suse-edge/Factory
SHA256
13
0
Fork 12
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: suse-edge:main
Branches Tags
suse-edge:main
suse-edge:devel
suse-edge:3.2
steven.hardy:arm_config
steven.hardy:turtles_3.2
steven.hardy:turtles_fix_3.2
steven.hardy:turtles_upgrade_fix
steven.hardy:cdi_fix
steven.hardy:kubevirt_chart
steven.hardy:sriov_update
steven.hardy:capm3_downgrade
steven.hardy:rm_capi_images
steven.hardy:kiwi_fix
steven.hardy:kiwi_builder
steven.hardy:metal3_chart_090
steven.hardy:turtles_013
steven.hardy:rm_old_ipa
steven.hardy:ipa-fix
steven.hardy:kube-rbac-proxy-fix2
steven.hardy:turtles_fix
steven.hardy:metal3_090
steven.hardy:metallb_rbac_proxy
steven.hardy:kube-rbac-proxy-fix
steven.hardy:kube_rbac_proxy
steven.hardy:main
steven.hardy:document-branch
steven.hardy:supportlvl-macro
steven.hardy:run-sync
..
compare: steven.hardy:supportlvl-macro
Branches Tags
steven.hardy:arm_config
steven.hardy:turtles_3.2
steven.hardy:turtles_fix_3.2
steven.hardy:turtles_upgrade_fix
steven.hardy:cdi_fix
steven.hardy:kubevirt_chart
steven.hardy:sriov_update
steven.hardy:capm3_downgrade
steven.hardy:rm_capi_images
steven.hardy:kiwi_fix
steven.hardy:kiwi_builder
steven.hardy:metal3_chart_090
steven.hardy:turtles_013
steven.hardy:rm_old_ipa
steven.hardy:ipa-fix
steven.hardy:kube-rbac-proxy-fix2
steven.hardy:turtles_fix
steven.hardy:metal3_090
steven.hardy:metallb_rbac_proxy
steven.hardy:kube-rbac-proxy-fix
steven.hardy:kube_rbac_proxy
steven.hardy:main
steven.hardy:document-branch
steven.hardy:supportlvl-macro
steven.hardy:run-sync
suse-edge:main
suse-edge:devel
suse-edge:3.2

1 Commits
main ... supportlvl

Author SHA256 Message Date
Denislav Prodanov
d1b19a4e03 added macro to set support level l3 2024-11-07 15:57:22 +02:00
342 changed files with 6574 additions and 23788 deletions
Show Stats Expand all files Collapse all files

62
.gitea/workflows/pr_project.yaml
View File

@ -1,62 +0,0 @@
name: Build PR in OBS
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- closed
branches-ignore:
- "devel"
concurrency:
group: ${{ gitea.workflow }}-${{ gitea.ref }}
cancel-in-progress: true
jobs:
sync-pr-project:
name: "Build PR in OBS"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
zypper in -y python3-jinja2
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: "[if PR is closed] Delete project in OBS"
run: |
if [ "${{ gitea.event.action }}" = "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
osc rdelete -f -r -m "PR closed" "${PROJECT}:Staging:PR-${{ gitea.event.number }}"
fi
- name: "Setup PR project in OBS"
env:
SCM_URL: ${{ gitea.event.pull_request.head.repo.clone_url }}#${{ gitea.head_ref }}
run: |
if [ "${{ gitea.event.action }}" != "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
python3 .obs/render_meta.py --pr ${{ gitea.event.number }} --scm-url "${SCM_URL}" | osc meta prj "${PROJECT}:Staging:PR-${{ gitea.event.number }}" -F -
echo "Project created ${PROJECT}:Staging:PR-${{ gitea.event.number }}"
echo "Follow build at: https://build.opensuse.org/project/monitor/${PROJECT}:Staging:PR-${{ gitea.event.number }}"
fi
- env:
GIT_SHA: ${{ gitea.event.pull_request.head.sha }}
name: "Wait for OBS to build the project"
run: |
if [ "${{ gitea.event.action }}" != "closed" ]; then
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
export OBS_PROJECT="${PROJECT}:Staging:PR-${{ gitea.event.number }}"
python3 .obs/wait_obs.py
fi

35
.gitea/workflows/sync_config.yaml
View File

@ -1,35 +0,0 @@
name: Synchronize Project Config
on:
push:
branches-ignore:
- "devel"
paths:
- "_config"
- ".gitea/workflows/sync_config.yaml"
jobs:
sync-prjconf:
name: "Update prjconf in OBS"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- run: |
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
if [ "$(osc meta prjconf "${PROJECT}" | sha256sum)" != "$(cat _config | sha256sum)" ] ; then
osc meta prjconf "${PROJECT}" -F _config
fi

45
.gitea/workflows/sync_meta.yaml
View File

@ -1,45 +0,0 @@
name: Synchronize Project Metadata
on:
push:
branches-ignore:
- "devel"
paths:
- "*" # Will trigger on new directories and changes to files in root of repository
- ".gitea/workflows/sync_meta.yaml"
- ".obs/common.py"
jobs:
sync-prj-meta:
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
zypper in -y python3-jinja2
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: "Update or create OBS Project"
run: |
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
set -o pipefail
if meta="$(osc meta prj "${PROJECT}" 2>/dev/null | sha256sum)"; then
new_meta="$(python3 .obs/render_meta.py)"
if [ "${meta}" != "$(echo "${new_meta}" | sha256sum)" ]; then
echo "${new_meta}" | osc meta prj "${PROJECT}" -F -
fi
python3 .obs/sync_packages.py
else
# Create the projects
bash .obs/create_projects.sh
fi

31
.gitea/workflows/trigger_devel.yaml
View File

@ -1,31 +0,0 @@
name: Trigger Devel Packages
on:
# NOTE (fdegir): Cron is set to run midday every weekday
schedule:
- cron: "0 12 * * 1-5
jobs:
sync-pr-project:
name: "Trigger source services for devel packages that changed"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py

28
.obs/add_package.py
View File

@ -1,4 +1,5 @@
#!/usr/bin/env python3
import yaml
import subprocess
import argparse
import os
@ -6,6 +7,30 @@ import os.path
from common import PROJECT, REPOSITORY, BRANCH
def add_package_to_workflow(name: str):
modified = False
with open(".obs/workflows.yml", "r") as wf_file:
workflows = yaml.safe_load(wf_file)
if not any(
x
for x in workflows["staging_build"]["steps"]
if x["branch_package"]["source_package"] == name
):
workflows["staging_build"]["steps"].append(
{
"branch_package": {
"source_project": PROJECT,
"target_project": f"{PROJECT}:Staging",
"source_package": name,
}
}
)
modified = True
if modified:
with open(".obs/workflows.yml", "w") as wf_file:
yaml.dump(workflows, wf_file)
def add_package_to_project(name: str):
package_meta = f"""<package name="{name}" project="{PROJECT}">
<title/>
@ -28,6 +53,7 @@ def add_package(package_name: str):
os.exit(1)
add_package_to_project(package_name)
add_package_to_workflow(package_name)
def main():
@ -39,7 +65,7 @@ def main():
add_package(args.package)
print("Package created in OBS !")
print("Package created in OBS, you can now push the modified workflow file")
if __name__ == '__main__':

37
.obs/create_projects.sh
View File

@ -1,37 +0,0 @@
#!/bin/bash
show_help() {
echo "Usage: $(basename $0) [--internal]"
echo "options:"
echo "-h, --help display this help and exit"
echo "-i, --internal create project as internal"
exit 0
}
while [[ "$#" -gt 0 ]]; do
case $1 in
-h|--help) show_help;;
-i|--internal) internal="--internal" ;;
*) echo "Unknown parameter passed: $1";show_help ;;
esac
shift
done
PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
EXTRA_OSC_ARGS=""
if [ -n "$internal" ]; then
PROJECT="ISV${PROJECT:3}"
EXTRA_OSC_ARGS="-A https://api.suse.de"
python3 .obs/render_meta.py ${internal} Snapshot | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:Snapshot" -F -
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:Snapshot" -F _config
fi
python3 .obs/render_meta.py ${internal} ToTest | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:ToTest" -F -
python3 .obs/render_meta.py ${internal} | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}" -F -
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:ToTest" -F _config
osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}" -F _config
if [ -z "$internal" ]; then
python3 .obs/sync_packages.py
fi

16
.obs/delete_package.py
View File

@ -1,4 +1,5 @@
#!/usr/bin/env python3
import yaml
import subprocess
import argparse
import os
@ -7,8 +8,20 @@ import os.path
from common import PROJECT
def delete_package_from_workflow(name: str):
with open(".obs/workflows.yml", "r") as wf_file:
workflows = yaml.safe_load(wf_file)
workflows["staging_build"]["steps"] = [
x
for x in workflows["staging_build"]["steps"]
if x["branch_package"]["source_package"] != name
]
with open(".obs/workflows.yml", "w") as wf_file:
yaml.dump(workflows, wf_file)
def delete_package_from_project(name: str):
p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
p = subprocess.run(["osc", "rdelete", PROJECT, name], stdout=subprocess.PIPE)
print(p.stdout)
print(p.stderr)
p.check_returncode()
@ -20,6 +33,7 @@ def delete_package(package_name: str):
os.exit(1)
delete_package_from_project(package_name)
delete_package_from_workflow(package_name)
def main():

