STI
/
myos
3
2
Fork 1
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Compare commits

base: STI:b665296f2c1105e5199b64272b0b16c287399be8
Branches Tags
STI:master
STI:develop
STI:tmp
STI:yaip
...
compare: STI:74f6a55eda83f2083998031f0e5c4a205840dab3
Branches Tags
STI:master
STI:develop
STI:tmp
STI:yaip

2 Commits
b665296f2c ... 74f6a55eda

Author SHA1 Message Date
Yann Autissier 74f6a55eda wip: ansible on alpine 2022-10-13 00:52:38 +00:00
Yann Autissier 54bf6bbbe0 wip: alpine 3.16 2022-10-12 00:50:02 +00:00
49 changed files with 404 additions and 261 deletions
Show Stats Expand all files Collapse all files

8
ansible/inventories/host_vars/default
View File

@ -11,13 +11,11 @@ disks_packages:
hosts_git_repositories:
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
hosts_packages:
- { "name": "ansible", "state": "present" }
- { "name": "ansible-core", "state": "present" }
hosts_services:
- { "name": "zram", "state": "started", "enabled": "yes" }
hosts_update: true
hosts_user_env:
- ANSIBLE_AWS_ACCESS_KEY_ID
- ANSIBLE_AWS_SECRET_ACCESS_KEY
hosts_default_env:
- ANSIBLE_CONFIG
- ANSIBLE_DISKS_NFS_DISK
- ANSIBLE_DISKS_NFS_OPTIONS
@ -32,7 +30,7 @@ hosts_user_env:
- ANSIBLE_MYOS
- ANSIBLE_PLAYBOOK
- ENV
hosts_user_rc_enable: true
hosts_user_rc: true
hosts_user_rc_functions:
- { "path": "10_prompt_set", "state": "touch" }
- { "path": "10_ps1_set", "state": "touch" }

8
ansible/inventories/host_vars/localhost
View File

@ -5,13 +5,14 @@ disks_packages:
- { "name": "btrfs-progs", "state": "present" }
- { "name": "xfsprogs", "state": "present" }
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
docker_myos: true
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
hosts_git_repositories:
- { "repo": "{{ lookup('env','ANSIBLE_GIT_REPOSITORY') }}", "dest": "{{ lookup('env','ANSIBLE_GIT_DIRECTORY') }}", "key_file": "{{ lookup('env','ANSIBLE_GIT_KEY_FILE') or '~/.ssh/id_rsa' }}", "version": "{{ lookup('env','ANSIBLE_GIT_VERSION') }}" }
hosts_services:
- { "name": "myos", "state": "stopped", "enabled": "yes" }
- { "name": "myos", "state": "started", "enabled": "yes" }
hosts_update: true
hosts_user_env:
hosts_default_env:
- ANSIBLE_CONFIG
- ANSIBLE_DOCKER_IMAGE_TAG
- ANSIBLE_DOCKER_REGISTRY
@ -23,4 +24,5 @@ hosts_user_env:
- ANSIBLE_MYOS
- ANSIBLE_PLAYBOOK
- ENV
hosts_user_rc_enable: true
hosts_user_rc: true
remotes_myos: true

12
ansible/inventories/host_vars/myos
View File

@ -21,14 +21,12 @@ disks_services:
docker_image_tag: "{{ lookup('env','ANSIBLE_DOCKER_IMAGE_TAG') or 'latest' }}"
docker_registry: "{{ lookup('env','ANSIBLE_DOCKER_REGISTRY') }}"
hosts_packages:
- { "name": "ansible", "state": "present" }
- { "name": "ansible-core", "state": "present" }
hosts_services:
- { "name": "myos", "state": "stopped", "enabled": "yes" }
- { "name": "myos", "state": "started", "enabled": "yes" }
- { "name": "zram", "state": "started", "enabled": "yes" }
hosts_update: true
hosts_user_env:
- ANSIBLE_AWS_ACCESS_KEY_ID
- ANSIBLE_AWS_SECRET_ACCESS_KEY
hosts_default_env:
- ANSIBLE_CONFIG
- ANSIBLE_DISKS_NFS_DISK
- ANSIBLE_DISKS_NFS_OPTIONS
@ -45,12 +43,10 @@ hosts_user_env:
- COMPOSE_PROJECT_NAME
- ENV
- MYOS_TAGS
hosts_user_rc_enable: true
hosts_user_rc: true
hosts_user_rc_functions:
- { "path": "10_prompt_set", "state": "touch" }
- { "path": "10_ps1_set", "state": "touch" }
- { "path": "30_pfetch", "state": "touch" }
- { "path": "30_screen_attach", "state": "touch" }
- { "path": "40_ssh_add", "state": "touch" }
remotes_services:
- { "name": "ansible", "state": "stopped", "enabled": "yes" }

2
ansible/playbook.yml
View File

@ -6,7 +6,7 @@
gather_facts: false
pre_tasks:
- name: raw - install ansible requirements for alpine linux
raw: "[ -f /etc/alpine-release ] && /sbin/apk update && { which python3 >/dev/null 2>&1 || /sbin/apk add python3; } && { which sudo >/dev/null 2>&1 || /sbin/apk add sudo; } && { /bin/tar --version 2>/dev/null |grep busybox >/dev/null && /sbin/apk add tar; } && { ls /usr/lib/ssh/sftp-server >/dev/null 2>&1 || /sbin/apk add openssh-sftp-server; } || true"
raw: "[ -f /etc/alpine-release ] && /sbin/apk update && { which python3 >/dev/null 2>&1 || /sbin/apk add python3; } && { /bin/tar --version 2>/dev/null |grep busybox >/dev/null && /sbin/apk add tar; } && { ls /usr/lib/ssh/sftp-server >/dev/null 2>&1 || /sbin/apk add openssh-sftp-server; } || true"
tags:
- bootstrap

