_j2_config()
{
ls $1 # DEBUG
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1"
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
ls $2 # DEBUG
}
run_ironic_dbsync()
@@ -90,18 +86,25 @@ run_ironic_dbsync()
done
else
# SQLite does not support some statements. Fortunately, we can just create
# the schema in one go if not already created, instead of going through an upgrade
DB_VERSION="$(ironic-dbsync --config-file /etc/ironic/ironic.conf version)"
if [[ "${DB_VERSION}" == "None" ]]; then
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
fi
# the schema in one go instead of going through an upgrade.
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
fi
}
# Use the special value "unix" for unix sockets
export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-unix}
export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-6388}
export IRONIC_INSPECTOR_PRIVATE_PORT=${IRONIC_INSPECTOR_PRIVATE_PORT:-5049}
export IRONIC_ACCESS_PORT=${IRONIC_ACCESS_PORT:-6385}
export IRONIC_LISTEN_PORT=${IRONIC_LISTEN_PORT:-$IRONIC_ACCESS_PORT}
export IRONIC_ENABLE_DISCOVERY=${IRONIC_ENABLE_DISCOVERY:-${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}}
export IRONIC_INSPECTOR_ACCESS_PORT=${IRONIC_INSPECTOR_ACCESS_PORT:-5050}
export IRONIC_INSPECTOR_LISTEN_PORT=${IRONIC_INSPECTOR_LISTEN_PORT:-$IRONIC_INSPECTOR_ACCESS_PORT}
# If this is false, built-in inspection is used.
export USE_IRONIC_INSPECTOR=${USE_IRONIC_INSPECTOR:-true}
export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
if [[ "${USE_IRONIC_INSPECTOR}" != "true" ]] && [[ "${IRONIC_INSPECTOR_ENABLE_DISCOVERY}" == "true" ]]; then
echo "Discovery is only supported with ironic-inspector at this point"
exit 1
fi

9
ironic-image/ironic-probe.j2
View File

@@ -1,9 +0,0 @@
#!/bin/bash
set -eu -o pipefail
curl -sSf {{ env.PROBE_CURL_ARGS }} "{{ env.PROBE_URL }}"
# TODO(dtantsur): when PROBE_KIND==readiness, try the conductor and driver API
# to make sure the conductor is ready. This requires having access to secrets
# since these endpoints are authenticated.