63
.obs/render_meta.py
View File

@ -1,63 +0,0 @@
import argparse
from jinja2 import Template
from common import PROJECT
def render(base_project, subproject, internal, scm_url=None):
version = base_project.rsplit(':', 1)[-1]
context = {
"base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(),
"ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
}
if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest"
context["description"] = (
f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
"project currently going through the automated test layer"
)
if "Factory" in base_project or internal:
context["release_project"] = f"{base_project}:Snapshot"
elif subproject == "Snapshot":
context["project"] = f"{base_project}:Snapshot"
context["release_project"] = f"{base_project.rsplit(':', 1)[0]}:Containers"
context["for_release"] = True
context["description"] = (
f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
"project that passed automated test layer"
)
elif subproject == "":
context["project"] = base_project
context["release_project"] = f"{base_project}:ToTest"
else: # PR case direct python call
context["base_project"] = True
context["project"] = f"{base_project}:{subproject}"
if scm_url is not None:
context["scm_url"] = scm_url
with open("_meta") as meta:
template = Template(meta.read())
return template.render(context)
def main():
parser = argparse.ArgumentParser(
prog='ProgramName',
description='What the program does',
epilog='Text at the bottom of help')
parser.add_argument("subproject", default="", choices=["", "ToTest", "Snapshot"], nargs="?")
parser.add_argument("--internal", action="store_true")
parser.add_argument("--pr")
parser.add_argument("--scm-url")
args = parser.parse_args()
base_project = PROJECT.replace("isv", "ISV", 1) if args.internal else PROJECT
print(render(
base_project=base_project,
subproject=args.subproject if args.pr is None else f"Staging:PR-{args.pr}",
internal=args.internal,
scm_url=args.scm_url,
))
if __name__ == "__main__":
main()

2
.obs/sync_packages.py
View File

@ -9,7 +9,7 @@ from common import PROJECT
def get_obs_packages() -> Set[str]:
packages = subprocess.run(["osc", "ls", PROJECT], encoding='utf-8' , capture_output=True)
return { p for p in packages.stdout.splitlines() if ":" not in p }
return set(packages.stdout.splitlines())
def get_local_packages() -> Set[str]:
p = pathlib.Path('.')

83
.obs/wait_obs.py
View File

@ -1,83 +0,0 @@
import xml.etree.ElementTree as ET
import subprocess
import time
import os
import sys
from collections import Counter
def get_buildstatus(project: str) -> ET.Element:
for _ in range(5):
try:
output = subprocess.check_output(["osc", "pr", "--xml", project])
return ET.fromstring(output)
except subprocess.CalledProcessError:
continue
print("Failed to get buildstatus from OBS")
def do_wait(project:str, commit:str) -> ET.Element:
last_state = None
while True:
time.sleep(5)
status = get_buildstatus(project)
if last_state == status.get("state"):
continue
else:
last_state = status.get("state")
scminfo = { e.text for e in status.findall(".//scminfo") }
if len(scminfo) != 1 or scminfo.pop() != commit:
print("Waiting for OBS to sync with SCM")
continue
if not all([ e.get('state') == "published" and e.get('dirty') is None for e in status.findall("./result")]):
print("Waiting for OBS to finish building")
continue
return status
def print_results(status: ET.Element) -> bool:
results = {}
failed = []
for e in status.findall("./result"):
repo = results.get(e.get("repository"), {})
repo[e.get("arch")] = e
results[e.get("repository")] = repo
for repo in results.keys():
print(f"{repo}:")
depth=1
for arch in results[repo].keys():
counts = Counter()
if repo != "charts":
print(f"\t{arch}:")
depth=2
for package in results[repo][arch].findall("./status"):
if package.get("code") in ["excluded", "disabled"]:
continue
if package.get("code") in ["failed", "unresolvable", "broken"]:
details = package.findtext("details")
if details:
failed.append(f"{package.get('package')} ({arch}): {details}")
else:
failed.append(f"{package.get('package')} ({arch})")
counts[package.get("code")] += 1
for (code, count) in counts.items():
print("\t"*depth, f"{code}: {count}")
failed.sort()
if failed:
print("\nPackages failing: ")
for fail in failed:
print("\t", fail)
return len(failed)
def main():
project = os.environ.get("OBS_PROJECT")
sha = os.environ.get("GIT_SHA")
print(f"Waiting for OBS to build {project} for commit {sha}")
status = do_wait(project, sha)
sys.exit(print_results(status))
if __name__ == "__main__":
main()

196
.obs/workflows.yml Normal file
View File

@ -0,0 +1,196 @@
staging_build:
filters:
event: pull_request
steps:
- branch_package:
source_package: endpoint-copier-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: endpoint-copier-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: endpoint-copier-operator-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-agent-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-dashboard-extension-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-debug-echo-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-onvif-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-opcua-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-udev-discovery-handler-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: akri-webhook-configuration-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: obs-service-set_version
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cosign
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: frr-k8s
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubectl
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: nm-configurator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kube-rbac-proxy
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: edge-image-builder
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: hauler
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: baremetal-operator
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cdi-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-metal3-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-crd-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: edge-image-builder-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ironic-ipa-downloader-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2-controlplane-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: upgrade-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metal3-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: baremetal-operator-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: cluster-api-provider-rke2-bootstrap-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: sriov-network-operator-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-controller-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ip-address-manager-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: metallb-speaker-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: ironic-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging

22
README.md
View File

@ -5,23 +5,11 @@ Contains the definition of the packages built on OBS for the SUSE Edge Solution
This repository is linked to an OBS project: <https://build.opensuse.org/project/show/isv:SUSE:Edge:Factory>
Every directory in this repository represents a package in that OBS project, those should be synced automatically from this repository.
## Testing a fork or a development branch
## Adding a package
You can create a project in your home space in OBS, use the same prjconf as the one of "isv:SUSE:Edge:Factory", and copy the repositories part of the metadata (adjust self references).
Then add a scmsync stanza to your metadata like this (adjust repository path and branch):
To add a package, first create a directory with your package as you intend it in OBS.
```xml
<scmsync>https://src.opensuse.org/suse-edge/Factory#main</scmsync>
```
Then run the `.obs/add_package.py` script to create the package in the OBS project and add the required elements to the synchronization workflow.
This script is using the `osc` command behind the scenes, so ensure you have it installed and correctly configured, as well as you have the correct permissions to create a new package in the project.
This is done automatically for any PR filed against this repository.
## Cutting a release version branch
1. Do the appropriate git branch command
2. Change the project path in `.obs/common.py` file (e.g. from `isv:SUSE:Edge:Factory` to `isv:SUSE:Edge:3.2`)
3. Change the branch reference in `.obs/common.py` file (e.g. from `main` to `3.2`)
5. Commit those changes to the new branch and push the new branch
9. Go take a few cups of coffee/tea/mate/... while waiting for OBS to build everything
10. Once built do an `osc release` of the project for it to be copied over in the `ToTest` section
11. Hand over to QA to test whatever is in `ToTest`. (You can continue to work on the base branch if needed meanwhile)
You will then get asked to push your changes.

