Multiple improvements

- improve repo handling - improve network configuration - improve tool build Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-09-16 14:18:29 +00:00 · 2023-05-06 19:36:12 +02:00 · 2023-05-06 19:36:12 +02:00 · a4ef297069
commit a4ef297069
parent 9c14dc02e5
5 changed files with 93 additions and 86 deletions
--- a/alpine-on-hetzner/Dockerfile
+++ b/alpine-on-hetzner/Dockerfile
@ -1,40 +1,29 @@
-ARG ALPINE_VERSION=3.16.0
-ARG PACKER_VERSION=1.8.0-r3
-ARG ANSIBLE_CORE_VERSION=2.13.0-r0
-ARG JQ_VERSION=1.6-r1
+ARG ALPINE_VERSION=3.17
 ARG UID=1000
 ARG GID=1000

 FROM alpine:$ALPINE_VERSION
-ARG PACKER_VERSION
-ARG ANSIBLE_CORE_VERSION
-ARG JQ_VERSION
 ARG UID
 ARG GID

-RUN apk add --no-cache          \
-    ansible-core=$ANSIBLE_CORE_VERSION    \
-    packer=$PACKER_VERSION      \
-    jq=$JQ_VERSION
+SHELL ["/bin/sh", "-exc"]

-RUN adduser ansible -u "$UID" -D -h /home/ansible "$GID"
-
-RUN mkdir -p /configs /manifests /cache \
-    && chown ansible /manifests /configs /cache
+RUN apk add --no-cache \
+      ansible-core \
+      jq \
+      packer \
+ && adduser ansible -u "$UID" -D -h /home/ansible "$GID" \
+ && mkdir -p /configs /manifests /cache \
+ && chown ansible /manifests /configs /cache

 USER ansible
 WORKDIR /home/ansible
-COPY default.json                   default.json
-COPY alpine.pkr.hcl                 alpine.pkr.hcl
-COPY playbook.yml                   playbook.yml
-COPY --chmod=u=rx,og= entrypoint.sh entrypoint.sh
+COPY                  default.json    default.json
+COPY                  alpine.pkr.hcl  alpine.pkr.hcl
+COPY                  playbook.yml    playbook.yml
+COPY --chmod=u=rx,og= entrypoint.sh   entrypoint.sh

 VOLUME /cache

 ENTRYPOINT ["/bin/sh", "entrypoint.sh"]
 CMD ["default.json"]
-
-LABEL "dev.pius.alpine-on-hetzner.alpine.version"=$ALPINE_VERSION
-LABEL "dev.pius.alpine-on-hetzner.pkgs.ansible-core.version"=$ANSIBLE_CORE_VERSION
-LABEL "dev.pius.alpine-on-hetzner.pkgs.packer.version"=$PACKER_VERSION
-LABEL "dev.pius.alpine-on-hetzner.pkgs.jq.version"=$JQ_VERSION
--- a/alpine-on-hetzner/alpine.pkr.hcl
+++ b/alpine-on-hetzner/alpine.pkr.hcl
@ -4,13 +4,14 @@ variable "apk_tools_arch" {}
 variable "apk_tools_version" {}
 variable "apk_tools_checksum" {}

-variable "alpine_version" {}
 variable "alpine_mirror" {}
 variable "alpine_repositories" {}
+variable "alpine_repository_keys" {}

 variable "boot_size" {}
 variable "root_size" {}
 variable "hostname" {}
+variable "dhcp_interfaces" {}

 variable "packages" {}
 variable "services" {}
@ -23,45 +24,31 @@ variable "sysctl" {}
 variable "chroot_commands" {}

 locals {
-  timestamp = formatdate("DD-MM-YY.hh-mm-ss", timestamp())
+  timestamp   = formatdate("YYYYMMDD-hhmmss", timestamp())
  snapshot_id = sha1(uuidv4())
 }

 source "hcloud" "alpine" {
-  location      = "fsn1"
-  server_type   = "cx11"
-  image         = "ubuntu-20.04"
-  rescue        = "linux64"
-  ssh_username  = "root"
+  location     = "fsn1"
+  server_type  = "cx11"
+  image        = "ubuntu-20.04"
+  rescue       = "linux64"
+  ssh_username = "root"
 }

 build {
  name = "alpine"

  source "source.hcloud.alpine" {
-    snapshot_name = var.hostname
+    snapshot_name = "${var.hostname}-${local.timestamp}"
    snapshot_labels = {
-      "alpine.pius.dev/timestamp"           = local.timestamp
-      "alpine.pius.dev/alpine-version"      = var.alpine_version
-      "alpine.pius.dev/snapshot-id"         = local.snapshot_id
+      "alpine.pius.dev/timestamp"   = local.timestamp
+      "alpine.pius.dev/snapshot-id" = local.snapshot_id
    }
  }

