Compare commits
No commits in common. "main" and "main" have entirely different histories.
@ -21,7 +21,7 @@ def delete_package_from_workflow(name: str):
|
|||||||
|
|
||||||
|
|
||||||
def delete_package_from_project(name: str):
|
def delete_package_from_project(name: str):
|
||||||
p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
|
p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
|
||||||
print(p.stdout)
|
print(p.stdout)
|
||||||
print(p.stderr)
|
print(p.stderr)
|
||||||
p.check_returncode()
|
p.check_returncode()
|
||||||
|
@ -66,6 +66,14 @@ staging_build:
|
|||||||
source_package: frr-k8s
|
source_package: frr-k8s
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-operator
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: kubectl
|
source_package: kubectl
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
@ -74,6 +82,10 @@ staging_build:
|
|||||||
source_package: upgrade-controller
|
source_package: upgrade-controller
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-provider-rke2
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: nm-configurator
|
source_package: nm-configurator
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
@ -94,18 +106,38 @@ staging_build:
|
|||||||
source_package: hauler
|
source_package: hauler
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: ip-address-manager
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: baremetal-operator
|
source_package: baremetal-operator
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-provider-metal3
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: cdi-chart
|
source_package: cdi-chart
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-controller-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-provider-metal3-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: metallb-chart
|
source_package: metallb-chart
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-operator-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: sriov-crd-chart
|
source_package: sriov-crd-chart
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
@ -122,6 +154,10 @@ staging_build:
|
|||||||
source_package: ironic-ipa-downloader-image
|
source_package: ironic-ipa-downloader-image
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-provider-rke2-controlplane-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: upgrade-controller-image
|
source_package: upgrade-controller-image
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
@ -134,6 +170,10 @@ staging_build:
|
|||||||
source_package: baremetal-operator-image
|
source_package: baremetal-operator-image
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: cluster-api-provider-rke2-bootstrap-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: sriov-network-operator-chart
|
source_package: sriov-network-operator-chart
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
@ -142,6 +182,10 @@ staging_build:
|
|||||||
source_package: metallb-controller-image
|
source_package: metallb-controller-image
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: ip-address-manager-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: metallb-speaker-image
|
source_package: metallb-speaker-image
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
@ -154,6 +198,10 @@ staging_build:
|
|||||||
source_package: cri-tools
|
source_package: cri-tools
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
|
- branch_package:
|
||||||
|
source_package: openstack-ironic-image
|
||||||
|
source_project: isv:SUSE:Edge:Factory
|
||||||
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
- branch_package:
|
||||||
source_package: crudini
|
source_package: crudini
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
@ -178,35 +226,3 @@ staging_build:
|
|||||||
source_package: rancher-turtles-chart
|
source_package: rancher-turtles-chart
|
||||||
source_project: isv:SUSE:Edge:Factory
|
source_project: isv:SUSE:Edge:Factory
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
target_project: isv:SUSE:Edge:Factory:Staging
|
||||||
- branch_package:
|
|
||||||
source_package: kube-rbac-proxy-image
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
- branch_package:
|
|
||||||
source_package: ironic-ipa-ramdisk
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
- branch_package:
|
|
||||||
source_package: kubevirt-dashboard-extension-chart
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
- branch_package:
|
|
||||||
source_package: kiwi-builder-image
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
- branch_package:
|
|
||||||
source_package: kubevirt-chart
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
- branch_package:
|
|
||||||
source_package: release-manifest-image
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
- branch_package:
|
|
||||||
source_package: frr-image
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
- branch_package:
|
|
||||||
source_package: kubectl-image
|
|
||||||
source_project: isv:SUSE:Edge:Factory
|
|
||||||
target_project: isv:SUSE:Edge:Factory:Staging
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
|
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20
|
||||||
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20-%RELEASE%
|
||||||
annotations:
|
annotations:
|
||||||
catalog.cattle.io/display-name: Akri
|
catalog.cattle.io/display-name: Akri
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
@ -8,4 +8,4 @@ description: A Helm chart for Akri
|
|||||||
icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
|
icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
|
||||||
name: akri
|
name: akri
|
||||||
type: application
|
type: application
|
||||||
version: "%%CHART_MAJOR%%.0.0+up0.12.20"
|
version: 0.12.20
|
||||||
|
@ -11,7 +11,5 @@
|
|||||||
<param name="file">Chart.yaml</param>
|
<param name="file">Chart.yaml</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
<param name="var">IMG_PREFIX</param>
|
<param name="var">IMG_PREFIX</param>
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
@ -1,20 +1,20 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
|
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE%
|
||||||
annotations:
|
annotations:
|
||||||
catalog.cattle.io/certified: rancher
|
catalog.cattle.io/certified: rancher
|
||||||
catalog.cattle.io/display-name: Akri
|
catalog.cattle.io/display-name: Akri
|
||||||
catalog.cattle.io/kube-version: ">= v1.26.0-0"
|
catalog.cattle.io/kube-version: '>= v1.26.0-0'
|
||||||
catalog.cattle.io/namespace: cattle-ui-plugin-system
|
catalog.cattle.io/namespace: cattle-ui-plugin-system
|
||||||
catalog.cattle.io/os: linux
|
catalog.cattle.io/os: linux
|
||||||
catalog.cattle.io/permits-os: linux, windows
|
catalog.cattle.io/permits-os: linux, windows
|
||||||
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
|
catalog.cattle.io/rancher-version: '>= v2.9.0'
|
||||||
catalog.cattle.io/scope: management
|
catalog.cattle.io/scope: management
|
||||||
catalog.cattle.io/ui-component: plugins
|
catalog.cattle.io/ui-component: plugins
|
||||||
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
|
catalog.cattle.io/ui-extensions-version: '>= 2.0.1'
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.2.1
|
appVersion: 1.1.0
|
||||||
description: "SUSE Edge: Akri extension for Rancher Dashboard"
|
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
|
||||||
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
|
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
|
||||||
name: akri-dashboard-extension
|
name: akri-dashboard-extension
|
||||||
type: application
|
type: application
|
||||||
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
|
version: 1.1.0
|
||||||
|
@ -11,7 +11,5 @@
|
|||||||
<param name="file">Chart.yaml</param>
|
<param name="file">Chart.yaml</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
<param name="var">IMG_PREFIX</param>
|
<param name="var">IMG_PREFIX</param>
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
@ -8,7 +8,7 @@ spec:
|
|||||||
plugin:
|
plugin:
|
||||||
name: {{ include "extension-server.fullname" . }}
|
name: {{ include "extension-server.fullname" . }}
|
||||||
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
|
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
|
||||||
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1
|
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0
|
||||||
noCache: {{ .Values.plugin.noCache }}
|
noCache: {{ .Values.plugin.noCache }}
|
||||||
noAuth: {{ .Values.plugin.noAuth }}
|
noAuth: {{ .Values.plugin.noAuth }}
|
||||||
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
|
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
|
@ -7,6 +7,6 @@ plugin:
|
|||||||
noAuth: false
|
noAuth: false
|
||||||
metadata:
|
metadata:
|
||||||
catalog.cattle.io/display-name: Akri
|
catalog.cattle.io/display-name: Akri
|
||||||
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
|
catalog.cattle.io/rancher-version: ">= v2.9.0"
|
||||||
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
|
catalog.cattle.io/ui-extensions-version: ">= 2.0.1"
|
||||||
catalog.cattle.io/kube-version: ">= v1.26.0-0"
|
catalog.cattle.io/kube-version: ">= v1.26.0-0"
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
<service name="obs_scm">
|
<service name="obs_scm">
|
||||||
<param name="url">https://github.com/metal3-io/baremetal-operator</param>
|
<param name="url">https://github.com/metal3-io/baremetal-operator</param>
|
||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="revision">v0.8.0</param>
|
<param name="revision">v0.6.1</param>
|
||||||
<param name="version">_auto_</param>
|
<param name="version">_auto_</param>
|
||||||
<param name="versionformat">@PARENT_TAG@</param>
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
<param name="changesgenerate">enable</param>
|
<param name="changesgenerate">enable</param>
|
||||||
|
@ -17,14 +17,14 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: baremetal-operator
|
Name: baremetal-operator
|
||||||
Version: 0.8.0
|
Version: 0.6.1
|
||||||
Release: 0.8.0
|
Release: 0.6.1
|
||||||
Summary: Implements a Kubernetes API for managing bare metal hosts
|
Summary: Implements a Kubernetes API for managing bare metal hosts
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
URL: https://github.com/metal3-io/baremetal-operator
|
URL: https://github.com/metal3-io/baremetal-operator
|
||||||
Source: baremetal-operator-%{version}.tar.gz
|
Source: baremetal-operator-%{version}.tar.gz
|
||||||
Source1: vendor.tar.gz
|
Source1: vendor.tar.gz
|
||||||
BuildRequires: golang(API) = 1.22
|
BuildRequires: golang(API) = 1.21
|
||||||
ExcludeArch: s390
|
ExcludeArch: s390
|
||||||
ExcludeArch: %{ix86}
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
|
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0-%RELEASE%
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.60.1
|
appVersion: 1.60.1
|
||||||
description: A Helm chart for Containerized Data Importer (CDI)
|
description: A Helm chart for Containerized Data Importer (CDI)
|
||||||
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
|
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
|
||||||
name: cdi
|
name: cdi
|
||||||
type: application
|
type: application
|
||||||
version: "%%CHART_MAJOR%%.0.0+up0.4.0"
|
version: 0.4.0
|
||||||
|
@ -4,7 +4,5 @@
|
|||||||
<param name="file">Chart.yaml</param>
|
<param name="file">Chart.yaml</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
<param name="var">IMG_PREFIX</param>
|
<param name="var">IMG_PREFIX</param>
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
@ -1,25 +1,26 @@
|
|||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:v%%cluster-api_version%%
|
||||||
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%-%RELEASE%
|
||||||
#!BuildVersion: 15.6
|
#!BuildVersion: 15.6
|
||||||
ARG SLE_VERSION
|
ARG SLE_VERSION
|
||||||
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
|
|
||||||
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
COPY --from=micro / /installroot/
|
COPY --from=micro / /installroot/
|
||||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends kube-rbac-proxy; zypper -n clean; rm -rf /var/log/*
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api shadow; zypper -n clean; rm -rf /var/log/*
|
||||||
|
|
||||||
FROM micro AS final
|
FROM micro AS final
|
||||||
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
# labelprefix=com.suse.application.kube-rbac-proxy
|
# labelprefix=com.suse.application.cluster-api
|
||||||
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
LABEL org.opencontainers.image.title="SLE kube-rbac-proxy Container Image"
|
LABEL org.opencontainers.image.title="SLE cluster-api Container Image"
|
||||||
LABEL org.opencontainers.image.description="kube-rbac-proxy based on the SLE Base Container Image."
|
LABEL org.opencontainers.image.description="cluster-api based on the SLE Base Container Image."
|
||||||
LABEL org.opencontainers.image.version="%%kube-rbac-proxy_version%%"
|
LABEL org.opencontainers.image.version="%%cluster-api_version%%"
|
||||||
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%"
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
|
||||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
@ -29,7 +30,7 @@ LABEL com.suse.release-stage="released"
|
|||||||
# endlabelprefix
|
# endlabelprefix
|
||||||
|
|
||||||
COPY --from=base /installroot /
|
COPY --from=base /installroot /
|
||||||
#Install kube-rbac-proxy
|
RUN mv /usr/bin/cluster-api-controller /manager
|
||||||
EXPOSE 8080
|
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
|
||||||
USER 65532:65532
|
USER 65532
|
||||||
ENTRYPOINT ["/kube-rbac-proxy"]
|
ENTRYPOINT [ "/manager" ]
|
@ -3,8 +3,8 @@
|
|||||||
<service mode="buildtime" name="docker_label_helper"/>
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
<service name="replace_using_package_version" mode="buildtime">
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
<param name="file">Dockerfile</param>
|
<param name="file">Dockerfile</param>
|
||||||
<param name="regex">%%kube-rbac-proxy_version%%</param>
|
<param name="regex">%%cluster-api_version%%</param>
|
||||||
<param name="package">kube-rbac-proxy</param>
|
<param name="package">cluster-api</param>
|
||||||
<param name="parse-version">patch</param>
|
<param name="parse-version">patch</param>
|
||||||
</service>
|
</service>
|
||||||
<service name="replace_using_env" mode="buildtime">
|
<service name="replace_using_env" mode="buildtime">
|
35
cluster-api-operator-image/Dockerfile
Normal file
35
cluster-api-operator-image/Dockerfile
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%
|
||||||
|
#!BuildVersion: 15.6
|
||||||
|
ARG SLE_VERSION
|
||||||
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
|
|
||||||
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
|
COPY --from=micro / /installroot/
|
||||||
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-operator shadow; zypper -n clean; rm -rf /var/log/*
|
||||||
|
|
||||||
|
FROM micro AS final
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=com.suse.application.cluster-api-operator
|
||||||
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
|
LABEL org.opencontainers.image.title="SLE cluster-api-operator Container Image"
|
||||||
|
LABEL org.opencontainers.image.description="cluster-api-operator based on the SLE Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="%%cluster-api-operator_version%%"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
|
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||||
|
LABEL com.suse.image-type="application"
|
||||||
|
LABEL com.suse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
|
||||||
|
COPY --from=base /installroot /
|
||||||
|
RUN mv /usr/bin/cluster-api-operator-controller /manager
|
||||||
|
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
|
||||||
|
USER 65532
|
||||||
|
ENTRYPOINT [ "/manager" ]
|
@ -1,11 +1,11 @@
|
|||||||
<services>
|
<services>
|
||||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
<service name="replace_using_env" mode="buildtime">
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
<param name="file">README</param>
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
<param name="file">Dockerfile</param>
|
||||||
<param name="var">IMG_REPO</param>
|
<param name="regex">%%cluster-api-operator_version%%</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="package">cluster-api-operator</param>
|
||||||
<param name="var">IMG_PREFIX</param>
|
<param name="parse-version">patch</param>
|
||||||
</service>
|
</service>
|
||||||
<service name="replace_using_env" mode="buildtime">
|
<service name="replace_using_env" mode="buildtime">
|
||||||
<param name="file">Dockerfile</param>
|
<param name="file">Dockerfile</param>
|
23
cluster-api-operator/_service
Normal file
23
cluster-api-operator/_service
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
<services>
|
||||||
|
<service name="obs_scm">
|
||||||
|
<param name="url">https://github.com/kubernetes-sigs/cluster-api-operator</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="revision">v0.12.0</param>
|
||||||
|
<param name="version">_auto_</param>
|
||||||
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
<param name="changesauthor">steven.hardy@suse.com</param>
|
||||||
|
<param name="match-tag">v*</param>
|
||||||
|
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
|
||||||
|
<param name="without-version">yes</param>
|
||||||
|
<param name="versionrewrite-replacement">\1</param>
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="tar" />
|
||||||
|
<service mode="buildtime" name="recompress">
|
||||||
|
<param name="file">*.tar</param>
|
||||||
|
<param name="compression">gz</param>
|
||||||
|
</service>
|
||||||
|
<service name="go_modules">
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="set_version" />
|
||||||
|
</services>
|
52
cluster-api-operator/cluster-api-operator.spec
Normal file
52
cluster-api-operator/cluster-api-operator.spec
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
#
|
||||||
|
# spec file for package cluster-api-operator
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: cluster-api-operator
|
||||||
|
Version: 0.12.0
|
||||||
|
Release: 0
|
||||||
|
Summary: Cluster API Core Controller
|
||||||
|
License: Apache-2.0
|
||||||
|
URL: https://github.com/kubernetes-sigs/cluster-api-operator
|
||||||
|
Source: cluster-api-operator-%{version}.tar.gz
|
||||||
|
Source1: vendor.tar.gz
|
||||||
|
BuildRequires: golang(API) = 1.21
|
||||||
|
ExcludeArch: s390
|
||||||
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
%description
|
||||||
|
|
||||||
|
Cluster API operator
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -a1 -n cluster-api-operator-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
go build \
|
||||||
|
-mod=vendor \
|
||||||
|
-buildmode=pie \
|
||||||
|
-o cluster-api-operator cmd/main.go
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -D -m0755 cluster-api-operator %{buildroot}%{_bindir}/cluster-api-operator-controller
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%doc README.md
|
||||||
|
%{_bindir}/cluster-api-operator-controller
|
||||||
|
|
||||||
|
%changelog
|
36
cluster-api-provider-metal3-image/Dockerfile
Normal file
36
cluster-api-provider-metal3-image/Dockerfile
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
|
||||||
|
#!BuildVersion: 15.6
|
||||||
|
ARG SLE_VERSION
|
||||||
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
|
|
||||||
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
|
COPY --from=micro / /installroot/
|
||||||
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
|
||||||
|
|
||||||
|
FROM micro AS final
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=com.suse.application.cluster-api-provider-metal3
|
||||||
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
|
LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
|
||||||
|
LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
|
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||||
|
LABEL com.suse.image-type="application"
|
||||||
|
LABEL com.suse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
|
||||||
|
COPY --from=base /installroot /
|
||||||
|
RUN mv /usr/bin/cluster-api-provider-metal3 /manager
|
||||||
|
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
|
||||||
|
USER 65532
|
||||||
|
ENTRYPOINT [ "/manager" ]
|
@ -1,5 +1,12 @@
|
|||||||
<services>
|
<services>
|
||||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="regex">%%cluster-api-provider-metal3_version%%</param>
|
||||||
|
<param name="package">cluster-api-provider-metal3</param>
|
||||||
|
<param name="parse-version">patch</param>
|
||||||
|
</service>
|
||||||
<service name="replace_using_env" mode="buildtime">
|
<service name="replace_using_env" mode="buildtime">
|
||||||
<param name="file">Dockerfile</param>
|
<param name="file">Dockerfile</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
23
cluster-api-provider-metal3/_service
Normal file
23
cluster-api-provider-metal3/_service
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
<services>
|
||||||
|
<service name="obs_scm">
|
||||||
|
<param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="revision">v1.8.2</param>
|
||||||
|
<param name="version">_auto_</param>
|
||||||
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
<param name="changesauthor">steven.hardy@suse.com</param>
|
||||||
|
<param name="match-tag">v*</param>
|
||||||
|
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
|
||||||
|
<param name="without-version">yes</param>
|
||||||
|
<param name="versionrewrite-replacement">\1</param>
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="tar" />
|
||||||
|
<service mode="buildtime" name="recompress">
|
||||||
|
<param name="file">*.tar</param>
|
||||||
|
<param name="compression">gz</param>
|
||||||
|
</service>
|
||||||
|
<service name="go_modules">
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="set_version" />
|
||||||
|
</services>
|
54
cluster-api-provider-metal3/cluster-api-provider-metal3.spec
Normal file
54
cluster-api-provider-metal3/cluster-api-provider-metal3.spec
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
#
|
||||||
|
# spec file for package cluster-api-provider-metal3
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: cluster-api-provider-metal3
|
||||||
|
Version: 1.8.2
|
||||||
|
Release: 0
|
||||||
|
Summary: Cluster API Infrastructure Provider for Metal3
|
||||||
|
License: Apache-2.0
|
||||||
|
URL: https://github.com/metal3-io/cluster-api-provider-metal3
|
||||||
|
Source: cluster-api-provider-metal3-%{version}.tar.gz
|
||||||
|
Source1: vendor.tar.gz
|
||||||
|
BuildRequires: golang(API) = 1.22
|
||||||
|
ExcludeArch: s390
|
||||||
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
%description
|
||||||
|
|
||||||
|
Cluster API Provider Metal3 is one of the providers for Cluster API and enables
|
||||||
|
users to deploy a Cluster API based cluster on top of bare metal infrastructure
|
||||||
|
using Metal3.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -a1 -n cluster-api-provider-metal3-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
go build \
|
||||||
|
-mod=vendor \
|
||||||
|
-buildmode=pie \
|
||||||
|
-a -ldflags '-extldflags "-static"'
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%doc README.md
|
