From a4ef29706970fa22869ffbda30fc5c4469222eb9 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Sat, 6 May 2023 19:36:12 +0200 Subject: [PATCH] Multiple improvements - improve repo handling - improve network configuration - improve tool build Signed-off-by: Knut Ahlers --- alpine-on-hetzner/Dockerfile | 37 ++++++++-------------- alpine-on-hetzner/alpine.pkr.hcl | 37 ++++++++-------------- alpine-on-hetzner/default.json | 14 ++++++--- alpine-on-hetzner/playbook.yml | 38 +++++++++++++---------- config.yaml | 53 +++++++++++++++++++++++--------- 5 files changed, 93 insertions(+), 86 deletions(-) diff --git a/alpine-on-hetzner/Dockerfile b/alpine-on-hetzner/Dockerfile index 9db0eeb..7eb213f 100644 --- a/alpine-on-hetzner/Dockerfile +++ b/alpine-on-hetzner/Dockerfile @@ -1,40 +1,29 @@ -ARG ALPINE_VERSION=3.16.0 -ARG PACKER_VERSION=1.8.0-r3 -ARG ANSIBLE_CORE_VERSION=2.13.0-r0 -ARG JQ_VERSION=1.6-r1 +ARG ALPINE_VERSION=3.17 ARG UID=1000 ARG GID=1000 FROM alpine:$ALPINE_VERSION -ARG PACKER_VERSION -ARG ANSIBLE_CORE_VERSION -ARG JQ_VERSION ARG UID ARG GID -RUN apk add --no-cache \ - ansible-core=$ANSIBLE_CORE_VERSION \ - packer=$PACKER_VERSION \ - jq=$JQ_VERSION +SHELL ["/bin/sh", "-exc"] -RUN adduser ansible -u "$UID" -D -h /home/ansible "$GID" - -RUN mkdir -p /configs /manifests /cache \ - && chown ansible /manifests /configs /cache +RUN apk add --no-cache \ + ansible-core \ + jq \ + packer \ + && adduser ansible -u "$UID" -D -h /home/ansible "$GID" \ + && mkdir -p /configs /manifests /cache \ + && chown ansible /manifests /configs /cache USER ansible WORKDIR /home/ansible -COPY default.json default.json -COPY alpine.pkr.hcl alpine.pkr.hcl -COPY playbook.yml playbook.yml -COPY --chmod=u=rx,og= entrypoint.sh entrypoint.sh +COPY default.json default.json +COPY alpine.pkr.hcl alpine.pkr.hcl +COPY playbook.yml playbook.yml +COPY --chmod=u=rx,og= entrypoint.sh entrypoint.sh VOLUME /cache ENTRYPOINT ["/bin/sh", "entrypoint.sh"] CMD ["default.json"] - -LABEL "dev.pius.alpine-on-hetzner.alpine.version"=$ALPINE_VERSION -LABEL "dev.pius.alpine-on-hetzner.pkgs.ansible-core.version"=$ANSIBLE_CORE_VERSION -LABEL "dev.pius.alpine-on-hetzner.pkgs.packer.version"=$PACKER_VERSION -LABEL "dev.pius.alpine-on-hetzner.pkgs.jq.version"=$JQ_VERSION \ No newline at end of file diff --git a/alpine-on-hetzner/alpine.pkr.hcl b/alpine-on-hetzner/alpine.pkr.hcl index 633f334..52633a0 100644 --- a/alpine-on-hetzner/alpine.pkr.hcl +++ b/alpine-on-hetzner/alpine.pkr.hcl @@ -4,13 +4,14 @@ variable "apk_tools_arch" {} variable "apk_tools_version" {} variable "apk_tools_checksum" {} -variable "alpine_version" {} variable "alpine_mirror" {} variable "alpine_repositories" {} +variable "alpine_repository_keys" {} variable "boot_size" {} variable "root_size" {} variable "hostname" {} +variable "dhcp_interfaces" {} variable "packages" {} variable "services" {} @@ -23,45 +24,31 @@ variable "sysctl" {} variable "chroot_commands" {} locals { - timestamp = formatdate("DD-MM-YY.hh-mm-ss", timestamp()) + timestamp = formatdate("YYYYMMDD-hhmmss", timestamp()) snapshot_id = sha1(uuidv4()) } source "hcloud" "alpine" { - location = "fsn1" - server_type = "cx11" - image = "ubuntu-20.04" - rescue = "linux64" - ssh_username = "root" + location = "fsn1" + server_type = "cx11" + image = "ubuntu-20.04" + rescue = "linux64" + ssh_username = "root" } build { name = "alpine" source "source.hcloud.alpine" { - snapshot_name = var.hostname + snapshot_name = "${var.hostname}-${local.timestamp}" snapshot_labels = { - "alpine.pius.dev/timestamp" = local.timestamp - "alpine.pius.dev/alpine-version" = var.alpine_version - "alpine.pius.dev/snapshot-id" = local.snapshot_id + "alpine.pius.dev/timestamp" = local.timestamp + "alpine.pius.dev/snapshot-id" = local.snapshot_id } } provisioner "ansible" { - playbook_file = "playbook.yml" + playbook_file = "playbook.yml" extra_arguments = ["--extra-vars", "@config.json"] } - - post-processor "manifest" { - output = "/manifests/${build.PackerRunUUID}.json" - strip_path = true - custom_data = merge({ - "alpine.pius.dev/alpine-version": var.alpine_version, - "alpine.pius.dev/packer-run-id": build.PackerRunUUID, - "alpine.pius.dev/snapshot-id": local.snapshot_id - }, zipmap( - formatlist("alpine.pius.dev/%s-version", keys(var.packages)), - values(var.packages) - )) - } } diff --git a/alpine-on-hetzner/default.json b/alpine-on-hetzner/default.json index ee64fa4..1ef6309 100644 --- a/alpine-on-hetzner/default.json +++ b/alpine-on-hetzner/default.json @@ -4,15 +4,19 @@ "apk_tools_url": "https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static", "apk_tools_checksum": "sha256:5176da3d4c41f12a08b82809aca8e7e2e383b7930979651b8958eca219815af5", - "alpine_version": "v3.15", - "alpine_mirror": "http://dl-cdn.alpinelinux.org/alpine", - "alpine_repositories": ["main", "community"], + "alpine_repositories": [ + {"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/main"}, + {"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/community"}, + ], + "alpine_repository_keys": [], "boot_size": "+100m", "root_size": "0", "hostname": "alpine", + "dhcp_interfaces": ["eth0"], + "packages": { "openssh": "=8.8_p1-r1", "syslinux": "=6.04_pre1-r9", @@ -40,7 +44,7 @@ "sshd": "default" }, - + "nameservers": [ "185.12.64.1", "185.12.64.2", @@ -54,4 +58,4 @@ "kernel_modules": ["ipv6", "af_packet"], "default_kernel_opts": ["quiet"], "chroot_commands": [] -} \ No newline at end of file +} diff --git a/alpine-on-hetzner/playbook.yml b/alpine-on-hetzner/playbook.yml index 423617a..0f0e16d 100644 --- a/alpine-on-hetzner/playbook.yml +++ b/alpine-on-hetzner/playbook.yml @@ -42,13 +42,13 @@ - name: initialize alpine-base in directory shell: >- - ./apk -X {{ alpine_mirror }}/{{ alpine_version }}/{{ alpine_repositories[0] }} - -u - --allow-untrusted - --root /{{ chroot_directory }} - --initdb + ./apk -X {{ alpine_repositories[0].url }} + -u + --allow-untrusted + --root /{{ chroot_directory }} + --initdb add alpine-base - + - name: prepare chroot shell: | mount --bind /dev {{ chroot_directory }}/dev @@ -68,9 +68,11 @@ content: | auto lo iface lo inet loopback - auto eth0 - iface eth0 inet dhcp - iface eth0 inet6 auto + {% for dif in dhcp_interfaces %} + auto {{ dif }} + iface {{ dif }} inet dhcp + iface {{ dif }} inet6 auto + {% endfor %} dest: "{{ chroot_directory }}/etc/network/interfaces" - name: write out hostname file @@ -82,8 +84,8 @@ copy: dest: "{{ chroot_directory }}/etc/hosts" content: | - 127.0.0.1 {{ hostname }} localhost localhost.localdomain - ::1 {{ hostname }} localhost localhost.localdomain + 127.0.0.1 {{ hostname }} localhost localhost.localdomain + ::1 {{ hostname }} localhost localhost.localdomain ::1 {{ hostname }} localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix @@ -91,16 +93,18 @@ ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts + - name: install custom repository keys + copy: + dest: "{{ chroot_directory }}/etc/apk/keys/{{ item.name }}" + content: "{{ item.public_key }}" + loop: "{{ alpine_repository_keys }}" + - name: define alpine repositories copy: dest: "{{ chroot_directory }}/etc/apk/repositories" content: | {% for repository in alpine_repositories %} - {% if loop.first %} - {{ alpine_mirror }}/{{ alpine_version }}/{{ repository }} - {% else %} - @{{ repository }} {{ alpine_mirror }}/{{ alpine_version }}/{{ repository }} - {% endif %} + {% if repository.tag | d(false) %}@{{ repository.tag }} {% endif %}{{ repository.url }} {% endfor %} - name: install requisite packages @@ -132,7 +136,7 @@ {% for setting in sysctl | dict2items %} {{ setting.key }} = {{ setting.value }} {% endfor %} - + - name: configure kernel modules copy: dest: "{{ chroot_directory }}/etc/modules" diff --git a/config.yaml b/config.yaml index deb3b31..77ad235 100644 --- a/config.yaml +++ b/config.yaml @@ -1,18 +1,44 @@ --- -apk_tools_version: v2.12.10 +apk_tools_version: v2.12.11 apk_tools_arch: x86_64 apk_tools_url: https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static -apk_tools_checksum: sha256:d7506bb11327b337960910daffed75aa289d8bb350feab624c52965be82ceae8 +apk_tools_checksum: sha256:a77621da3475ae0ed92daa2d05b9c2bb671639af8c17cce44098192dfbe1b80b -alpine_version: edge -alpine_mirror: http://dl-cdn.alpinelinux.org/alpine -alpine_repositories: [ main, community, testing ] +alpine_mirror: https://dl-cdn.alpinelinux.org/alpine +alpine_repositories: + - url: '{{ alpine_mirror }}/edge/main' + - tag: 'community' + url: '{{ alpine_mirror }}/edge/community' + - tag: 'testing' + url: '{{ alpine_mirror }}/edge/testing' + - tag: 'luzifer' + url: 'http://alpine-luzifer-io.s3-website-eu-west-1.amazonaws.com/repo' + +alpine_repository_keys: + - name: 'alpine@ahlers.me-64562ea3.rsa.pub' + public_key: | + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxxCxVKukbb/zGHBv1ks + Gu+eRHNCf7aPyUZVEwMdBSO3GYaVC5np1wtzCZzG+1BVQEdgyomxzB2dU0hTSBIZ + myu+u7344+4/XzbcIwNOfGyduYhlIDvQ4UMzFZfq0oXU9QTmsVl0iqi1CT8J4LWr + X5i6h/zkmURCvTkK9SoZ3S+LcnCS8becUdiJpQksMQ8nFr6MtwN92W4fzyHTJYI9 + p+tuWr9j71xHLujWQU7aio+qGpvIS9y3R4eIkJ+YRRpTiZi7x+Aixn3JaGF0zk2h + tsApoPQbVqomgDPYX6JrMx1T5amkONz1vwhg9QTYISafQg0sbrQYBrjKDZBM0zZw + vUpVKHjr0S1rMJhzNXvoYBFwDv/d15B8B8QDyTKRJkhcfKpjN2UPinB0DNozJ8L5 + l8VmxKdiA0zbbvWuhRMo9Svkhn/N55M+cH4Xmkf+3Z8frqmQf5b02mDfh4kMLRKT + SBwkqgx/Kqceiw8ZIDprPY3tr6ThQ9oJOzI8NomNmvmanWHJtm6oBNiyvH3G9cfe + +CeXkOhwwug+xrnNsA8bedFLfm2XB5Y6k/xs88604igHxfjbAWXjIyHhrNAD885s + cbZ7WJTWYHuoltHwFvmq5Z8ZFuFpqbWH7B618rLR92AmHGaaje8m4vVeUcTq2TeN + Ld4erUMnkwbBDYOIlAc/vzMCAwEAAQ== + -----END PUBLIC KEY----- boot_size: +100m root_size: '0' hostname: alpine-k8s +dhcp_interfaces: [eth0, eth1] + packages: # Alpine base system openssh: '' @@ -29,13 +55,13 @@ packages: wireguard-tools: '' # K8s requirements - # OpenEBS open-iscsi: '' open-iscsi-openrc: '' udev: '' cni-plugin-flannel: '@community' cni-plugins: '@community' + cri-tools: '@testing' containerd: '@community' containerd-openrc: '@community' flannel-contrib-cni: '@testing' @@ -43,9 +69,9 @@ packages: nfs-utils: '' uuidgen: '' - kubelet: '@testing=1.26.1-r2' - kubeadm: '@testing=1.26.1-r2' - kubectl: '@testing=1.26.1-r2' + kubelet: '@luzifer=1.27.1-r0' + kubeadm: '@luzifer=1.27.1-r0' + kubectl: '@luzifer=1.27.1-r0' services: devfs: sysinit @@ -103,17 +129,14 @@ chroot_commands: - 'echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf' - 'echo "net.bridge.bridge-nf-call-iptables=1" >>/etc/sysctl.conf' + # Disable overwriting network config + - 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' + # Fix prometheus errors - 'echo -e "#!/bin/sh\nmount --make-rshared /" >/etc/local.d/sharemetrics.start' - 'chmod +x /etc/local.d/sharemetrics.start' - 'rc-update add local' - # Enable private interface - - 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' - - 'echo -e "auto lo\niface lo inet loopback\n" >/etc/network/interfaces' - - 'echo -e "auto eth0\niface eth0 inet dhcp\niface eth0 inet6 auto\n" >>/etc/network/interfaces' - - 'echo -e "auto eth1\niface eth1 inet dhcp\niface eth1 inet6 auto\n" >>/etc/network/interfaces' - # Force --cloud-provider=external - "sed -i 's/command_args=\"/command_args=\"--cloud-provider=external /' /etc/init.d/kubelet"