173
_config
View File

@ -1,173 +0,0 @@
Prefer: -libqpid-proton10 -python311-urllib3_1
Macros:
%__python3 /usr/bin/python3.11
%registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
:Macros
%if "%{sub %{lower %_project} 1 14}" != "isv:suse:edge:" || "%{sub %_project 15 21}" == "Factory"
# Here we are in Factory like project so set chart major version to 999
Macros:
%chart_major 999
:Macros
%else
# Here we are in version branch, so set the image prefix and chart major accordingly
Macros:
%project_branch %(echo %{_project} | cut -d ':' -f 4)
%img_prefix %{project_branch}/
%chart_major %(echo %{project_branch} | awk '{split($1,a,"."); print a[1]*100 + a[2]}')
:Macros
%endif
%if %{sub %_project 1 3} == ISV
Macros:
%img_repo registry.suse.com/edge
%chart_repo oci://registry.suse.com/edge
%chart_prefix charts/
%manifest_repo registry.suse.com/edge
%support_level l3
:Macros
%else
Macros:
%img_repo registry.opensuse.org/isv/suse/edge/containers/images
%manifest_repo registry.opensuse.org/isv/suse/edge/containers/images
%chart_repo oci://registry.opensuse.org/isv/suse/edge/containers/charts
%support_level techpreview
:Macros
%endif
%if "%_repository" == "charts" || "%_repository" == "test_manifest_images"
Macros:
%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_prefix %(echo "")
:Macros
%endif
# Missing deps for testsuite
BuildFlags: excludebuild:autoconf:el
BuildFlags: excludebuild:autoconf:testsuite
# Only build manifest embedding images here
%if "%_repository" == "test_manifest_images"
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:release-manifest-image
# Exclude the images selected by the following section
# as the standard repository is a dependency
%ifarch aarch64
BuildFlags: excludebuild:baremetal-operator-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kubectl-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
%endif
%else
# Only a subset of stack is arm64 ready
%ifarch aarch64
BuildFlags: onlybuild:autoconf
BuildFlags: onlybuild:baremetal-operator
BuildFlags: onlybuild:baremetal-operator-image
BuildFlags: onlybuild:ca-certificates-suse
BuildFlags: onlybuild:container-build-checks
BuildFlags: onlybuild:crudini
BuildFlags: onlybuild:edge-build-checks
BuildFlags: onlybuild:edge-image-builder
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:endpoint-copier-operator
BuildFlags: onlybuild:endpoint-copier-operator-image
BuildFlags: onlybuild:fakeroot
BuildFlags: onlybuild:hauler
BuildFlags: onlybuild:ipcalc
BuildFlags: onlybuild:ironic-image
BuildFlags: onlybuild:ironic-ipa-downloader-image
BuildFlags: onlybuild:ironic-ipa-ramdisk
BuildFlags: onlybuild:kubectl
BuildFlags: onlybuild:kubectl-image
BuildFlags: onlybuild:kube-rbac-proxy
BuildFlags: onlybuild:kube-rbac-proxy-image
BuildFlags: onlybuild:metallb
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif
%endif
%if "%_repository" == "images" || "%_repository" == "test_manifest_images"
Prefer: container:sles15-image
Type: docker
Repotype: none
Patterntype: none
BuildEngine: podman
Prefer: sles-release
BuildFlags: dockerarg:SLE_VERSION=15.6
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
# skopeo and umoci are used by build scripts to list packages
Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
%endif
%if "%_repository" == "images_16.0"
Prefer: container:sles15-image
Type: docker
BuildEngine: podman
Repotype: none
Patterntype: none
BuildFlags: dockerarg:SLE_VERSION=16.0
BuildFlags: onlybuild:kiwi-builder-image
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
# Exclude the images selected by the aarch64 section
%ifarch aarch64
BuildFlags: excludebuild:baremetal-operator-image
BuildFlags: excludebuild:edge-image-builder-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kubectl-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
%endif
%else
BuildFlags: excludebuild:kiwi-builder-image
%endif
%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
Type: helm
Repotype: helm
Patterntype: none
Required: perl-YAML-LibYAML
# include edge-build-checks here
Support: edge-build-checks
%endif
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif
# Enable reproducible builds
# https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
Macros:
%source_date_epoch_from_changelog Y
%clamp_mtime_to_source_date_epoch Y
%use_source_date_epoch_as_buildtime Y
%_buildhost reproducible
:Macros

75
_meta
View File

@ -1,75 +0,0 @@
{#-
This template is rendered by the render_meta.py script
it is not automatically enforced by OBS
-#}
{%- set maintainers = [
"edge-engineering",
] -%}
<project name="{{ project }}">
<title>{{ title }}</title>
{%- if description is defined %}
<description>{{ description }}</description>
{%- else %}
<description/>
{%- endif %}
{%- if scm_url is defined %}
<scmsync>{{ scm_url }}</scmsync>
{%- endif %}
{%- for maintainer in maintainers %}
<person userid="{{ maintainer }}" role="maintainer"/>
{%- endfor %}
{%- if not base_project %}
<build>
<disable/>
<enable repository="charts"/>
<enable repository="test_manifest_images"/>
</build>
<publish>
<disable repository="phantomcharts"/>
</publish>
<repository name="phantomcharts">
<arch>x86_64</arch>
</repository>
{%- endif %}
{%- for repository in ["images", "images_16.0", "test_manifest_images"] %}
<repository name="{{ repository }}">
{%- if release_project is defined and repository != "test_manifest_images" %}
<releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
{%- endif %}
<path project="SUSE:Registry" repository="standard"/>
{%- if repository == "images_16.0" %}
<path project="SUSE:CA" repository="16.0"/>
<path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
<path project="SUSE:SLFO:Main:Build" repository="standard"/>
{%- else %}
<path project="SUSE:CA" repository="SLE_15_SP6"/>
<path project="{{ project }}" repository="standard"/>
{%- endif %}
<arch>x86_64</arch>
<arch>aarch64</arch>
</repository>
{%- endfor %}
<repository name="standard" block="local">
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %}
<path project="{{ ironic_base }}:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch>
<arch>aarch64</arch>
</repository>
<repository name="charts"{{ ' rebuild="local"' if not base_project }}>
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="phantomcharts" trigger="manual"/>
{%- endif %}
<path project="{{ project }}" repository="standard"/>
<arch>x86_64</arch>
</repository>
{%- if for_release %}
<repository name="releasecharts" rebuild="local">
<releasetarget project="{{ release_project }}" repository="charts" trigger="manual"/>
<path project="{{ project }}" repository="standard"/>
<arch>x86_64</arch>
</repository>
{%- endif %}
</project>

6
akri-chart/Chart.yaml
View File

@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20
#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20
#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20-%RELEASE%
annotations:
catalog.cattle.io/display-name: Akri
apiVersion: v2
@ -8,4 +8,4 @@ description: A Helm chart for Akri
icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
name: akri
type: application
version: "%%CHART_MAJOR%%.0.0+up0.12.20"
version: 0.12.20

6
akri-chart/_service
View File

@ -9,9 +9,7 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
</services>

2
akri-chart/values.yaml
View File

@ -853,7 +853,7 @@ webhookConfiguration:
pullPolicy: Always
certImage:
# reference is the webhook-certgen image reference
reference: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen
reference: registry.k8s.io/ingress-nginx/kube-webhook-certgen
# tag is the webhook-certgen image tag
tag: v1.1.1
# pullPolicy is the webhook-certgen pull policy

20
akri-dashboard-extension-chart/Chart.yaml
View File

@ -1,22 +1,20 @@
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Akri
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: '>= v2.9.0'
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/ui-extensions-version: '>= 2.0.1'
apiVersion: v2
appVersion: 303.0.1+up1.3.0
appVersion: 1.1.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.1+up1.3.0"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
version: 1.1.0

6
akri-dashboard-extension-chart/_service
View File

@ -9,9 +9,7 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
</services>

2
akri-dashboard-extension-chart/templates/_helpers.tpl
View File

@ -38,7 +38,7 @@ Common labels
helm.sh/chart: {{ include "extension-server.chart" . }}
{{ include "extension-server.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

2
akri-dashboard-extension-chart/templates/cr.yaml
View File

@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

4
akri-dashboard-extension-chart/values.yaml
View File

@ -7,6 +7,6 @@ plugin:
noAuth: false
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/rancher-version: ">= v2.9.0"
catalog.cattle.io/ui-extensions-version: ">= 2.0.1"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

4
akri/_service
View File

@ -10,9 +10,7 @@
<service name="cargo_vendor" mode="manual">
<param name="srcdir">akri</param>
</service>
<service name="tar" mode="buildtime">
<param name="obsinfo">akri.obsinfo</param>
</service>
<service name="tar" mode="buildtime" />
<service name="set_version" mode="buildtime" >
<param name="fromfile">version.txt</param>
<param name="regex">^(.*)$</param>

10
baremetal-operator/_service
View File

@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/baremetal-operator</param>
<param name="scm">git</param>
<param name="revision">v0.9.1</param>
<param name="revision">v0.6.1</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
@ -12,8 +12,10 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">baremetal-operator.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
@ -21,7 +23,7 @@
<param name="file">baremetal-operator.spec</param>
<param name="var">SOURCE_COMMIT</param>
<param name="eval">
SOURCE_COMMIT=$(grep commit baremetal-operator.obsinfo | cut -d" " -f2)
SOURCE_COMMIT=$(grep commit *.obsinfo | cut -d" " -f2)
</param>
<param name="verbose">1</param>
</service>

8
baremetal-operator/baremetal-operator.spec
View File

@ -17,14 +17,14 @@
Name: baremetal-operator
Version: 0.9.1
Release: 0
Version: 0.6.1
Release: 0.6.1
Summary: Implements a Kubernetes API for managing bare metal hosts
License: Apache-2.0
URL: https://github.com/metal3-io/baremetal-operator
Source: baremetal-operator-%{version}.tar
Source: baremetal-operator-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.23
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}

8
cdi-chart/Chart.yaml
View File

@ -1,9 +1,9 @@
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0
#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0-%RELEASE%
apiVersion: v2
appVersion: 1.61.0
appVersion: 1.60.1
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
version: 0.4.0

6
cdi-chart/_service
View File

@ -2,9 +2,7 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
</services>

2
cdi-chart/crds/cdi.yaml
View File

@ -5079,4 +5079,4 @@ spec:
type: object
served: true
storage: true
subresources: {}
subresources: {}

2
cdi-chart/templates/NOTES.txt
View File

@ -1,2 +1,2 @@
Verify that all CDI components are installed correctly:
kubectl get all -n {{ .Release.Namespace }}
kubectl get all -n {{ .Release.Namespace }}

2
cdi-chart/templates/_helpers.tpl
View File

@ -59,4 +59,4 @@ Create the name of the service account to use
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- end }}