6
ansible/roles/docker/README.md
View File

@ -60,6 +60,12 @@ docker_distribution_release: bullseye
docker_machine: amd64
```
* `docker_myos` - Register myos tags
``` yaml
docker_myos: false
```
* `docker_package` - Name of the docker package
``` yaml

12
ansible/roles/docker/defaults/main.yml
View File

@ -19,6 +19,18 @@ docker_check_kernel: '3.10'
# docker daemon configuration
# docker_daemon_config: {}
# docker package distribution
docker_distribution: debian
# docker package distribution release
docker_distribution_release: bullseye
# docker package architecture
docker_machine: amd64
# register myos tags
docker_myos: false
# docker package name
docker_package: docker

1
ansible/roles/docker/tasks/main.yml
View File

@ -29,6 +29,7 @@
tags:
- run
- import_tasks: myos.yml
when: docker_myos|default(false)
tags:
- myos

19
ansible/roles/hosts/README.md
View File

@ -4,6 +4,12 @@ Bootstrap hosts, installing standard packages and user settings
## Role Variables
* `hosts_cloudinit` - Install and configure cloud-init
``` yaml
hosts_cloudinit: false
```
* `hosts_cloudinit_config` - cloud-init yaml config
``` yaml
@ -17,12 +23,6 @@ hosts_cloudinit_config:
- 'http://169.254.169.254'
```
* `hosts_cloudinit_enable` - Install and configure cloud-init
``` yaml
hosts_cloudinit_enable: false
```
* `hosts_git_repositories` - Clone git repositories
``` yaml
@ -120,10 +120,10 @@ hosts_user_env:
- DOCKER
```
* `hosts_user_rc_enable` - Call specific functions on user login, allowing it to customize his session
* `hosts_user_rc` - Call specific functions on user login, allowing it to customize his session
``` yaml
hosts_user_rc_enable: false
hosts_user_rc: false
```
* `hosts_user_rc_functions` - List of specific functions to call on user login, defined in /etc/profile.d/rc_functions.sh
@ -153,9 +153,8 @@ hosts_user_rc_functions:
roles:
- role: 'aynicos.hosts'
hosts_services:
- { "name": "local", "state": "started", "enabled": "yes" }
- { "name": "zram", "state": "started", "enabled": "yes" }
hosts_user_rc_enable: true
hosts_user_rc: true
```
## Tests

8
ansible/roles/hosts/defaults/main.yml
View File

@ -1,6 +1,9 @@
---
# file: defaults/main.yml
# enable cloud-init
hosts_cloudinit: false
# cloud-init config
hosts_cloudinit_config:
users:
@ -75,9 +78,6 @@ hosts_cloudinit_config:
templates_dir: /etc/cloud/templates/
ssh_svcname: sshd
# enable cloud-init
hosts_cloudinit_enable: false
# git repositories to clone
hosts_git_repositories: []
@ -136,7 +136,7 @@ hosts_update: false
hosts_user_env: []
# run specific functions on user login
hosts_user_rc_enable: false
hosts_user_rc: false
# list of rc functions to call at user connection
hosts_user_rc_functions:

4
ansible/roles/hosts/files/etc/cron.d/ansible Normal file
View File

@ -0,0 +1,4 @@
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
@reboot root /etc/init.d/myos ansible-pull > /var/log/ansible.log
0 * * * * root /etc/init.d/myos ansible-pull > /var/log/ansible.log

3
ansible/roles/hosts/files/etc/cron.d/myos
View File

@ -1,3 +0,0 @@
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
@reboot root make ansible-pull > /var/log/ansible-pull.log
0 0 * * * root make ansible-pull > /var/log/ansible-pull.log

3
ansible/roles/hosts/files/etc/local.d/ansible.start Normal file → Executable file
View File

@ -1,2 +1,3 @@
#!/bin/sh
cd /root && ( make ansible-pull > /var/log/ansible.log || reboot ) &
/etc/init.d/myos ansible-pull > /var/log/ansible.log

3
ansible/roles/hosts/files/etc/periodic/hourly/ansible Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
/etc/init.d/myos ansible-pull > /var/log/ansible.log

22
ansible/roles/hosts/files/etc/profile.d/rc_functions.sh
View File

@ -212,7 +212,7 @@ ssh_add() {
else
GREP_RECURSIVE_CHAR="*"
fi
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vw "${dir}"/id_rsa)"
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
done
# shellcheck disable=SC2086
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
@ -238,7 +238,7 @@ ssh_del() {
else
GREP_RECURSIVE_CHAR="*"
fi
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vw "${dir}"/id_rsa)"
SSH_PRIVATE_KEYS="${SSH_PRIVATE_KEYS:-} ${dir}/id_ed25519 ${dir}/id_rsa $(grep -l${GREP_RECURSIVE_FLAG:-} 'PRIVATE KEY' "${dir}/"${GREP_RECURSIVE_CHAR:-} 2>/dev/null |grep -vwE "${dir}/id_(rsa|ed25519)")"
done