||||||
|
%{_bindir}/cluster-api-provider-metal3
|
||||||
|
|
||||||
|
%changelog
|
36
cluster-api-provider-rke2-bootstrap-image/Dockerfile
Normal file
36
cluster-api-provider-rke2-bootstrap-image/Dockerfile
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:v%%cluster-api-provider-rke2_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%
|
||||||
|
#!BuildVersion: 15.6
|
||||||
|
ARG SLE_VERSION
|
||||||
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
|
|
||||||
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
|
COPY --from=micro / /installroot/
|
||||||
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-bootstrap shadow; zypper -n clean; rm -rf /var/log/*
|
||||||
|
|
||||||
|
FROM micro AS final
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=com.suse.application.cluster-api-provider-rke2
|
||||||
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
|
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
|
||||||
|
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
|
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||||
|
LABEL com.suse.image-type="application"
|
||||||
|
LABEL com.suse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
|
||||||
|
COPY --from=base /installroot /
|
||||||
|
RUN mv /usr/bin/rke2-bootstrap-manager /manager
|
||||||
|
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
|
||||||
|
USER 65532
|
||||||
|
ENTRYPOINT [ "/manager" ]
|
19
cluster-api-provider-rke2-bootstrap-image/_service
Normal file
19
cluster-api-provider-rke2-bootstrap-image/_service
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
<services>
|
||||||
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
|
||||||
|
<param name="package">cluster-api-provider-rke2-bootstrap</param>
|
||||||
|
<param name="parse-version">patch</param>
|
||||||
|
</service>
|
||||||
|
<service name="replace_using_env" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
|
<param name="var">IMG_PREFIX</param>
|
||||||
|
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||||
|
<param name="var">IMG_REPO</param>
|
||||||
|
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||||
|
<param name="var">SUPPORT_LEVEL</param>
|
||||||
|
</service>
|
||||||
|
</services>
|
36
cluster-api-provider-rke2-controlplane-image/Dockerfile
Normal file
36
cluster-api-provider-rke2-controlplane-image/Dockerfile
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:v%%cluster-api-provider-rke2_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%
|
||||||
|
#!BuildVersion: 15.6
|
||||||
|
ARG SLE_VERSION
|
||||||
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
|
|
||||||
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
|
COPY --from=micro / /installroot/
|
||||||
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-control-plane shadow; zypper -n clean; rm -rf /var/log/*
|
||||||
|
|
||||||
|
FROM micro AS final
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=com.suse.application.cluster-api-provider-rke2
|
||||||
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
|
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
|
||||||
|
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
|
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||||
|
LABEL com.suse.image-type="application"
|
||||||
|
LABEL com.suse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
|
||||||
|
COPY --from=base /installroot /
|
||||||
|
RUN mv /usr/bin/rke2-control-plane-manager /manager
|
||||||
|
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
|
||||||
|
USER 65532
|
||||||
|
ENTRYPOINT [ "/manager" ]
|
19
cluster-api-provider-rke2-controlplane-image/_service
Normal file
19
cluster-api-provider-rke2-controlplane-image/_service
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
<services>
|
||||||
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
|
||||||
|
<param name="package">cluster-api-provider-rke2-control-plane</param>
|
||||||
|
<param name="parse-version">patch</param>
|
||||||
|
</service>
|
||||||
|
<service name="replace_using_env" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
|
<param name="var">IMG_PREFIX</param>
|
||||||
|
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||||
|
<param name="var">IMG_REPO</param>
|
||||||
|
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||||
|
<param name="var">SUPPORT_LEVEL</param>
|
||||||
|
</service>
|
||||||
|
</services>
|
23
cluster-api-provider-rke2/_service
Normal file
23
cluster-api-provider-rke2/_service
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
<services>
|
||||||
|
<service name="obs_scm">
|
||||||
|
<param name="url">https://github.com/rancher-sandbox/cluster-api-provider-rke2</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="revision">v0.8.0</param>
|
||||||
|
<param name="version">_auto_</param>
|
||||||
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
<param name="changesauthor">steven.hardy@suse.com</param>
|
||||||
|
<param name="match-tag">v*</param>
|
||||||
|
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
|
||||||
|
<param name="without-version">yes</param>
|
||||||
|
<param name="versionrewrite-replacement">\1</param>
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="tar" />
|
||||||
|
<service mode="buildtime" name="recompress">
|
||||||
|
<param name="file">*.tar</param>
|
||||||
|
<param name="compression">gz</param>
|
||||||
|
</service>
|
||||||
|
<service name="go_modules">
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="set_version" />
|
||||||
|
</services>
|
61
cluster-api-provider-rke2/cluster-api-provider-rke2.spec
Normal file
61
cluster-api-provider-rke2/cluster-api-provider-rke2.spec
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
#
|
||||||
|
# spec file for package cluster-api-provider-rke2
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: cluster-api-provider-rke2
|
||||||
|
Version: 0.8.0
|
||||||
|
Release: 0
|
||||||
|
Summary: Cluster API provider for RKE2
|
||||||
|
License: Apache-2.0
|
||||||
|
URL: https://github.com/rancher-sandbox/cluster-api-provider-rke2
|
||||||
|
Source: cluster-api-provider-rke2-%{version}.tar.gz
|
||||||
|
Source1: vendor.tar.gz
|
||||||
|
BuildRequires: golang(API) = 1.22
|
||||||
|
ExcludeArch: s390
|
||||||
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
%description
|
||||||
|
|
||||||
|
Cluster API provider for RKE2
|
||||||
|
|
||||||
|
%package bootstrap
|
||||||
|
Summary: Cluster API bootstrap controller for RKE2
|
||||||
|
%description bootstrap
|
||||||
|
Cluster API bootstrap controller for RKE2
|
||||||
|
|
||||||
|
%package control-plane
|
||||||
|
Summary: Cluster API control-plane controller for RKE2
|
||||||
|
%description control-plane
|
||||||
|
Cluster API control-plane controller for RKE2
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -a1 -n cluster-api-provider-rke2-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
make managers
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -D -m0755 bin/rke2-bootstrap-manager %{buildroot}%{_bindir}/rke2-bootstrap-manager
|
||||||
|
install -D -m0755 bin/rke2-control-plane-manager %{buildroot}%{_bindir}/rke2-control-plane-manager
|
||||||
|
|
||||||
|
%files bootstrap
|
||||||
|
%{_bindir}/rke2-bootstrap-manager
|
||||||
|
|
||||||
|
%files control-plane
|
||||||
|
%{_bindir}/rke2-control-plane-manager
|
||||||
|
|
||||||
|
%changelog
|
23
cluster-api/_service
Normal file
23
cluster-api/_service
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
<services>
|
||||||
|
<service name="obs_scm">
|
||||||
|
<param name="url">https://github.com/kubernetes-sigs/cluster-api</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="revision">v1.8.4</param>
|
||||||
|
<param name="version">_auto_</param>
|
||||||
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
<param name="changesauthor">steven.hardy@suse.com</param>
|
||||||
|
<param name="match-tag">v*</param>
|
||||||
|
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
|
||||||
|
<param name="without-version">yes</param>
|
||||||
|
<param name="versionrewrite-replacement">\1</param>
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="tar" />
|
||||||
|
<service mode="buildtime" name="recompress">
|
||||||
|
<param name="file">*.tar</param>
|
||||||
|
<param name="compression">gz</param>
|
||||||
|
</service>
|
||||||
|
<service name="go_modules">
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="set_version" />
|
||||||
|
</services>
|
51
cluster-api/cluster-api.spec
Normal file
51
cluster-api/cluster-api.spec
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
#
|
||||||
|
# spec file for package cluster-api
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: cluster-api
|
||||||
|
Version: 1.8.4
|
||||||
|
Release: 0
|
||||||
|
Summary: Cluster API Core Controller
|
||||||
|
License: Apache-2.0
|
||||||
|
URL: https://github.com/kubernetes-sigs/cluster-api
|
||||||
|
Source: cluster-api-%{version}.tar.gz
|
||||||
|
Source1: vendor.tar.gz
|
||||||
|
BuildRequires: golang(API) = 1.22
|
||||||
|
ExcludeArch: s390
|
||||||
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
%description
|
||||||
|
|
||||||
|
Cluster API core controller
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -a1 -n cluster-api-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
go build \
|
||||||
|
-mod=vendor \
|
||||||
|
-buildmode=pie \
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -D -m0755 cluster-api %{buildroot}%{_bindir}/cluster-api-controller
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%doc README.md
|
||||||
|
%{_bindir}/cluster-api-controller
|
||||||
|
|
||||||
|
%changelog
|
@ -7,14 +7,10 @@
|
|||||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
||||||
<param name="var">IMG_REPO</param>
|
<param name="var">IMG_REPO</param>
|
||||||
<param name="file">artifacts.yaml</param>
|
<param name="file">artifacts.yaml</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
|
||||||
<param name="var">IMG_PREFIX</param>
|
|
||||||
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
|
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
|
||||||
<param name="var">CHART_REPO</param>
|
<param name="var">CHART_REPO</param>
|
||||||
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
|
||||||
<param name="var">SUPPORT_LEVEL</param>
|
<param name="var">SUPPORT_LEVEL</param>
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
metallb:
|
metallb:
|
||||||
chart: metallb-chart
|
chart: metallb-chart
|
||||||
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
|
repository: %%CHART_REPO%%/3.1
|
||||||
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
|
version: 0.14.9
|
||||||
endpoint-copier-operator:
|
endpoint-copier-operator:
|
||||||
chart: endpoint-copier-operator-chart
|
chart: endpoint-copier-operator-chart
|
||||||
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
|
repository: %%CHART_REPO%%/3.1
|
||||||
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
|
version: 0.2.1
|
||||||
kubernetes:
|
kubernetes:
|
||||||
k3s:
|
k3s:
|
||||||
selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
|
selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
|
||||||
@ -13,3 +13,4 @@ kubernetes:
|
|||||||
rke2:
|
rke2:
|
||||||
selinuxPackage: rke2-selinux
|
selinuxPackage: rke2-selinux
|
||||||
selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
|
selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
|
||||||
|
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
|
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1
|
||||||
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1-%RELEASE%
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: v0.2.0
|
appVersion: v0.2.0
|
||||||
description: A Helm chart for Kubernetes
|
description: A Helm chart for Kubernetes
|
||||||
name: endpoint-copier-operator
|
name: endpoint-copier-operator
|
||||||
type: application
|
type: application
|
||||||
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
|
version: 0.2.1
|
||||||
|
@ -11,7 +11,5 @@
|
|||||||
<param name="file">Chart.yaml</param>
|
<param name="file">Chart.yaml</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
<param name="var">IMG_PREFIX</param>
|
<param name="var">IMG_PREFIX</param>
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
@ -1,58 +0,0 @@
|
|||||||
# SPDX-License-Identifier: MIT
|
|
||||||
#!BuildTag: %%IMG_PREFIX%%frr:8.4
|
|
||||||
#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
|
|
||||||
#!BuildVersion: 15.5
|
|
||||||
ARG SLE_VERSION
|
|
||||||
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
|
||||||
|
|
||||||
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
|
||||||
COPY --from=micro / /installroot/
|
|
||||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
|
|
||||||
|
|
||||||
FROM micro AS final
|
|
||||||
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
|
||||||
# labelprefix=com.suse.application.frr
|
|
||||||
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
|
||||||
LABEL org.opencontainers.image.title="FRR Container Image"
|
|
||||||
LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
|
|
||||||
LABEL org.opencontainers.image.version="8.4"
|
|
||||||
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
|
||||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
|
||||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
|
||||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
|
|
||||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
|
||||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
|
||||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
|
||||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
|
||||||
LABEL com.suse.image-type="application"
|
|
||||||
LABEL com.suse.release-stage="released"
|
|
||||||
# endlabelprefix
|
|
||||||
|
|
||||||
COPY --from=base /installroot /
|
|
||||||
|
|
||||||
#Install frr
|
|
||||||
USER root
|
|
||||||
|
|
||||||
ENV PYTHONDONTWRITEBYTECODE yes
|
|
||||||
|
|
||||||
# frr.sh is the entry point. This script examines environment
|
|
||||||
# variables to direct operation and configure ovn
|
|
||||||
ADD frr.sh /root/
|
|
||||||
ADD daemons /etc/frr
|
|
||||||
ADD frr.conf /etc/frr
|
|
||||||
ADD vtysh.conf /etc/frr
|
|
||||||
|
|
||||||
RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
|
|
||||||
|
|
||||||
RUN ln -s /usr/bin/catatonit /sbin/tini
|
|
||||||
RUN usermod -a -G frrvty frr
|
|
||||||
|
|
||||||
COPY docker-start /usr/libexec/frr/docker-start
|
|
||||||
RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
|
|
||||||
|
|
||||||
WORKDIR /root
|
|
||||||
ENTRYPOINT ["/sbin/tini", "--"]
|
|
||||||
|
|
||||||
COPY docker-start /usr/lib/frr/docker-start
|
|
||||||
RUN chmod +x /usr/lib/frr/docker-start
|
|
||||||
CMD ["/usr/lib/frr/docker-start"]
|
|
@ -1,82 +0,0 @@
|
|||||||
# This file tells the frr package which daemons to start.
|
|
||||||
#
|
|
||||||
# Entries are in the format: <daemon>=(yes|no|priority)
|
|
||||||
# 0, "no" = disabled
|
|
||||||
# 1, "yes" = highest priority
|
|
||||||
# 2 .. 10 = lower priorities
|
|
||||||
#
|
|
||||||
# For daemons which support multiple instances, a 2nd line listing
|
|
||||||
# the instances can be added. Eg for ospfd:
|
|
||||||
# ospfd=yes
|
|
||||||
# ospfd_instances="1,2"
|
|
||||||
#
|
|
||||||
# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
|
|
||||||
# They're used to start the FRR daemons in more than one step
|
|
||||||
# (for example start one or two at network initialization and the
|
|
||||||
# rest later). The number of FRR daemons being small, priorities
|
|
||||||
# must be between 1 and 9, inclusive (or the initscript has to be
|
|
||||||
# changed). /etc/init.d/frr then can be started as
|
|
||||||
#
|
|
||||||
# /etc/init.d/frr <start|stop|restart|<priority>>
|
|
||||||
#
|
|
||||||
# where priority 0 is the same as 'stop', priority 10 or 'start'
|
|
||||||
# means 'start all'
|
|
||||||
#
|
|
||||||
# Sample configurations for these daemons can be found in
|
|
||||||
# /usr/share/doc/frr/examples/.
|
|
||||||
#
|
|
||||||
# ATTENTION:
|
|
||||||
#
|
|
||||||
# When activation a daemon at the first time, a config file, even if it is
|
|
||||||
# empty, has to be present *and* be owned by the user and group "frr", else
|
|
||||||
# the daemon will not be started by /etc/init.d/frr. The permissions should
|
|
||||||
# be u=rw,g=r,o=.
|
|
||||||
# When using "vtysh" such a config file is also needed. It should be owned by
|
|
||||||
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
|
|
||||||
#
|
|
||||||
watchfrr_enable=yes
|
|
||||||
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
|
|
||||||
#
|
|
||||||
zebra=yes
|
|
||||||
bgpd=yes
|
|
||||||
ospfd=no
|
|
||||||
ospf6d=no
|
|
||||||
ripd=no
|
|
||||||
ripngd=no
|
|
||||||
isisd=no
|
|
||||||
pimd=no
|
|
||||||
nhrpd=no
|
|
||||||
eigrpd=no
|
|
||||||
sharpd=no
|
|
||||||
pbrd=no
|
|
||||||
staticd=yes
|
|
||||||
bfdd=yes
|
|
||||||
fabricd=no
|
|
||||||
|
|
||||||
#
|
|
||||||
# Command line options for the daemons
|
|
||||||
#
|
|
||||||
zebra_options=("-A 127.0.0.1")
|
|
||||||
bgpd_options=("-A 127.0.0.1")
|
|
||||||
ospfd_options=("-A 127.0.0.1")
|
|
||||||
ospf6d_options=("-A ::1")
|
|
||||||
ripd_options=("-A 127.0.0.1")
|
|
||||||
ripngd_options=("-A ::1")
|
|
||||||
isisd_options=("-A 127.0.0.1")
|
|
||||||
pimd_options=("-A 127.0.0.1")
|
|
||||||
nhrpd_options=("-A 127.0.0.1")
|
|
||||||
eigrpd_options=("-A 127.0.0.1")
|
|
||||||
sharpd_options=("-A 127.0.0.1")
|
|
||||||
pbrd_options=("-A 127.0.0.1")
|
|
||||||
staticd_options=("-A 127.0.0.1")
|
|
||||||
bfdd_options=("-A 127.0.0.1")
|
|
||||||
fabricd_options=("-A 127.0.0.1")
|
|
||||||
|
|
||||||
#
|
|
||||||
# If the vtysh_enable is yes, then the unified config is read
|
|
||||||
# and applied if it exists. If no unified frr.conf exists
|
|
||||||
# then the per-daemon <daemon>.conf files are used)
|
|
||||||
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
|
|
||||||
# it is highly suggested to have this set to yes
|
|
||||||
vtysh_enable=yes
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
source /usr/lib/frr/frrcommon.sh
|
|
||||||
/usr/lib/frr/watchfrr $(daemon_list)
|
|
@ -1,53 +0,0 @@
|
|||||||
frr defaults traditional
|
|
||||||
log file /var/log/frr/frr.log
|
|
||||||
log syslog informational
|
|
||||||
log stdout debugging
|
|
||||||
ipv6 forwarding
|
|
||||||
service integrated-vtysh-config
|
|
||||||
!
|
|
||||||
debug bgp updates in
|
|
||||||
debug bgp updates out
|
|
||||||
debug bgp zebra
|
|
||||||
!
|
|
||||||
interface eth0
|
|
||||||
no ipv6 nd suppress-ra
|
|
||||||
ipv6 nd ra-interval 10
|
|
||||||
!
|
|
||||||
router bgp OCPASN
|
|
||||||
bgp router-id OCPROUTERID
|
|
||||||
bgp bestpath as-path multipath-relax
|
|
||||||
bgp bestpath compare-routerid
|
|
||||||
!
|
|
||||||
neighbor OCPnodes peer-group
|
|
||||||
neighbor OCPnodes description Internal OCP Nodes
|
|
||||||
neighbor OCPnodes remote-as OCPASN
|
|
||||||
neighbor OCPnodes bfd
|
|
||||||
neighbor OCPnodes capability extended-nexthop
|
|
||||||
!neighbor eth0 interface peer-group OCPnodes
|
|
||||||
!neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
|
|
||||||
neighbor OCPPEER peer-group OCPnodes
|
|
||||||
!
|
|
||||||
address-family ipv4 unicast
|
|
||||||
redistribute connected
|
|
||||||
neighbor OCPnodes activate
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
address-family ipv6 unicast
|
|
||||||
redistribute connected
|
|
||||||
neighbor OCPnodes activate
|
|
||||||
neighbor OCPnodes nexthop-local unchanged
|
|
||||||
exit-address-family
|
|
||||||
!
|
|
||||||
!
|
|
||||||
bfd
|
|
||||||
peer OCPPEER vrf default interface eth0
|
|
||||||
receive-interval 2000
|
|
||||||
transmit-interval 2000
|
|
||||||
echo-mode
|
|
||||||
echo-interval 3000
|
|
||||||
no shutdown
|
|
||||||
exit
|
|
||||||
!
|
|
||||||
line vty
|
|
||||||
!
|
|
||||||
|
|
124
frr-image/frr.sh
124
frr-image/frr.sh
@ -1,124 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#set -euo pipefail
|
|
||||||
|
|
||||||
# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
|
|
||||||
if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
|
|
||||||
# The argument to the command is the operation to be performed
|
|
||||||
# frr-node display display_env
|
|
||||||
# a cmd must be provided, there is no default
|
|
||||||
cmd=${1:-""}
|
|
||||||
|
|
||||||
# The frr user id, by default it is going to be frr:frr
|
|
||||||
frr_user_id=${FRR_USER_ID:-""}
|
|
||||||
|
|
||||||
# frr options
|
|
||||||
frr_options=${FRR_OPTIONS:-""}
|
|
||||||
|
|
||||||
# This script is the entrypoint to the image.
|
|
||||||
# frr.sh version (update when API between daemonset and script changes - v.x.y)
|
|
||||||
frr_version="3"
|
|
||||||
|
|
||||||
# The daemonset version must be compatible with this script.
|
|
||||||
# The default when FRR_DAEMONSET_VERSION is not set is version 3
|
|
||||||
frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
|
|
||||||
|
|
||||||
# hostname is the host's hostname when using host networking,
|
|
||||||
# This is useful on the master
|
|
||||||
# otherwise it is the container ID (useful for debugging).
|
|
||||||
frr_pod_host=${K8S_NODE:-$(hostname)}
|
|
||||||
|
|
||||||
# The ovs user id, by default it is going to be root:root
|
|
||||||
frr_user_id=${FRR_USER_ID:-""}
|
|
||||||
|
|
||||||
# frr options
|
|
||||||
frr_options=${FRR_OPTIONS:-""}
|
|
||||||
|
|
||||||
# frr.conf variables
|
|
||||||
ocp_asn=${OCPASN:-65000}
|
|
||||||
ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
|
|
||||||
ocp_peer=${OCPPEER:-"10.10.10.1"}
|
|
||||||
|
|
||||||
FRR_ETCDIR=/etc/frr
|
|
||||||
FRR_RUNDIR=/var/run/frr
|
|
||||||
FRR_LOGDIR=/var/log/frr
|
|
||||||
|
|
||||||
# =========================================
|
|
||||||
|
|
||||||
setup_frr_permissions() {
|
|
||||||
chown -R ${frr_user_id} ${FRR_RUNDIR}
|
|
||||||
chown -R ${frr_user_id} ${FRR_LOGDIR}
|
|
||||||
chown -R ${frr_user_id} ${FRR_ETCDIR}
|
|
||||||
}
|
|
||||||
|
|
||||||
# =========================================
|
|
||||||
|
|
||||||
display_version() {
|
|
||||||
echo " =================== hostname: ${frr_pod_host}"
|
|
||||||
echo " =================== daemonset version ${frr_daemonset_version}"
|
|
||||||
if [[ -f /root/git_info ]]; then
|
|
||||||
disp_ver=$(cat /root/git_info)
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
display_env() {
|
|
||||||
echo FRR_USER_ID ${frr_user_id}
|
|
||||||
echo FRR_OPTIONS ${frr_options}
|
|
||||||
echo frr.sh version ${frr_version}
|
|
||||||
echo ocp_asn ${ocp_asn}
|
|
||||||
echo ocp_routerid ${ocp_routerid}
|
|
||||||
echo ocp_peer ${ocp_peer}
|
|
||||||
}
|
|
||||||
|
|
||||||
# frr-node - all nodes
|
|
||||||
frr-node() {
|
|
||||||
trap 'kill $(jobs -p) ; exit 0' TERM
|
|
||||||
rm -f ${FRR_RUNDIR}/frr.pid
|
|
||||||
echo "=============== frr-node ========== update frr.conf"
|
|
||||||
sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
|
|
||||||
sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
|
|
||||||
sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
|
|
||||||
|
|
||||||
#chown -R frr:frr /etc/frr
|
|
||||||
chown -R frr:frr ${FRR_RUNDIR}
|
|
||||||
echo "=============== frr-node ========== starting"
|
|
||||||
# /usr/lib/frr/frrinit.sh start
|
|
||||||
# bash -x /usr/lib/frr/frrinit.sh start
|
|
||||||
bash -x
|
|
||||||
/usr/lib/frr/frrinit.sh start
|
|
||||||
frrResult=$?