2
cdi-chart/templates/_hooks.tpl
View File

@ -44,4 +44,4 @@
{{/* CRD uninstalling hook name */}}
{{- define "cdi.crdUninstallHook.name" -}}
{{ include "cdi.fullname" . }}-crd-uninstall
{{- end }}
{{- end }}

20
cdi-chart/templates/cdi-operator.yaml
View File

@ -606,7 +606,17 @@ spec:
prometheus.cdi.kubevirt.io: "true"
spec:
affinity:
{{- .Values.deployment.affinity | toYaml | nindent 8 }}
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: DEPLOY_CLUSTER_RESOURCES
@ -640,7 +650,9 @@ spec:
name: metrics
protocol: TCP
resources:
{{- .Values.deployment.resources | toYaml | nindent 12 }}
requests:
cpu: 100m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -649,8 +661,6 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
kubernetes.io/os: linux
securityContext:
@ -658,4 +668,4 @@ spec:
serviceAccountName: cdi-operator
tolerations:
- key: CriticalAddonsOnly
operator: Exists
operator: Exists

2
cdi-chart/templates/cdi-uninstall-hooks.yaml
View File

@ -66,4 +66,4 @@ spec:
- deployments/cdi-apiserver
- deployments/cdi-deployment
- deployments/cdi-uploadproxy
- --timeout=60s
- --timeout=60s

2
cdi-chart/templates/cdi.yaml
View File

@ -18,4 +18,4 @@ spec:
{{- with .Values.cdi.workload }}
workload:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
cdi-chart/templates/crd-uninstall-hooks.yaml
View File

@ -52,4 +52,4 @@ spec:
- customresourcedefinitions
- cdis.cdi.kubevirt.io
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
{{- toYaml .Values.hookSecurityContext | nindent 12 }}

2
cdi-chart/templates/crd-upgrade-hooks.yaml
View File

@ -77,4 +77,4 @@ spec:
name: cdi-crd-manifest
items:
- key: crd
path: crd.yaml
path: crd.yaml

2
cdi-chart/templates/namespace-hooks.yaml
View File

@ -53,4 +53,4 @@ spec:
- label
- namespace
- {{ .Release.Namespace }}
- cdi.kubevirt.io=
- cdi.kubevirt.io=

22
cdi-chart/values.yaml
View File

@ -1,5 +1,5 @@
deployment:
version: 1.61.0-150600.3.12.1
version: 1.60.1-150600.3.9.1
operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@ -8,22 +8,6 @@ deployment:
uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
pullPolicy: IfNotPresent
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 100m
memory: 150Mi
cdi:
config:
@ -41,7 +25,7 @@ cdi:
nodeSelector:
kubernetes.io/os: linux
hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
hookImage: rancher/kubectl:v1.30.2
hookRestartPolicy: OnFailure
hookSecurityContext:
seccompProfile:
@ -51,4 +35,4 @@ hookSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL

23
frr-k8s-image/Dockerfile → cluster-api-controller-image/Dockerfile
View File

@ -1,25 +1,26 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:v%%cluster-api_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends frr-k8s; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.endpoint-copier-operator
# labelprefix=com.suse.application.cluster-api
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE frr-k8s Container Image"
LABEL org.opencontainers.image.description="frr-k8s based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%frr-k8s_version%%"
LABEL org.opencontainers.image.title="SLE cluster-api Container Image"
LABEL org.opencontainers.image.description="cluster-api based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@ -28,6 +29,8 @@ LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
#Install frr-k8s
COPY --from=base /installroot /
ENTRYPOINT ["/frr-k8s"]
RUN mv /usr/bin/cluster-api-controller /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

4
frr-k8s-image/_service → cluster-api-controller-image/_service
View File

@ -3,8 +3,8 @@
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%frr-k8s_version%%</param>
<param name="package">frr-k8s</param>
<param name="regex">%%cluster-api_version%%</param>
<param name="package">cluster-api</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">

24
kube-rbac-proxy-image/Dockerfile → cluster-api-operator-image/Dockerfile
View File

@ -1,25 +1,25 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%
#!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends kube-rbac-proxy; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-operator shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.kube-rbac-proxy
# labelprefix=com.suse.application.cluster-api-operator
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE kube-rbac-proxy Container Image"
LABEL org.opencontainers.image.description="kube-rbac-proxy based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%kube-rbac-proxy_version%%"
LABEL org.opencontainers.image.title="SLE cluster-api-operator Container Image"
LABEL org.opencontainers.image.description="cluster-api-operator based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-operator_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@ -29,7 +29,7 @@ LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
#Install kube-rbac-proxy
EXPOSE 8080
USER 65532:65532
ENTRYPOINT ["/kube-rbac-proxy"]
RUN mv /usr/bin/cluster-api-operator-controller /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

6
frr-image/_service → cluster-api-operator-image/_service
View File

@ -1,6 +1,12 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-operator_version%%</param>
<param name="package">cluster-api-operator</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

23
cluster-api-operator/_service Normal file
View File

@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/cluster-api-operator</param>
<param name="scm">git</param>
<param name="revision">v0.12.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

52
cluster-api-operator/cluster-api-operator.spec Normal file
View File

@ -0,0 +1,52 @@
#
# spec file for package cluster-api-operator
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-operator
Version: 0.12.0
Release: 0
Summary: Cluster API Core Controller
License: Apache-2.0
URL: https://github.com/kubernetes-sigs/cluster-api-operator
Source: cluster-api-operator-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API operator
%prep
%autosetup -a1 -n cluster-api-operator-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
-o cluster-api-operator cmd/main.go
%install
install -D -m0755 cluster-api-operator %{buildroot}%{_bindir}/cluster-api-operator-controller
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-operator-controller
%changelog

36
cluster-api-provider-metal3-image/Dockerfile Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-metal3
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/cluster-api-provider-metal3 /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

7
kubectl-image/_service → cluster-api-provider-metal3-image/_service
View File

@ -1,5 +1,12 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-metal3_version%%</param>
<param name="package">cluster-api-provider-metal3</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

23
cluster-api-provider-metal3/_service Normal file
View File

@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
<param name="scm">git</param>
<param name="revision">v1.8.2</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

54
cluster-api-provider-metal3/cluster-api-provider-metal3.spec Normal file
View File

@ -0,0 +1,54 @@
#
# spec file for package cluster-api-provider-metal3
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-provider-metal3
Version: 1.8.2
Release: 0
Summary: Cluster API Infrastructure Provider for Metal3
License: Apache-2.0
URL: https://github.com/metal3-io/cluster-api-provider-metal3
Source: cluster-api-provider-metal3-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API Provider Metal3 is one of the providers for Cluster API and enables
users to deploy a Cluster API based cluster on top of bare metal infrastructure
using Metal3.
%prep
%autosetup -a1 -n cluster-api-provider-metal3-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
-a -ldflags '-extldflags "-static"'
%install
install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-provider-metal3
%changelog

36
cluster-api-provider-rke2-bootstrap-image/Dockerfile Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:v%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-bootstrap shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-rke2
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/rke2-bootstrap-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

19
cluster-api-provider-rke2-bootstrap-image/_service Normal file
View File

@ -0,0 +1,19 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
<param name="package">cluster-api-provider-rke2-bootstrap</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

36
cluster-api-provider-rke2-controlplane-image/Dockerfile Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:v%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%
#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-control-plane shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.cluster-api-provider-rke2
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/rke2-control-plane-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

19
cluster-api-provider-rke2-controlplane-image/_service Normal file
View File

@ -0,0 +1,19 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%cluster-api-provider-rke2_version%%</param>
<param name="package">cluster-api-provider-rke2-control-plane</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

23
cluster-api-provider-rke2/_service Normal file
View File

@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/rancher-sandbox/cluster-api-provider-rke2</param>
<param name="scm">git</param>
<param name="revision">v0.8.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

61
cluster-api-provider-rke2/cluster-api-provider-rke2.spec Normal file
View File

@ -0,0 +1,61 @@
#
# spec file for package cluster-api-provider-rke2
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api-provider-rke2
Version: 0.8.0
Release: 0
Summary: Cluster API provider for RKE2
License: Apache-2.0
URL: https://github.com/rancher-sandbox/cluster-api-provider-rke2
Source: cluster-api-provider-rke2-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API provider for RKE2
%package bootstrap
Summary: Cluster API bootstrap controller for RKE2
%description bootstrap
Cluster API bootstrap controller for RKE2
%package control-plane
Summary: Cluster API control-plane controller for RKE2
%description control-plane
Cluster API control-plane controller for RKE2
%prep
%autosetup -a1 -n cluster-api-provider-rke2-%{version}
%build
make managers
%install
install -D -m0755 bin/rke2-bootstrap-manager %{buildroot}%{_bindir}/rke2-bootstrap-manager
install -D -m0755 bin/rke2-control-plane-manager %{buildroot}%{_bindir}/rke2-control-plane-manager
%files bootstrap
%{_bindir}/rke2-bootstrap-manager
%files control-plane
%{_bindir}/rke2-control-plane-manager
%changelog

23
cluster-api/_service Normal file
View File

@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/cluster-api</param>
<param name="scm">git</param>
<param name="revision">v1.8.4</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