# shellcheck disable=SC2086
printf '%s\n' ${SSH_PRIVATE_KEYS} |while read -r file; do
@ -270,14 +270,12 @@ tmux_detach() {
# function user_count: Print number of "users sessions"/"users"/"logged users"
user_count() {
ps ax -o user,tty 2>/dev/null |awk '
$2 ~ /^(pts|tty)/ { users_session++; logged[$1]++; };
{ count[$1]++; }
END {
for (uc in count) { c = c" "uc; }; users_count=split(c,v," ")-1;
for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," ")-1;
print users_session+0"/"users_count"/"users_logged;
}'
ps ax -o pid,user,tty,comm 2>/dev/null |awk '
$3 ~ /^(pts\/|tty[sS]?|[0-9]+,)[0-9]+$/ && $4 != "getty" { users_sessions++; logged[$2]++; };
$1 ~ /^[0-9]+$/ { count[$2]++; }
END {
for (uc in count) { c = c" "uc; }; users_count=split(c,v," ");
for (ul in logged) { l = l" "ul; }; users_logged=split(l,v," ");
print users_sessions+0"/"users_count+0"/"users_logged+0;
}'
}
# vim:ts=2:sw=2:sts=2:et

2
ansible/roles/hosts/files/etc/systemd/system/ansible.timer
View File

@ -2,7 +2,7 @@
Description=Call ansible
[Timer]
OnCalendar=*-*-* 00:00:00
OnCalendar=*-*-* *:00:00
Unit=ansible.service
[Install]

9
ansible/roles/hosts/tasks/cloudinit.yml
View File

@ -2,12 +2,12 @@
# file: tasks/cloudinit.yml
- name: cloudinit - install cloud-init packages
when: hosts_cloudinit_enable|default(false) and ansible_os_family|lower != "alpine"
when: ansible_os_family|lower != "alpine"
package: name="cloud-init" state="present"
become: yes
- name: cloudinit - install cloud-init packages - alpine
when: hosts_cloudinit_enable|default(false) and ansible_os_family|lower == "alpine"
when: ansible_os_family|lower == "alpine"
with_items:
- { "name": "cloud-init", "state": "present" }
- { "name": "cloud-init-openrc", "state": "present" }
@ -23,14 +23,13 @@
become: yes
- name: cloudinit - update /etc/cloud/cloud.cfg
when: hosts_cloudinit_enable|default(false)
template:
src: cloud.cfg.j2
dest: /etc/cloud/cloud.cfg
force: yes
- name: cloudinit - activate service
when: hosts_cloudinit_enable|default(false) and ansible_service_mgr|lower != "openrc"
when: ansible_service_mgr|lower != "openrc"
service:
name: cloud-init
state: started
@ -38,7 +37,7 @@
become: yes
- name: cloudinit - activate service - openrc
when: hosts_cloudinit_enable|default(false) and ansible_service_mgr|lower == "openrc"
when: ansible_service_mgr|lower == "openrc"
service:
name: cloud-init
state: started

20
ansible/roles/hosts/tasks/config.yml
View File

@ -1,7 +1,8 @@
---
# file: tasks/config.yml
- name: config - set MYOS config in /etc/default/myos
- name: config - set MYOS default config
become: true
with_items:
- APP_NAME={{ lookup('env','ANSIBLE_APP_NAME') }}
- APP_TYPE={{ lookup('env','ANSIBLE_APP_TYPE') }}
@ -11,5 +12,20 @@
create: yes
line: '{{ item }}'
mode: '0644'
become: yes
- name: config - update MYOS default config
become: true
with_items: '{{hosts_default_env|default([])}}'
lineinfile:
path: /etc/default/myos
create: yes
line: "{{item}}={{lookup('env',item)}}"
mode: '0644'
- name: config - create /root/Makefile
become: true
template:
src: Makefile.j2
dest: ~/Makefile
force: yes

8
ansible/roles/hosts/tasks/groups.yml
View File

@ -1,13 +1,17 @@
---
# file: tasks/groups.yml
- name: groups - remove floppy group - alpine
when: ansible_os_family|lower == "alpine"
group: gid="11" name="floppy" state="absent"
become: yes
- name: groups - create dns group
when: ansible_os_family|lower != "alpine"
group: gid="11" name="dns" state="present" system="yes"
become: yes
- name: groups - add me to the dns group
when: ansible_os_family|lower != "alpine" and ansible_user_uid != "0"
when: ansible_user_uid != "0"
user: name="{{ansible_user_id}}" groups=dns append=yes
become: yes

6
ansible/roles/hosts/tasks/main.yml
View File

@ -8,11 +8,12 @@
tags:
- boot
- import_tasks: cloudinit.yml
when: hosts_cloudinit|default(false)
tags:
- cloudinit
- import_tasks: config.yml
tags:
- cloudinit
- config
- import_tasks: dir.yml
tags:
- dir
@ -26,6 +27,7 @@
tags:
- packages
- import_tasks: services.yml
when: hosts_services is defined
tags:
- services
- import_tasks: git.yml
@ -35,9 +37,9 @@
tags:
- ssh
- import_tasks: update.yml
when: hosts_update|default(false)
tags:
- update
when: hosts_update|default(false)
- import_tasks: user.yml
tags:
- user

6
ansible/roles/hosts/tasks/services.yml
View File

@ -2,7 +2,7 @@
# file: tasks/services.yml
- name: services - enable/disable hosts services