|
|
||||||
echo "=============== frrinit result is ${frrResult} "
|
|
||||||
|
|
||||||
# Sleep forever
|
|
||||||
exec tail -f /dev/null
|
|
||||||
}
|
|
||||||
|
|
||||||
echo "================== frr.sh --- version: ${frr_version} ================"
|
|
||||||
|
|
||||||
display_version
|
|
||||||
|
|
||||||
display_env
|
|
||||||
|
|
||||||
case ${cmd} in
|
|
||||||
"frr-node")
|
|
||||||
frr-node
|
|
||||||
;;
|
|
||||||
"display_env")
|
|
||||||
display_env
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
"display")
|
|
||||||
display
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "invalid command ${cmd}"
|
|
||||||
echo "valid v3 commands: frr-node display_env display "
|
|
||||||
exit 0
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit 0
|
|
36
ip-address-manager-image/Dockerfile
Normal file
36
ip-address-manager-image/Dockerfile
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
|
||||||
|
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
|
||||||
|
#!BuildVersion: 15.6
|
||||||
|
ARG SLE_VERSION
|
||||||
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
|
|
||||||
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
|
COPY --from=micro / /installroot/
|
||||||
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
|
||||||
|
|
||||||
|
FROM micro AS final
|
||||||
|
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
||||||
|
# labelprefix=com.suse.application.ip-address-manager
|
||||||
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
|
LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
|
||||||
|
LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
|
||||||
|
LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
|
||||||
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
|
||||||
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
|
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
||||||
|
LABEL com.suse.image-type="application"
|
||||||
|
LABEL com.suse.release-stage="released"
|
||||||
|
# endlabelprefix
|
||||||
|
|
||||||
|
COPY --from=base /installroot /
|
||||||
|
RUN mv /usr/bin/ip-address-manager /manager
|
||||||
|
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
|
||||||
|
USER 65532
|
||||||
|
ENTRYPOINT [ "/manager" ]
|
@ -1,6 +1,12 @@
|
|||||||
<services>
|
<services>
|
||||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
||||||
<service mode="buildtime" name="docker_label_helper"/>
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
|
<param name="file">Dockerfile</param>
|
||||||
|
<param name="regex">%%ip-address-manager_version%%</param>
|
||||||
|
<param name="package">ip-address-manager</param>
|
||||||
|
<param name="parse-version">patch</param>
|
||||||
|
</service>
|
||||||
<service name="replace_using_env" mode="buildtime">
|
<service name="replace_using_env" mode="buildtime">
|
||||||
<param name="file">Dockerfile</param>
|
<param name="file">Dockerfile</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
23
ip-address-manager/_service
Normal file
23
ip-address-manager/_service
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
<services>
|
||||||
|
<service name="obs_scm">
|
||||||
|
<param name="url">https://github.com/metal3-io/ip-address-manager</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="revision">v1.8.1</param>
|
||||||
|
<param name="version">_auto_</param>
|
||||||
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
<param name="changesauthor">steven.hardy@suse.com</param>
|
||||||
|
<param name="match-tag">v*</param>
|
||||||
|
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
|
||||||
|
<param name="without-version">yes</param>
|
||||||
|
<param name="versionrewrite-replacement">\1</param>
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="tar" />
|
||||||
|
<service mode="buildtime" name="recompress">
|
||||||
|
<param name="file">*.tar</param>
|
||||||
|
<param name="compression">gz</param>
|
||||||
|
</service>
|
||||||
|
<service name="go_modules">
|
||||||
|
</service>
|
||||||
|
<service mode="buildtime" name="set_version" />
|
||||||
|
</services>
|
51
ip-address-manager/ip-address-manager.spec
Normal file
51
ip-address-manager/ip-address-manager.spec
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
#
|
||||||
|
# spec file for package ip-address-manager
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: ip-address-manager
|
||||||
|
Version: 1.8.1
|
||||||
|
Release: 0
|
||||||
|
Summary: Metal3 IPAM controller
|
||||||
|
License: Apache-2.0
|
||||||
|
URL: https://github.com/metal3-io/ip-address-manager
|
||||||
|
Source: ip-address-manager-%{version}.tar.gz
|
||||||
|
Source1: vendor.tar.gz
|
||||||
|
BuildRequires: golang(API) = 1.22
|
||||||
|
ExcludeArch: s390
|
||||||
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
%description
|
||||||
|
|
||||||
|
Metal3 IPAM controller
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -a1 -n ip-address-manager-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
go build \
|
||||||
|
-mod=vendor \
|
||||||
|
-buildmode=pie \
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%doc README.md
|
||||||
|
%{_bindir}/ip-address-manager
|
||||||
|
|
||||||
|
%changelog
|
@ -1,6 +1,6 @@
|
|||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0
|
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%
|
||||||
#!BuildVersion: 15.6
|
#!BuildVersion: 15.6
|
||||||
|
|
||||||
ARG SLE_VERSION
|
ARG SLE_VERSION
|
||||||
@ -16,12 +16,7 @@ RUN /bin/prepare-efi.sh
|
|||||||
|
|
||||||
COPY --from=micro / /installroot/
|
COPY --from=micro / /installroot/
|
||||||
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
|
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
|
||||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs crudini openstack-ironic
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api
|
||||||
|
|
||||||
# DATABASE
|
|
||||||
RUN mkdir -p /installroot/var/lib/ironic && \
|
|
||||||
/installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
|
|
||||||
zypper --installroot /installroot --non-interactive remove sqlite3
|
|
||||||
|
|
||||||
FROM micro AS final
|
FROM micro AS final
|
||||||
MAINTAINER SUSE LLC (https://www.suse.com/)
|
MAINTAINER SUSE LLC (https://www.suse.com/)
|
||||||
@ -31,8 +26,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
|
|||||||
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
|
||||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
LABEL org.opencontainers.image.version="26.1.2.0"
|
LABEL org.opencontainers.image.version="24.1.2.0"
|
||||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%"
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"
|
||||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
@ -53,8 +48,8 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
|
|||||||
COPY mkisofs_wrapper /usr/bin/mkisofs
|
COPY mkisofs_wrapper /usr/bin/mkisofs
|
||||||
RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
|
RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
|
||||||
|
|
||||||
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
|
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/
|
||||||
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
|
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
|
||||||
RUN mkdir -p /tftpboot
|
RUN mkdir -p /tftpboot
|
||||||
RUN mkdir -p $GRUB_DIR
|
RUN mkdir -p $GRUB_DIR
|
||||||
|
|
||||||
@ -68,7 +63,7 @@ RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
|
|||||||
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
|
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
|
||||||
|
|
||||||
COPY ironic.conf.j2 /etc/ironic/
|
COPY ironic.conf.j2 /etc/ironic/
|
||||||
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
|
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/
|
||||||
COPY network-data-schema-empty.json /etc/ironic/
|
COPY network-data-schema-empty.json /etc/ironic/
|
||||||
|
|
||||||
# DNSMASQ
|
# DNSMASQ
|
||||||
@ -78,7 +73,14 @@ COPY dnsmasq.conf.j2 /etc/
|
|||||||
COPY httpd.conf.j2 /etc/httpd/conf/
|
COPY httpd.conf.j2 /etc/httpd/conf/
|
||||||
COPY httpd-modules.conf /etc/httpd/conf.modules.d/
|
COPY httpd-modules.conf /etc/httpd/conf.modules.d/
|
||||||
COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
|
COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
|
||||||
COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
|
|
||||||
|
# IRONIC-INSPECTOR #
|
||||||
|
RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
|
||||||
|
sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
|
||||||
|
sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"
|
||||||
|
|
||||||
|
COPY ironic-inspector.conf.j2 /etc/ironic-inspector/
|
||||||
|
COPY inspector-apache.conf.j2 /etc/httpd/conf.d/
|
||||||
|
|
||||||
# Workaround
|
# Workaround
|
||||||
# Removing the 010-ironic.conf file that comes with the package
|
# Removing the 010-ironic.conf file that comes with the package
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
Listen {{ env.IPXE_TLS_PORT }}
|
|
||||||
|
|
||||||
<VirtualHost *:{{ env.IPXE_TLS_PORT }}>
|
|
||||||
ErrorLog /dev/stderr
|
|
||||||
LogLevel debug
|
|
||||||
CustomLog /dev/stdout combined
|
|
||||||
|
|
||||||
SSLEngine on
|
|
||||||
SSLProtocol {{ env.IPXE_SSL_PROTOCOL }}
|
|
||||||
SSLCertificateFile {{ env.IPXE_CERT_FILE }}
|
|
||||||
SSLCertificateKeyFile {{ env.IPXE_KEY_FILE }}
|
|
||||||
|
|
||||||
<Directory "/shared/html">
|
|
||||||
Order Allow,Deny
|
|
||||||
Allow from all
|
|
||||||
</Directory>
|
|
||||||
<Directory "/shared/html/(redfish|ilo|images)/">
|
|
||||||
Order Deny,Allow
|
|
||||||
Deny from all
|
|
||||||
</Directory>
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
||||||
<Location ~ "^/grub.*/">
|
|
||||||
SSLRequireSSL
|
|
||||||
</Location>
|
|
||||||
<Location ~ "^/pxelinux.cfg/">
|
|
||||||
SSLRequireSSL
|
|
||||||
</Location>
|
|
||||||
<Location ~ "^/.*\.conf/">
|
|
||||||
SSLRequireSSL
|
|
||||||
</Location>
|
|
||||||
<Location ~ "^/(([0-9]|[a-z]).*-){4}([0-9]|[a-z]).*/">
|
|
||||||
SSLRequireSSL
|
|
||||||
</Location>
|
|
||||||
|
|
@ -10,17 +10,15 @@ Listen {{ env.VMEDIA_TLS_PORT }}
|
|||||||
SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
|
SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
|
||||||
SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
|
SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
|
||||||
|
|
||||||
<Directory ~ "/shared/html">
|
<Directory "/shared">
|
||||||
Order deny,allow
|
AllowOverride None
|
||||||
deny from all
|
Require all granted
|
||||||
</Directory>
|
</Directory>
|
||||||
<Directory ~ "/shared/html/(redfish|ilo)/">
|
|
||||||
Order allow,deny
|
<Directory "/shared/html">
|
||||||
allow from all
|
Options Indexes FollowSymLinks
|
||||||
</Directory>
|
AllowOverride None
|
||||||
<Directory ~ "/shared/html/images/">
|
Require all granted
|
||||||
Order allow,deny
|
|
||||||
allow from all
|
|
||||||
</Directory>
|
</Directory>
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
|
@ -2,39 +2,36 @@
|
|||||||
|
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
|
export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
|
||||||
|
export INSPECTOR_HTPASSWD=${INSPECTOR_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
|
||||||
|
export IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
|
||||||
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
||||||
|
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
|
||||||
# Backward compatibility
|
|
||||||
if [[ "${IRONIC_DEPLOYMENT:-}" == "Conductor" ]]; then
|
|
||||||
export IRONIC_EXPOSE_JSON_RPC=true
|
|
||||||
else
|
|
||||||
export IRONIC_EXPOSE_JSON_RPC="${IRONIC_EXPOSE_JSON_RPC:-false}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
IRONIC_HTPASSWD_FILE=/etc/ironic/htpasswd
|
IRONIC_HTPASSWD_FILE=/etc/ironic/htpasswd
|
||||||
if [[ -f "/auth/ironic/htpasswd" ]]; then
|
INSPECTOR_HTPASSWD_FILE=/etc/ironic-inspector/htpasswd
|
||||||
IRONIC_HTPASSWD=$(</auth/ironic/htpasswd)
|
|
||||||
fi
|
|
||||||
export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
|
|
||||||
|
|
||||||
configure_client_basic_auth()
|
configure_client_basic_auth()
|
||||||
{
|
{
|
||||||
local auth_config_file="/auth/$1/auth-config"
|
local auth_config_file="/auth/$1/auth-config"
|
||||||
local dest="${2:-/etc/ironic/ironic.conf}"
|
local dest="${2:-/etc/ironic/ironic.conf}"
|
||||||
if [[ -f "${auth_config_file}" ]]; then
|
if [[ -f "${auth_config_file}" ]]; then
|
||||||
# Merge configurations in the "auth" directory into the default ironic configuration file
|
# Merge configurations in the "auth" directory into the default ironic configuration file because there is no way to choose the configuration file
|
||||||
|
# when running the api as a WSGI app.
|
||||||
crudini --merge "${dest}" < "${auth_config_file}"
|
crudini --merge "${dest}" < "${auth_config_file}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_json_rpc_auth()
|
configure_json_rpc_auth()
|
||||||
{
|
{
|
||||||
if [[ "${IRONIC_EXPOSE_JSON_RPC}" == "true" ]]; then
|
export JSON_RPC_AUTH_STRATEGY="noauth"
|
||||||
if [[ -z "${IRONIC_HTPASSWD}" ]]; then
|
if [[ -n "${IRONIC_HTPASSWD}" ]]; then
|
||||||
echo "FATAL: enabling JSON RPC requires authentication"
|
if [[ "${IRONIC_DEPLOYMENT}" == "Conductor" ]]; then
|
||||||
exit 1
|
export JSON_RPC_AUTH_STRATEGY="http_basic"
|
||||||
fi
|
|
||||||
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
|
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
|
||||||
|
else
|
||||||
|
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -51,9 +48,24 @@ configure_ironic_auth()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
configure_inspector_auth()
|
||||||
|
{
|
||||||
|
local config=/etc/ironic-inspector/ironic-inspector.conf
|
||||||
|
if [[ -n "${INSPECTOR_HTPASSWD}" ]]; then
|
||||||
|
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
|
||||||
|
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "false" ]]; then
|
||||||
|
crudini --set "${config}" DEFAULT auth_strategy http_basic
|
||||||
|
crudini --set "${config}" DEFAULT http_basic_auth_user_file "${INSPECTOR_HTPASSWD_FILE}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
write_htpasswd_files()
|
write_htpasswd_files()
|
||||||
{
|
{
|
||||||
if [[ -n "${IRONIC_HTPASSWD:-}" ]]; then
|
if [[ -n "${IRONIC_HTPASSWD:-}" ]]; then
|
||||||
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
|
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
|
||||||
fi
|
fi
|
||||||
|
if [[ -n "${INSPECTOR_HTPASSWD:-}" ]]; then
|
||||||
|
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
@ -2,13 +2,14 @@
|
|||||||
|
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
|
|
||||||
|
IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
|
||||||
IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
|
IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
|
||||||
|
|
||||||
# Define the VLAN interfaces to be included in introspection report, e.g.
|
# Define the VLAN interfaces to be included in introspection report, e.g.
|
||||||
# all - all VLANs on all interfaces using LLDP information
|
# all - all VLANs on all interfaces using LLDP information
|
||||||
# <interface> - all VLANs on a particular interface using LLDP information
|
# <interface> - all VLANs on a particular interface using LLDP information
|
||||||
# <interface.vlan> - a particular VLAN on an interface, not relying on LLDP
|
# <interface.vlan> - a particular VLAN on an interface, not relying on LLDP
|
||||||
export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}}
|
export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
|
||||||
|
|
||||||
# shellcheck disable=SC1091
|
# shellcheck disable=SC1091
|
||||||
. /bin/tls-common.sh
|
. /bin/tls-common.sh
|
||||||
@ -19,17 +20,13 @@ export IRONIC_ENABLE_VLAN_INTERFACES=${IRONIC_ENABLE_VLAN_INTERFACES:-${IRONIC_I
|
|||||||
|
|
||||||
export HTTP_PORT=${HTTP_PORT:-80}
|
export HTTP_PORT=${HTTP_PORT:-80}
|
||||||
|
|
||||||
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
|
MARIADB_PASSWORD=${MARIADB_PASSWORD}
|
||||||
|
MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
|
||||||
if [[ "$IRONIC_USE_MARIADB" == "true" ]]; then
|
MARIADB_USER=${MARIADB_USER:-ironic}
|
||||||
MARIADB_PASSWORD=${MARIADB_PASSWORD}
|
MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
|
||||||
MARIADB_DATABASE=${MARIADB_DATABASE:-ironic}
|
export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
|
||||||
MARIADB_USER=${MARIADB_USER:-ironic}
|
if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
|
||||||
MARIADB_HOST=${MARIADB_HOST:-127.0.0.1}
|
|
||||||
export MARIADB_CONNECTION="mysql+pymysql://${MARIADB_USER}:${MARIADB_PASSWORD}@${MARIADB_HOST}/${MARIADB_DATABASE}?charset=utf8"
|
|
||||||
if [[ "$MARIADB_TLS_ENABLED" == "true" ]]; then
|
|
||||||
export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
|
export MARIADB_CONNECTION="${MARIADB_CONNECTION}&ssl=on&ssl_ca=${MARIADB_CACERT_FILE}"
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# TODO(dtantsur): remove the explicit default once we get
|
# TODO(dtantsur): remove the explicit default once we get
|
||||||
@ -40,6 +37,9 @@ if [[ "$NUMPROC" -lt 4 ]]; then
|
|||||||
fi
|
fi
|
||||||
export NUMWORKERS=${NUMWORKERS:-$NUMPROC}
|
export NUMWORKERS=${NUMWORKERS:-$NUMPROC}
|
||||||
|
|
||||||
|
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-true}
|
||||||
|
export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-true}
|
||||||
|
|
||||||
# Whether to enable fast_track provisioning or not
|
# Whether to enable fast_track provisioning or not
|
||||||
export IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
|
export IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
|
||||||
|
|
||||||
@ -58,14 +58,16 @@ wait_for_interface_or_ip
|
|||||||
export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
|
export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
|
||||||
|
|
||||||
export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
|
export IRONIC_BASE_URL=${IRONIC_BASE_URL:-"${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"}
|
||||||
|
export IRONIC_INSPECTOR_BASE_URL=${IRONIC_INSPECTOR_BASE_URL:-"${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_ACCESS_PORT}"}
|
||||||
|
|
||||||
if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
|
if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
|
||||||
export IRONIC_EXTERNAL_CALLBACK_URL=${IRONIC_EXTERNAL_CALLBACK_URL:-"${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"}
|
export IRONIC_EXTERNAL_CALLBACK_URL="${IRONIC_SCHEME}://${IRONIC_EXTERNAL_IP}:${IRONIC_ACCESS_PORT}"
|
||||||
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
|
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
|
||||||
export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"}
|
export IRONIC_EXTERNAL_HTTP_URL="https://${IRONIC_EXTERNAL_IP}:${VMEDIA_TLS_PORT}"
|
||||||
else
|
else
|
||||||
export IRONIC_EXTERNAL_HTTP_URL=${IRONIC_EXTERNAL_HTTP_URL:-"http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"}
|
export IRONIC_EXTERNAL_HTTP_URL="http://${IRONIC_EXTERNAL_IP}:${HTTP_PORT}"
|
||||||
fi
|
fi
|
||||||
|
export IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE="https://${IRONIC_EXTERNAL_IP}:${IRONIC_INSPECTOR_ACCESS_PORT}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
|
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
|
||||||
@ -88,32 +90,13 @@ mkdir -p /shared/ironic_prometheus_exporter
|
|||||||
|
|
||||||
configure_json_rpc_auth
|
configure_json_rpc_auth
|
||||||
|
|
||||||
if [[ -f /proc/sys/crypto/fips_enabled ]]; then
|
|
||||||
ENABLE_FIPS_IPA=$(cat /proc/sys/crypto/fips_enabled)
|
|
||||||
export ENABLE_FIPS_IPA
|
|
||||||
fi
|
|
||||||
|
|
||||||
# The original ironic.conf is empty, and can be found in ironic.conf_orig
|
# The original ironic.conf is empty, and can be found in ironic.conf_orig
|
||||||
render_j2_config /etc/ironic/ironic.conf.j2 /etc/ironic/ironic.conf
|
render_j2_config /etc/ironic/ironic.conf.j2 /etc/ironic/ironic.conf
|
||||||
|
|
||||||
|
if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
|
||||||
|
configure_client_basic_auth ironic-inspector
|
||||||
|
fi
|
||||||
configure_client_basic_auth ironic-rpc
|
configure_client_basic_auth ironic-rpc
|
||||||
|
|
||||||
# Make sure ironic traffic bypasses any proxies
|
# Make sure ironic traffic bypasses any proxies
|
||||||
export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
|
export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
|
||||||
|
|
||||||
PROBE_CURL_ARGS=
|
|
||||||
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
|
||||||
if [[ "${IRONIC_PRIVATE_PORT}" == "unix" ]]; then
|
|
||||||
PROBE_URL="http://127.0.0.1:6385"
|
|
||||||
PROBE_CURL_ARGS="--unix-socket /shared/ironic.sock"
|
|
||||||
else
|
|
||||||
PROBE_URL="http://127.0.0.1:${IRONIC_PRIVATE_PORT}"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
PROBE_URL="${IRONIC_BASE_URL}"
|
|
||||||
fi
|
|
||||||
export PROBE_CURL_ARGS
|
|
||||||
export PROBE_URL
|
|
||||||
|
|
||||||
PROBE_KIND=readiness render_j2_config /bin/ironic-probe.j2 /bin/ironic-readiness
|
|
||||||
PROBE_KIND=liveness render_j2_config /bin/ironic-probe.j2 /bin/ironic-liveness
|
|
||||||
|
@ -15,7 +15,7 @@ useradd -r -g ${NONROOT_GID} \
|
|||||||
mkdir -p /shared/html
|
mkdir -p /shared/html
|
||||||
chown "${NONROOT_UID}":"${NONROOT_GID}" /shared/html
|
chown "${NONROOT_UID}":"${NONROOT_GID}" /shared/html
|
||||||
|
|
||||||
# we'll bind mount shared ca and ironic certificate dirs here
|
# we'll bind mount shared ca and ironic/inspector certificate dirs here
|
||||||
# that need to have correct ownership as the entire ironic in BMO
|
# that need to have correct ownership as the entire ironic in BMO
|
||||||
# deployment shares a single fsGroup in manifest's securityContext
|
# deployment shares a single fsGroup in manifest's securityContext
|
||||||
mkdir -p /certs/ca
|
mkdir -p /certs/ca
|
||||||
@ -26,15 +26,17 @@ chmod 2775 /certs{,/ca}
|
|||||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/apache2
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/apache2
|
||||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /run
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /run
|
||||||
|
|
||||||
# ironic and httpd related changes
|
# ironic, inspector and httpd related changes
|
||||||
mkdir -p /etc/httpd/conf.d
|
|
||||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic /etc/httpd /etc/httpd
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic /etc/httpd /etc/httpd
|
||||||
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/ironic-inspector
|
||||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/log
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/log
|
||||||
chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
|
chmod 2775 /etc/ironic /etc/ironic-inspector /etc/httpd/conf /etc/httpd/conf.d
|
||||||
chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
|
chmod 664 /etc/ironic/* /etc/ironic-inspector/* /etc/httpd/conf/* /etc/httpd/conf.d/*