51
cluster-api/cluster-api.spec Normal file
View File

@ -0,0 +1,51 @@
#
# spec file for package cluster-api
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cluster-api
Version: 1.8.4
Release: 0
Summary: Cluster API Core Controller
License: Apache-2.0
URL: https://github.com/kubernetes-sigs/cluster-api
Source: cluster-api-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Cluster API core controller
%prep
%autosetup -a1 -n cluster-api-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
%install
install -D -m0755 cluster-api %{buildroot}%{_bindir}/cluster-api-controller
%files
%license LICENSE
%doc README.md
%{_bindir}/cluster-api-controller
%changelog

23
container-build-checks/.gitattributes vendored
View File

@ -1,23 +0,0 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

39
container-build-checks/0001-Allow-slash-prefixes-in-registry.patch
View File

@ -1,39 +0,0 @@
From 982cfa8500250c9704448880a779ade06cc8f976 Mon Sep 17 00:00:00 2001
From: Nicolas Belouin <nicolas.belouin@suse.com>
Date: Thu, 3 Apr 2025 16:53:49 +0200
Subject: [PATCH] Allow slash prefixes in registry
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
---
container-build-checks.py | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/container-build-checks.py b/container-build-checks.py
index b8c873c..d862f33 100755
--- a/container-build-checks.py
+++ b/container-build-checks.py
@@ -82,13 +82,17 @@ def verify_reference(image, result, value):
return
(registry, repo, tag) = reference_match.groups()
- allowed_registries: list[str] = config["General"].getlist("Registry")
- if len(allowed_registries) and registry not in allowed_registries:
+ raw_allowed_registries: list[str] = config["General"].getlist("Registry")
+ allowed_registries: dict[str, str] = {v[0]: v[2] for v in map(lambda a: a.partition("/"), raw_allowed_registries)}
+
+ if len(allowed_registries) and (registry not in allowed_registries.keys() or not repo.startswith(allowed_registries[registry])):
result.warn(
f"The org.opensuse.reference label ({value}) does not use an "
- f"allowed registry: {','.join(allowed_registries)}")
+ f"allowed registry: {','.join(raw_allowed_registries)}")
+
+ prefix = allowed_registries[registry]
- if f"{repo}:{tag}" not in image.containerinfo["tags"]:
+ if f"{repo[len(prefix)+1:]}:{tag}" not in image.containerinfo["tags"]:
tags = ", ".join(image.containerinfo["tags"])
result.warn(f"The org.opensuse.reference label ({value}) does not refer to an existing tag ({tags})")
elif "release" in image.containerinfo and image.containerinfo["release"] not in tag:
--
2.49.0

4
container-build-checks/SUSE.conf
View File

@ -1,4 +0,0 @@
[General]
Vendor=com.suse
Registry=registry.suse.com
Registry+=dp.apps.rancher.io

15
container-build-checks/_service
View File

@ -1,15 +0,0 @@
<services>
<service mode="manual" name="obs_scm">
<param name="url">https://github.com/openSUSE/container-build-checks.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="manual" name="set_version" />
<service mode="buildtime" name="tar">
<param name="obsinfo">container-build-checks.obsinfo</param>
</service>
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
</services>

4
container-build-checks/_servicedata
View File

@ -1,4 +0,0 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/openSUSE/container-build-checks.git</param>
<param name="changesrevision">412e7f60c08221a549b0f00dfcc4bee7694193ab</param></service></servicedata>

BIN
container-build-checks/container-build-checks-1723452932.412e7f6.obscpio (Stored with Git LFS)
View File

Binary file not shown.

101
container-build-checks/container-build-checks.changes
View File

@ -1,101 +0,0 @@
-------------------------------------------------------------------
Mon Aug 12 11:33:57 UTC 2024 - Fabian Vogt <fvogt@suse.com>
- Update to version 1723452932.412e7f6:
* add test for missing substitutions
* Reject labels that are missing a substitution
-------------------------------------------------------------------
Mon Jul 22 13:43:57 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update SUSE.conf: allow dp.rancher.apps.io
-------------------------------------------------------------------
Mon Jul 22 13:08:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>
- Switch _service to mode="manual"
- Update to version 1721653643.19092fe:
* Use generic name for the python setup step
* Allow specifying more than one registry
* Use Pathlib for resolving containerinfo
* Switch to test Python 3.11
-------------------------------------------------------------------
Fri Apr 28 09:23:53 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Update to version 1682595397.5ce6d2f:
* Handle OCI style images as well
* Makefile: Add missing dependency of broken-derived on proper-base
* GitHub workflow: Update action versions
* GitHub workflow: Test python 3.6 and 3.10
-------------------------------------------------------------------
Mon Aug 8 11:37:19 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Make the URL point to GitHub
-------------------------------------------------------------------
Thu Jul 7 13:42:05 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- openSUSE.conf: Allow bci/* as prefix
-------------------------------------------------------------------
Wed Apr 20 14:26:26 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Update to version 1650464301.a198cf9:
* Detect and treat local builds specially
-------------------------------------------------------------------
Mon Mar 7 09:23:46 UTC 2022 - Silvio Moioli <moio@suse.com>
- Adding Uyuni prefix for https://www.uyuni-project.org/
-------------------------------------------------------------------
Thu Feb 03 07:44:23 UTC 2022 - fvogt@suse.com
- Update to version 1643874076.3d0e13c:
* Avoid crash on local builds
-------------------------------------------------------------------
Tue Dec 14 13:49:12 UTC 2021 - fvogt@suse.com
- Update to version 1639489705.a4c5a3ab2a75:
* Don't error out when the release field is empty
* Add simple gitpod configuration
-------------------------------------------------------------------
Tue Jun 1 09:06:12 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Drop obsolete Requires: grep jq
-------------------------------------------------------------------
Fri May 28 13:57:34 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622209785.4616f4f:
* README.md: Point badge to new location
-------------------------------------------------------------------
Fri May 28 12:47:42 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622204213.c8ecb9f:
* Add options to allow and block specific tags
-------------------------------------------------------------------
Thu May 27 15:09:59 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622127842.b548dd8:
* Update README.md
* Add README.md
* Add broken-derived test
* Verify prefix of the image specific label prefix
* Add some comments in the Makefile
* Always check the tag used in org.opensuse.reference
* Add github workflow
* Use bash explicitly
* Make lint
* Less noise in Makefile
-------------------------------------------------------------------
Fri Apr 30 10:04:09 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Initial commit

4
container-build-checks/container-build-checks.obsinfo
View File

@ -1,4 +0,0 @@
name: container-build-checks
version: 1723452932.412e7f6
mtime: 1723452932
commit: 412e7f60c08221a549b0f00dfcc4bee7694193ab

95
container-build-checks/container-build-checks.spec
View File

@ -1,95 +0,0 @@
#
# spec file for package container-build-checks
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: container-build-checks
Version: 1723452932.412e7f6
Release: 0
Summary: Scripts to validate built container images
License: GPL-2.0-or-later
Group: Development/Tools/Building
URL: https://github.com/openSUSE/container-build-checks
Patch0: 0001-Allow-slash-prefixes-in-registry.patch
Source0: %{name}-%{version}.tar.xz
Source1: openSUSE.conf
Source2: SUSE.conf
Requires: %{name}-vendor
BuildArch: noarch
%package vendor-openSUSE
Summary: openSUSE configuration for %{name}
Group: Development/Tools/Building
Requires: %{name} = %{version}
Provides: %{name}-vendor
Conflicts: %{name}-vendor
%description vendor-openSUSE
openSUSE configuration for %{name}
%package vendor-SUSE
Summary: SUSE configuration for %{name}
Group: Development/Tools/Building
Requires: %{name} = %{version}
Provides: %{name}-vendor
Conflicts: %{name}-vendor
%description vendor-SUSE
SUSE configuration for %{name}
%package strict
Summary: Strict configuration for %{name}
Group: Development/Tools/Building
%description strict
Strict configuration for %{name}
%description
This tool checks that built container images conform to the openSUSE container
image policies (https://en.opensuse.org/Building_derived_containers).
%prep
%autosetup -p1
%build
%make_build
%install
%make_install
mkdir -p %{buildroot}%{_datadir}/container-build-checks/
install -m0644 %{SOURCE1} %{buildroot}%{_datadir}/container-build-checks/openSUSE.conf
install -m0644 %{SOURCE2} %{buildroot}%{_datadir}/container-build-checks/SUSE.conf
echo -e "[General]\nFatalWarnings=true" > %{buildroot}%{_datadir}/container-build-checks/strict.conf
%files
#%doc README
%license LICENSE
%dir %{_datadir}/container-build-checks
%dir %{_prefix}/lib/build/
%dir %{_prefix}/lib/build/post-build-checks/
%{_prefix}/lib/build/post-build-checks/container-build-checks
%files vendor-openSUSE
%{_datadir}/container-build-checks/openSUSE.conf
%files vendor-SUSE
%{_datadir}/container-build-checks/SUSE.conf
%files strict
%{_datadir}/container-build-checks/strict.conf
%changelog