  provisioner "ansible" {
-    playbook_file = "playbook.yml"
+    playbook_file   = "playbook.yml"
    extra_arguments = ["--extra-vars", "@config.json"]
  }
-
-  post-processor "manifest" {
-    output = "/manifests/${build.PackerRunUUID}.json"
-    strip_path = true
-    custom_data = merge({
-      "alpine.pius.dev/alpine-version": var.alpine_version,
-      "alpine.pius.dev/packer-run-id":  build.PackerRunUUID,
-      "alpine.pius.dev/snapshot-id":    local.snapshot_id
-    }, zipmap(
-      formatlist("alpine.pius.dev/%s-version", keys(var.packages)),
-      values(var.packages)
-    ))
-  }
 }
--- a/alpine-on-hetzner/default.json
+++ b/alpine-on-hetzner/default.json
@ -4,15 +4,19 @@
    "apk_tools_url":      "https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static",
    "apk_tools_checksum": "sha256:5176da3d4c41f12a08b82809aca8e7e2e383b7930979651b8958eca219815af5",

-    "alpine_version":      "v3.15",
-    "alpine_mirror":       "http://dl-cdn.alpinelinux.org/alpine",
-    "alpine_repositories": ["main", "community"],
+    "alpine_repositories": [
+      {"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/main"},
+      {"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/community"},
+    ],
+    "alpine_repository_keys": [],

    "boot_size": "+100m",
    "root_size": "0",

    "hostname": "alpine",

+    "dhcp_interfaces": ["eth0"],
+
    "packages": {
        "openssh":          "=8.8_p1-r1",
        "syslinux":         "=6.04_pre1-r9",
@ -40,7 +44,7 @@

        "sshd":         "default"
    },
-    
+
    "nameservers": [
        "185.12.64.1",
        "185.12.64.2",
@ -54,4 +58,4 @@
    "kernel_modules": ["ipv6", "af_packet"],
    "default_kernel_opts": ["quiet"],
    "chroot_commands": []
-}
+}
--- a/alpine-on-hetzner/playbook.yml
+++ b/alpine-on-hetzner/playbook.yml
@ -42,13 +42,13 @@

  - name: initialize alpine-base in directory
    shell: >-
-      ./apk -X {{ alpine_mirror }}/{{ alpine_version }}/{{ alpine_repositories[0] }}
-      -u 
-      --allow-untrusted 
-      --root /{{ chroot_directory }} 
-      --initdb 
+      ./apk -X {{ alpine_repositories[0].url }}
+      -u
+      --allow-untrusted
+      --root /{{ chroot_directory }}
+      --initdb
      add alpine-base
-  
+
  - name: prepare chroot
    shell: |
      mount --bind /dev  {{ chroot_directory }}/dev
@ -68,9 +68,11 @@
      content: |
        auto lo
        iface lo inet loopback
-        auto eth0
-        iface eth0 inet dhcp
-        iface eth0 inet6 auto
+        {% for dif in dhcp_interfaces %}
+        auto {{ dif }}
+        iface {{ dif }} inet dhcp
+        iface {{ dif }} inet6 auto
+        {% endfor %}
      dest: "{{ chroot_directory }}/etc/network/interfaces"

  - name: write out hostname file
@ -82,8 +84,8 @@
    copy:
      dest: "{{ chroot_directory }}/etc/hosts"
      content: |
-        127.0.0.1	{{ hostname }} localhost localhost.localdomain
-        ::1		    {{ hostname }} localhost localhost.localdomain
+        127.0.0.1 {{ hostname }} localhost localhost.localdomain
+        ::1       {{ hostname }} localhost localhost.localdomain
        ::1       {{ hostname }} localhost ipv6-localhost ipv6-loopback
        fe00::0   ipv6-localnet
        ff00::0   ipv6-mcastprefix
@ -91,16 +93,18 @@
        ff02::2   ipv6-allrouters
        ff02::3   ipv6-allhosts

+  - name: install custom repository keys
+    copy:
+      dest: "{{ chroot_directory }}/etc/apk/keys/{{ item.name }}"
+      content: "{{ item.public_key }}"
+    loop: "{{ alpine_repository_keys }}"
+
  - name: define alpine repositories
    copy:
      dest: "{{ chroot_directory }}/etc/apk/repositories"
      content: |
        {% for repository in alpine_repositories %}
-        {% if loop.first %}
-        {{ alpine_mirror }}/{{ alpine_version }}/{{ repository }}
-        {% else %}
-        @{{ repository }}  {{ alpine_mirror }}/{{ alpine_version }}/{{ repository }}
-        {% endif %}
+        {% if repository.tag | d(false) %}@{{ repository.tag }} {% endif %}{{ repository.url }}
        {% endfor %}

  - name: install requisite packages
@ -132,7 +136,7 @@
        {% for setting in sysctl | dict2items %}
        {{ setting.key }} = {{ setting.value }}
        {% endfor %}
-    
+
  - name: configure kernel modules
    copy:
      dest: "{{ chroot_directory }}/etc/modules"
--- a/config.yaml
+++ b/config.yaml
@ -1,18 +1,44 @@
 ---