|
||||||
|
|
||||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic
|
||||||
chmod 664 /var/lib/ironic/ironic.sqlite
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ironic-inspector
|
||||||
|
chmod 2775 /var/lib/ironic /var/lib/ironic-inspector
|
||||||
|
chmod 664 /var/lib/ironic/ironic.db /var/lib/ironic-inspector/ironic-inspector.db
|
||||||
|
|
||||||
# dnsmasq, and the capabilities required to run it as non-root user
|
# dnsmasq, and the capabilities required to run it as non-root user
|
||||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/dnsmasq.conf /var/lib/dnsmasq
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /etc/dnsmasq.conf /var/lib/dnsmasq
|
||||||
@ -46,8 +48,3 @@ chmod 664 /etc/dnsmasq.conf /var/lib/dnsmasq/dnsmasq.leases
|
|||||||
touch /var/lib/ca-certificates/ca-bundle.pem.new
|
touch /var/lib/ca-certificates/ca-bundle.pem.new
|
||||||
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ca-certificates/
|
chown -R "${NONROOT_UID}":"${NONROOT_GID}" /var/lib/ca-certificates/
|
||||||
chmod -R +w /var/lib/ca-certificates/
|
chmod -R +w /var/lib/ca-certificates/
|
||||||
|
|
||||||
# probes that are created before start
|
|
||||||
touch /bin/ironic-{readi,live}ness
|
|
||||||
chown root:"${NONROOT_GID}" /bin/ironic-{readi,live}ness
|
|
||||||
chmod 775 /bin/ironic-{readi,live}ness
|
|
||||||
|
@ -29,23 +29,13 @@ dhcp-option=option{% if ":" in env["DNS_IP"] %}6{% endif %}:dns-server,{{ env["D
|
|||||||
# IPv4 Configuration:
|
# IPv4 Configuration:
|
||||||
dhcp-match=ipxe,175
|
dhcp-match=ipxe,175
|
||||||
# Client is already running iPXE; move to next stage of chainloading
|
# Client is already running iPXE; move to next stage of chainloading
|
||||||
{%- if env.IPXE_TLS_SETUP == "true" %}
|
|
||||||
# iPXE with (U)EFI
|
|
||||||
dhcp-boot=tag:efi,tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/snponly.efi
|
|
||||||
# iPXE with BIOS
|
|
||||||
dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/custom-ipxe/undionly.kpxe
|
|
||||||
{% else %}
|
|
||||||
dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/boot.ipxe
|
dhcp-boot=tag:ipxe,http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/boot.ipxe
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# Note: Need to test EFI booting
|
# Note: Need to test EFI booting
|
||||||
dhcp-match=set:efi,option:client-arch,7
|
dhcp-match=set:efi,option:client-arch,7
|
||||||
dhcp-match=set:efi,option:client-arch,9
|
dhcp-match=set:efi,option:client-arch,9
|
||||||
dhcp-match=set:efi,option:client-arch,11
|
dhcp-match=set:efi,option:client-arch,11
|
||||||
# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader do the same also if iPXE ROM boots but TLS is enabled
|
# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader
|
||||||
{%- if env.IPXE_TLS_SETUP == "true" %}
|
|
||||||
dhcp-boot=tag:efi,tag:ipxe,snponly.efi
|
|
||||||
{% endif %}
|
|
||||||
dhcp-boot=tag:efi,tag:!ipxe,snponly.efi
|
dhcp-boot=tag:efi,tag:!ipxe,snponly.efi
|
||||||
|
|
||||||
# Client is running PXE over BIOS; send BIOS version of iPXE chainloader
|
# Client is running PXE over BIOS; send BIOS version of iPXE chainloader
|
||||||
|
@ -19,6 +19,8 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
|||||||
<VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
|
<VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
|
||||||
|
|
||||||
{% if env.IRONIC_PRIVATE_PORT == "unix" %}
|
{% if env.IRONIC_PRIVATE_PORT == "unix" %}
|
||||||
ProxyPass "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
|
ProxyPass "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
|
||||||
ProxyPassReverse "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
|
ProxyPassReverse "/" "unix:/shared/ironic.sock|http://127.0.0.1/"
|
||||||
@ -27,8 +29,14 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
|||||||
ProxyPassReverse "/" "http://127.0.0.1:{{ env.IRONIC_PRIVATE_PORT }}/"
|
ProxyPassReverse "/" "http://127.0.0.1:{{ env.IRONIC_PRIVATE_PORT }}/"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% else %}
|
||||||
|
WSGIDaemonProcess ironic user=ironic group=ironic threads=10 display-name=%{GROUP}
|
||||||
|
WSGIScriptAlias / /usr/bin/ironic-api-wsgi
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
SetEnv APACHE_RUN_USER ironic-suse
|
SetEnv APACHE_RUN_USER ironic-suse
|
||||||
SetEnv APACHE_RUN_GROUP ironic-suse
|
SetEnv APACHE_RUN_GROUP ironic-suse
|
||||||
|
WSGIProcessGroup ironic-suse
|
||||||
|
|
||||||
ErrorLog /dev/stderr
|
ErrorLog /dev/stderr
|
||||||
LogLevel debug
|
LogLevel debug
|
||||||
@ -41,6 +49,7 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
|||||||
SSLCertificateKeyFile {{ env.IRONIC_KEY_FILE }}
|
SSLCertificateKeyFile {{ env.IRONIC_KEY_FILE }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if env.IRONIC_REVERSE_PROXY_SETUP | lower == "true" %}
|
||||||
<Location />
|
<Location />
|
||||||
{% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
|
{% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
|
||||||
AuthType Basic
|
AuthType Basic
|
||||||
@ -49,6 +58,22 @@ Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
|
|||||||
Require valid-user
|
Require valid-user
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</Location>
|
</Location>
|
||||||
|
{% else %}
|
||||||
|
<Directory /usr/bin >
|
||||||
|
WSGIProcessGroup ironic
|
||||||
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
AllowOverride None
|
||||||
|
|
||||||
|
{% if "IRONIC_HTPASSWD" in env and env.IRONIC_HTPASSWD | length %}
|
||||||
|
AuthType Basic
|
||||||
|
AuthName "Restricted WSGI area"
|
||||||
|
AuthUserFile "/etc/ironic/htpasswd"
|
||||||
|
Require valid-user
|
||||||
|
{% else %}
|
||||||
|
Require all granted
|
||||||
|
{% endif %}
|
||||||
|
</Directory>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
<Location ~ "^/(v1/?)?$" >
|
<Location ~ "^/(v1/?)?$" >
|
||||||
Require all granted
|
Require all granted
|
||||||
|
@ -5,6 +5,7 @@ LoadModule dir_module /usr/lib64/apache2/mod_dir.so
|
|||||||
LoadModule authz_core_module /usr/lib64/apache2/mod_authz_core.so
|
LoadModule authz_core_module /usr/lib64/apache2/mod_authz_core.so
|
||||||
#LoadModule unixd_module modules/mod_unixd.so
|
#LoadModule unixd_module modules/mod_unixd.so
|
||||||
#LoadModule mpm_event_module modules/mod_mpm_event.so
|
#LoadModule mpm_event_module modules/mod_mpm_event.so
|
||||||
|
LoadModule wsgi_module /usr/lib64/apache2/mod_wsgi.so
|
||||||
LoadModule ssl_module /usr/lib64/apache2/mod_ssl.so
|
LoadModule ssl_module /usr/lib64/apache2/mod_ssl.so
|
||||||
LoadModule env_module /usr/lib64/apache2/mod_env.so
|
LoadModule env_module /usr/lib64/apache2/mod_env.so
|
||||||
LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so
|
LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
ServerRoot "/etc/httpd"
|
ServerRoot "/etc/httpd"
|
||||||
{%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
|
{%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
|
||||||
Listen {{ env.HTTP_PORT }}
|
Listen [::]:{{ env.HTTP_PORT }}
|
||||||
{% else %}
|
{% else %}
|
||||||
Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
|
Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -5,6 +5,6 @@ echo In inspector.ipxe
|
|||||||
imgfree
|
imgfree
|
||||||
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
|
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
|
||||||
# ironic-inspector-image and configuration in configure-ironic.sh
|
# ironic-inspector-image and configuration in configure-ironic.sh
|
||||||
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
|
kernel --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
|
||||||
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
|
initrd --timeout 60000 http://{{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
|
||||||
boot
|
boot
|
||||||
|
@ -1,81 +0,0 @@
|
|||||||
#!ipxe
|
|
||||||
|
|
||||||
set attempts:int32 10
|
|
||||||
set i:int32 0
|
|
||||||
|
|
||||||
goto deploy
|
|
||||||
|
|
||||||
:deploy
|
|
||||||
imgfree
|
|
||||||
{%- if pxe_options.deployment_aki_path %}
|
|
||||||
{%- set aki_path_https_elements = pxe_options.deployment_aki_path.split(':') %}
|
|
||||||
{%- set aki_port_and_path = aki_path_https_elements[2].split('/') %}
|
|
||||||
{%- set aki_afterport = aki_port_and_path[1:]|join('/') %}
|
|
||||||
{%- set aki_path_https = ['https:', aki_path_https_elements[1], ':8084/', aki_afterport]|join %}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if pxe_options.deployment_ari_path %}
|
|
||||||
{%- set ari_path_https_elements = pxe_options.deployment_ari_path.split(':') %}
|
|
||||||
{%- set ari_port_and_path = ari_path_https_elements[2].split('/') %}
|
|
||||||
{%- set ari_afterport = ari_port_and_path[1:]|join('/') %}
|
|
||||||
{%- set ari_path_https = ['https:', ari_path_https_elements[1], ':8084/', ari_afterport]|join %}
|
|
||||||
{%- endif %}
|
|
||||||
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} selinux=0 troubleshoot=0 text {{ pxe_options.pxe_append_params|default("", true) }} BOOTIF=${mac} initrd={{ pxe_options.initrd_filename|default("deploy_ramdisk", true) }} || goto retry
|
|
||||||
|
|
||||||
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto retry
|
|
||||||
boot
|
|
||||||
|
|
||||||
:retry
|
|
||||||
iseq ${i} ${attempts} && goto fail ||
|
|
||||||
inc i
|
|
||||||
echo No response, retrying in ${i} seconds.
|
|
||||||
sleep ${i}
|
|
||||||
goto deploy
|
|
||||||
|
|
||||||
:fail
|
|
||||||
echo Failed to get a response after ${attempts} attempts
|
|
||||||
echo Powering off in 30 seconds.
|
|
||||||
sleep 30
|
|
||||||
poweroff
|
|
||||||
|
|
||||||
:boot_anaconda
|
|
||||||
imgfree
|
|
||||||
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} text {{ pxe_options.pxe_append_params|default("", true) }} inst.ks={{ pxe_options.ks_cfg_url }} {% if pxe_options.repo_url %}inst.repo={{ pxe_options.repo_url }}{% else %}inst.stage2={{ pxe_options.stage2_url }}{% endif %} initrd=ramdisk || goto boot_anaconda
|
|
||||||
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_anaconda
|
|
||||||
boot
|
|
||||||
|
|
||||||
:boot_ramdisk
|
|
||||||
imgfree
|
|
||||||
{%- if pxe_options.boot_iso_url %}
|
|
||||||
sanboot {{ pxe_options.boot_iso_url }}
|
|
||||||
{%- else %}
|
|
||||||
kernel {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ aki_path_https }} root=/dev/ram0 text {{ pxe_options.pxe_append_params|default("", true) }} {{ pxe_options.ramdisk_opts|default('', true) }} initrd=ramdisk || goto boot_ramdisk
|
|
||||||
initrd {% if pxe_options.ipxe_timeout > 0 %}--timeout {{ pxe_options.ipxe_timeout }} {% endif %}{{ ari_path_https }} || goto boot_ramdisk
|
|
||||||
boot
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
{%- if pxe_options.boot_from_volume %}
|
|
||||||
|
|
||||||
:boot_iscsi
|
|
||||||
imgfree
|
|
||||||
{% if pxe_options.username %}set username {{ pxe_options.username }}{% endif %}
|
|
||||||
{% if pxe_options.password %}set password {{ pxe_options.password }}{% endif %}
|
|
||||||
{% if pxe_options.iscsi_initiator_iqn %}set initiator-iqn {{ pxe_options.iscsi_initiator_iqn }}{% endif %}
|
|
||||||
sanhook --drive 0x80 {{ pxe_options.iscsi_boot_url }} || goto fail_iscsi_retry
|
|
||||||
{%- if pxe_options.iscsi_volumes %}{% for i, volume in enumerate(pxe_options.iscsi_volumes) %}
|
|
||||||
set username {{ volume.username }}
|
|
||||||
set password {{ volume.password }}
|
|
||||||
{%- set drive_id = 129 + i %}
|
|
||||||
sanhook --drive {{ '0x%x' % drive_id }} {{ volume.url }} || goto fail_iscsi_retry
|
|
||||||
{%- endfor %}{% endif %}
|
|
||||||
{% if pxe_options.iscsi_volumes %}set username {{ pxe_options.username }}{% endif %}
|
|
||||||
{% if pxe_options.iscsi_volumes %}set password {{ pxe_options.password }}{% endif %}
|
|
||||||
sanboot --no-describe || goto fail_iscsi_retry
|
|
||||||
|
|
||||||
:fail_iscsi_retry
|
|
||||||
echo Failed to attach iSCSI volume(s), retrying in 10 seconds.
|
|
||||||
sleep 10
|
|
||||||
goto boot_iscsi
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
:boot_whole_disk
|
|
||||||
sanboot --no-describe || exit 0
|
|
@ -6,7 +6,6 @@ IRONIC_IP="${IRONIC_IP:-}"
|
|||||||
PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
|
PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
|
||||||
PROVISIONING_IP="${PROVISIONING_IP:-}"
|
PROVISIONING_IP="${PROVISIONING_IP:-}"
|
||||||
PROVISIONING_MACS="${PROVISIONING_MACS:-}"
|
PROVISIONING_MACS="${PROVISIONING_MACS:-}"
|
||||||
IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
|
|
||||||
|
|
||||||
get_provisioning_interface()
|
get_provisioning_interface()
|
||||||
{
|
{
|
||||||
@ -73,10 +72,7 @@ wait_for_interface_or_ip()
|
|||||||
|
|
||||||
render_j2_config()
|
render_j2_config()
|
||||||
{
|
{
|
||||||
ls $1 # DEBUG
|
|
||||||
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1"
|
|
||||||
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
|
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
|
||||||
ls $2 # DEBUG
|
|
||||||
}
|
}
|
||||||
|
|
||||||
run_ironic_dbsync()
|
run_ironic_dbsync()
|
||||||
@ -90,18 +86,25 @@ run_ironic_dbsync()
|
|||||||
done
|
done
|
||||||
else
|
else
|
||||||
# SQLite does not support some statements. Fortunately, we can just create
|
# SQLite does not support some statements. Fortunately, we can just create
|
||||||
# the schema in one go if not already created, instead of going through an upgrade
|
# the schema in one go instead of going through an upgrade.
|
||||||
DB_VERSION="$(ironic-dbsync --config-file /etc/ironic/ironic.conf version)"
|
|
||||||
if [[ "${DB_VERSION}" == "None" ]]; then
|
|
||||||
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
|
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Use the special value "unix" for unix sockets
|
# Use the special value "unix" for unix sockets
|
||||||
export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-unix}
|
export IRONIC_PRIVATE_PORT=${IRONIC_PRIVATE_PORT:-6388}
|
||||||
|
export IRONIC_INSPECTOR_PRIVATE_PORT=${IRONIC_INSPECTOR_PRIVATE_PORT:-5049}
|
||||||
|
|
||||||
export IRONIC_ACCESS_PORT=${IRONIC_ACCESS_PORT:-6385}
|
export IRONIC_ACCESS_PORT=${IRONIC_ACCESS_PORT:-6385}
|
||||||
export IRONIC_LISTEN_PORT=${IRONIC_LISTEN_PORT:-$IRONIC_ACCESS_PORT}
|
export IRONIC_LISTEN_PORT=${IRONIC_LISTEN_PORT:-$IRONIC_ACCESS_PORT}
|
||||||
|
|
||||||
export IRONIC_ENABLE_DISCOVERY=${IRONIC_ENABLE_DISCOVERY:-${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}}
|
export IRONIC_INSPECTOR_ACCESS_PORT=${IRONIC_INSPECTOR_ACCESS_PORT:-5050}
|
||||||
|
export IRONIC_INSPECTOR_LISTEN_PORT=${IRONIC_INSPECTOR_LISTEN_PORT:-$IRONIC_INSPECTOR_ACCESS_PORT}
|
||||||
|
|
||||||
|
# If this is false, built-in inspection is used.
|
||||||
|
export USE_IRONIC_INSPECTOR=${USE_IRONIC_INSPECTOR:-true}
|
||||||
|
export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
|
||||||
|
if [[ "${USE_IRONIC_INSPECTOR}" != "true" ]] && [[ "${IRONIC_INSPECTOR_ENABLE_DISCOVERY}" == "true" ]]; then
|
||||||
|
echo "Discovery is only supported with ironic-inspector at this point"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
@ -1,9 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -eu -o pipefail
|
|
||||||
|
|
||||||
curl -sSf {{ env.PROBE_CURL_ARGS }} "{{ env.PROBE_URL }}"
|
|
||||||
|
|
||||||
# TODO(dtantsur): when PROBE_KIND==readiness, try the conductor and driver API
|
|
||||||
# to make sure the conductor is ready. This requires having access to secrets
|
|
||||||
# since these endpoints are authenticated.
|
|
@ -1,22 +1,28 @@
|
|||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
|
{% if env.AUTH_STRATEGY is defined %}
|
||||||
|
auth_strategy = {{ env.AUTH_STRATEGY }}
|
||||||
|
{% if env.AUTH_STRATEGY == "http_basic" %}
|
||||||
|
http_basic_auth_user_file=/etc/ironic/htpasswd
|
||||||
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
auth_strategy = noauth
|
auth_strategy = noauth
|
||||||
|
{% endif %}
|
||||||
debug = true
|
debug = true
|
||||||
default_deploy_interface = direct
|
default_deploy_interface = direct
|
||||||
default_inspect_interface = agent
|
default_inspect_interface = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %}
|
||||||
default_network_interface = noop
|
default_network_interface = noop
|
||||||
enabled_bios_interfaces = no-bios,redfish,idrac-redfish,irmc,ilo
|
enabled_bios_interfaces = idrac-wsman,no-bios,redfish,idrac-redfish,irmc,ilo
|
||||||
enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media,redfish-https
|
enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media
|
||||||
enabled_deploy_interfaces = direct,fake,ramdisk,custom-agent
|
enabled_deploy_interfaces = direct,fake,ramdisk,custom-agent
|
||||||
enabled_firmware_interfaces = no-firmware,fake,redfish
|
|
||||||
# NOTE(dtantsur): when changing this, make sure to update the driver
|
# NOTE(dtantsur): when changing this, make sure to update the driver
|
||||||
# dependencies in Dockerfile.
|
# dependencies in Dockerfile.
|
||||||
enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
|
enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
|
||||||
enabled_inspect_interfaces = agent,irmc,fake,redfish,ilo
|
enabled_inspect_interfaces = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %},idrac-wsman,irmc,fake,redfish,ilo
|
||||||
enabled_management_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
|
enabled_management_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
|
||||||
enabled_network_interfaces = noop
|
enabled_power_interfaces = ipmitool,idrac-wsman,irmc,fake,redfish,idrac-redfish,ilo
|
||||||
enabled_power_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo
|
enabled_raid_interfaces = no-raid,irmc,agent,fake,idrac-wsman,redfish,idrac-redfish,ilo5
|
||||||
enabled_raid_interfaces = no-raid,irmc,agent,fake,redfish,idrac-redfish,ilo5
|
enabled_vendor_interfaces = no-vendor,ipmitool,idrac-wsman,idrac-redfish,redfish,ilo,fake
|
||||||
enabled_vendor_interfaces = no-vendor,ipmitool,idrac-redfish,redfish,ilo,fake
|
enabled_firmware_interfaces = no-firmware,fake,redfish
|
||||||
{% if env.IRONIC_EXPOSE_JSON_RPC | lower == "true" %}
|
{% if env.IRONIC_EXPOSE_JSON_RPC | lower == "true" %}
|
||||||
rpc_transport = json-rpc
|
rpc_transport = json-rpc
|
||||||
{% else %}
|
{% else %}
|
||||||
@ -26,7 +32,14 @@ use_stderr = true
|
|||||||
# NOTE(dtantsur): the default md5 is not compatible with FIPS mode
|
# NOTE(dtantsur): the default md5 is not compatible with FIPS mode
|
||||||
hash_ring_algorithm = sha256
|
hash_ring_algorithm = sha256
|
||||||
my_ip = {{ env.IRONIC_IP }}
|
my_ip = {{ env.IRONIC_IP }}
|
||||||
|
{% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
|
||||||
|
# if access is unauthenticated, we bind only to localhost - use that as the
|
||||||
|
# host name also, so that the client can find the server
|
||||||
|
# If we run both API and conductor in the same pod, use localhost
|
||||||
|
host = localhost
|
||||||
|
{% else %}
|
||||||
host = {{ env.IRONIC_CONDUCTOR_HOST }}
|
host = {{ env.IRONIC_CONDUCTOR_HOST }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# If a path to a certificate is defined, use that first for webserver
|
# If a path to a certificate is defined, use that first for webserver
|
||||||
{% if env.WEBSERVER_CACERT_FILE %}
|
{% if env.WEBSERVER_CACERT_FILE %}
|
||||||
@ -83,7 +96,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
|
|||||||
# Power state is checked every 60 seconds and BMC activity should
|
# Power state is checked every 60 seconds and BMC activity should
|
||||||
# be avoided more often than once every sixty seconds.
|
# be avoided more often than once every sixty seconds.
|
||||||
send_sensor_data_interval = 160
|
send_sensor_data_interval = 160
|
||||||
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp.img
|
bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
|
||||||
verify_step_priority_override = management.clear_job_queue:90
|
verify_step_priority_override = management.clear_job_queue:90
|
||||||
# We don't use this feature, and it creates an additional load on the database
|
# We don't use this feature, and it creates an additional load on the database
|
||||||
node_history = False
|
node_history = False
|
||||||
@ -112,7 +125,7 @@ default_boot_option = local
|
|||||||
erase_devices_metadata_priority = 10
|
erase_devices_metadata_priority = 10
|
||||||
erase_devices_priority = 0
|
erase_devices_priority = 0
|
||||||
http_root = /shared/html/
|
http_root = /shared/html/
|
||||||
http_url = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
|
http_url = {{ env.IRONIC_BOOT_BASE_URL }}
|
||||||
fast_track = {{ env.IRONIC_FAST_TRACK }}
|
fast_track = {{ env.IRONIC_FAST_TRACK }}
|
||||||
{% if env.IRONIC_BOOT_ISO_SOURCE %}
|
{% if env.IRONIC_BOOT_ISO_SOURCE %}
|
||||||
ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
|
ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
|
||||||
@ -130,22 +143,26 @@ external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
|
|||||||
dhcp_provider = none
|
dhcp_provider = none
|
||||||
|
|
||||||
[inspector]
|
[inspector]
|
||||||
# NOTE(dtantsur): we properly configure the "unmanaged" inspection boot (i.e.
|
|
||||||
# booting IPA through a separate inspector.ipxe rather than the driver's boot
|
|
||||||
# interface), so managed boot is not required.
|
|
||||||
require_managed_boot = False
|
|
||||||
power_off = {{ false if env.IRONIC_FAST_TRACK == "true" else true }}
|
power_off = {{ false if env.IRONIC_FAST_TRACK == "true" else true }}
|
||||||
# NOTE(dtantsur): keep inspection arguments synchronized with inspector.ipxe
|
# NOTE(dtantsur): keep inspection arguments synchronized with inspector.ipxe
|
||||||
# Also keep in mind that only parameters unique for inspection go here.
|
# Also keep in mind that only parameters unique for inspection go here.
|
||||||
# No need to duplicate pxe_append_params/kernel_append_params.
|
# No need to duplicate pxe_append_params/kernel_append_params.
|
||||||
extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1
|
extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
||||||
|
|
||||||
|
{% if env.USE_IRONIC_INSPECTOR == "true" %}
|
||||||
|
endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
|
||||||
|
{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" %}
|
||||||
|
cafile = {{ env.IRONIC_INSPECTOR_CACERT_FILE }}
|
||||||
|
insecure = {{ env.IRONIC_INSPECTOR_INSECURE }}
|
||||||
|
{% endif %}
|
||||||
|
{% if env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE %}
|
||||||
|
callback_endpoint_override = {{ env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE }}
|
||||||
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
hooks = $default_hooks,parse-lldp
|
hooks = $default_hooks,parse-lldp
|
||||||
add_ports = all
|
add_ports = all
|
||||||
keep_ports = present
|
keep_ports = present
|
||||||
|
{% endif %}
|
||||||
[auto_discovery]
|
|
||||||
enabled = {{ env.IRONIC_ENABLE_DISCOVERY }}
|
|
||||||
driver = ipmi
|
|
||||||
|
|
||||||
[ipmi]
|
[ipmi]