10
container-build-checks/openSUSE.conf
View File

@ -1,10 +0,0 @@
[General]
Vendor=org.opensuse
Registry=registry.opensuse.org
[Tags]
# To avoid conflicts with other stuff on the registry and
# avoid ambiguities with images on other registries.
Allowed+=opensuse/*,kubic/*,kubevirt/*,uyuni/*,bci/*
# Those are images, not available as namespaces
Blocked+=opensuse/tumbleweed/*,opensuse/leap/*

20
cosign/_service Normal file
View File

@ -0,0 +1,20 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/rancher-government-carbide/cosign.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.get</param>
<param name="revision">v2.2.3+carbide.2</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">
<param name="compression">gz</param>
</service>
</services>

55
cosign/cosign.spec Normal file
View File

@ -0,0 +1,55 @@
#
# spec file for package cosign-rgs
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define project https://github.com/hauler-dev/cosign
%define revision 49542360ffb5de63f9d2f5856b658651d5538e40
Name: cosign
Version: 0
Release: 0
Summary: Container Signing, Verification and Storage in an OCI registry
License: Apache-2.0
URL: https://github.com/rancher-government-carbide/cosign
Source: cosign-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang-packaging
%description
%prep
%setup -q -a1 -n cosign-%{version}
%build
%goprep %{project}
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
CLI_PKG=sigs.k8s.io/release-utils/version
CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}"
CGO_ENABLED=0 go build -mod=vendor -buildmode=pie -trimpath -ldflags "${CLI_LDFLAGS}" -o cosign ./cmd/cosign
%install
install -D -m 0755 cosign %{buildroot}%{_bindir}/cosign
%files
%license LICENSE
%doc *.md
%{_bindir}/cosign
%changelog

12
edge-build-checks/10-helm-lint
View File

@ -1,12 +0,0 @@
#!/bin/bash
HELM="/usr/bin/helm"
TOPDIR=/usr/src/packages/HELM
failed=0
if [ -x $HELM ]; then
$HELM lint "$TOPDIR"/*.tgz
failed=$?
fi
exit $failed

158
edge-build-checks/20-helm-images
View File

@ -1,158 +0,0 @@
#!/usr/bin/python3
import os
import glob
import subprocess
import yaml
import sys
import pprint
AUTHORIZED_REPOS = [
"registry.suse.com/suse/sles/",
"registry.rancher.com",
]
EXTRA_CONFIG = None
class CheckResult:
"""Class to track count of issues"""
def __init__(self):
self.hints = 0
self.warnings = 0
self.errors = 0
def hint(self, msg):
print(f"Hint: {msg}")
self.hints += 1
def warn(self, msg):
print(f"Warning: {msg}")
self.warnings += 1
def error(self, msg):
print(f"Error: {msg}")
self.errors += 1
def tarballs():
"""Return a list of .helminfo files to check."""
if "BUILD_ROOT" not in os.environ:
# Not running in an OBS build container
return glob.glob("*.tgz")
# Running in an OBS build container
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
if os.path.isdir(buildroot + "/.build.packages"):
topdir = "/.build.packages"
if os.path.islink(buildroot + "/.build.packages"):
topdir = "/" + os.readlink(buildroot + "/.build.packages")
return glob.glob(f"{buildroot}{topdir}/HELM/*.tgz")
def get_extra_config():
global EXTRA_CONFIG
if EXTRA_CONFIG is not None:
return EXTRA_CONFIG
if "BUILD_ROOT" not in os.environ:
file_path = "./.checks_helm.yaml"
else:
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
file_path = f"{buildroot}{topdir}/SOURCES/.checks_helm.yaml"
try:
with open(file_path) as config_file:
EXTRA_CONFIG = yaml.safe_load(config_file)
if EXTRA_CONFIG is None: # No document in stream
EXTRA_CONFIG = {}
except OSError:
EXTRA_CONFIG = {}
return EXTRA_CONFIG
def get_extra_params():
config = get_extra_config()
args = []
for api in config.get('extra_apis', []):
args.extend(['-a', api])
return args
def is_exception(image):
config = get_extra_config()
exceptions = config.get('image_exceptions', [])
(namespace, _, _) = image.partition(':')
return namespace in exceptions
def get_template(tarball_path):
raw_templates = subprocess.check_output(
[
"helm",
"template",
tarball_path,
] + get_extra_params()
).decode()
return yaml.safe_load_all(raw_templates)
def extract_key(key, var):
if hasattr(var, "items"): # hasattr(var,'items') for python 3
for k, v in var.items(): # var.items() for python 3
if k == key:
yield v
if isinstance(v, dict):
for result in extract_key(key, v):
yield result
elif isinstance(v, list):
for d in v:
for result in extract_key(key, d):
yield result
def check_template(result, template):
if template["kind"] not in [
"Pod",
"Deployment",
"StatefulSet",
"DaemonSet",
"ReplicaSet",
"Job",
"CronJob",
]:
return
for image in extract_key("image", template):
if not image.startswith(tuple(AUTHORIZED_REPOS)) and not is_exception(image):
result.error(f"{image} is not from authorized source")
pass
def main():
result = CheckResult()
img_repo = subprocess.check_output(
[
"rpm",
"--macros=/root/.rpmmacros",
"-E",
"%{?img_repo}",
]
).strip()
if img_repo:
result.hint(f"Adding '{img_repo.decode()}' to authorized repo")
AUTHORIZED_REPOS.append(img_repo.decode())
else:
result.warn("img_repo macro not defined, will not add extra authorized repo")
for tarball in tarballs():
print(f"Looking at {tarball}")
for template in get_template(tarball):
if template: # Exclude empty templates
check_template(result, template)
ret = 0
if result.errors > 0:
print("Fatal errors found.")
ret = 1
sys.exit(ret)
if __name__ == "__main__":
main()

92
edge-build-checks/20-helm-tags
View File

@ -1,92 +0,0 @@
#!/usr/bin/python3
import json
import os
import glob
import sys
import re
class CheckResult:
"""Class to track count of issues"""
def __init__(self):
self.hints = 0
self.warnings = 0
self.errors = 0
def hint(self, msg):
print(f"Hint: {msg}")
self.hints += 1
def warn(self, msg):
print(f"Warning: {msg}")
self.warnings += 1
def error(self, msg):
print(f"Error: {msg}")
self.errors += 1
TAG_RE = re.compile(r"(.*\/)?([^:]+):([^:]+)")
def check_tags(helminfo, result):
release_tag_found = False
version_tag_found = False
for tag in helminfo["tags"]:
(tag_prefix, tag_name, tag_version) = TAG_RE.fullmatch(tag).groups()
if tag_name != helminfo.get("name"):
result.warn(
f"Tag ({tag}) doesn't use the chart name ({helminfo.get('name')})"
)
if "release" in helminfo and helminfo["release"] in tag_version:
release_tag_found = True
if tag_version.replace("_", "+") == helminfo["version"]:
version_tag_found = True
if not release_tag_found:
result.error(
"None of the tags are unique to a specific build of the image.\n"
+ "Make sure that at least one tag contains the release."
)
if not version_tag_found:
result.error(
"None of the tags is the equivalent of the chart's version.\n"
+ "Make sure that one of the tag is the chart version."
)
def helminfos():
"""Return a list of .helminfo files to check."""
if "BUILD_ROOT" not in os.environ:
# Not running in an OBS build container
return glob.glob("*.helminfo")
# Running in an OBS build container
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
if os.path.isdir(buildroot + "/.build.packages"):
topdir = "/.build.packages"
if os.path.islink(buildroot + "/.build.packages"):
topdir = "/" + os.readlink(buildroot + "/.build.packages")
return glob.glob(f"{buildroot}{topdir}/HELM/*.helminfo")
def main():
result = CheckResult()
for helminfo in helminfos():
print(f"Looking at {helminfo}")
with open(helminfo, "rb") as cifile:
ci_dict = json.load(cifile)
check_tags(ci_dict, result)
ret = 0
if result.errors > 0:
print("Fatal errors found.")
ret = 1
sys.exit(ret)
if __name__ == "__main__":
main()

340
edge-build-checks/COPYING
View File

@ -1,340 +0,0 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

6
edge-build-checks/SUSE-Edge.conf
View File

@ -1,6 +0,0 @@
[General]
Vendor=com.suse
Registry=%%IMG_REPO%%
[Tags]
Allowed=%%IMG_PREFIX%%*

9
edge-build-checks/_service
View File

@ -1,9 +0,0 @@
<services>
<service name="replace_using_env" mode="buildtime">
<param name="file">SUSE-Edge.conf</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
</services>

59
edge-build-checks/edge-build-checks.spec
View File

@ -1,59 +0,0 @@
#
# spec file for package edge-build-checks
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: edge-build-checks
Summary: post checks for build after charts and images are created
License: GPL-2.0-or-later
Group: Development/Tools/Building
Version: 0.0.1
Release: 0
Source0: COPYING
Source1: 20-helm-images
Source2: 10-helm-lint
Source3: SUSE-Edge.conf
Source4: 20-helm-tags
BuildArch: noarch
Requires: container-build-checks
Requires: python3-PyYAML
Provides: container-build-checks-vendor
%description
some scripts to check for problems in edge related helm charts and images after their creation
in OBS.
%prep
cp %{SOURCE0} .
%build
%define _lto_cflags %{nil}
# nothing to do
%install
install -d $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE4} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -d %{buildroot}%{_datadir}/container-build-checks
install -m 644 %{SOURCE3} %{buildroot}%{_datadir}/container-build-checks/SUSE-Edge.conf
%files
%license COPYING
%{_datadir}/container-build-checks
/usr/lib/build
%changelog