when: hosts_services is defined and ansible_service_mgr|lower != "openrc" and ansible_service_mgr|lower != "runit"
when: ansible_service_mgr|lower != "openrc" and ansible_service_mgr|lower != "runit"
with_items: "{{ hosts_services|default([]) }}"
service:
name: "{{item.name}}"
@ -11,7 +11,7 @@
become: yes
- name: services - enable/disable hosts services - openrc
when: hosts_services is defined and ansible_service_mgr|lower == "openrc"
when: ansible_service_mgr|lower == "openrc"
with_items: "{{ hosts_services|default([]) }}"
service:
name: "{{item.name}}"
@ -21,7 +21,7 @@
become: yes
- name: services - enable/disable hosts services - runit
when: hosts_services is defined and ansible_service_mgr|lower == "runit"
when: ansible_service_mgr|lower == "runit"
with_items: "{{ hosts_services|default([]) }}"
sysvinit:
name: "{{item.name}}"

44
ansible/roles/hosts/tasks/update.yml
View File

@ -2,9 +2,18 @@
# file: tasks/update.yml
- name: update - copy files
when: ansible_service_mgr|lower != "systemd" and ansible_os_family|lower != "alpine"
with_items:
- /etc/cron.d/myos
copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0644
- /etc/cron.d/ansible
copy: src=../files/{{item}} dest={{item}} owner=root group=root
become: yes
- name: update - copy files - alpine
when: ansible_service_mgr|lower != "systemd" and ansible_os_family|lower == "alpine"
with_items:
- /etc/periodic/hourly/ansible
- /etc/local.d/ansible.start
copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0755
become: yes
- name: update - copy files - systemd
@ -12,21 +21,24 @@
with_items:
- /etc/systemd/system/ansible.service
- /etc/systemd/system/ansible.timer
copy: src=../files/{{item}} dest={{item}} owner=root group=root mode=0644
copy: src=../files/{{item}} dest={{item}} owner=root group=root
become: yes
- name: update - create /root/.myos
become: true
template:
src: myos.j2
dest: ~/.myos
force: no
mode: 0400
- name: update - enable nservices - openrc
when: ansible_service_mgr|lower == "openrc"
service:
name: local
enabled: true
runlevel: boot
become: yes
- name: update - create /root/Makefile
become: true
template:
src: Makefile.j2
dest: ~/Makefile
force: yes
- name: update - enable services - systemd
when: ansible_service_mgr|lower == "systemd"
with_items:
- ansible.service
- ansible.timer
service:
name: "{{item}}"
enabled: true
become: yes

6
ansible/roles/hosts/tasks/user.yml
View File

@ -12,16 +12,16 @@
ignore_errors: true
- name: user - create ~/.rc.d
file: path=~/.rc.d/ state={{hosts_user_rc_enable|default(false)|ternary('directory', 'absent')}} mode="0700"
file: path=~/.rc.d/ state={{hosts_user_rc|default(false)|ternary('directory', 'absent')}} mode="0700"
- name: user - source /etc/profile.d/rc_functions.sh
when: hosts_user_rc_enable|default(false)
when: hosts_user_rc|default(false)
with_items:
- /etc/profile.d/rc_functions.sh
lineinfile: dest=~/.rc.d/00_source create=yes line="{{ item }}" mode="0600"
- name: user - enable/disable rc functions
when: hosts_user_rc_enable|default(false)
when: hosts_user_rc|default(false)
with_items: "{{ hosts_user_rc_functions|default([]) }}"
file: path="~/.rc.d/{{item.path}}" state="{{item.state}}"

2
ansible/roles/hosts/templates/Makefile.j2
View File

@ -1,6 +1,6 @@
CMDS := exec
SERVICE ?= cli
-include .myos
-include /etc/default/myos
ansible:
@make -C $(ANSIBLE_GIT_DIRECTORY) ansible-run-localhost

4
ansible/roles/hosts/tests/goss/package_alpine.yml
View File

@ -7,11 +7,11 @@ package:
installed: true
ncurses:
installed: true
neovim:
installed: true
openssh-client:
installed: true
py3-pip:
installed: true
util-linux:
installed: true
vim:
installed: true

2
ansible/roles/hosts/vars/alpine.yml
View File

@ -5,8 +5,8 @@ hosts_packages_distro:
- { "name": "coreutils", "state": "present" }
- { "name": "groff", "state": "present" }
- { "name": "ncurses", "state": "present" }
- { "name": "neovim", "state": "present" }
- { "name": "openssh-client", "state": "present" }
- { "name": "py3-pip", "state": "present" }
- { "name": "util-linux", "state": "present" }
- { "name": "vim", "state": "present" }

6
ansible/roles/remotes/README.md
View File

@ -6,6 +6,12 @@ Interact with remote services
### Default variables
* `remotes_myos` - Retrieve myos tags
``` yaml
remotes_myos: false
```
* `remotes_packages` - List of packages to install/remove on your hosts
``` yaml