-apk_tools_version: v2.12.10
+apk_tools_version: v2.12.11
 apk_tools_arch: x86_64
 apk_tools_url: https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static
-apk_tools_checksum: sha256:d7506bb11327b337960910daffed75aa289d8bb350feab624c52965be82ceae8
+apk_tools_checksum: sha256:a77621da3475ae0ed92daa2d05b9c2bb671639af8c17cce44098192dfbe1b80b

-alpine_version: edge
-alpine_mirror: http://dl-cdn.alpinelinux.org/alpine
-alpine_repositories: [ main, community, testing ]
+alpine_mirror: https://dl-cdn.alpinelinux.org/alpine
+alpine_repositories:
+  - url: '{{ alpine_mirror }}/edge/main'
+  - tag: 'community'
+    url: '{{ alpine_mirror }}/edge/community'
+  - tag: 'testing'
+    url: '{{ alpine_mirror }}/edge/testing'
+  - tag: 'luzifer'
+    url: 'http://alpine-luzifer-io.s3-website-eu-west-1.amazonaws.com/repo'
+
+alpine_repository_keys:
+  - name: 'alpine@ahlers.me-64562ea3.rsa.pub'
+    public_key: |
+      -----BEGIN PUBLIC KEY-----
+      MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxxCxVKukbb/zGHBv1ks
+      Gu+eRHNCf7aPyUZVEwMdBSO3GYaVC5np1wtzCZzG+1BVQEdgyomxzB2dU0hTSBIZ
+      myu+u7344+4/XzbcIwNOfGyduYhlIDvQ4UMzFZfq0oXU9QTmsVl0iqi1CT8J4LWr
+      X5i6h/zkmURCvTkK9SoZ3S+LcnCS8becUdiJpQksMQ8nFr6MtwN92W4fzyHTJYI9
+      p+tuWr9j71xHLujWQU7aio+qGpvIS9y3R4eIkJ+YRRpTiZi7x+Aixn3JaGF0zk2h
+      tsApoPQbVqomgDPYX6JrMx1T5amkONz1vwhg9QTYISafQg0sbrQYBrjKDZBM0zZw
+      vUpVKHjr0S1rMJhzNXvoYBFwDv/d15B8B8QDyTKRJkhcfKpjN2UPinB0DNozJ8L5
+      l8VmxKdiA0zbbvWuhRMo9Svkhn/N55M+cH4Xmkf+3Z8frqmQf5b02mDfh4kMLRKT
+      SBwkqgx/Kqceiw8ZIDprPY3tr6ThQ9oJOzI8NomNmvmanWHJtm6oBNiyvH3G9cfe
+      +CeXkOhwwug+xrnNsA8bedFLfm2XB5Y6k/xs88604igHxfjbAWXjIyHhrNAD885s
+      cbZ7WJTWYHuoltHwFvmq5Z8ZFuFpqbWH7B618rLR92AmHGaaje8m4vVeUcTq2TeN
+      Ld4erUMnkwbBDYOIlAc/vzMCAwEAAQ==
+      -----END PUBLIC KEY-----

 boot_size: +100m
 root_size: '0'
 hostname: alpine-k8s

+dhcp_interfaces: [eth0, eth1]
+
 packages:
  # Alpine base system
  openssh: ''
@ -29,13 +55,13 @@ packages:
  wireguard-tools: ''

  # K8s requirements
-  # OpenEBS
  open-iscsi: ''
  open-iscsi-openrc: ''
  udev: ''

  cni-plugin-flannel: '@community'
  cni-plugins: '@community'
+  cri-tools: '@testing'
  containerd: '@community'
  containerd-openrc: '@community'
  flannel-contrib-cni: '@testing'
@ -43,9 +69,9 @@ packages:
  nfs-utils: ''
  uuidgen: ''

-  kubelet: '@testing=1.26.1-r2'
-  kubeadm: '@testing=1.26.1-r2'
-  kubectl: '@testing=1.26.1-r2'
+  kubelet: '@luzifer=1.27.1-r0'
+  kubeadm: '@luzifer=1.27.1-r0'
+  kubectl: '@luzifer=1.27.1-r0'

 services:
  devfs: sysinit
@ -103,17 +129,14 @@ chroot_commands:
  - 'echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf'
  - 'echo "net.bridge.bridge-nf-call-iptables=1" >>/etc/sysctl.conf'

+  # Disable overwriting network config
+  - 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
+
  # Fix prometheus errors
  - 'echo -e "#!/bin/sh\nmount --make-rshared /" >/etc/local.d/sharemetrics.start'
  - 'chmod +x /etc/local.d/sharemetrics.start'
  - 'rc-update add local'

-  # Enable private interface
-  - 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
-  - 'echo -e "auto lo\niface lo inet loopback\n" >/etc/network/interfaces'
-  - 'echo -e "auto eth0\niface eth0 inet dhcp\niface eth0 inet6 auto\n" >>/etc/network/interfaces'
-  - 'echo -e "auto eth1\niface eth1 inet dhcp\niface eth1 inet6 auto\n" >>/etc/network/interfaces'
-
  # Force --cloud-provider=external
  - "sed -i 's/command_args=\"/command_args=\"--cloud-provider=external /' /etc/init.d/kubelet"