74
ironic-image/ironic.conf.j2
View File

@@ -1,22 +1,28 @@
[DEFAULT]
{% if env.AUTH_STRATEGY is defined %}
auth_strategy = {{ env.AUTH_STRATEGY }}
{% if env.AUTH_STRATEGY == "http_basic" %}
http_basic_auth_user_file=/etc/ironic/htpasswd
{% endif %}
{% else %}
auth_strategy = noauth
{% endif %}
debug = true
default_deploy_interface = direct
default_inspect_interface = agent
default_inspect_interface = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %}
default_network_interface = noop
enabled_bios_interfaces = no-bios,redfish,idrac-redfish,irmc,ilo
enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media,redfish-https
enabled_bios_interfaces = idrac-wsman,no-bios,redfish,idrac-redfish,irmc,ilo
enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media
enabled_deploy_interfaces = direct,fake,ramdisk,custom-agent
enabled_firmware_interfaces = no-firmware,fake,redfish
# NOTE(dtantsur): when changing this, make sure to update the driver
# dependencies in Dockerfile.
enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
enabled_inspect_interfaces = agent,irmc,fake,redfish,ilo
enabled_management_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
enabled_network_interfaces = noop
enabled_power_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo
enabled_raid_interfaces = no-raid,irmc,agent,fake,redfish,idrac-redfish,ilo5
enabled_vendor_interfaces = no-vendor,ipmitool,idrac-redfish,redfish,ilo,fake
enabled_inspect_interfaces = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %},idrac-wsman,irmc,fake,redfish,ilo
enabled_management_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
enabled_power_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo
enabled_raid_interfaces = no-raid,irmc,agent,fake,idrac-wsman,redfish,idrac-redfish,ilo5
enabled_vendor_interfaces = no-vendor,ipmitool,idrac-wsman,idrac-redfish,redfish,ilo,fake
enabled_firmware_interfaces = no-firmware,fake,redfish
{% if env.IRONIC_EXPOSE_JSON_RPC | lower == "true" %}
rpc_transport = json-rpc
{% else %}
@@ -26,7 +32,14 @@ use_stderr = true
# NOTE(dtantsur): the default md5 is not compatible with FIPS mode
hash_ring_algorithm = sha256
my_ip = {{ env.IRONIC_IP }}
{% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
# if access is unauthenticated, we bind only to localhost - use that as the
# host name also, so that the client can find the server
# If we run both API and conductor in the same pod, use localhost
host = localhost
{% else %}
host = {{ env.IRONIC_CONDUCTOR_HOST }}
{% endif %}
# If a path to a certificate is defined, use that first for webserver
{% if env.WEBSERVER_CACERT_FILE %}
@@ -130,22 +143,26 @@ external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
dhcp_provider = none
[inspector]
# NOTE(dtantsur): we properly configure the "unmanaged" inspection boot (i.e.
# booting IPA through a separate inspector.ipxe rather than the driver's boot
# interface), so managed boot is not required.
require_managed_boot = False
power_off = {{ false if env.IRONIC_FAST_TRACK == "true" else true }}
# NOTE(dtantsur): keep inspection arguments synchronized with inspector.ipxe
# Also keep in mind that only parameters unique for inspection go here.
# No need to duplicate pxe_append_params/kernel_append_params.
extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1
extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
{% if env.USE_IRONIC_INSPECTOR == "true" %}
endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" %}
cafile = {{ env.IRONIC_INSPECTOR_CACERT_FILE }}
insecure = {{ env.IRONIC_INSPECTOR_INSECURE }}
{% endif %}
{% if env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE %}
callback_endpoint_override = {{ env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE }}
{% endif %}
{% else %}
hooks = $default_hooks,parse-lldp
add_ports = all
keep_ports = present
[auto_discovery]
enabled = {{ env.IRONIC_ENABLE_DISCOVERY }}
driver = ipmi
{% endif %}
[ipmi]
# use_ipmitool_retries transfers the responsibility of retrying to ipmitool
@@ -174,9 +191,15 @@ cipher_suite_versions = 3,17
# authentication over localhost, using the same credentials as API, to prevent
# unauthenticated connections from other processes in the same host since the
# containers are in host networking.
auth_strategy = http_basic
auth_strategy = {{ env.JSON_RPC_AUTH_STRATEGY }}
http_basic_auth_user_file = /etc/ironic/htpasswd-rpc
{% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
# if access is unauthenticated, we bind only to localhost - use that as the
# host name also, so that the client can find the server
host_ip = localhost
{% else %}
host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
{% endif %}
{% if env.IRONIC_TLS_SETUP == "true" %}
use_ssl = true
cafile = {{ env.IRONIC_CACERT_FILE }}
@@ -201,27 +224,24 @@ images_path = /shared/html/tmp
instance_master_path = /shared/html/master_images
tftp_master_path = /shared/tftpboot/master_images
tftp_root = /shared/tftpboot
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
# This makes networking boot templates generated even for nodes using local
# boot (the default), ensuring that they boot correctly even if they start
# netbooting for some reason (e.g. with the noop management interface).
enable_netboot_fallback = true
# Enable the fallback path to in-band inspection
ipxe_fallback_script = inspector.ipxe
{% if env.IPXE_TLS_SETUP | lower == "true" %}
ipxe_config_template = /tmp/ipxe_config.template
{% endif %}
[redfish]
use_swift = false
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
[ilo]
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
use_web_server_for_images = true
[irmc]
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
[service_catalog]
endpoint_override = {{ env.IRONIC_BASE_URL }}

29
ironic-image/prepare-efi.sh
View File

@@ -6,37 +6,22 @@ ARCH=$(uname -m)
DEST=${2:-/tmp/esp.img}
OS=${1:-sles}
if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mkdir -p /boot/efi/EFI/BOOT
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
#mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
mdir -i $DEST ::EFI/BOOT;

10
ironic-image/rundnsmasq
View File

@@ -4,8 +4,6 @@ set -eux
# shellcheck disable=SC1091
. /bin/ironic-common.sh
# shellcheck disable=SC1091
. /bin/tls-common.sh
export HTTP_PORT=${HTTP_PORT:-80}
DNSMASQ_EXCEPT_INTERFACE=${DNSMASQ_EXCEPT_INTERFACE:-lo}
@@ -21,13 +19,7 @@ mkdir -p /shared/html/images
mkdir -p /shared/html/pxelinux.cfg
# Copy files to shared mount
if [[ -r "${IPXE_CUSTOM_FIRMWARE_DIR}" ]]; then
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
"/shared/tftpboot"
else
cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
fi
cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
# Template and write dnsmasq.conf
# we template via /tmp as sed otherwise creates temp files in /etc directory