3
ansible/roles/remotes/defaults/main.yml
View File

@ -22,6 +22,9 @@ aws_secret_access_key: 'YOUR_SECRET_ACCESS_KEY'
# git repositories to clone
git_repositories: []
# retrieve myos tags
remotes_myos: false
# packages to install/remove
remotes_packages: []

1
ansible/roles/remotes/tasks/main.yml
View File

@ -23,6 +23,7 @@
tags:
- user
- import_tasks: myos.yml
when: remotes_myos|default(false)
tags:
- myos

2
ansible/roles/remotes/tasks/myos.yml
View File

@ -17,7 +17,7 @@
ec2_tag:
aws_access_key: "{{ aws_access_key_id }}"
aws_secret_key: "{{ aws_secret_access_key }}"
region: "{{ ansible_ec2_placement_region }}"
region: "{{ ansible_ec2_placement_region |default('') }}"
resource: "{{ ansible_ec2_instance_id }}"
state: list
register: myos

8
docker/compose/Dockerfile
View File

@ -4,13 +4,13 @@ ARG DOCKER_BUILD_DIR
ARG COMPOSE_REMOTE=https://github.com/docker/compose
ARG COMPOSE_VERSION=2.5.0
ARG OPERATING_SYSTEM=Linux
ARG PROCESSOR_ARCHITECTURE=x86_64
ARG SYSTEM=Linux
ARG MACHINE=x86_64
RUN apk update \
&& apk add --no-cache ca-certificates \
&& OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \
&& OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${MACHINE})"; \
wget -qO /usr/bin/docker-compose ${COMPOSE_REMOTE}/releases/download/v${COMPOSE_VERSION}/docker-compose-${OS}-${ARCH} \
&& chmod +x /usr/bin/docker-compose

8
docker/fabio/Dockerfile
View File

@ -4,13 +4,13 @@ ARG DOCKER_BUILD_DIR
ARG FABIO_REMOTE=https://github.com/fabiolb/fabio
ARG FABIO_VERSION=1.6.0
ARG OPERATING_SYSTEM=Linux
ARG PROCESSOR_ARCHITECTURE=x86_64
ARG SYSTEM=Linux
ARG MACHINE=x86_64
RUN apk update \
&& apk add --no-cache ca-certificates \
&& OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${PROCESSOR_ARCHITECTURE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
&& OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
wget -qO /usr/bin/fabio ${FABIO_REMOTE}/releases/download/v${FABIO_VERSION}/fabio-${FABIO_VERSION}-${OS}_${ARCH} \
&& chmod +x /usr/bin/fabio

10
docker/myos/Dockerfile
View File

@ -3,8 +3,8 @@ LABEL maintainer aynic.os <support+docker@asycn.io>
ARG DOCKER_BUILD_DIR
ARG GIT_AUTHOR_NAME
ARG GIT_AUTHOR_EMAIL
ARG OPERATING_SYSTEM=Linux
ARG PROCESSOR_ARCHITECTURE=x86_64
ARG SYSTEM=Linux
ARG MACHINE=x86_64
ENV GIT_AUTHOR_NAME=${GIT_AUTHOR_NAME}
ENV GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
@ -42,11 +42,11 @@ RUN git clone https://github.com/ingydotnet/git-subrepo \
ARG IPFS_VERSION=0.14.0
RUN { OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \
RUN { OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${MACHINE})"; \
wget -qO - https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.${OS}.${ARCH}.tar.xz \
|tar --strip-components 1 -C /usr/local/bin -xJf - shellcheck-stable/shellcheck; } \
&& { ARCH="$(echo ${PROCESSOR_ARCHITECTURE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
&& { ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
wget -qO - https://github.com/ipfs/kubo/releases/download/v${IPFS_VERSION}/kubo_v${IPFS_VERSION}_${OS}-${ARCH}.tar.gz \
|tar --strip-components 1 -C /usr/local/bin -xzf - kubo/ipfs; } \
&& mkdir -p /usr/local/lib/shellspec \

28
docker/packer/Dockerfile
View File

@ -2,14 +2,16 @@ FROM alpine:latest as dist
LABEL maintainer aynic.os <support+docker@asycn.io>
ARG DOCKER_BUILD_DIR
ARG ARCH="$(uname -m |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"
ARG OS="$(uname -o |awk '{print tolower($0)}')"
ARG PACKER_VERSION=1.6.6
ARG MACHINE="x86_64"
ARG SYSTEM="Linux"
RUN apk --no-cache add \
ansible \
bash \
dirmngr \
git \
gpg \
gpg-agent \
qemu \
qemu-system-x86_64 \
qemu-img \
@ -17,15 +19,21 @@ RUN apk --no-cache add \
socat \
wget
ADD https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip ./
ADD https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS ./
ARG PACKER_VERSION=1.8.3
RUN sed -i '/.*linux_amd64.zip/!d' packer_${PACKER_VERSION}_SHA256SUMS
RUN sha256sum -cs packer_${PACKER_VERSION}_SHA256SUMS\
&& unzip packer_${PACKER_VERSION}_linux_amd64.zip -d /bin
RUN rm -f packer_${PACKER_VERSION}_linux_amd64.zip
RUN { OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_${OS}_${ARCH}.zip \
&& wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS \
&& wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_SHA256SUMS.sig \
&& GNUPGHOME="./.gnupg" gpg --batch --recv-keys C874011F0AB405110D02105534365D9472D7468F \
&& GNUPGHOME="./.gnupg" gpg --batch --verify packer_${PACKER_VERSION}_SHA256SUMS.sig packer_${PACKER_VERSION}_SHA256SUMS \
&& grep packer_${PACKER_VERSION}_${OS}_${ARCH}.zip packer_${PACKER_VERSION}_SHA256SUMS |sha256sum -c - \
&& unzip "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" -d /usr/local/bin \
&& rm -f "packer_${PACKER_VERSION}_${OS}_${ARCH}.zip" packer_${PACKER_VERSION}_SHA256SUMS.sig packer_${PACKER_VERSION}_SHA256SUMS ./.gnupg \
; }
ENTRYPOINT ["/bin/packer"]
ENTRYPOINT ["/usr/local/bin/packer"]
FROM dist as master
ARG DOCKER_BUILD_DIR