|
||||||
# use_ipmitool_retries transfers the responsibility of retrying to ipmitool
|
# use_ipmitool_retries transfers the responsibility of retrying to ipmitool
|
||||||
@ -174,9 +191,15 @@ cipher_suite_versions = 3,17
|
|||||||
# authentication over localhost, using the same credentials as API, to prevent
|
# authentication over localhost, using the same credentials as API, to prevent
|
||||||
# unauthenticated connections from other processes in the same host since the
|
# unauthenticated connections from other processes in the same host since the
|
||||||
# containers are in host networking.
|
# containers are in host networking.
|
||||||
auth_strategy = http_basic
|
auth_strategy = {{ env.JSON_RPC_AUTH_STRATEGY }}
|
||||||
http_basic_auth_user_file = /etc/ironic/htpasswd-rpc
|
http_basic_auth_user_file = /etc/ironic/htpasswd-rpc
|
||||||
|
{% if env.IRONIC_DEPLOYMENT == "Conductor" and env.JSON_RPC_AUTH_STRATEGY == "noauth" %}
|
||||||
|
# if access is unauthenticated, we bind only to localhost - use that as the
|
||||||
|
# host name also, so that the client can find the server
|
||||||
|
host_ip = localhost
|
||||||
|
{% else %}
|
||||||
host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
|
host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
|
||||||
|
{% endif %}
|
||||||
{% if env.IRONIC_TLS_SETUP == "true" %}
|
{% if env.IRONIC_TLS_SETUP == "true" %}
|
||||||
use_ssl = true
|
use_ssl = true
|
||||||
cafile = {{ env.IRONIC_CACERT_FILE }}
|
cafile = {{ env.IRONIC_CACERT_FILE }}
|
||||||
@ -201,27 +224,24 @@ images_path = /shared/html/tmp
|
|||||||
instance_master_path = /shared/html/master_images
|
instance_master_path = /shared/html/master_images
|
||||||
tftp_master_path = /shared/tftpboot/master_images
|
tftp_master_path = /shared/tftpboot/master_images
|
||||||
tftp_root = /shared/tftpboot
|
tftp_root = /shared/tftpboot
|
||||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||||
# This makes networking boot templates generated even for nodes using local
|
# This makes networking boot templates generated even for nodes using local
|
||||||
# boot (the default), ensuring that they boot correctly even if they start
|
# boot (the default), ensuring that they boot correctly even if they start
|
||||||
# netbooting for some reason (e.g. with the noop management interface).
|
# netbooting for some reason (e.g. with the noop management interface).
|
||||||
enable_netboot_fallback = true
|
enable_netboot_fallback = true
|
||||||
# Enable the fallback path to in-band inspection
|
# Enable the fallback path to in-band inspection
|
||||||
ipxe_fallback_script = inspector.ipxe
|
ipxe_fallback_script = inspector.ipxe
|
||||||
{% if env.IPXE_TLS_SETUP | lower == "true" %}
|
|
||||||
ipxe_config_template = /tmp/ipxe_config.template
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
[redfish]
|
[redfish]
|
||||||
use_swift = false
|
use_swift = false
|
||||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||||
|
|
||||||
[ilo]
|
[ilo]
|
||||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||||
use_web_server_for_images = true
|
use_web_server_for_images = true
|
||||||
|
|
||||||
[irmc]
|
[irmc]
|
||||||
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.ENABLE_FIPS_IPA %}fips={{ env.ENABLE_FIPS_IPA|trim }}{% endif %} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes net.ifnames={{ '0' if env.PREDICTABLE_NIC_NAMES == 'false' else '1' }}
|
kernel_append_params = nofb nomodeset vga=normal ipa-insecure={{ env.IPA_INSECURE }} {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} systemd.journald.forward_to_console=yes
|
||||||
|
|
||||||
[service_catalog]
|
[service_catalog]
|
||||||
endpoint_override = {{ env.IRONIC_BASE_URL }}
|
endpoint_override = {{ env.IRONIC_BASE_URL }}
|
||||||
|
@ -4,8 +4,6 @@ set -eux
|
|||||||
|
|
||||||
# shellcheck disable=SC1091
|
# shellcheck disable=SC1091
|
||||||
. /bin/ironic-common.sh
|
. /bin/ironic-common.sh
|
||||||
# shellcheck disable=SC1091
|
|
||||||
. /bin/tls-common.sh
|
|
||||||
|
|
||||||
export HTTP_PORT=${HTTP_PORT:-80}
|
export HTTP_PORT=${HTTP_PORT:-80}
|
||||||
DNSMASQ_EXCEPT_INTERFACE=${DNSMASQ_EXCEPT_INTERFACE:-lo}
|
DNSMASQ_EXCEPT_INTERFACE=${DNSMASQ_EXCEPT_INTERFACE:-lo}
|
||||||
@ -21,13 +19,7 @@ mkdir -p /shared/html/images
|
|||||||
mkdir -p /shared/html/pxelinux.cfg
|
mkdir -p /shared/html/pxelinux.cfg
|
||||||
|
|
||||||
# Copy files to shared mount
|
# Copy files to shared mount
|
||||||
if [[ -r "${IPXE_CUSTOM_FIRMWARE_DIR}" ]]; then
|
cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
|
||||||
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
|
|
||||||
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
|
|
||||||
"/shared/tftpboot"
|
|
||||||
else
|
|
||||||
cp /tftpboot/undionly.kpxe /tftpboot/snponly.efi /shared/tftpboot
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Template and write dnsmasq.conf
|
# Template and write dnsmasq.conf
|
||||||
# we template via /tmp as sed otherwise creates temp files in /etc directory
|
# we template via /tmp as sed otherwise creates temp files in /etc directory
|
||||||
|
@ -8,7 +8,10 @@
|
|||||||
export HTTP_PORT=${HTTP_PORT:-80}
|
export HTTP_PORT=${HTTP_PORT:-80}
|
||||||
export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
|
export VMEDIA_TLS_PORT=${VMEDIA_TLS_PORT:-8083}
|
||||||
|
|
||||||
|
INSPECTOR_ORIG_HTTPD_CONFIG=/etc/httpd/conf.d/inspector-apache.conf.j2
|
||||||
|
INSPECTOR_RESULT_HTTPD_CONFIG=/etc/httpd/conf.d/ironic-inspector.conf
|
||||||
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
|
||||||
|
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
|
||||||
|
|
||||||
# In Metal3 context they are called node images in Ironic context they are
|
# In Metal3 context they are called node images in Ironic context they are
|
||||||
# called user images.
|
# called user images.
|
||||||
@ -30,7 +33,11 @@ chmod 0777 /shared/html
|
|||||||
|
|
||||||
IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}"
|
IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}"
|
||||||
|
|
||||||
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
|
if [[ "${USE_IRONIC_INSPECTOR}" == "true" ]]; then
|
||||||
|
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_INSPECTOR_ACCESS_PORT}/v1/continue"
|
||||||
|
else
|
||||||
|
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}/v1/continue_inspection"
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then
|
if [[ "$IRONIC_FAST_TRACK" == "true" ]]; then
|
||||||
INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}"
|
INSPECTOR_EXTRA_ARGS+=" ipa-api-url=${IRONIC_BASE_URL}:${IRONIC_ACCESS_PORT}"
|
||||||
@ -44,6 +51,14 @@ cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
|
|||||||
# Render the core httpd config
|
# Render the core httpd config
|
||||||
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf
|
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf
|
||||||
|
|
||||||
|
if [[ "$USE_IRONIC_INSPECTOR" == "true" ]] && [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
|
||||||
|
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
||||||
|
render_j2_config "$INSPECTOR_ORIG_HTTPD_CONFIG" "$INSPECTOR_RESULT_HTTPD_CONFIG"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
|
if [[ "$IRONIC_TLS_SETUP" == "true" ]]; then
|
||||||
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "true" ]]; then
|
||||||
render_j2_config /tmp/httpd-ironic-api.conf.j2 /etc/httpd/conf.d/ironic.conf
|
render_j2_config /tmp/httpd-ironic-api.conf.j2 /etc/httpd/conf.d/ironic.conf
|
||||||
@ -59,14 +74,12 @@ if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
|
|||||||
render_j2_config /etc/httpd-vmedia.conf.j2 /etc/httpd/conf.d/vmedia.conf
|
render_j2_config /etc/httpd-vmedia.conf.j2 /etc/httpd/conf.d/vmedia.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Render httpd TLS configuration for /shared/html
|
# Set up inotify to kill the container (restart) whenever cert files for ironic inspector change
|
||||||
if [[ "$IPXE_TLS_SETUP" == "true" ]]; then
|
if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
|
||||||
mkdir -p /shared/html/custom-ipxe
|
# shellcheck disable=SC2034
|
||||||
chmod 0777 /shared/html/custom-ipxe
|
inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
|
||||||
render_j2_config "/etc/httpd-ipxe.conf.j2" "/etc/httpd/conf.d/ipxe.conf"
|
kill -WINCH $(pgrep httpd)
|
||||||
cp "${IPXE_CUSTOM_FIRMWARE_DIR}/undionly.kpxe" \
|
done &
|
||||||
"${IPXE_CUSTOM_FIRMWARE_DIR}/snponly.efi" \
|
|
||||||
"/shared/html/custom-ipxe"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set up inotify to kill the container (restart) whenever cert files for ironic api change
|
# Set up inotify to kill the container (restart) whenever cert files for ironic api change
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
#!/usr/bin/bash
|
#!/usr/bin/bash
|
||||||
|
|
||||||
# This setting must go before configure-ironic since it has different defaults.
|
# These settings must go before configure-ironic since it has different
|
||||||
|
# defaults.
|
||||||
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
|
export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
|
||||||
|
export IRONIC_EXPOSE_JSON_RPC=${IRONIC_EXPOSE_JSON_RPC:-false}
|
||||||
|
|
||||||
# shellcheck disable=SC1091
|
# shellcheck disable=SC1091
|
||||||
. /bin/configure-ironic.sh
|
. /bin/configure-ironic.sh
|
||||||
|
@ -1,11 +1,20 @@
|
|||||||
#!/usr/bin/bash
|
#!/usr/bin/bash
|
||||||
|
|
||||||
# Ramdisk logs path
|
# Ramdisk logs path
|
||||||
LOG_DIR="/shared/log/ironic/deploy"
|
LOG_DIRS=("/shared/log/ironic/deploy" "/shared/log/ironic-inspector/ramdisk")
|
||||||
|
|
||||||
inotifywait -m "${LOG_DIR}" -e close_write |
|
while :; do
|
||||||
while read -r path _action file; do
|
for LOG_DIR in "${LOG_DIRS[@]}"; do
|
||||||
echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"
|
if ! ls "${LOG_DIR}"/*.tar.gz 1> /dev/null 2>&1; then
|
||||||
tar -xOzvvf "${path}/${file}" | sed -e "s/^/${file}: /"
|
continue
|
||||||
rm -f "${path}/${file}"
|
fi
|
||||||
|
|
||||||
|
for fn in "${LOG_DIR}"/*.tar.gz; do
|
||||||
|
echo "************ Contents of $fn ramdisk log file bundle **************"
|
||||||
|
tar -xOzvvf "$fn" | sed -e "s/^/$(basename "$fn"): /"
|
||||||
|
rm -f "$fn"
|
||||||
done
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
@ -5,25 +5,24 @@ export IRONIC_KEY_FILE=/certs/ironic/tls.key
|
|||||||
export IRONIC_CACERT_FILE=/certs/ca/ironic/tls.crt
|
export IRONIC_CACERT_FILE=/certs/ca/ironic/tls.crt
|
||||||
export IRONIC_INSECURE=${IRONIC_INSECURE:-false}
|
export IRONIC_INSECURE=${IRONIC_INSECURE:-false}
|
||||||
export IRONIC_SSL_PROTOCOL=${IRONIC_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
|
export IRONIC_SSL_PROTOCOL=${IRONIC_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
|
||||||
export IPXE_SSL_PROTOCOL=${IPXE_SSL_PROTOCOL:-"-ALL +TLSv1.2 +TLSv1.3"}
|
|
||||||
export IRONIC_VMEDIA_SSL_PROTOCOL=${IRONIC_VMEDIA_SSL_PROTOCOL:-"ALL"}
|
export IRONIC_VMEDIA_SSL_PROTOCOL=${IRONIC_VMEDIA_SSL_PROTOCOL:-"ALL"}
|
||||||
|
|
||||||
|
export IRONIC_INSPECTOR_CERT_FILE=/certs/ironic-inspector/tls.crt
|
||||||
|
export IRONIC_INSPECTOR_KEY_FILE=/certs/ironic-inspector/tls.key
|
||||||
|
export IRONIC_INSPECTOR_CACERT_FILE=/certs/ca/ironic-inspector/tls.crt
|
||||||
|
export IRONIC_INSPECTOR_INSECURE=${IRONIC_INSPECTOR_INSECURE:-$IRONIC_INSECURE}
|
||||||
|
|
||||||
export IRONIC_VMEDIA_CERT_FILE=/certs/vmedia/tls.crt
|
export IRONIC_VMEDIA_CERT_FILE=/certs/vmedia/tls.crt
|
||||||
export IRONIC_VMEDIA_KEY_FILE=/certs/vmedia/tls.key
|
export IRONIC_VMEDIA_KEY_FILE=/certs/vmedia/tls.key
|
||||||
|
|
||||||
export IPXE_CERT_FILE=/certs/ipxe/tls.crt
|
|
||||||
export IPXE_KEY_FILE=/certs/ipxe/tls.key
|
|
||||||
|
|
||||||
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
|
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
|
||||||
|
|
||||||
export MARIADB_CACERT_FILE=/certs/ca/mariadb/tls.crt
|
export MARIADB_CACERT_FILE=/certs/ca/mariadb/tls.crt
|
||||||
|
|
||||||
export IPXE_TLS_PORT="${IPXE_TLS_PORT:-8084}"
|
|
||||||
|
|
||||||
mkdir -p /certs/ironic
|
mkdir -p /certs/ironic
|
||||||
|
mkdir -p /certs/ironic-inspector
|
||||||
mkdir -p /certs/ca/ironic
|
mkdir -p /certs/ca/ironic
|
||||||
mkdir -p /certs/ipxe
|
mkdir -p /certs/ca/ironic-inspector
|
||||||
mkdir -p /certs/vmedia
|
|
||||||
|
|
||||||
if [[ -f "$IRONIC_CERT_FILE" ]] && [[ ! -f "$IRONIC_KEY_FILE" ]]; then
|
if [[ -f "$IRONIC_CERT_FILE" ]] && [[ ! -f "$IRONIC_KEY_FILE" ]]; then
|
||||||
echo "Missing TLS Certificate key file $IRONIC_KEY_FILE"
|
echo "Missing TLS Certificate key file $IRONIC_KEY_FILE"
|
||||||
@ -34,6 +33,15 @@ if [[ ! -f "$IRONIC_CERT_FILE" ]] && [[ -f "$IRONIC_KEY_FILE" ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ ! -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
|
||||||
|
echo "Missing TLS Certificate key file $IRONIC_INSPECTOR_KEY_FILE"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [[ ! -f "$IRONIC_INSPECTOR_CERT_FILE" ]] && [[ -f "$IRONIC_INSPECTOR_KEY_FILE" ]]; then
|
||||||
|
echo "Missing TLS Certificate file $IRONIC_INSPECTOR_CERT_FILE"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ ! -f "$IRONIC_VMEDIA_KEY_FILE" ]]; then
|
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ ! -f "$IRONIC_VMEDIA_KEY_FILE" ]]; then
|
||||||
echo "Missing TLS Certificate key file $IRONIC_VMEDIA_KEY_FILE"
|
echo "Missing TLS Certificate key file $IRONIC_VMEDIA_KEY_FILE"
|
||||||
exit 1
|
exit 1
|
||||||
@ -43,15 +51,6 @@ if [[ ! -f "$IRONIC_VMEDIA_CERT_FILE" ]] && [[ -f "$IRONIC_VMEDIA_KEY_FILE" ]];
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f "$IPXE_CERT_FILE" ]] && [[ ! -f "$IPXE_KEY_FILE" ]]; then
|
|
||||||
echo "Missing TLS Certificate key file $IPXE_KEY_FILE"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [[ ! -f "$IPXE_CERT_FILE" ]] && [[ -f "$IPXE_KEY_FILE" ]]; then
|
|
||||||
echo "Missing TLS Certificate file $IPXE_CERT_FILE"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
copy_atomic()
|
copy_atomic()
|
||||||
{
|
{
|
||||||
local src="$1"
|
local src="$1"
|
||||||
@ -76,18 +75,23 @@ else
|
|||||||
export IRONIC_SCHEME="http"
|
export IRONIC_SCHEME="http"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]]; then
|
if [[ -f "$IRONIC_INSPECTOR_CERT_FILE" ]] || [[ -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
|
||||||
export IRONIC_VMEDIA_TLS_SETUP="true"
|
export IRONIC_INSPECTOR_TLS_SETUP="true"
|
||||||
|
export IRONIC_INSPECTOR_SCHEME="https"
|
||||||
|
if [[ ! -f "$IRONIC_INSPECTOR_CACERT_FILE" ]]; then
|
||||||
|
copy_atomic "$IRONIC_INSPECTOR_CERT_FILE" "$IRONIC_INSPECTOR_CACERT_FILE"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
export IRONIC_VMEDIA_TLS_SETUP="false"
|
export IRONIC_INSPECTOR_TLS_SETUP="false"
|
||||||
|
export IRONIC_INSPECTOR_SCHEME="http"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f "$IPXE_CERT_FILE" ]]; then
|
if [[ -f "$IRONIC_VMEDIA_CERT_FILE" ]]; then
|
||||||
export IPXE_SCHEME="https"
|
export IRONIC_VMEDIA_SCHEME="https"
|
||||||
export IPXE_TLS_SETUP="true"
|
export IRONIC_VMEDIA_TLS_SETUP="true"
|
||||||
else
|
else
|
||||||
export IPXE_SCHEME="http"
|
export IRONIC_VMEDIA_SCHEME="http"
|
||||||
export IPXE_TLS_SETUP="false"
|
export IRONIC_VMEDIA_TLS_SETUP="false"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f "$MARIADB_CACERT_FILE" ]]; then
|
if [[ -f "$MARIADB_CACERT_FILE" ]]; then
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0
|
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%
|
||||||
#!BuildVersion: 15.6
|
#!BuildVersion: 15.6
|
||||||
ARG SLE_VERSION
|
ARG SLE_VERSION
|
||||||
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
||||||
@ -8,7 +8,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
|||||||
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
||||||
COPY --from=micro / /installroot/
|
COPY --from=micro / /installroot/
|
||||||
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
|
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
|
||||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
|
RUN zypper --installroot /installroot --non-interactive install --no-recommends openstack-ironic-image-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
|
||||||
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
|
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
|
||||||
RUN cp /usr/bin/getopt /installroot/
|
RUN cp /usr/bin/getopt /installroot/
|
||||||
|
|
||||||
@ -19,11 +19,11 @@ FROM micro AS final
|
|||||||
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
||||||
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
|
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
|
||||||
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
|
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
|
||||||
LABEL org.opencontainers.image.version="3.0.0"
|
LABEL org.opencontainers.image.version="2.0.0"
|
||||||
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
|
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
|
||||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
||||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
||||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%"
|
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:2.0.0-%RELEASE%"
|
||||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
LABEL org.openbuildservice.disturl="%DISTURL%"
|
||||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
||||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
||||||
|
@ -3,8 +3,8 @@
|
|||||||
<service mode="buildtime" name="docker_label_helper"/>
|
<service mode="buildtime" name="docker_label_helper"/>
|
||||||
<service name="replace_using_package_version" mode="buildtime">
|
<service name="replace_using_package_version" mode="buildtime">
|
||||||
<param name="file">Dockerfile</param>
|
<param name="file">Dockerfile</param>
|
||||||
<param name="regex">%%ironic-ipa-ramdisk-x86_64_version%%</param>
|
<param name="regex">%%openstack-ironic-image-x86_64_version%%</param>
|
||||||
<param name="package">ironic-ipa-ramdisk-x86_64</param>
|
<param name="package">openstack-ironic-image-x86_64</param>
|
||||||
<param name="parse-version">patch</param>
|
<param name="parse-version">patch</param>
|
||||||
</service>
|
</service>
|
||||||
<service name="replace_using_env" mode="buildtime">
|
<service name="replace_using_env" mode="buildtime">
|
||||||
|
BIN
ironic-ipa-ramdisk/root.tar.bz2
(Stored with Git LFS)
BIN
ironic-ipa-ramdisk/root.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -1,35 +0,0 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0
|
|
||||||
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.0-%RELEASE%
|
|
||||||
FROM registry.suse.com/bci/kiwi:10.1.16
|
|
||||||
MAINTAINER SUSE LLC (https://www.suse.com/)
|
|
||||||
|
|
||||||
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
|
||||||
# labelprefix=com.suse.application.akri
|
|
||||||
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
|
||||||
LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
|
|
||||||
LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
|
|
||||||
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
|
|
||||||
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
|
|
||||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
|
||||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
|
||||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.0"
|
|
||||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
|
||||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
|
||||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
|
||||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
|
||||||
LABEL com.suse.image-type="application"
|
|
||||||
LABEL com.suse.release-stage="released"
|
|
||||||
# endlabelprefix
|
|
||||||
|
|
||||||
# Configure Kiwi to use kpartx
|
|
||||||
RUN echo -e "mapper:\n - part_mapper: kpartx" > /etc/kiwi.yml
|
|
||||||
|
|
||||||
# Copy build script into image and make it executable
|
|
||||||
ADD build-image.sh /usr/bin/build-image
|
|
||||||
RUN chmod a+x /usr/bin/build-image
|
|
||||||
|
|
||||||
# Make a directory for the standard SL Micro Kiwi definition and config file and copy them in
|
|
||||||
RUN mkdir -p /micro-sdk/defs
|
|
||||||
ADD SL-Micro.kiwi /micro-sdk/defs
|
|
||||||
ADD SL-Micro.kiwi.4096 /micro-sdk/defs
|
|
||||||
ADD config.sh /micro-sdk/defs
|
|
@ -1,59 +0,0 @@
|
|||||||
###########################
|
|
||||||
Kiwi SDK Image Instructions
|
|
||||||
###########################
|
|
||||||
|
|
||||||
Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
|
|
||||||
|
|
||||||
# setenforce 0
|
|
||||||
|
|
||||||
Next, download the podman image:
|
|
||||||
|
|
||||||
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0
|
|
||||||
|
|
||||||
Make a local output directory (where the images will reside):
|
|
||||||
|
|
||||||
# mkdir output
|
|
||||||
|
|
||||||
Then, to build a standard "Base" image, run the following in podman:
|
|
||||||
|
|
||||||
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
|
|
||||||
|
|
||||||
To build a "Base" SelfInstall ISO, you can add additional flags, for example:
|
|
||||||
|
|
||||||
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-SelfInstall
|
|
||||||
|
|
||||||
Then, to build a standard "Default" image, run the following in podman:
|
|
||||||
|
|
||||||
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default
|
|
||||||
|
|
||||||
To build a "Default" SelfInstall ISO, you can add additional flags, for example:
|
|
||||||
|
|
||||||
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall
|
|
||||||
|
|
||||||
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
|
|
||||||
|
|
||||||
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Base-RT
|
|
||||||
|
|
||||||
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
|
|
||||||
|
|
||||||
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image -p Default-SelfInstall -b
|
|
||||||
|
|
||||||
# mkdir mydefs/
|
|
||||||
# cp /path/to/SL-Micro.kiwi mydefs/
|
|
||||||
# cp /path/to/config.sh mydefs/
|
|
||||||
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.0 build-image
|
|
||||||
|
|
||||||
All output will be in the local $(pwd)/output directory, for example:
|
|
||||||
|
|
||||||
# ls -1 output/
|
|
||||||
SLE-Micro.x86_64-6.0.changes
|
|
||||||
SLE-Micro.x86_64-6.0.packages
|
|
||||||
SLE-Micro.x86_64-6.0.raw
|
|
||||||
SLE-Micro.x86_64-6.0.verified
|
|
||||||
build
|
|
||||||
kiwi.result
|
|
||||||
kiwi.result.json
|
|
||||||
|
|
||||||
Note, if you want to rebuild the image, you'll need to empty the output directory, or Kiwi will error due to existing output files:
|
|
||||||
|
|
||||||
# rm -rf output/*
|
|
@ -1,777 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
|
|
||||||
<!-- OBS-Milestone: %current_milestone -->
|
|
||||||
<!-- OBS-BcntSyncTag: SL-Micro -->
|
|
||||||
<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
|
|
||||||
<description type="system">
|
|
||||||
<author>SUSE</author>
|
|
||||||
<contact>crc@suse.com</contact>
|
|
||||||
<specification>SL Micro</specification>
|
|
||||||
</description>
|
|
||||||
<profiles>
|
|
||||||
<!-- Profiles used as dependencies of actual image profiles -->
|
|
||||||
<!-- Flavors -->
|
|
||||||
<profile name="full" description="SL Micro as KVM and Container host"/>
|
|
||||||
<profile name="container-host" description="SL Micro as Container host"/>
|
|
||||||
<profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
|
|
||||||
<!-- Platforms - support profiles -->
|
|
||||||
<profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
|
|
||||||
<profile name="self_install" description="Self Installing ISO media"/>
|
|
||||||
<!-- Platforms -->
|
|
||||||
<profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<!-- Images (flavor + platform) -->
|
|
||||||
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-vmware"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-vmware"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-encrypted"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-encrypted"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-rt-encrypted"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="aarch64-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="aarch64-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="ecs_anywhere"/>
|
|
||||||
<requires profile="x86"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="ecs_anywhere"/>
|
|
||||||
<requires profile="x86-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="rpi"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="rpi"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-rt"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-rt-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="s390-kvm"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="s390-kvm"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="s390-dasd"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="s390-dasd"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="s390-fba"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="s390-fba"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-legacy"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-qcow"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-qcow"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="aarch64-qcow"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="aarch64-qcow"/>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
|
|
||||||
<preferences profiles="x86-encrypted,x86-rt-encrypted">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
luks_version="luks2"
|
|
||||||
luks="1234"
|
|
||||||
luks_randomize="false"
|
|
||||||
luks_pbkdf="pbkdf2"
|
|
||||||
>
|
|
||||||
<luksformat>
|
|
||||||
<option name="--cipher" value="aes"/>
|
|
||||||
</luksformat>
|
|
||||||
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">4</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
<preferences profiles="x86,x86-rt">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3"/>
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="x86-self_install,x86-rt-self_install">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
installiso="true"
|
|
||||||
filesystem="btrfs"
|
|
||||||
installboot="install"
|
|
||||||