31
ironic-image/runhttpd
View File

@@ -8,7 +8,10 @@
export HTTP_PORT=${HTTP_PORT:-80}
export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
INSPECTOR_ORIG_HTTPD_CONFIG=/etc/httpd/conf.d/inspector-apache.conf.j2
INSPECTOR_RESULT_HTTPD_CONFIG=/etc/httpd/conf.d/ironic-inspector.conf
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
# In Metal3 context they are called node images in Ironic context they are
# called user images.
@@ -30,7 +33,11 @@ chmod 0777 /shared/html
IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}"
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_INSPECTOR_ACCESS_PORT}/v1/continue"
else
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
fi
if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then
INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}"
@@ -44,6 +51,14 @@ cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
# Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf
if [[ "$USE_IRONIC_INSPECTOR" == "true" ]] && [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]]; then
render_j2_config "$INSPECTOR_ORIG_HTTPD_CONFIG" "$INSPECTOR_RESULT_HTTPD_CONFIG"
fi
else
export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
fi
if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
render_j2_config /tmp/httpd-ironic-api.conf.j2 /etc/httpd/conf.d/ironic.conf
@@ -59,14 +74,12 @@ if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
render_j2_config /etc/httpd-vmedia.conf.j2 /etc/httpd/conf.d/vmedia.conf
fi
# Render httpd TLS configuration for /shared/html
if [[ "$IPXE_TLS_SETUP" == "true" ]]; then
mkdir -p /shared/html/custom-ipxe
chmod 0777 /shared/html/custom-ipxe
render_j2_config "/etc/httpd-ipxe.conf.j2" "/etc/httpd/conf.d/ipxe.conf"
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
"/shared/html/custom-ipxe"
# Set up inotify to kill the container (restart) whenever cert files for ironic inspector change
if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
# shellcheck disable=SC2034
inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
kill -WINCH $(pgrep httpd)
done &
fi
# Set up inotify to kill the container (restart) whenever cert files for ironic api change

4
ironic-image/runironic
View File

@@ -1,7 +1,9 @@
#!/usr/bin/bash
# This setting must go before configure-ironic since it has different defaults.
# These settings must go before configure-ironic since it has different
# defaults.
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-false}
# shellcheck disable=SC1091
. /bin/configure-ironic.sh

27
ironic-image/runlogwatch.sh
View File

@@ -1,19 +1,20 @@
#!/usr/bin/bash
# Ramdisk logs path
LOG_DIR="/shared/log/ironic/deploy"
LOG_DIRS=("/shared/log/ironic/deploy" "/shared/log/ironic-inspector/ramdisk")
# The ironic container creates the directory, wait for
# it to exist before running inotifywait or it can fail causing
# a spurious restart
while [ ! -d "${LOG_DIR}" ]; do
echo "Waiting for ${LOG_DIR}"
sleep 5
done
while :; do
for LOG_DIR in "${LOG_DIRS[@]}"; do
if ! ls "${LOG_DIR}"/*.tar.gz 1> /dev/null 2>&1; then
continue
fi
inotifywait -m "${LOG_DIR}" -e close_write |
while read -r path _action file; do
echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"
tar -xOzvvf "${path}/${file}" | sed -e "s/^/${file}: /"
rm -f "${path}/${file}"
for fn in "${LOG_DIR}"/*.tar.gz; do
echo "************ Contents of $fn ramdisk log file bundle **************"
tar -xOzvvf "$fn" | sed -e "s/^/$(basename "$fn"): /"
rm -f "$fn"
done
done
sleep 5
done