12
docker/zen/Dockerfile
View File

@ -3,8 +3,8 @@ LABEL maintainer aynic.os <support+docker@asycn.io>
ARG DOCKER_BUILD_DIR
ARG GIT_AUTHOR_NAME
ARG GIT_AUTHOR_EMAIL
ARG OPERATING_SYSTEM=Linux
ARG PROCESSOR_ARCHITECTURE=x86_64
ARG SYSTEM=Linux
ARG MACHINE=x86_64
ENV GIT_AUTHOR_NAME=${GIT_AUTHOR_NAME}
ENV GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
@ -41,12 +41,12 @@ RUN chmod +r /include.sh \
ARG IPFS_VERSION=0.14.0
RUN { OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \
RUN { OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${MACHINE})"; \
wget -qO - https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.${OS}.${ARCH}.tar.xz \
|tar --strip-components 1 -C /usr/local/bin -xJf - shellcheck-stable/shellcheck; } \
&& { OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${PROCESSOR_ARCHITECTURE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
&& { OS="$(echo ${SYSTEM} |awk '{print tolower($0)}')"; \
ARCH="$(echo ${MACHINE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
wget -qO - https://github.com/ipfs/kubo/releases/download/v${IPFS_VERSION}/kubo_v${IPFS_VERSION}_${OS}-${ARCH}.tar.gz \
|tar --strip-components 1 -C /usr/local/bin -xzf - kubo/ipfs; } \
&& mkdir -p /usr/local/lib/shellspec \

2
make/apps/def.docker.mk
View File

@ -26,7 +26,7 @@ DOCKER_BUILD_NO_CACHE ?= false
DOCKER_BUILD_TARGET ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS)),$(ENV),$(DOCKER_BUILD_TARGET_DEFAULT))
DOCKER_BUILD_TARGET_DEFAULT ?= master
DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME OPERATING_SYSTEM PROCESSOR_ARCHITECTURE SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SYSTEM MACHINE SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS)
DOCKER_COMPOSE_DOWN_OPTIONS ?=
DOCKER_COMPOSE_RUN_OPTIONS ?= --rm

4
make/apps/myos/def.ssh.mk
View File

@ -5,9 +5,9 @@ SSH_BASTION_HOSTNAME ?=
SSH_BASTION_USERNAME ?= $(SSH_USER)
SSH_ENV_VARS ?= SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PUBLIC_HOSTS SSH_PRIVATE_IP_RANGE SSH_USER
SSH_GITHUB_AUTHORIZED_KEYS ?= $(patsubst %,https://github.com/%,$(patsubst %,%.keys,$(SSH_USER)))
SSH_PUBLIC_HOSTS ?= $(CONFIG_REPOSITORY_HOST) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS)
SSH_PUBLIC_HOSTS ?= $(if $(filter ssh,$(CONFIG_REPOSITORY_SCHEME)),$(CONFIG_REPOSITORY_HOST)) $(SSH_BASTION_HOSTNAME) $(SSH_REMOTE_HOSTS)
SSH_PRIVATE_IP_RANGE ?=
SSH_PRIVATE_KEYS ?= $(wildcard $(SSH_DIR)/id_rsa)
SSH_PRIVATE_KEYS ?= $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa)
SSH_REMOTE_HOSTS ?= github.com gitlab.com
SSH_USER ?= $(call slugify,$(GIT_USER))

4
make/apps/myos/setup.mk
View File

@ -14,11 +14,11 @@ ifeq ($(filter 0 $(DOCKER_GID),$(GIDS)),)
endif
endif
# target setup-nfsd: Call setup-nfsd-osx if SETUP_NFSD=true and OPERATING_SYSTEM=Darwin
# target setup-nfsd: Call setup-nfsd-osx if SETUP_NFSD=true and SYSTEM=Darwin
.PHONY: setup-nfsd
setup-nfsd:
ifeq ($(SETUP_NFSD),true)
ifeq ($(OPERATING_SYSTEM),Darwin)
ifeq ($(SYSTEM),Darwin)
$(call setup-nfsd-osx)
endif
endif

4
make/apps/myos/ssh.mk
View File

@ -10,7 +10,7 @@ ssh: ssh-get-PrivateIpAddress-$(SERVER_NAME) ## Connect to first remote host
.PHONY: ssh-add
ssh-add: DOCKER_RUN_OPTIONS += -it
ssh-add: ssh-key
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
$(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null || $(RUN) ssh-add $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) )
# target ssh-connect: Call ssh-connect make connect SERVICE
@ -21,7 +21,7 @@ ssh-connect: ssh-get-PrivateIpAddress-$(SERVER_NAME)
# target ssh-del: ssh-add -d file SSH_PRIVATE_KEYS in folder SSH_DIR
.PHONY: ssh-del
ssh-del:
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
$(eval SSH_PRIVATE_KEYS := $(foreach file,$(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa $(filter-out $(wildcard $(SSH_DIR)/id_ed25519 $(SSH_DIR)/id_rsa),$(wildcard $(SSH_DIR)/*)),$(if $(shell grep "PRIVATE KEY" $(file) 2>/dev/null),$(notdir $(file)))))
$(call run,sh -c '$(foreach file,$(patsubst %,$(SSH_DIR)/%,$(SSH_PRIVATE_KEYS)),ssh-add -l |grep -qw $$(ssh-keygen -lf $(file) 2>/dev/null |awk '\''{print $$2}'\'') 2>/dev/null && $(RUN) ssh-add -d $(file) ||: &&) true',-v $(SSH_DIR):$(SSH_DIR) $(USER_DOCKER_IMAGE) )
# target ssh-exec: Call ssh-exec make exec SERVICE ARGS