install_continue_on_timeout="false"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="rpi">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
installiso="true"
|
|
||||||
filesystem="btrfs"
|
|
||||||
installboot="install"
|
|
||||||
install_continue_on_timeout="false"
|
|
||||||
fsmountoptions="noatime"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
efipartsize="128"
|
|
||||||
editbootinstall="editbootinstall_rpi.sh"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="false"
|
|
||||||
disk_start_sector="4096"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
<preferences profiles="aarch64-self_install">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
installiso="true"
|
|
||||||
filesystem="btrfs"
|
|
||||||
installboot="install"
|
|
||||||
install_continue_on_timeout="false"
|
|
||||||
firmware="uefi"
|
|
||||||
efipartsize="128"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
disk_start_sector="4096"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="s390-kvm">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
bootpartition="true"
|
|
||||||
bootpartsize="300"
|
|
||||||
bootfilesystem="ext2"
|
|
||||||
initrd_system="dracut"
|
|
||||||
format="qcow2"
|
|
||||||
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2_s390x_emu" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">32</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
|
|
||||||
<preferences profiles="s390-dasd">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
bootpartition="true"
|
|
||||||
bootpartsize="300"
|
|
||||||
bootfilesystem="ext2"
|
|
||||||
initrd_system="dracut"
|
|
||||||
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
target_blocksize="4096"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">5</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<preferences profiles="s390-fba">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
bootpartition="true"
|
|
||||||
bootpartsize="300"
|
|
||||||
bootfilesystem="ext2"
|
|
||||||
initrd_system="dracut"
|
|
||||||
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">5</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
|
|
||||||
<preferences profiles="x86-vmware">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
format="vmdk"
|
|
||||||
firmware="uefi"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">24</size>
|
|
||||||
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
<preferences profiles="x86-qcow">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
format="qcow2"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">32</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="aarch64-qcow">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
format="qcow2"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
efipartsize="128"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">20</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<repository type="rpm-md" >
|
|
||||||
<source path='obsrepositories:/'/>
|
|
||||||
</repository>
|
|
||||||
|
|
||||||
<packages type="image" profiles="full">
|
|
||||||
<namedCollection name="base_transactional"/>
|
|
||||||
<package name="patterns-base-transactional"/>
|
|
||||||
<namedCollection name="salt_minion"/>
|
|
||||||
<package name="patterns-base-salt_minion"/>
|
|
||||||
<namedCollection name="kvm_host"/>
|
|
||||||
<package name="patterns-base-kvm_host"/>
|
|
||||||
<package name="lzop"/>
|
|
||||||
<namedCollection name="container_runtime_podman"/>
|
|
||||||
<package name="patterns-container-runtime_podman"/>
|
|
||||||
<namedCollection name="cockpit"/>
|
|
||||||
<package name="patterns-base-cockpit"/>
|
|
||||||
<namedCollection name="selinux"/>
|
|
||||||
<package name="patterns-base-selinux"/>
|
|
||||||
<package name="suseconnect-ng"/>
|
|
||||||
<package name="SL-Micro-release"/>
|
|
||||||
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
|
|
||||||
<package name="systemd-default-settings-branding-SLE-Micro"/>
|
|
||||||
<package name="firewalld"/>
|
|
||||||
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
|
|
||||||
<package name="libpwquality-tools"/>
|
|
||||||
<!-- <package name="k3s-install"/> -->
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
|
|
||||||
<!-- full disk encryption stuff -->
|
|
||||||
<package name="device-mapper"/>
|
|
||||||
<package name="cryptsetup"/>
|
|
||||||
<package name="system-user-tss"/>
|
|
||||||
<package name="libtss2-fapi1"/>
|
|
||||||
<package name="libtss2-tcti-device0"/>
|
|
||||||
<package name="tpm2.0-tools"/>
|
|
||||||
<package name="tpm2-0-tss"/>
|
|
||||||
<package name="fde-firstboot"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="container-host">
|
|
||||||
<namedCollection name="base_transactional"/>
|
|
||||||
<package name="patterns-base-transactional"/>
|
|
||||||
<namedCollection name="container_runtime_podman"/>
|
|
||||||
<package name="patterns-container-runtime_podman"/>
|
|
||||||
<namedCollection name="cockpit"/>
|
|
||||||
<package name="patterns-base-cockpit"/>
|
|
||||||
<namedCollection name="selinux"/>
|
|
||||||
<package name="patterns-base-selinux"/>
|
|
||||||
<package name="suseconnect-ng"/>
|
|
||||||
<package name="SL-Micro-release"/>
|
|
||||||
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
|
|
||||||
<package name="systemd-default-settings-branding-SLE-Micro"/>
|
|
||||||
<package name="firewalld"/>
|
|
||||||
<package name="libpwquality-tools"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="ecs_anywhere">
|
|
||||||
<package name="amazon-ssm-agent"/>
|
|
||||||
<package name="amazon-ecs-init"/>
|
|
||||||
<package name="aws-cli"/>
|
|
||||||
<package name="docker"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<!-- Ignition / Combustion everywhere, cloud-init only in selected images
|
|
||||||
<packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
|
|
||||||
<packages type="image">
|
|
||||||
<package name="ignition"/>
|
|
||||||
<package name="combustion >= 1.2"/> <!-- New firstboot mechanism -->
|
|
||||||
<package name="jeos-firstboot"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
|
|
||||||
<package name="cloud-init"/>
|
|
||||||
<package name="cloud-init-config-suse"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image">
|
|
||||||
<namedCollection name="base_transactional"/>
|
|
||||||
<package name="patterns-base-transactional"/>
|
|
||||||
<namedCollection name="hardware"/>
|
|
||||||
<package name="patterns-base-hardware"/>
|
|
||||||
<package name="grub2"/>
|
|
||||||
<package name="glibc-locale-base"/>
|
|
||||||
<package name="ca-certificates"/>
|
|
||||||
<package name="SL-Micro-release"/>
|
|
||||||
<package name="systemd-default-settings-branding-SLE-Micro"/>
|
|
||||||
<package name="firewalld"/>
|
|
||||||
<package name="NetworkManager-tui"/>
|
|
||||||
<package name="growpart-generator"/>
|
|
||||||
<package name="suse-build-key"/>
|
|
||||||
<!-- for debugging -->
|
|
||||||
<package name="less"/>
|
|
||||||
<package name="vim-small"/>
|
|
||||||
|
|
||||||
<namedCollection name="micro_defaults"/>
|
|
||||||
<package name="patterns-micro-defaults"/>
|
|
||||||
<package name="NetworkManager"/>
|
|
||||||
<package name="NetworkManager-branding-SLE"/>
|
|
||||||
<package name="ModemManager"/>
|
|
||||||
<!-- FIXME does not build without control file which is obsolete
|
|
||||||
<package name="live-add-yast-repos"/> -->
|
|
||||||
<package name="parted"/> <!-- seems missing to deploy the image -->
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="bootloader">
|
|
||||||
<package name="grub2-i386-pc" arch="x86_64"/>
|
|
||||||
<package name="grub2-x86_64-efi" arch="x86_64"/>
|
|
||||||
<package name="grub2-arm64-efi" arch="aarch64"/>
|
|
||||||
<package name="grub2-s390x-emu" arch="s390x"/>
|
|
||||||
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
|
|
||||||
<package name="grub2-snapper-plugin"/>
|
|
||||||
<package name="shim" arch="x86_64,aarch64"/>
|
|
||||||
<package name="mokutil" arch="x86_64,aarch64"/>
|
|
||||||
<!-- obsoleted by kiwi-settings
|
|
||||||
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
|
|
||||||
</packages>
|
|
||||||
<!-- rpi kernel-default-base does not provide all necessary drivers -->
|
|
||||||
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
|
|
||||||
<package name="kernel-default"/>
|
|
||||||
<package name="kernel-firmware-all"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
|
|
||||||
<package name="kernel-rt"/>
|
|
||||||
<package name="kernel-firmware-all"/>
|
|
||||||
<!-- FIXME intentionally removed from ALP code stream
|
|
||||||
<package name="cpuset"/> -->
|
|
||||||
</packages>
|
|
||||||
<!-- makes the image build, but also include kernel-default
|
|
||||||
<packages type="image" profiles="x86-rt-encrypted">
|
|
||||||
<package name="kernel-default-extra"/>
|
|
||||||
</packages> -->
|
|
||||||
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
|
|
||||||
<package name="dracut-kiwi-oem-repart"/>
|
|
||||||
<package name="blog"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
|
|
||||||
<package name="dracut-kiwi-oem-repart"/>
|
|
||||||
<package name="dracut-kiwi-oem-dump"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="image" profiles="rpi,aarch64-self_install">
|
|
||||||
<package name="raspberrypi-firmware" arch="aarch64"/>
|
|
||||||
<package name="raspberrypi-firmware-config" arch="aarch64"/>
|
|
||||||
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
|
|
||||||
<package name="u-boot-rpiarm64" arch="aarch64"/>
|
|
||||||
<package name="dracut-kiwi-oem-repart"/>
|
|
||||||
<package name="bcm43xx-firmware"/>
|
|
||||||
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
|
|
||||||
<package name="wireless-regdb"/>
|
|
||||||
<package name="wireless-tools"/>
|
|
||||||
<package name="wpa_supplicant"/>
|
|
||||||
<package name="grub2-arm64-efi"/>
|
|
||||||
<!-- kernel-default-base does not have all required drivers -->
|
|
||||||
<package name="kernel-default"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="bootstrap">
|
|
||||||
<package name="coreutils"/>
|
|
||||||
<package name="filesystem"/>
|
|
||||||
<package name="ca-certificates"/>
|
|
||||||
<package name="ca-certificates-mozilla"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<!-- bsc#1221936 -->
|
|
||||||
<packages type="image" profiles="x86-vmware">
|
|
||||||
<package name="open-vm-tools"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<!-- bsc#1221727-->
|
|
||||||
<packages type="image" profiles="x86-qcow,aarch64-qcow">
|
|
||||||
<package name="qemu-guest-agent"/>
|
|
||||||
</packages>
|
|
||||||
</image>
|
|
@ -1,784 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
|
|
||||||
<!-- OBS-Milestone: %current_milestone -->
|
|
||||||
<!-- OBS-BcntSyncTag: SL-Micro -->
|
|
||||||
<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
|
|
||||||
<description type="system">
|
|
||||||
<author>SUSE</author>
|
|
||||||
<contact>crc@suse.com</contact>
|
|
||||||
<specification>SL Micro</specification>
|
|
||||||
</description>
|
|
||||||
<profiles>
|
|
||||||
<!-- Profiles used as dependencies of actual image profiles -->
|
|
||||||
<!-- Flavors -->
|
|
||||||
<profile name="full" description="SL Micro as KVM and Container host"/>
|
|
||||||
<profile name="container-host" description="SL Micro as Container host"/>
|
|
||||||
<profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
|
|
||||||
<!-- Platforms - support profiles -->
|
|
||||||
<profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
|
|
||||||
<profile name="self_install" description="Self Installing ISO media"/>
|
|
||||||
<!-- Platforms -->
|
|
||||||
<profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
|
|
||||||
<requires profile="bootloader"/>
|
|
||||||
</profile>
|
|
||||||
<!-- Images (flavor + platform) -->
|
|
||||||
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-vmware"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-vmware"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-encrypted"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-encrypted"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-rt-encrypted"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="aarch64-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="aarch64-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="ecs_anywhere"/>
|
|
||||||
<requires profile="x86"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="ecs_anywhere"/>
|
|
||||||
<requires profile="x86-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="rpi"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="rpi"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-rt"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-rt-self_install"/>
|
|
||||||
<requires profile="self_install"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="s390-kvm"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="s390-kvm"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="s390-dasd"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="s390-dasd"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="s390-fba"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="s390-fba"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-legacy"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="x86-qcow"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="x86-qcow"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="full"/>
|
|
||||||
<requires profile="aarch64-qcow"/>
|
|
||||||
</profile>
|
|
||||||
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
|
|
||||||
<requires profile="container-host"/>
|
|
||||||
<requires profile="aarch64-qcow"/>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
|
|
||||||
<preferences profiles="x86-encrypted,x86-rt-encrypted">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
luks_version="luks2"
|
|
||||||
luks="1234"
|
|
||||||
luks_randomize="false"
|
|
||||||
luks_pbkdf="pbkdf2"
|
|
||||||
target_blocksize="4096"
|
|
||||||
efipartsize="200"
|
|
||||||
>
|
|
||||||
<luksformat>
|
|
||||||
<option name="--cipher" value="aes"/>
|
|
||||||
</luksformat>
|
|
||||||
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">4</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
<preferences profiles="x86,x86-rt">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
target_blocksize="4096"
|
|
||||||
efipartsize="200"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3"/>
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="x86-self_install,x86-rt-self_install">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
installiso="true"
|
|
||||||
filesystem="btrfs"
|
|
||||||
installboot="install"
|
|
||||||
install_continue_on_timeout="false"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
target_blocksize="4096"
|
|
||||||
efipartsize="200"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="rpi">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
installiso="true"
|
|
||||||
filesystem="btrfs"
|
|
||||||
installboot="install"
|
|
||||||
install_continue_on_timeout="false"
|
|
||||||
fsmountoptions="noatime"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
efipartsize="128"
|
|
||||||
editbootinstall="editbootinstall_rpi.sh"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="false"
|
|
||||||
disk_start_sector="4096"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
<preferences profiles="aarch64-self_install">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
initrd_system="dracut"
|
|
||||||
installiso="true"
|
|
||||||
filesystem="btrfs"
|
|
||||||
installboot="install"
|
|
||||||
install_continue_on_timeout="false"
|
|
||||||
firmware="uefi"
|
|
||||||
efipartsize="128"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
disk_start_sector="4096"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="s390-kvm">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
bootpartition="true"
|
|
||||||
bootpartsize="300"
|
|
||||||
bootfilesystem="ext2"
|
|
||||||
initrd_system="dracut"
|
|
||||||
format="qcow2"
|
|
||||||
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2_s390x_emu" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">32</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
|
|
||||||
<preferences profiles="s390-dasd">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
bootpartition="true"
|
|
||||||
bootpartsize="300"
|
|
||||||
bootfilesystem="ext2"
|
|
||||||
initrd_system="dracut"
|
|
||||||
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
target_blocksize="4096"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">5</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<preferences profiles="s390-fba">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
bootpartition="true"
|
|
||||||
bootpartsize="300"
|
|
||||||
bootfilesystem="ext2"
|
|
||||||
initrd_system="dracut"
|
|
||||||
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">5</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
|
|
||||||
<preferences profiles="x86-vmware">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
filesystem="btrfs"
|
|
||||||
format="vmdk"
|
|
||||||
firmware="uefi"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">24</size>
|
|
||||||
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
<preferences profiles="x86-qcow">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
format="qcow2"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
target_blocksize="4096"
|
|
||||||
efipartsize="200"
|
|
||||||
>
|
|
||||||
<bootloader name="grub2" console="gfxterm" timeout="3" />
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/i386-pc"/>
|
|
||||||
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">32</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<preferences profiles="aarch64-qcow">
|
|
||||||
<version>6.0</version>
|
|
||||||
<packagemanager>zypper</packagemanager>
|
|
||||||
<bootsplash-theme>SLE</bootsplash-theme>
|
|
||||||
<bootloader-theme>SLE</bootloader-theme>
|
|
||||||
<rpm-excludedocs>true</rpm-excludedocs>
|
|
||||||
<locale>en_US</locale>
|
|
||||||
<type
|
|
||||||
image="oem"
|
|
||||||
format="qcow2"
|
|
||||||
filesystem="btrfs"
|
|
||||||
firmware="uefi"
|
|
||||||
efipartsize="128"
|
|
||||||
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
|
|
||||||
bootpartition="false"
|
|
||||||
bootkernel="custom"
|
|
||||||
devicepersistency="by-uuid"
|
|
||||||
btrfs_root_is_snapshot="true"
|
|
||||||
btrfs_root_is_readonly_snapshot="true"
|
|
||||||
btrfs_quota_groups="true"
|
|
||||||
>
|
|
||||||
<systemdisk>
|
|
||||||
<volume name="home"/>
|
|
||||||
<volume name="root"/>
|
|
||||||
<volume name="opt"/>
|
|
||||||
<volume name="srv"/>
|
|
||||||
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
|
|
||||||
<volume name="boot/writable"/>
|
|
||||||
<volume name="usr/local"/>
|
|
||||||
<volume name="var" copy_on_write="false"/>
|
|
||||||
</systemdisk>
|
|
||||||
<size unit="G">20</size>
|
|
||||||
</type>
|
|
||||||
</preferences>
|
|
||||||
|
|
||||||
<repository type="rpm-md" >
|
|
||||||
<source path='obsrepositories:/'/>
|
|
||||||
</repository>
|
|
||||||
|
|
||||||
<packages type="image" profiles="full">
|
|
||||||
<namedCollection name="base_transactional"/>
|
|
||||||
<package name="patterns-base-transactional"/>
|
|
||||||
<namedCollection name="salt_minion"/>
|
|
||||||
<package name="patterns-base-salt_minion"/>
|
|
||||||
<namedCollection name="kvm_host"/>
|
|
||||||
<package name="patterns-base-kvm_host"/>
|
|
||||||
<package name="lzop"/>
|
|
||||||
<namedCollection name="container_runtime_podman"/>
|
|
||||||
<package name="patterns-container-runtime_podman"/>
|
|
||||||
<namedCollection name="cockpit"/>
|
|
||||||
<package name="patterns-base-cockpit"/>
|
|
||||||
<namedCollection name="selinux"/>
|
|
||||||
<package name="patterns-base-selinux"/>
|
|
||||||
<package name="suseconnect-ng"/>
|
|
||||||
<package name="SL-Micro-release"/>
|
|
||||||
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
|
|
||||||
<package name="systemd-default-settings-branding-SLE-Micro"/>
|
|
||||||
<package name="firewalld"/>
|
|
||||||
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
|
|
||||||
<package name="libpwquality-tools"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
|
|
||||||
<!-- full disk encryption stuff -->
|
|
||||||
<package name="device-mapper"/>
|
|
||||||
<package name="cryptsetup"/>
|
|
||||||
<package name="system-user-tss"/>
|
|
||||||
<package name="libtss2-fapi1"/>
|
|
||||||
<package name="libtss2-tcti-device0"/>
|
|
||||||
<package name="tpm2.0-tools"/>
|
|
||||||
<package name="tpm2-0-tss"/>
|
|
||||||
<package name="fde-firstboot"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="container-host">
|
|
||||||
<namedCollection name="base_transactional"/>
|
|
||||||
<package name="patterns-base-transactional"/>
|
|
||||||
<namedCollection name="container_runtime_podman"/>
|
|
||||||
<package name="patterns-container-runtime_podman"/>
|
|
||||||
<namedCollection name="cockpit"/>
|
|
||||||
<package name="patterns-base-cockpit"/>
|
|
||||||
<namedCollection name="selinux"/>
|
|
||||||
<package name="patterns-base-selinux"/>
|
|
||||||
<package name="suseconnect-ng"/>
|
|
||||||
<package name="SL-Micro-release"/>
|
|
||||||
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
|
|
||||||
<package name="systemd-default-settings-branding-SLE-Micro"/>
|
|
||||||
<package name="firewalld"/>
|
|
||||||
<package name="libpwquality-tools"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="ecs_anywhere">
|
|
||||||
<package name="amazon-ssm-agent"/>
|
|
||||||
<package name="amazon-ecs-init"/>
|
|
||||||
<package name="aws-cli"/>
|
|
||||||
<package name="docker"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<!-- Ignition / Combustion everywhere, cloud-init only in selected images
|
|
||||||
<packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
|
|
||||||
<packages type="image">
|
|
||||||
<package name="ignition"/>
|
|
||||||
<package name="combustion >= 1.2"/> <!-- New firstboot mechanism -->
|
|
||||||
<package name="jeos-firstboot"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
|
|
||||||
<package name="cloud-init"/>
|
|
||||||
<package name="cloud-init-config-suse"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image">
|
|
||||||
<namedCollection name="base_transactional"/>
|
|
||||||
<package name="patterns-base-transactional"/>
|
|
||||||
<namedCollection name="hardware"/>
|
|
||||||
<package name="patterns-base-hardware"/>
|
|
||||||
<package name="grub2"/>
|
|
||||||
<package name="glibc-locale-base"/>
|
|
||||||
<package name="ca-certificates"/>
|
|
||||||
<package name="SL-Micro-release"/>
|
|
||||||
<package name="systemd-default-settings-branding-SLE-Micro"/>
|
|
||||||
<package name="firewalld"/>
|
|
||||||
<package name="NetworkManager-tui"/>
|
|
||||||
<package name="growpart-generator"/>
|
|
||||||
<package name="suse-build-key"/>
|
|
||||||
<!-- for debugging -->
|
|
||||||
<package name="less"/>
|
|
||||||
<package name="vim-small"/>
|
|
||||||
|
|
||||||
<namedCollection name="micro_defaults"/>
|
|
||||||
<package name="patterns-micro-defaults"/>
|
|
||||||
<package name="NetworkManager"/>
|
|
||||||
<package name="NetworkManager-branding-SLE"/>
|
|
||||||
<package name="ModemManager"/>
|
|
||||||
<!-- FIXME does not build without control file which is obsolete
|
|
||||||
<package name="live-add-yast-repos"/> -->
|
|
||||||
<package name="parted"/> <!-- seems missing to deploy the image -->
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<packages type="image" profiles="bootloader">
|
|
||||||
<package name="grub2-i386-pc" arch="x86_64"/>
|
|
||||||
<package name="grub2-x86_64-efi" arch="x86_64"/>
|
|
||||||
<package name="grub2-arm64-efi" arch="aarch64"/>
|
|
||||||
<package name="grub2-s390x-emu" arch="s390x"/>
|
|
||||||
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
|
|
||||||
<package name="grub2-snapper-plugin"/>
|
|
||||||
<package name="shim" arch="x86_64,aarch64"/>
|
|
||||||
<package name="mokutil" arch="x86_64,aarch64"/>
|
|
||||||
<!-- obsoleted by kiwi-settings
|
|
||||||
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
|
|
||||||
</packages>
|
|
||||||
<!-- rpi kernel-default-base does not provide all necessary drivers -->
|
|
||||||
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
|
|
||||||
<package name="kernel-default"/>
|
|
||||||
<package name="kernel-firmware-all"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
|
|
||||||
<package name="kernel-rt"/>
|
|
||||||
<package name="kernel-firmware-all"/>
|
|
||||||
<!-- FIXME intentionally removed from ALP code stream
|
|
||||||
<package name="cpuset"/> -->
|
|
||||||
</packages>
|
|
||||||
<!-- makes the image build, but also include kernel-default
|
|
||||||
<packages type="image" profiles="x86-rt-encrypted">
|
|
||||||
<package name="kernel-default-extra"/>
|
|
||||||
</packages> -->
|
|
||||||
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
|
|
||||||
<package name="dracut-kiwi-oem-repart"/>
|
|
||||||
<package name="blog"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
|
|
||||||
<package name="dracut-kiwi-oem-repart"/>
|
|
||||||
<package name="dracut-kiwi-oem-dump"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="image" profiles="rpi,aarch64-self_install">
|
|
||||||
<package name="raspberrypi-firmware" arch="aarch64"/>
|
|
||||||
<package name="raspberrypi-firmware-config" arch="aarch64"/>
|
|
||||||
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
|
|
||||||
<package name="u-boot-rpiarm64" arch="aarch64"/>
|
|
||||||
<package name="dracut-kiwi-oem-repart"/>
|
|
||||||
<package name="bcm43xx-firmware"/>
|
|
||||||
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
|
|
||||||
<package name="wireless-regdb"/>
|
|
||||||
<package name="wireless-tools"/>
|
|
||||||
<package name="wpa_supplicant"/>
|
|
||||||
<package name="grub2-arm64-efi"/>
|
|
||||||
<!-- kernel-default-base does not have all required drivers -->
|
|
||||||
<package name="kernel-default"/>
|
|
||||||
</packages>
|
|
||||||
<packages type="bootstrap">
|
|
||||||
<package name="coreutils"/>
|
|
||||||
<package name="filesystem"/>
|
|
||||||
<package name="ca-certificates"/>
|
|
||||||
<package name="ca-certificates-mozilla"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<!-- bsc#1221936 -->