54
ironic-image/tls-common.sh
View File

@@ -5,25 +5,24 @@ export IRONIC_KEY_FILE=/certs/ironic/tls.key
export IRONIC_CACERT_FILE=/certs/ca/ironic/tls.crt
export IRONIC_INSECURE=${IRONIC_INSECURE:-false}
export IRONIC_SSL_PROTOCOL=${IRONIC_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
export IPXE_SSL_PROTOCOL=${IPXE_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
export IRONIC_VMEDIA_SSL_PROTOCOL=${IRONIC_VMEDIA_SSL_PROTOCOL:-"ALL"}
export IRONIC_INSPECTOR_CERT_FILE=/certs/ironic-inspector/tls.crt
export IRONIC_INSPECTOR_KEY_FILE=/certs/ironic-inspector/tls.key
export IRONIC_INSPECTOR_CACERT_FILE=/certs/ca/ironic-inspector/tls.crt
export IRONIC_INSPECTOR_INSECURE=${IRONIC_INSPECTOR_INSECURE:-$IRONIC_INSECURE}
export IRONIC_VMEDIA_CERT_FILE=/certs/vmedia/tls.crt
export IRONIC_VMEDIA_KEY_FILE=/certs/vmedia/tls.key
export IPXE_CERT_FILE=/certs/ipxe/tls.crt
export IPXE_KEY_FILE=/certs/ipxe/tls.key
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
export MARIADB_CACERT_FILE=/certs/ca/mariadb/tls.crt
export IPXE_TLS_PORT="${IPXE_TLS_PORT:-8084}"
mkdir -p /certs/ironic
mkdir -p /certs/ironic-inspector
mkdir -p /certs/ca/ironic
mkdir -p /certs/ipxe
mkdir -p /certs/vmedia
mkdir -p /certs/ca/ironic-inspector
if [[ -f "$IRONIC_CERT_FILE" ]] && [[ ! -f "$IRONIC_KEY_FILE" ]]; then
echo "Missing TLS Certificate key file $IRONIC_KEY_FILE"
@@ -34,6 +33,15 @@ if [[ ! -f "$IRONIC_CERT_FILE" ]] && [[ -f "$IRONIC_KEY_FILE" ]]; then
exit 1
fi
if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ ! -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
echo "Missing TLS Certificate key file $IRONIC_INSPECTOR_KEY_FILE"
exit 1
fi
if [[ ! -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
echo "Missing TLS Certificate file $IRONIC_INSPECTOR_CERT_FILE"
exit 1
fi
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ ! -f "$IRONIC_VMEDIA_KEY_FILE" ]]; then
echo "Missing TLS Certificate key file $IRONIC_VMEDIA_KEY_FILE"
exit 1
@@ -43,15 +51,6 @@ if [[ ! -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ -f "$IRONIC_VMEDIA_KEY_FILE" ]];
exit 1
fi
if [[ -f "$IPXE_CERT_FILE" ]] && [[ ! -f "$IPXE_KEY_FILE" ]]; then
echo "Missing TLS Certificate key file $IPXE_KEY_FILE"
exit 1
fi
if [[ ! -f "$IPXE_CERT_FILE" ]] && [[ -f "$IPXE_KEY_FILE" ]]; then
echo "Missing TLS Certificate file $IPXE_CERT_FILE"
exit 1
fi
copy_atomic()
{
local src="$1"
@@ -76,18 +75,23 @@ else
export IRONIC_SCHEME="http"
fi
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]]; then
export IRONIC_VMEDIA_TLS_SETUP="true"
if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] || [[ -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
export IRONIC_INSPECTOR_TLS_SETUP="true"
export IRONIC_INSPECTOR_SCHEME="https"
if [[ ! -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
copy_atomic "$IRONIC_INSPECTOR_CERT_FILE" "$IRONIC_INSPECTOR_CACERT_FILE"
fi
else
export IRONIC_VMEDIA_TLS_SETUP="false"
export IRONIC_INSPECTOR_TLS_SETUP="false"
export IRONIC_INSPECTOR_SCHEME="http"
fi
if [[ -f "$IPXE_CERT_FILE" ]]; then
export IPXE_SCHEME="https"
export IPXE_TLS_SETUP="true"
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]]; then
export IRONIC_VMEDIA_SCHEME="https"
export IRONIC_VMEDIA_TLS_SETUP="true"
else
export IPXE_SCHEME="http"
export IPXE_TLS_SETUP="false"
export IRONIC_VMEDIA_SCHEME="http"
export IRONIC_VMEDIA_TLS_SETUP="false"
fi
if [[ -f "$MARIADB_CACERT_FILE" ]]; then

17
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,14 +8,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
RUN zypper --installroot /installroot --non-interactive install --no-recommends openstack-ironic-image-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN cp /usr/bin/getopt /installroot/
@@ -26,11 +19,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.1"
LABEL org.opencontainers.image.version="2.0.0"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

6
ironic-ipa-downloader-image/_service
View File

@@ -1,6 +1,12 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%openstack-ironic-image-x86_64_version%%</param>
<param name="package">openstack-ironic-image-x86_64</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

6
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -8,10 +8,10 @@ export no_proxy=${no_proxy:-$NO_PROXY}
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
# SLES BASED IPA - openstack-ironic-image-x86_64 package
mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
cp /tmp/openstack-ironic-image*.x86_64*.kernel /shared/html/images/ironic-python-agent.kernel
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@@ -68,4 +68,4 @@ if [ -d "/tmp/ironic-certificates" ]; then
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
fi
fi

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS)
View File

Binary file not shown.