2
make/def.docker.mk
View File

@ -26,7 +26,7 @@ USER_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJEC
USER_DOCKER_VOLUME ?= $(USER_COMPOSE_PROJECT_NAME)_myos
# https://github.com/docker/libnetwork/pull/2348
ifeq ($(OPERATING_SYSTEM),Darwin)
ifeq ($(SYSTEM),Darwin)
DOCKER_HOST_IFACE ?= $(shell docker run --rm -it --net=host alpine /sbin/ip -4 route list match 0/0 2>/dev/null |awk '{print $$5}' |awk '!seen[$$0]++' |head -1)
DOCKER_HOST_INET4 ?= $(shell docker run --rm -it --net=host alpine /sbin/ip -4 addr show $(DOCKER_HOST_IFACE) 2>/dev/null |awk '$$1 == "inet" {sub(/\/.*/,"",$$2); print $$2}' |head -1)
DOCKER_INTERNAL_DOCKER_GATEWAY ?= $(shell docker run --rm -it alpine getent hosts gateway.docker.internal 2>/dev/null |awk '{print $$1}' |head -1)

12
make/def.mk
View File

@ -53,7 +53,7 @@ ENV_ARGS ?= $(env_args)
ENV_FILE ?= $(wildcard $(CONFIG)/$(ENV)/$(APP)/.env .env)
ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null)
ENV_RESET ?= false
ENV_VARS ?= APP BRANCH DOMAIN ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MONOREPO MONOREPO_DIR OPERATING_SYSTEM PROCESSOR_ARCHITECTURE TAG UID USER VERSION
ENV_VARS ?= APP BRANCH DOMAIN ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MACHINE MONOREPO MONOREPO_DIR SYSTEM TAG UID USER VERSION
GID ?= $(shell id -g 2>/dev/null)
GIDS ?= $(shell id -G 2>/dev/null)
GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@my.os)
@ -123,15 +123,15 @@ endif
# Guess OS
ifeq ($(OSTYPE),cygwin)
OPERATING_SYSTEM := cygwin
SYSTEM := cygwin
else ifeq ($(OS),Windows_NT)
OPERATING_SYSTEM := Windows_NT
SYSTEM := Windows_NT
else
PROCESSOR_ARCHITECTURE := $(shell uname -m 2>/dev/null)
OPERATING_SYSTEM := $(shell uname -s 2>/dev/null)
SYSTEM := $(shell uname -s 2>/dev/null)
endif
MACHINE := $(shell uname -m 2>/dev/null)
ifeq ($(OPERATING_SYSTEM),Darwin)
ifeq ($(SYSTEM),Darwin)
SED_SUFFIX := ''
endif

2
make/monorepo/common.mk
View File

@ -24,7 +24,7 @@ config: $(APPS)
# target copy: Copy files and folders to all APPS
.PHONY: copy
copy:
$(foreach app,$(APPS),$(foreach file,$(ARGS),$(if $(wildcard $(file)),$(RUN) $(if $(filter Linux,$(OPERATING_SYSTEM)),cp -a --parents $(file) $(app)/,rsync -a $(file) $(app)/$(file)) &&)) true &&) true
$(foreach app,$(APPS),$(foreach file,$(ARGS),$(if $(wildcard $(file)),$(RUN) $(if $(filter Linux,$(SYSTEM)),cp -a --parents $(file) $(app)/,rsync -a $(file) $(app)/$(file)) &&)) true &&) true
# target deploy: Fire APPS target
.PHONY: deploy

105
packer/alpine/alpine.json
View File

@ -1,105 +0,0 @@
{
"builders": [
{
"accelerator": "{{user `accelerator`}}",
"boot_command": [
"{{user `username`}}<enter>",
"passwd<enter>{{user `password`}}<enter>{{user `password`}}<enter>",
"ifconfig eth0 up \u0026\u0026 udhcpc -i eth0<enter>",
"apk add --repository http://dl-cdn.alpinelinux.org/alpine/v{{user `alpine_version`}}/main dropbear dropbear-openrc openssh-sftp-server<enter>",
"rc-update add dropbear<enter>",
"echo -e 'auto eth0\\niface eth0 inet dhcp' > /etc/network/interfaces<enter>",
"rc-service dropbear start<enter>",
"<wait>"
],
"boot_wait": "{{user `boot_wait`}}",
"disk_interface": "virtio",
"disk_size": "{{user `iso_size`}}",
"format": "raw",
"headless": true,
"host_port_max": "{{user `ssh_port_max`}}",
"host_port_min": "{{user `ssh_port_min`}}",
"iso_checksum": "file:http://dl-cdn.alpinelinux.org/alpine/v{{user `alpine_version`}}/releases/{{user `alpine_arch`}}/alpine-virt-{{user `alpine_release`}}-{{user `alpine_arch`}}.iso.sha256",
"iso_url": "http://dl-cdn.alpinelinux.org/alpine/v{{user `alpine_version`}}/releases/{{user `alpine_arch`}}/alpine-virt-{{user `alpine_release`}}-{{user `alpine_arch`}}.iso",
"net_device": "virtio-net",
"output_directory": "{{user `output`}}",
"qemuargs": [
[
"-device",
"virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x7"
],
[
"-object",
"rng-random,filename=/dev/urandom,id=rng0"
]
],
"shutdown_command": "/sbin/poweroff",
"ssh_file_transfer_method": "sftp",
"ssh_password": "{{user `password`}}",
"ssh_port": 22,
"ssh_timeout": "{{user `ssh_wait_timeout`}}",
"ssh_username": "{{user `username`}}",
"type": "qemu",
"vm_name": "{{user `iso_name`}}.iso",
"vnc_bind_address": "{{user `vnc_bind_address`}}",
"vnc_port_max": "{{user `vnc_port_max`}}",
"vnc_port_min": "{{user `vnc_port_min`}}"
}
],
"provisioners": [
{
"environment_vars": [
"ALPINE_VERSION={{user `alpine_version`}}",
"HOSTNAME={{user `hostname`}}"
],
"script": "packer/alpine/setup.sh",
"type": "shell"
},
{
"expect_disconnect": true,
"inline": [
"/usr/bin/eject -s",
"/sbin/reboot"
],
"type": "shell"
},
{
"extra_arguments": [
"--extra-vars",
"{{user `ansible_extra_vars`}}",
"{{user `ansible_verbose`}}"
],
"inventory_directory": "ansible/inventories",
"pause_before": "16s",
"playbook_file": "ansible/playbook.yml",
"sftp_command": "/usr/lib/ssh/sftp-server -e",
"type": "ansible",
"user": "{{user `ansible_user`}}"
}
],
"variables": {
"accelerator": "kvm",
"alpine_arch": "x86_64",
"alpine_release": "3.12.0",
"alpine_version": "3.12",
"ansible_extra_vars": "target=default",
"ansible_user": "root",
"ansible_verbose": "-v",
"boot_wait": "8s",
"hostname": "alpine",
"iso_name": "alpine-3.12.0-x86_64",
"iso_size": "1024",
"output": "build/iso",
"password": "alpine",
"qemuargs": "",
"ssh_port_max": "2222",
"ssh_port_min": "2222",
"ssh_wait_timeout": "32s",
"template": "alpine",
"username": "root",
"vnc_bind_address": "127.0.0.1",
"vnc_port_max": "5900",
"vnc_port_min": "5900"
}
}