8
edge-image-builder-image/Dockerfile
View File

@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc1
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.2.0-rc1"
LABEL org.opencontainers.image.version="1.1.0"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-rc1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
edge-image-builder-image/_service
View File

@ -7,13 +7,10 @@
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="file">artifacts.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
<param name="var">CHART_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

13
edge-image-builder-image/artifacts.yaml
View File

@ -1,11 +1,11 @@
metallb:
chart: metallb
repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
chart: metallb-chart
repository: %%CHART_REPO%%/3.1
version: 0.14.9
endpoint-copier-operator:
chart: endpoint-copier-operator
repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
chart: endpoint-copier-operator-chart
repository: %%CHART_REPO%%/3.1
version: 0.2.1
kubernetes:
k3s:
selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
@ -13,3 +13,4 @@ kubernetes:
rke2:
selinuxPackage: rke2-selinux
selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch

13
edge-image-builder/_service
View File

@ -1,19 +1,18 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.2.0-rc1</param>
<!-- Uncomment and set this For Pre-Release Version -->
<param name="version">1.2.0~rc1</param>
<!-- Uncomment and this for regular version -->
<!-- <param name="versionformat">@PARENT_TAG@</param> -->
<param name="revision">v1.1.0</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">edge-image-builder.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">

6
edge-image-builder/edge-image-builder.spec
View File

@ -17,14 +17,14 @@
Name: edge-image-builder
Version: 1.2.0~rc1
Version: 1.1.0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0
URL: https://github.com/suse-edge/edge-image-builder
Source: edge-image-builder-%{version}.tar
Source: edge-image-builder-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) go1.24
BuildRequires: golang(API) go1.22
BuildRequires: golang-packaging
BuildRequires: gpgme-devel
BuildRequires: device-mapper-devel

6
endpoint-copier-operator-chart/Chart.yaml
View File

@ -1,8 +1,8 @@
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1-%RELEASE%
apiVersion: v2
appVersion: v0.2.0
description: A Helm chart for Kubernetes
name: endpoint-copier-operator
type: application
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
version: 0.2.1

6
endpoint-copier-operator-chart/_service
View File

@ -9,9 +9,7 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
</services>

6
endpoint-copier-operator/_service
View File

@ -12,8 +12,10 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">endpoint-copier-operator.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>

2
endpoint-copier-operator/endpoint-copier-operator.spec
View File

@ -22,7 +22,7 @@ Release: 0.2.0
Summary: Implements a Kubernetes API for copying endpoint resources
License: Apache-2.0
URL: https://github.com/suse-edge/endpoint-copier-operator
Source: endpoint-copier-operator-%{version}.tar
Source: endpoint-copier-operator-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.20
ExcludeArch: s390

58
frr-image/Dockerfile
View File

@ -1,58 +0,0 @@
# SPDX-License-Identifier: MIT
#!BuildTag: %%IMG_PREFIX%%frr:8.5.6
#!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.frr
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="FRR Container Image"
LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="8.5.6"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.5.6-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
#Install frr
USER root
ENV PYTHONDONTWRITEBYTECODE yes
# frr.sh is the entry point. This script examines environment
# variables to direct operation and configure ovn
ADD frr.sh /root/
ADD daemons /etc/frr
ADD frr.conf /etc/frr
ADD vtysh.conf /etc/frr
RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
RUN ln -s /usr/bin/catatonit /sbin/tini
RUN usermod -a -G frrvty frr
COPY docker-start /usr/libexec/frr/docker-start
RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
WORKDIR /root
ENTRYPOINT ["/sbin/tini", "--"]
COPY docker-start /usr/lib/frr/docker-start
RUN chmod +x /usr/lib/frr/docker-start
CMD ["/usr/lib/frr/docker-start"]

82
frr-image/daemons
View File

@ -1,82 +0,0 @@
# This file tells the frr package which daemons to start.
#
# Entries are in the format: <daemon>=(yes|no|priority)
# 0, "no" = disabled
# 1, "yes" = highest priority
# 2 .. 10 = lower priorities
#
# For daemons which support multiple instances, a 2nd line listing
# the instances can be added. Eg for ospfd:
# ospfd=yes
# ospfd_instances="1,2"
#
# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
# They're used to start the FRR daemons in more than one step
# (for example start one or two at network initialization and the
# rest later). The number of FRR daemons being small, priorities
# must be between 1 and 9, inclusive (or the initscript has to be
# changed). /etc/init.d/frr then can be started as
#
# /etc/init.d/frr <start|stop|restart|<priority>>
#
# where priority 0 is the same as 'stop', priority 10 or 'start'
# means 'start all'
#
# Sample configurations for these daemons can be found in
# /usr/share/doc/frr/examples/.
#
# ATTENTION:
#
# When activation a daemon at the first time, a config file, even if it is
# empty, has to be present *and* be owned by the user and group "frr", else
# the daemon will not be started by /etc/init.d/frr. The permissions should
# be u=rw,g=r,o=.
# When using "vtysh" such a config file is also needed. It should be owned by
# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
#
watchfrr_enable=yes
watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
#
zebra=yes
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
nhrpd=no
eigrpd=no
sharpd=no
pbrd=no
staticd=yes
bfdd=yes
fabricd=no
#
# Command line options for the daemons
#
zebra_options=("-A 127.0.0.1")
bgpd_options=("-A 127.0.0.1")
ospfd_options=("-A 127.0.0.1")
ospf6d_options=("-A ::1")
ripd_options=("-A 127.0.0.1")
ripngd_options=("-A ::1")
isisd_options=("-A 127.0.0.1")
pimd_options=("-A 127.0.0.1")
nhrpd_options=("-A 127.0.0.1")
eigrpd_options=("-A 127.0.0.1")
sharpd_options=("-A 127.0.0.1")
pbrd_options=("-A 127.0.0.1")
staticd_options=("-A 127.0.0.1")
bfdd_options=("-A 127.0.0.1")
fabricd_options=("-A 127.0.0.1")
#
# If the vtysh_enable is yes, then the unified config is read
# and applied if it exists. If no unified frr.conf exists
# then the per-daemon <daemon>.conf files are used)
# If vtysh_enable is no or non-existant, the frr.conf is ignored.
# it is highly suggested to have this set to yes
vtysh_enable=yes

4
frr-image/docker-start
View File

@ -1,4 +0,0 @@
#!/bin/bash
source /usr/lib/frr/frrcommon.sh
/usr/lib/frr/watchfrr $(daemon_list)

53
frr-image/frr.conf
View File

@ -1,53 +0,0 @@
frr defaults traditional
log file /var/log/frr/frr.log
log syslog informational
log stdout debugging
ipv6 forwarding
service integrated-vtysh-config
!
debug bgp updates in
debug bgp updates out
debug bgp zebra
!
interface eth0
no ipv6 nd suppress-ra
ipv6 nd ra-interval 10
!
router bgp OCPASN
bgp router-id OCPROUTERID
bgp bestpath as-path multipath-relax
bgp bestpath compare-routerid
!
neighbor OCPnodes peer-group
neighbor OCPnodes description Internal OCP Nodes
neighbor OCPnodes remote-as OCPASN
neighbor OCPnodes bfd
neighbor OCPnodes capability extended-nexthop
!neighbor eth0 interface peer-group OCPnodes
!neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
neighbor OCPPEER peer-group OCPnodes
!
address-family ipv4 unicast
redistribute connected
neighbor OCPnodes activate
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor OCPnodes activate
neighbor OCPnodes nexthop-local unchanged
exit-address-family
!
!
bfd
peer OCPPEER vrf default interface eth0
receive-interval 2000
transmit-interval 2000
echo-mode
echo-interval 3000
no shutdown
exit
!
line vty
!