|
|
||||||
<packages type="image" profiles="x86-vmware">
|
|
||||||
<package name="open-vm-tools"/>
|
|
||||||
</packages>
|
|
||||||
|
|
||||||
<!-- bsc#1221727-->
|
|
||||||
<packages type="image" profiles="x86-qcow,aarch64-qcow">
|
|
||||||
<package name="qemu-guest-agent"/>
|
|
||||||
</packages>
|
|
||||||
</image>
|
|
@ -1,93 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
# Copyright (c) 2024 SUSE LLC
|
|
||||||
#
|
|
||||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
# of this software and associated documentation files (the "Software"), to deal
|
|
||||||
# in the Software without restriction, including without limitation the rights
|
|
||||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
# copies of the Software, and to permit persons to whom the Software is
|
|
||||||
# furnished to do so, subject to the following conditions:
|
|
||||||
#
|
|
||||||
# The above copyright notice and this permission notice shall be included in
|
|
||||||
# all copies or substantial portions of the Software.
|
|
||||||
#
|
|
||||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
# SOFTWARE.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Set image build defaults, blocksize is an empty string
|
|
||||||
PROFILE="Base"
|
|
||||||
LARGEBLOCK=false
|
|
||||||
|
|
||||||
# Print usage
|
|
||||||
usage(){
|
|
||||||
cat <<-EOF
|
|
||||||
==============================
|
|
||||||
SLE Micro 6.0 Kiwi SDK Builder
|
|
||||||
==============================
|
|
||||||
|
|
||||||
Usage: ${0} [-p <profile>] [-b]
|
|
||||||
|
|
||||||
Profile Options (-p):
|
|
||||||
* Base: RAW Disk Image with podman
|
|
||||||
* Base-SelfInstall: SelfInstall ISO with podman
|
|
||||||
* Default: RAW Disk Image with podman and kvm
|
|
||||||
* Default-SelfInstall: SelfInstall ISO with podman and kvm
|
|
||||||
* Base-RT: RAW Disk Image with kernel-rt
|
|
||||||
* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
|
|
||||||
|
|
||||||
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
|
|
||||||
|
|
||||||
NOTE: If both options are omitted, the "Base" profile with a standard "512" blocksize is used.
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
# Grab CLI options and handle
|
|
||||||
while getopts 'p:bh' OPTION; do
|
|
||||||
case "${OPTION}" in
|
|
||||||
p)
|
|
||||||
PROFILE="${OPTARG}"
|
|
||||||
;;
|
|
||||||
b)
|
|
||||||
LARGEBLOCK=true
|
|
||||||
;;
|
|
||||||
?)
|
|
||||||
usage && exit 2
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
# To avoid wasting time, perform the loop creation test first, and exit with a warning to re-run.
|
|
||||||
# This only happens when the container hasn't been ran on the host before, and is avoided by mounting /dev/ into the image.
|
|
||||||
qemu-img create /tmp/output/test.img 1M
|
|
||||||
if LOOP=$(losetup -f --show /tmp/output/test.img); then
|
|
||||||
rm -f /tmp/output/test.img
|
|
||||||
losetup -d $LOOP
|
|
||||||
else
|
|
||||||
echo -e "\nERROR: Early loop device test failed, please retry the container run."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Grab local SLE Micro repos and create a list to use as part of the image build
|
|
||||||
REPOS=`for i in $(cat /micro-sdk/repos/*.repo | awk '/baseurl/ {split($0,string,"="); print string[2]}'); do echo -n "--add-repo $i "; done`
|
|
||||||
|
|
||||||
if $LARGEBLOCK; then
|
|
||||||
mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Build the image
|
|
||||||
kiwi-ng --debug --profile $PROFILE system build \
|
|
||||||
--description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
|
|
||||||
|
|
||||||
# Print output
|
|
||||||
RESULT=$?
|
|
||||||
if [ $RESULT -eq 0 ]; then
|
|
||||||
echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
|
|
||||||
else
|
|
||||||
echo -e "\n\nERROR: Failed to build the image, please see above logs."
|
|
||||||
fi
|
|
@ -1,317 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# Copyright (c) 2023 SUSE LLC
|
|
||||||
#
|
|
||||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
# of this software and associated documentation files (the "Software"), to deal
|
|
||||||
# in the Software without restriction, including without limitation the rights
|
|
||||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
# copies of the Software, and to permit persons to whom the Software is
|
|
||||||
# furnished to do so, subject to the following conditions:
|
|
||||||
#
|
|
||||||
# The above copyright notice and this permission notice shall be included in
|
|
||||||
# all copies or substantial portions of the Software.
|
|
||||||
#
|
|
||||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
# SOFTWARE.
|
|
||||||
#
|
|
||||||
#======================================
|
|
||||||
# Functions...
|
|
||||||
#--------------------------------------
|
|
||||||
|
|
||||||
test -f /.kconfig && . /.kconfig
|
|
||||||
test -f /.profile && . /.profile
|
|
||||||
|
|
||||||
set -euxo pipefail
|
|
||||||
|
|
||||||
mkdir /var/lib/misc/reconfig_system
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Greeting...
|
|
||||||
#--------------------------------------
|
|
||||||
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# This is a workaround - someone,
|
|
||||||
# somewhere needs to load the xts crypto
|
|
||||||
# module, otherwise luksOpen will fail while
|
|
||||||
# creating the image.
|
|
||||||
#--------------------------------------
|
|
||||||
modprobe xts || true
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# add missing fonts
|
|
||||||
#--------------------------------------
|
|
||||||
CONSOLE_FONT="eurlatgr.psfu"
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# prepare for setting root pw, timezone
|
|
||||||
#--------------------------------------
|
|
||||||
echo ** "reset machine settings"
|
|
||||||
sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow
|
|
||||||
rm /etc/machine-id
|
|
||||||
rm /var/lib/zypp/AnonymousUniqueId
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Setup baseproduct link
|
|
||||||
#--------------------------------------
|
|
||||||
suseSetupProduct
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Specify default runlevel
|
|
||||||
#--------------------------------------
|
|
||||||
baseSetRunlevel 3
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Add missing gpg keys to rpm
|
|
||||||
#--------------------------------------
|
|
||||||
suseImportBuildKey
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# If SELinux is installed, configure it like transactional-update setup-selinux
|
|
||||||
#--------------------------------------
|
|
||||||
if [[ -e /etc/selinux/config ]]; then
|
|
||||||
# Check if we don't have selinux already enabled.
|
|
||||||
grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q security=selinux || \
|
|
||||||
sed -i -e 's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 security=selinux selinux=1"|g' "/etc/default/grub"
|
|
||||||
|
|
||||||
# Adjust selinux config
|
|
||||||
sed -i -e 's|^SELINUX=.*|SELINUX=enforcing|g' \
|
|
||||||
-e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \
|
|
||||||
"/etc/selinux/config"
|
|
||||||
|
|
||||||
# Move an /.autorelabel file from initial installation to writeable location
|
|
||||||
test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel
|
|
||||||
fi
|
|
||||||
|
|
||||||
##======================================
|
|
||||||
## Enable DHCP on eth0
|
|
||||||
##--------------------------------------
|
|
||||||
#cat >/etc/sysconfig/network/ifcfg-eth0 <<EOF
|
|
||||||
#BOOTPROTO='dhcp'
|
|
||||||
#MTU=''
|
|
||||||
#REMOTE_IPADDR=''
|
|
||||||
#STARTMODE='auto'
|
|
||||||
#ETHTOOL_OPTIONS=''
|
|
||||||
#USERCONTROL='no'
|
|
||||||
#EOF
|
|
||||||
|
|
||||||
systemctl enable NetworkManager
|
|
||||||
systemctl enable ModemManager
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Enable cloud-init
|
|
||||||
#--------------------------------------
|
|
||||||
suseInsertService cloud-init-local
|
|
||||||
suseInsertService cloud-init
|
|
||||||
suseInsertService cloud-config
|
|
||||||
suseInsertService cloud-final
|
|
||||||
|
|
||||||
# Enable chrony
|
|
||||||
suseInsertService chronyd
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Sysconfig Update
|
|
||||||
#--------------------------------------
|
|
||||||
echo '** Update sysconfig entries...'
|
|
||||||
|
|
||||||
echo FONT="$CONSOLE_FONT" >> /etc/vconsole.conf
|
|
||||||
|
|
||||||
# fix security level (boo#1171174)
|
|
||||||
sed -e '/^PERMISSION_SECURITY=s/easy/paranoid/' /etc/sysconfig/security
|
|
||||||
chkstat --set --system
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# SSL Certificates Configuration
|
|
||||||
#--------------------------------------
|
|
||||||
echo '** Rehashing SSL Certificates...'
|
|
||||||
update-ca-certificates
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Import trusted rpm keys
|
|
||||||
#--------------------------------------
|
|
||||||
for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
|
|
||||||
# importing can fail if it already exists
|
|
||||||
rpm --import $i || true
|
|
||||||
done
|
|
||||||
|
|
||||||
# Temporary workaround for bsc#1212187
|
|
||||||
echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Enable kubelet if installed
|
|
||||||
#--------------------------------------
|
|
||||||
if [ -e /usr/lib/systemd/system/kubelet.service ]; then
|
|
||||||
suseInsertService kubelet
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Adjust zypp conf
|
|
||||||
# https://github.com/openSUSE/libzypp/issues/212
|
|
||||||
# in yast that's done in packager/cfa/zypp_conf.rb
|
|
||||||
sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
|
|
||||||
sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
|
|
||||||
sed -i 's/^multiversion =.*/multiversion =/g' /etc/zypp/zypp.conf
|
|
||||||
|
|
||||||
#=====================================
|
|
||||||
# Configure snapper
|
|
||||||
#-------------------------------------
|
|
||||||
if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
|
|
||||||
echo "creating initial snapper config ..."
|
|
||||||
cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root
|
|
||||||
baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root
|
|
||||||
|
|
||||||
# Adjust parameters
|
|
||||||
sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root
|
|
||||||
sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root
|
|
||||||
sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Enable jeos-firstboot if installed, disabled by combustion/ignition
|
|
||||||
if rpm -q --whatprovides jeos-firstboot >/dev/null; then
|
|
||||||
mkdir -p /var/lib/YaST2
|
|
||||||
touch /var/lib/YaST2/reconfig_system
|
|
||||||
systemctl enable jeos-firstboot.service
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Enable cloud-init if installed
|
|
||||||
if rpm -q --whatprovides cloud-init >/dev/null; then
|
|
||||||
systemctl enable cloud-init
|
|
||||||
systemctl enable cloud-init-local
|
|
||||||
fi
|
|
||||||
|
|
||||||
# The %post script can't edit /etc/fstab sys due to https://github.com/OSInside/kiwi/issues/945
|
|
||||||
# so use the kiwi custom hack
|
|
||||||
cat >/etc/fstab.script <<"EOF"
|
|
||||||
#!/bin/sh
|
|
||||||
set -eux
|
|
||||||
|
|
||||||
/usr/sbin/setup-fstab-for-overlayfs
|
|
||||||
# If /var is on a different partition than /...
|
|
||||||
if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
|
|
||||||
# ... set options for autoexpanding /var
|
|
||||||
gawk -i inplace '$2 == "/var" { $4 = $4",x-growpart.grow,x-systemd.growfs" } { print $0 }' /etc/fstab
|
|
||||||
fi
|
|
||||||
EOF
|
|
||||||
chmod a+x /etc/fstab.script
|
|
||||||
|
|
||||||
# To make x-systemd.growfs work from inside the initrd
|
|
||||||
cat >/etc/dracut.conf.d/50-microos-growfs.conf <<"EOF"
|
|
||||||
install_items+=" /usr/lib/systemd/systemd-growfs "
|
|
||||||
EOF
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Add repos from control.xml
|
|
||||||
#--------------------------------------
|
|
||||||
if [ -x /usr/sbin/add-yast-repos ]; then
|
|
||||||
add-yast-repos
|
|
||||||
zypper --non-interactive rm -u live-add-yast-repos
|
|
||||||
fi
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Configure SelfInstall specifics
|
|
||||||
#--------------------------------------
|
|
||||||
if [[ "$kiwi_profiles" == *"SelfInstall"* ]]; then
|
|
||||||
cat > /etc/systemd/system/selfinstallbootloader.service <<-EOF
|
|
||||||
[Unit]
|
|
||||||
Description=
|
|
||||||
After=systemd-machine-id-commit.service
|
|
||||||
Before=jeos-firstboot.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
ExecStart=rm /etc/systemd/system/selfinstallbootloader.service
|
|
||||||
ExecStart=rm /etc/systemd/system/default.target.wants/selfinstallbootloader.service
|
|
||||||
ExecStart=/sbin/transactional-update bootloader
|
|
||||||
ExecStart=/sbin/transactional-update apply
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=default.target
|
|
||||||
EOF
|
|
||||||
ln -s /etc/systemd/system/selfinstallbootloader.service /etc/systemd/system/default.target.wants/selfinstallbootloader.service
|
|
||||||
fi
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Boot TimeOut Configuration for iSCSI
|
|
||||||
#--------------------------------------
|
|
||||||
cat > /etc/systemd/system/iscsi-init-delay.service <<-EOF
|
|
||||||
[Unit]
|
|
||||||
# Workaround for boo#1198457 delay gen-initiatorname after local-fs
|
|
||||||
Description=One time delay for the iscsid.service
|
|
||||||
ConditionPathExists=!/etc/iscsi/initiatorname.iscsi
|
|
||||||
ConditionPathExists=/sbin/iscsi-gen-initiatorname
|
|
||||||
DefaultDependencies=no
|
|
||||||
RequiresMountsFor=/etc/iscsi
|
|
||||||
After=local-fs.target
|
|
||||||
Before=iscsi-init.service
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=default.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=no
|
|
||||||
ExecStart=/sbin/iscsi-gen-initiatorname
|
|
||||||
EOF
|
|
||||||
ln -s /etc/systemd/system/iscsi-init-delay.service /etc/systemd/system/default.target.wants/iscsi-init-delay.service
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Configure Pine64 specifics
|
|
||||||
#--------------------------------------
|
|
||||||
if [[ "$kiwi_profiles" == *"Pine64" ]]; then
|
|
||||||
echo 'add_drivers+=" fixed sunxi-mmc axp20x-regulator axp20x-rsb "' > /etc/dracut.conf.d/sunxi_modules.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Configure Raspberry Pi specifics
|
|
||||||
#--------------------------------------
|
|
||||||
if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
|
|
||||||
# Add necessary kernel modules to initrd (will disappear with bsc#1084272)
|
|
||||||
echo 'add_drivers+=" bcm2835_dma dwc2 "' > /etc/dracut.conf.d/raspberrypi_modules.conf
|
|
||||||
|
|
||||||
# Add necessary kernel modules to initrd (will disappear with boo#1162669)
|
|
||||||
echo 'add_drivers+=" pcie-brcmstb "' >> /etc/dracut.conf.d/raspberrypi_modules.conf
|
|
||||||
|
|
||||||
# Work around network issues
|
|
||||||
cat > /etc/modprobe.d/50-rpi3.conf <<-EOF
|
|
||||||
# Prevent too many page allocations (bsc#1012449)
|
|
||||||
options smsc95xx turbo_mode=N
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
|
|
||||||
# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
|
|
||||||
vm.min_free_kbytes = 2048
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# Configure Vagrant specifics
|
|
||||||
#--------------------------------------
|
|
||||||
if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
|
|
||||||
# create vagrant user
|
|
||||||
useradd vagrant
|
|
||||||
# allow password-less sudo
|
|
||||||
echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant
|
|
||||||
# add vagrant's insecure key
|
|
||||||
mkdir -p /home/vagrant/.ssh
|
|
||||||
chmod 0700 /home/vagrant/.ssh
|
|
||||||
cat > /home/vagrant/.ssh/authorized_keys << EOF
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
|
|
||||||
EOF
|
|
||||||
chmod 0600 /home/vagrant/.ssh/authorized_keys
|
|
||||||
chown -R vagrant /home/vagrant
|
|
||||||
fi
|
|
||||||
|
|
||||||
#======================================
|
|
||||||
# cloud-init specific settings
|
|
||||||
#--------------------------------------
|
|
||||||
# We do not want cloud-init to run in an environment when there is no data
|
|
||||||
# source found. bsc#1222113
|
|
||||||
if [[ "$kiwi_profiles" =~ ^(x86-qcow|x86-vmware|aarch64-qcow)$ ]]; then
|
|
||||||
echo "policy: search,found=all,maybe=disabled,notfound=disabled" > /etc/cloud/ds-identify.cfg
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
@ -2,7 +2,7 @@
|
|||||||
<service name="obs_scm">
|
<service name="obs_scm">
|
||||||
<param name="url">https://github.com/brancz/kube-rbac-proxy</param>
|
<param name="url">https://github.com/brancz/kube-rbac-proxy</param>
|
||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="revision">v0.18.1</param>
|
<param name="revision">v0.18.0</param>
|
||||||
<param name="version">_auto_</param>
|
<param name="version">_auto_</param>
|
||||||
<param name="versionformat">@PARENT_TAG@</param>
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
<param name="changesgenerate">enable</param>
|
<param name="changesgenerate">enable</param>
|
||||||
|
@ -17,14 +17,14 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: kube-rbac-proxy
|
Name: kube-rbac-proxy
|
||||||
Version: 0.18.1
|
Version: 0.18.0
|
||||||
Release: 0.18.1
|
Release: 0.18.0
|
||||||
Summary: The kube-rbac-proxy is a small HTTP proxy for a single upstream
|
Summary: The kube-rbac-proxy is a small HTTP proxy for a single upstream
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
URL: https://github.com/brancz/kube-rbac-proxy
|
URL: https://github.com/brancz/kube-rbac-proxy
|
||||||
Source: kube-rbac-proxy-%{version}.tar.gz
|
Source: kube-rbac-proxy-%{version}.tar.gz
|
||||||
Source1: vendor.tar.gz
|
Source1: vendor.tar.gz
|
||||||
BuildRequires: golang(API) = 1.23
|
BuildRequires: golang(API) = 1.22
|
||||||
ExcludeArch: s390
|
ExcludeArch: s390
|
||||||
ExcludeArch: %{ix86}
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
@ -1,34 +0,0 @@
|
|||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
|
|
||||||
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
|
|
||||||
#!BuildVersion: 15.6
|
|
||||||
ARG SLE_VERSION
|
|
||||||
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
|
|
||||||
|
|
||||||
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
|
|
||||||
COPY --from=micro / /installroot/
|
|
||||||
RUN zypper --installroot /installroot --non-interactive install --no-recommends kubectl; zypper -n clean; rm -rf /var/log/*
|
|
||||||
|
|
||||||
FROM micro AS final
|
|
||||||
|
|
||||||
# Define labels according to https://en.opensuse.org/Building_derived_containers
|
|
||||||
# labelprefix=com.suse.application.kubectl
|
|
||||||
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
|
|
||||||
LABEL org.opencontainers.image.title="SLE kubectl image"
|
|
||||||
LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
|
|
||||||
LABEL org.opencontainers.image.version="1.30.3"
|
|
||||||
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
|
|
||||||
LABEL org.opencontainers.image.created="%BUILDTIME%"
|
|
||||||
LABEL org.opencontainers.image.vendor="SUSE LLC"
|
|
||||||
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
|
|
||||||
LABEL org.openbuildservice.disturl="%DISTURL%"
|
|
||||||
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
|
|
||||||
LABEL com.suse.eula="SUSE Combined EULA February 2024"
|
|
||||||
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
|
|
||||||
LABEL com.suse.image-type="application"
|
|
||||||
LABEL com.suse.release-stage="released"
|
|
||||||
# endlabelprefix
|
|
||||||
|
|
||||||
COPY --from=base /installroot /
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/kubectl"]
|
|
@ -1,6 +1,6 @@
|
|||||||
%global debug_package %{nil}
|
%global debug_package %{nil}
|
||||||
|
|
||||||
Name: kubectl
|
Name: kubectl-1303
|
||||||
Version: 1.30.3
|
Version: 1.30.3
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Command-line utility for interacting with a Kubernetes cluster
|
Summary: Command-line utility for interacting with a Kubernetes cluster
|
||||||
|
@ -1,9 +0,0 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
|
|
||||||
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
|
|
||||||
apiVersion: v2
|
|
||||||
appVersion: 1.3.1
|
|
||||||
description: A Helm chart for KubeVirt
|
|
||||||
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
|
|
||||||
name: kubevirt
|
|
||||||
type: application
|
|
||||||
version: "%%CHART_MAJOR%%.0.0+up0.4.0"
|
|
@ -1,10 +0,0 @@
|
|||||||
<services>
|
|
||||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
|
||||||
<service name="replace_using_env" mode="buildtime">
|
|
||||||
<param name="file">Chart.yaml</param>
|
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
|
||||||
<param name="var">IMG_PREFIX</param>
|
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
@ -1 +0,0 @@
|
|||||||
KubeVirt is a virtual machine management add-on for Kubernetes. The aim is to provide a common ground for virtualization solutions on top of Kubernetes.