37
kiwi-builder-image/Dockerfile
View File

@@ -1,37 +0,0 @@
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1
ARG KIWIVERSION="10.2.12"
FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
ARG KIWIVERSION
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.akri
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%kiwi_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
# help the build service understand the need for python3-kiwi
RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
# Copy build script into image and make it executable
ADD build-image.sh /usr/bin/build-image
RUN chmod a+x /usr/bin/build-image
# Make a directory for the standard SL Micro Kiwi definition and config file and copy them in
RUN mkdir -p /micro-sdk/defs
ADD SL-Micro.kiwi /micro-sdk/defs
ADD SL-Micro.kiwi.4096 /micro-sdk/defs
ADD config.sh /micro-sdk/defs

59
kiwi-builder-image/README
View File

@@ -1,59 +0,0 @@
###########################
Kiwi SDK Image Instructions
###########################
Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
# setenforce 0
Next, download the podman image:
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1
Make a local output directory (where the images will reside):
# mkdir output
Then, to build a standard "Base" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
To build a "Base" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-SelfInstall
Then, to build a standard "Default" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default
To build a "Default" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-RT
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall -b
# mkdir mydefs/
# cp /path/to/SL-Micro.kiwi mydefs/
# cp /path/to/config.sh mydefs/
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
All output will be in the local $(pwd)/output directory, for example:
# ls -1 output/
SL-Micro.x86_64-6.0.changes
SL-Micro.x86_64-6.0.packages
SL-Micro.x86_64-6.0.raw
SL-Micro.x86_64-6.0.verified
build
kiwi.result
kiwi.result.json
Note, if you want to rebuild the image, you'll need to empty the output directory, or Kiwi will error due to existing output files:
# rm -rf output/*

777
kiwi-builder-image/SL-Micro.kiwi
View File

@@ -1,777 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
<!-- OBS-Milestone: %current_milestone -->
<!-- OBS-BcntSyncTag: SL-Micro -->
<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
<description type="system">
<author>SUSE</author>
<contact>crc@suse.com</contact>
<specification>SL Micro</specification>
</description>
<profiles>
<!-- Profiles used as dependencies of actual image profiles -->
<!-- Flavors -->
<profile name="full" description="SL Micro as KVM and Container host"/>
<profile name="container-host" description="SL Micro as Container host"/>
<profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
<!-- Platforms - support profiles -->
<profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
<profile name="self_install" description="Self Installing ISO media"/>
<!-- Platforms -->
<profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86"/>
</profile>
<profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-encrypted"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86"/>
</profile>
<profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
>
<luksformat>
<option name="--cipher" value="aes"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">4</size>
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="s390-dasd">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="s390-fba">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
format="vmdk"
firmware="uefi"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">20</size>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/>
<!-- <package name="k3s-install"/> -->
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
<package name="system-user-tss"/>
<package name="libtss2-fapi1"/>
<package name="libtss2-tcti-device0"/>
<package name="tpm2.0-tools"/>
<package name="tpm2-0-tss"/>
<package name="fde-firstboot"/>
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="ecs_anywhere">
<package name="amazon-ssm-agent"/>
<package name="amazon-ecs-init"/>
<package name="aws-cli"/>
<package name="docker"/>
</packages>
<!-- Ignition / Combustion everywhere, cloud-init only in selected images
<packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
<packages type="image">
<package name="ignition"/>
<package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
<package name="SL-Micro-release"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="NetworkManager-tui"/>
<package name="growpart-generator"/>
<package name="suse-build-key"/>
<!-- for debugging -->
<package name="less"/>
<package name="vim-small"/>
<namedCollection name="micro_defaults"/>
<package name="patterns-micro-defaults"/>
<package name="NetworkManager"/>
<package name="NetworkManager-branding-SLE"/>
<package name="ModemManager"/>
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
</packages>
<packages type="image" profiles="bootloader">
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
<!-- obsoleted by kiwi-settings
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
<!-- bsc#1221936 -->
<packages type="image" profiles="x86-vmware">
<package name="open-vm-tools"/>
</packages>
<!-- bsc#1221727-->
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
</image>

Some files were not shown because too many files have changed in this diff Show More