124
frr-image/frr.sh
View File

@ -1,124 +0,0 @@
#!/bin/bash
#set -euo pipefail
# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
set -x
fi
# The argument to the command is the operation to be performed
# frr-node display display_env
# a cmd must be provided, there is no default
cmd=${1:-""}
# The frr user id, by default it is going to be frr:frr
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# This script is the entrypoint to the image.
# frr.sh version (update when API between daemonset and script changes - v.x.y)
frr_version="3"
# The daemonset version must be compatible with this script.
# The default when FRR_DAEMONSET_VERSION is not set is version 3
frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
# hostname is the host's hostname when using host networking,
# This is useful on the master
# otherwise it is the container ID (useful for debugging).
frr_pod_host=${K8S_NODE:-$(hostname)}
# The ovs user id, by default it is going to be root:root
frr_user_id=${FRR_USER_ID:-""}
# frr options
frr_options=${FRR_OPTIONS:-""}
# frr.conf variables
ocp_asn=${OCPASN:-65000}
ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
ocp_peer=${OCPPEER:-"10.10.10.1"}
FRR_ETCDIR=/etc/frr
FRR_RUNDIR=/var/run/frr
FRR_LOGDIR=/var/log/frr
# =========================================
setup_frr_permissions() {
chown -R ${frr_user_id} ${FRR_RUNDIR}
chown -R ${frr_user_id} ${FRR_LOGDIR}
chown -R ${frr_user_id} ${FRR_ETCDIR}
}
# =========================================
display_version() {
echo " =================== hostname: ${frr_pod_host}"
echo " =================== daemonset version ${frr_daemonset_version}"
if [[ -f /root/git_info ]]; then
disp_ver=$(cat /root/git_info)
return
fi
}
display_env() {
echo FRR_USER_ID ${frr_user_id}
echo FRR_OPTIONS ${frr_options}
echo frr.sh version ${frr_version}
echo ocp_asn ${ocp_asn}
echo ocp_routerid ${ocp_routerid}
echo ocp_peer ${ocp_peer}
}
# frr-node - all nodes
frr-node() {
trap 'kill $(jobs -p) ; exit 0' TERM
rm -f ${FRR_RUNDIR}/frr.pid
echo "=============== frr-node ========== update frr.conf"
sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
#chown -R frr:frr /etc/frr
chown -R frr:frr ${FRR_RUNDIR}
echo "=============== frr-node ========== starting"
# /usr/lib/frr/frrinit.sh start
# bash -x /usr/lib/frr/frrinit.sh start
bash -x
/usr/lib/frr/frrinit.sh start
frrResult=$?
echo "=============== frrinit result is ${frrResult} "
# Sleep forever
exec tail -f /dev/null
}
echo "================== frr.sh --- version: ${frr_version} ================"
display_version
display_env
case ${cmd} in
"frr-node")
frr-node
;;
"display_env")
display_env
exit 0
;;
"display")
display
exit 0
;;
*)
echo "invalid command ${cmd}"
echo "valid v3 commands: frr-node display_env display "
exit 0
;;
esac
exit 0

0
frr-image/vtysh.conf
View File

8
frr-k8s/_service
View File

@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/metallb/frr-k8s</param>
<param name="scm">git</param>
<param name="revision">v0.0.16</param>
<param name="revision">v0.0.14</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
@ -12,8 +12,10 @@
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">frr-k8s.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>

6
frr-k8s/frr-k8s.spec
View File

@ -17,12 +17,12 @@
Name: frr-k8s
Version: 0.0.16
Release: 0.0.16
Version: 0.0.14
Release: 0.0.14
Summary: A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
License: Apache-2.0
URL: https://github.com/metallb/frr-k8s
Source: frr-k8s-%{version}.tar
Source: frr-k8s-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
ExcludeArch: s390

17
hauler/_service
View File

@ -4,24 +4,17 @@
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.get</param>
<param name="revision">v1.2.1</param>
<param name="revision">v1.0.7</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">hauler.obsinfo</param>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="set_version" />
<service name="go_modules">
<param name="compression">gz</param>
</service>
<service mode="buildtime" name="replace_using_env">
<param name="file">hauler.spec</param>
<param name="var">SOURCE_COMMIT</param>
<param name="eval">
SOURCE_COMMIT=$(grep commit hauler.obsinfo | cut -d" " -f2)
</param>
<param name="verbose">1</param>
</service>
<service mode="buildtime" name="set_version" />
</services>

19
hauler/hauler.spec
View File

@ -18,14 +18,15 @@
%define project github.com/hauler-dev/hauler
Name: hauler
Version: 1.2.1
Version: 1.0.7
Release: 0
Summary: Airgap Swiss Army Knife
License: Apache-2.0
URL: https://github.com/hauler-dev/hauler
Source: hauler-%{version}.tar
Source: hauler-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang-packaging
BuildRequires: cosign
%description
@ -37,18 +38,10 @@ BuildRequires: golang-packaging
tar -xf %{SOURCE1}
MODULE=hauler.dev/go/hauler
%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
%define buildcommit %%SOURCE_COMMIT%%
mkdir cmd/hauler/binaries
cp `which cosign` cmd/hauler/binaries/cosign-linux-%{go_arch}
go build \
-mod=vendor \
-buildmode=pie \
-o hauler \
-ldflags \
"-X $MODULE/internal/version.gitVersion=v%{version} -X $MODULE/internal/version.gitCommit=%{buildcommit} -X $MODULE/internal/version.buildDate=%{buildtime}" \
./cmd/hauler
go build -mod=vendor -buildmode=pie -o hauler ./cmd/hauler
%install

36
ip-address-manager-image/Dockerfile Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ip-address-manager
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN mv /usr/bin/ip-address-manager /manager
# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
USER 65532
ENTRYPOINT [ "/manager" ]

4
kube-rbac-proxy-image/_service → ip-address-manager-image/_service
View File

@ -3,8 +3,8 @@
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%kube-rbac-proxy_version%%</param>
<param name="package">kube-rbac-proxy</param>
<param name="regex">%%ip-address-manager_version%%</param>
<param name="package">ip-address-manager</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">

23
ip-address-manager/_service Normal file
View File

@ -0,0 +1,23 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/ip-address-manager</param>
<param name="scm">git</param>
<param name="revision">v1.8.1</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">steven.hardy@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar" />
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="go_modules">
</service>
<service mode="buildtime" name="set_version" />
</services>

51
ip-address-manager/ip-address-manager.spec Normal file
View File

@ -0,0 +1,51 @@
#
# spec file for package ip-address-manager
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: ip-address-manager
Version: 1.8.1
Release: 0
Summary: Metal3 IPAM controller
License: Apache-2.0
URL: https://github.com/metal3-io/ip-address-manager
Source: ip-address-manager-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Metal3 IPAM controller
%prep
%autosetup -a1 -n ip-address-manager-%{version}
%build
go build \
-mod=vendor \
-buildmode=pie \
%install
install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
%files
%license LICENSE
%doc README.md
%{_bindir}/ip-address-manager
%changelog

54
ironic-image/Dockerfile
View File

@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0
#!BuildTag: %%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
@ -8,8 +8,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
RUN set -euo pipefail; zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@ -17,20 +16,7 @@ RUN /bin/prepare-efi.sh
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
fi
# DATABASE
RUN mkdir -p /installroot/var/lib/ironic && \
/installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
zypper --installroot /installroot --non-interactive remove sqlite3
RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api
FROM micro AS final
MAINTAINER SUSE LLC (https://www.suse.com/)
@ -40,8 +26,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.4"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%"
LABEL org.opencontainers.image.version="24.1.2.0"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:24.1.2.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@ -62,8 +48,8 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
COPY mkisofs_wrapper /usr/bin/mkisofs
RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runironic-api runironic-conductor runironic-exporter runironic-inspector runlogwatch.sh tls-common.sh configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runironic-api; chmod +x /bin/runironic-conductor; chmod +x /bin/runironic-exporter; chmod +x /bin/runironic-inspector; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
RUN mkdir -p /tftpboot
RUN mkdir -p $GRUB_DIR
@ -73,20 +59,11 @@ RUN mkdir -p $GRUB_DIR
# IRONIC #
RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
fi
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 /tmp/
COPY network-data-schema-empty.json /etc/ironic/
# DNSMASQ
@ -96,7 +73,14 @@ COPY dnsmasq.conf.j2 /etc/
COPY httpd.conf.j2 /etc/httpd/conf/
COPY httpd-modules.conf /etc/httpd/conf.modules.d/
COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
# IRONIC-INSPECTOR #
RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal"
COPY ironic-inspector.conf.j2 /etc/ironic-inspector/
COPY inspector-apache.conf.j2 /etc/httpd/conf.d/
# Workaround
# Removing the 010-ironic.conf file that comes with the package

35
ironic-image/apache2-ipxe.conf.j2
View File

@ -1,35 +0,0 @@
Listen {{ env.IPXE_TLS_PORT }}
<VirtualHost *:{{ env.IPXE_TLS_PORT }}>
ErrorLog /dev/stderr
LogLevel debug
CustomLog /dev/stdout combined
SSLEngine on
SSLProtocol {{ env.IPXE_SSL_PROTOCOL }}
SSLCertificateFile {{ env.IPXE_CERT_FILE }}
SSLCertificateKeyFile {{ env.IPXE_KEY_FILE }}
<Directory "/shared/html">
Order Allow,Deny
Allow from all
</Directory>
<Directory "/shared/html/(redfish|ilo|images)/">
Order Deny,Allow
Deny from all
</Directory>
</VirtualHost>
<Location ~ "^/grub.*/">
SSLRequireSSL
</Location>
<Location ~ "^/pxelinux.cfg/">
SSLRequireSSL
</Location>
<Location ~ "^/.*\.conf/">
SSLRequireSSL
</Location>
<Location ~ "^/(([0-9]|[a-z]).*-){4}([0-9]|[a-z]).*/">
SSLRequireSSL
</Location>

Some files were not shown because too many files have changed in this diff Show More