|
|
File diff suppressed because it is too large
Load Diff
@ -1,2 +0,0 @@
|
|||||||
Verify that all KubeVirt components are installed correctly:
|
|
||||||
kubectl get all -n {{ .Release.Namespace }}
|
|
@ -1,62 +0,0 @@
|
|||||||
{{/*
|
|
||||||
Expand the name of the chart.
|
|
||||||
*/}}
|
|
||||||
{{- define "kubevirt.name" -}}
|
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create a default fully qualified app name.
|
|
||||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
||||||
If release name contains chart name it will be used as a full name.
|
|
||||||
*/}}
|
|
||||||
{{- define "kubevirt.fullname" -}}
|
|
||||||
{{- if .Values.fullnameOverride }}
|
|
||||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- else }}
|
|
||||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
|
||||||
{{- if contains $name .Release.Name }}
|
|
||||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- else }}
|
|
||||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create chart name and version as used by the chart label.
|
|
||||||
*/}}
|
|
||||||
{{- define "kubevirt.chart" -}}
|
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Common labels
|
|
||||||
*/}}
|
|
||||||
{{- define "kubevirt.labels" -}}
|
|
||||||
helm.sh/chart: {{ include "kubevirt.chart" . }}
|
|
||||||
{{ include "kubevirt.selectorLabels" . }}
|
|
||||||
{{- if .Chart.AppVersion }}
|
|
||||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|
||||||
{{- end }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Selector labels
|
|
||||||
*/}}
|
|
||||||
{{- define "kubevirt.selectorLabels" -}}
|
|
||||||
app.kubernetes.io/name: {{ include "kubevirt.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create the name of the service account to use
|
|
||||||
*/}}
|
|
||||||
{{- define "kubevirt.serviceAccountName" -}}
|
|
||||||
{{- if .Values.serviceAccount.create }}
|
|
||||||
{{- default (include "kubevirt.fullname" .) .Values.serviceAccount.name }}
|
|
||||||
{{- else }}
|
|
||||||
{{- default "default" .Values.serviceAccount.name }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,47 +0,0 @@
|
|||||||
{{/* Hook annotations */}}
|
|
||||||
{{- define "kubevirt.hook.annotations" -}}
|
|
||||||
annotations:
|
|
||||||
"helm.sh/hook": {{ .hookType }}
|
|
||||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
|
||||||
"helm.sh/hook-weight": {{ .hookWeight | quote }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* Namespace modifying hook annotations */}}
|
|
||||||
{{- define "kubevirt.namespaceHook.annotations" -}}
|
|
||||||
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-install") . }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* CRD upgrading hook annotations */}}
|
|
||||||
{{- define "kubevirt.crdUpgradeHook.annotations" -}}
|
|
||||||
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-upgrade") . }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* Custom resource uninstalling hook annotations */}}
|
|
||||||
{{- define "kubevirt.crUninstallHook.annotations" -}}
|
|
||||||
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-delete") . }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* CRD uninstalling hook annotations */}}
|
|
||||||
{{- define "kubevirt.crdUninstallHook.annotations" -}}
|
|
||||||
{{ template "kubevirt.hook.annotations" merge (dict "hookType" "post-delete") . }}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{/* Namespace modifying hook name */}}
|
|
||||||
{{- define "kubevirt.namespaceHook.name" -}}
|
|
||||||
{{ include "kubevirt.fullname" . }}-namespace-modify
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* CRD upgrading hook name */}}
|
|
||||||
{{- define "kubevirt.crdUpgradeHook.name" -}}
|
|
||||||
{{ include "kubevirt.fullname" . }}-crd-upgrade
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* Custom resource uninstalling hook name */}}
|
|
||||||
{{- define "kubevirt.crUninstallHook.name" -}}
|
|
||||||
{{ include "kubevirt.fullname" . }}-uninstall
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/* CRD uninstalling hook name */}}
|
|
||||||
{{- define "kubevirt.crdUninstallHook.name" -}}
|
|
||||||
{{ include "kubevirt.fullname" . }}-crd-uninstall
|
|
||||||
{{- end }}
|
|
@ -1,55 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
|
|
||||||
rules:
|
|
||||||
- apiGroups: [ "apiextensions.k8s.io" ]
|
|
||||||
resources: [ "customresourcedefinitions" ]
|
|
||||||
resourceNames:
|
|
||||||
- "kubevirts.kubevirt.io"
|
|
||||||
verbs: [ "delete" ]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 2) }}
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 3) }}
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
restartPolicy: {{ .Values.hookRestartPolicy }}
|
|
||||||
containers:
|
|
||||||
- name: {{ template "kubevirt.crdUninstallHook.name" . }}
|
|
||||||
image: {{ .Values.hookImage }}
|
|
||||||
args:
|
|
||||||
- delete
|
|
||||||
- customresourcedefinitions
|
|
||||||
- kubevirts.kubevirt.io
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
|
|
@ -1,80 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: kubevirt-crd-manifest
|
|
||||||
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 1) }}
|
|
||||||
data:
|
|
||||||
crd: |-
|
|
||||||
{{ $.Files.Get "crds/kubevirt.yaml" | nindent 4 }}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
|
|
||||||
rules:
|
|
||||||
- apiGroups: [ "" ]
|
|
||||||
resources: [ "configmaps" ]
|
|
||||||
resourceNames:
|
|
||||||
- "kubevirt-crd-manifest"
|
|
||||||
verbs: [ "get" ]
|
|
||||||
- apiGroups: [ "apiextensions.k8s.io" ]
|
|
||||||
resources: [ "customresourcedefinitions" ]
|
|
||||||
resourceNames:
|
|
||||||
- "kubevirts.kubevirt.io"
|
|
||||||
verbs: [ "get", "patch" ]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 3) }}
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
{{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 4) }}
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
restartPolicy: {{ .Values.hookRestartPolicy }}
|
|
||||||
containers:
|
|
||||||
- name: {{ template "kubevirt.crdUpgradeHook.name" . }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
|
|
||||||
image: {{ .Values.hookImage }}
|
|
||||||
args:
|
|
||||||
- apply
|
|
||||||
- -f
|
|
||||||
- /etc/manifests/crd.yaml
|
|
||||||
volumeMounts:
|
|
||||||
- name: crd-volume
|
|
||||||
mountPath: /etc/manifests
|
|
||||||
volumes:
|
|
||||||
- name: crd-volume
|
|
||||||
configMap:
|
|
||||||
name: kubevirt-crd-manifest
|
|
||||||
items:
|
|
||||||
- key: crd
|
|
||||||
path: crd.yaml
|
|
File diff suppressed because it is too large
Load Diff
@ -1,71 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
|
|
||||||
rules:
|
|
||||||
- apiGroups: [ "kubevirt.io" ]
|
|
||||||
resources: [ "kubevirts" ]
|
|
||||||
resourceNames:
|
|
||||||
- "kubevirt"
|
|
||||||
verbs: [ "get", "list", "delete" ]
|
|
||||||
- apiGroups: [ "apps" ]
|
|
||||||
resources: [ "deployments", "daemonsets" ]
|
|
||||||
verbs: [ "get", "list" ]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 2) }}
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
roleRef:
|
|
||||||
kind: Role
|
|
||||||
name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
{{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 3) }}
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
restartPolicy: {{ .Values.hookRestartPolicy }}
|
|
||||||
containers:
|
|
||||||
- name: {{ template "kubevirt.crUninstallHook.name" . }}
|
|
||||||
image: {{ .Values.hookImage }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
|
|
||||||
args:
|
|
||||||
- delete
|
|
||||||
- kubevirt
|
|
||||||
- kubevirt
|
|
||||||
- name: {{ template "kubevirt.crUninstallHook.name" . }}-cleanup
|
|
||||||
image: {{ .Values.hookImage }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
|
|
||||||
args:
|
|
||||||
- wait
|
|
||||||
- --for=delete
|
|
||||||
- deployments/virt-api
|
|
||||||
- deployments/virt-controller
|
|
||||||
- daemonsets/virt-handler
|
|
||||||
- --timeout=60s
|
|
@ -1,32 +0,0 @@
|
|||||||
apiVersion: kubevirt.io/v1
|
|
||||||
kind: KubeVirt
|
|
||||||
metadata:
|
|
||||||
name: kubevirt
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
spec:
|
|
||||||
{{- with .Values.kubevirt.configuration }}
|
|
||||||
configuration:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.kubevirt.customizeComponents }}
|
|
||||||
customizeComponents:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
imagePullPolicy: {{ .Values.kubevirt.imagePullPolicy }}
|
|
||||||
{{- with .Values.kubevirt.infra }}
|
|
||||||
infra:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.kubevirt.uninstallStrategy }}
|
|
||||||
uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
|
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.kubevirt.workloadUpdateStrategy }}
|
|
||||||
workloadUpdateStrategy:
|
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.kubevirt.monitorNamespace }}
|
|
||||||
monitorNamespace: {{ .Values.kubevirt.monitorNamespace }}
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.kubevirt.monitorAccount }}
|
|
||||||
monitorAccount: {{ .Values.kubevirt.monitorAccount }}
|
|
||||||
{{- end }}
|
|
@ -1,60 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
|
|
||||||
rules:
|
|
||||||
- apiGroups: [ "" ]
|
|
||||||
resources: [ "namespaces" ]
|
|
||||||
resourceNames:
|
|
||||||
- {{ .Release.Namespace | quote }}
|
|
||||||
verbs: [ "get", "patch" ]
|
|
||||||
- apiGroups: [ "management.cattle.io" ] # Rancher
|
|
||||||
resources: [ "projects" ]
|
|
||||||
verbs: [ "updatepsa" ]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }}
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
{{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }}
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
spec:
|
|
||||||
serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
restartPolicy: {{ .Values.hookRestartPolicy }}
|
|
||||||
containers:
|
|
||||||
- name: {{ template "kubevirt.namespaceHook.name" . }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
|
|
||||||
image: {{ .Values.hookImage }}
|
|
||||||
args:
|
|
||||||
- label
|
|
||||||
- namespace
|
|
||||||
- {{ .Release.Namespace }}
|
|
||||||
- kubevirt.io=
|
|
||||||
- pod-security.kubernetes.io/enforce=privileged
|
|
@ -1,34 +0,0 @@
|
|||||||
operator:
|
|
||||||
image: registry.suse.com/suse/sles/15.6/virt-operator
|
|
||||||
version: 1.3.1-150600.5.9.1
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
|
|
||||||
kubevirt:
|
|
||||||
# Holds kubevirt configurations. Same as the virt-configMap.
|
|
||||||
configuration: {}
|
|
||||||
customizeComponents: {}
|
|
||||||
# The ImagePullPolicy to use.
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
# Selectors and tolerations that should apply to KubeVirt infrastructure components.
|
|
||||||
infra: {}
|
|
||||||
# Specifies if KubeVirt can be deleted if workloads are still present.
|
|
||||||
# This is mainly a precaution to avoid accidental data loss.
|
|
||||||
uninstallStrategy: ""
|
|
||||||
# WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates.
|
|
||||||
workloadUpdateStrategy: {}
|
|
||||||
# Optionally enable ServiceMonitor for prometheus, see
|
|
||||||
# https://kubevirt.io/user-guide/user_workloads/component_monitoring/
|
|
||||||
monitorAccount: ""
|
|
||||||
monitorNamespace: ""
|
|
||||||
|
|
||||||
hookImage: rancher/kubectl:v1.30.2
|
|
||||||
hookRestartPolicy: OnFailure
|
|
||||||
hookSecurityContext:
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 1000
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
@ -1,20 +0,0 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
|
|
||||||
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
|
|
||||||
annotations:
|
|
||||||
catalog.cattle.io/certified: rancher
|
|
||||||
catalog.cattle.io/display-name: KubeVirt
|
|
||||||
catalog.cattle.io/kube-version: '>= v1.26.0-0'
|
|
||||||
catalog.cattle.io/namespace: cattle-ui-plugin-system
|
|
||||||
catalog.cattle.io/os: linux
|
|
||||||
catalog.cattle.io/permits-os: linux, windows
|
|
||||||
catalog.cattle.io/rancher-version: '>= 2.10.0-0'
|
|
||||||
catalog.cattle.io/scope: management
|
|
||||||
catalog.cattle.io/ui-component: plugins
|
|
||||||
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
|
|
||||||
apiVersion: v2
|
|
||||||
appVersion: 1.2.1
|
|
||||||
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
|
|
||||||
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
|
|
||||||
name: kubevirt-dashboard-extension
|
|
||||||
type: application
|
|
||||||
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
|
|
@ -1,6 +0,0 @@
|
|||||||
# SUSE Edge: KubeVirt extension for Rancher Dashboard
|
|
||||||
|
|
||||||
An Edge focused extension for Rancher Dashboard allowing to monitor and interact virtual machine based workloads.
|
|
||||||
|
|
||||||
For more information on SUSE Edge see https://suse-edge.github.io/ \
|
|
||||||
For more information on Kubevirt see https://kubevirt.io/
|
|
@ -1,17 +0,0 @@
|
|||||||
<services>
|
|
||||||
<service mode="buildtime" name="kiwi_metainfo_helper"/>
|
|
||||||
<service name="replace_using_env" mode="buildtime">
|
|
||||||
<param name="file">values.yaml</param>
|
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
|
||||||
<param name="var">IMG_PREFIX</param>
|
|
||||||
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
|
|
||||||
<param name="var">IMG_REPO</param>
|
|
||||||
</service>
|
|
||||||
<service name="replace_using_env" mode="buildtime">
|
|
||||||
<param name="file">Chart.yaml</param>
|
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
|
||||||
<param name="var">IMG_PREFIX</param>
|
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
|
||||||
</services>
|
|
@ -1,63 +0,0 @@
|
|||||||
{{/*
|
|
||||||
Expand the name of the chart.
|
|
||||||
*/}}
|
|
||||||
{{- define "extension-server.name" -}}
|
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create a default fully qualified app name.
|
|
||||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
||||||
If release name contains chart name it will be used as a full name.
|
|
||||||
*/}}
|
|
||||||
{{- define "extension-server.fullname" -}}
|
|
||||||
{{- if .Values.fullnameOverride }}
|
|
||||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- else }}
|
|
||||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
|
||||||
{{- if contains $name .Release.Name }}
|
|
||||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- else }}
|
|
||||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Create chart name and version as used by the chart label.
|
|
||||||
*/}}
|
|
||||||
{{- define "extension-server.chart" -}}
|
|
||||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Common labels
|
|
||||||
*/}}
|
|
||||||
{{- define "extension-server.labels" -}}
|
|
||||||
helm.sh/chart: {{ include "extension-server.chart" . }}
|
|
||||||
{{ include "extension-server.selectorLabels" . }}
|
|
||||||
{{- if .Chart.AppVersion }}
|
|
||||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|
||||||
{{- end }}
|
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Selector labels
|
|
||||||
*/}}
|
|
||||||
{{- define "extension-server.selectorLabels" -}}
|
|
||||||
app.kubernetes.io/name: {{ include "extension-server.name" . }}
|
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
||||||
{{- end }}
|
|
||||||
|
|
||||||
{{/*
|
|
||||||
Pkg annotations
|
|
||||||
*/}}
|
|
||||||
{{- define "extension-server.pluginMetadata" -}}
|
|
||||||
{{- with .Values.plugin.metadata }}
|
|
||||||
{{- range $key, $value := . }}
|
|
||||||
{{ $key }}: {{ $value | quote }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
@ -1,14 +0,0 @@
|
|||||||
apiVersion: catalog.cattle.io/v1
|
|
||||||
kind: UIPlugin
|
|
||||||
metadata:
|
|
||||||
name: {{ include "extension-server.fullname" . }}
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
labels: {{ include "extension-server.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
plugin:
|
|
||||||
name: {{ include "extension-server.fullname" . }}
|
|
||||||
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
|
|
||||||
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.1
|
|
||||||
noCache: {{ .Values.plugin.noCache }}
|
|
||||||
noAuth: {{ .Values.plugin.noAuth }}
|
|
||||||
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
|
|
@ -1,12 +0,0 @@
|
|||||||
nameOverride: ""
|
|
||||||
fullnameOverride: ""
|
|
||||||
plugin:
|
|
||||||
enabled: true
|
|
||||||
versionOverride: ""
|
|
||||||
noCache: false
|
|
||||||
noAuth: false
|
|
||||||
metadata:
|
|
||||||
catalog.cattle.io/display-name: KubeVirt
|
|
||||||
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
|
|
||||||
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
|
|
||||||
catalog.cattle.io/kube-version: ">= v1.26.0-0"
|
|
@ -1,18 +1,17 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0
|
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1
|
||||||
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1-%RELEASE%
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 0.9.0
|
appVersion: 1.16.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- alias: metal3-baremetal-operator
|
- alias: metal3-baremetal-operator
|
||||||
name: baremetal-operator
|
name: baremetal-operator
|
||||||
repository: file://./charts/baremetal-operator
|
repository: file://./charts/baremetal-operator
|
||||||
version: 0.6.0
|
version: 0.5.0
|
||||||
- alias: metal3-ironic
|
- alias: metal3-ironic
|
||||||
name: ironic
|
name: ironic
|
||||||
repository: file://./charts/ironic
|
repository: file://./charts/ironic
|
||||||
version: 0.8.0
|
version: 0.7.0
|
||||||
- alias: metal3-mariadb
|
- alias: metal3-mariadb
|
||||||
condition: global.enable_mariadb
|
|
||||||
name: mariadb
|
name: mariadb
|
||||||
repository: file://./charts/mariadb
|
repository: file://./charts/mariadb
|
||||||
version: 0.5.4
|
version: 0.5.4
|
||||||
@ -20,9 +19,9 @@ dependencies:
|
|||||||
condition: global.enable_metal3_media_server
|
condition: global.enable_metal3_media_server
|
||||||
name: media
|
name: media
|
||||||
repository: file://./charts/media
|
repository: file://./charts/media
|
||||||
version: 0.6.0
|
version: 0.5.0
|
||||||
description: A Helm chart that installs all of the dependencies needed for Metal3
|
description: A Helm chart that installs all of the dependencies needed for Metal3
|
||||||
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
|
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
|
||||||
name: metal3
|
name: metal3
|
||||||
type: application
|
type: application
|
||||||
version: "%%CHART_MAJOR%%.0.0+up0.9.0"
|
version: 0.8.1
|
||||||
|
@ -11,7 +11,5 @@
|
|||||||
<param name="file">Chart.yaml</param>
|
<param name="file">Chart.yaml</param>
|
||||||
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
|
||||||
<param name="var">IMG_PREFIX</param>
|
<param name="var">IMG_PREFIX</param>
|
||||||
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
|
|
||||||
<param name="var">CHART_MAJOR</param>
|
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 0.8.0
|
appVersion: 0.6.1
|
||||||
description: A Helm chart for baremetal-operator, used by Metal3
|
description: A Helm chart for baremetal-operator, used by Metal3
|
||||||
name: baremetal-operator
|
name: baremetal-operator
|
||||||
type: application
|
type: application
|
||||||
version: 0.6.0
|
version: 0.5.0
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user