177
packer/alpine/alpine.pkr.hcl Normal file
View File

@ -0,0 +1,177 @@
variable "accelerator" {
type = string
default = "kvm"
}
variable "alpine_arch" {
type = string
default = "x86_64"
}
variable "alpine_release" {
type = string
default = "3.16.0"
}
variable "alpine_version" {
type = string
default = "3.16"
}
variable "ansible_extra_vars" {
type = string
default = "target=default"
}
variable "ansible_user" {
type = string
default = "root"
}
variable "ansible_verbose" {
type = string
default = "-v"
}
variable "boot_wait" {
type = string
default = "8s"
}
variable "hostname" {
type = string
default = "alpine"
}
variable "iso_name" {
type = string
default = "alpine-3.16.0-x86_64"
}
variable "iso_size" {
type = string
default = "1024"
}
variable "nameserver" {
type = string
default = "1.1.1.1"
}
variable "output" {
type = string
default = "build/iso"
}
variable "password" {
type = string
default = "alpine"
}
variable "pause_before" {
type = string
default = "24s"
}
variable "qemuargs" {
type = string
default = ""
}
variable "ssh_port_max" {
type = string
default = "2222"
}
variable "ssh_port_min" {
type = string
default = "2222"
}
variable "ssh_timeout" {
type = string
default = "42s"
}
variable "template" {
type = string
default = "alpine"
}
variable "username" {
type = string
default = "root"
}
variable "vnc_bind_address" {
type = string
default = "127.0.0.1"
}
variable "vnc_port_max" {
type = string
default = "5900"
}
variable "vnc_port_min" {
type = string
default = "5900"
}
source "qemu" "alpine" {
accelerator = "${var.accelerator}"
boot_command = ["${var.username}<enter>", "passwd<enter>${var.password}<enter>${var.password}<enter>", "ifconfig eth0 up && udhcpc -i eth0<enter>", "apk add --repository http://dl-cdn.alpinelinux.org/alpine/v${var.alpine_version}/main dropbear dropbear-openrc openssh-sftp-server<enter>", "rc-update add dropbear<enter>", "echo -e 'auto eth0\\niface eth0 inet dhcp' > /etc/network/interfaces<enter>", "mkdir -p /etc/dropbear<enter>", "dropbearkey -t ed25519 -f /etc/dropbear/dropbear_ed25519_host_key<enter>", "rc-service dropbear start<enter>", "<wait>"]
boot_wait = "${var.boot_wait}"
disk_interface = "virtio"
disk_size = "${var.iso_size}"
format = "raw"
headless = true
host_port_max = "${var.ssh_port_max}"
host_port_min = "${var.ssh_port_min}"
iso_checksum = "file:http://dl-cdn.alpinelinux.org/alpine/v${var.alpine_version}/releases/${var.alpine_arch}/alpine-virt-${var.alpine_release}-${var.alpine_arch}.iso.sha256"
iso_url = "http://dl-cdn.alpinelinux.org/alpine/v${var.alpine_version}/releases/${var.alpine_arch}/alpine-virt-${var.alpine_release}-${var.alpine_arch}.iso"
net_device = "virtio-net"
output_directory = "${var.output}"
qemuargs = [["-device", "virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x7"], ["-object", "rng-random,filename=/dev/urandom,id=rng0"]]
// qemuargs = ["${var.qemuargs}"]
shutdown_command = "/sbin/poweroff"
ssh_file_transfer_method = "sftp"
ssh_password = "${var.password}"
ssh_port = 22
ssh_timeout = "${var.ssh_timeout}"
ssh_username = "${var.username}"
vm_name = "${var.iso_name}.iso"
vnc_bind_address = "${var.vnc_bind_address}"
vnc_port_max = "${var.vnc_port_max}"
vnc_port_min = "${var.vnc_port_min}"
}
build {
sources = ["source.qemu.alpine"]
provisioner "shell" {
environment_vars = ["ALPINE_VERSION=${var.alpine_version}", "HOSTNAME=${var.hostname}", "NAMESERVER=${var.nameserver}"]
script = "packer/alpine/setup.sh"
}
provisioner "shell" {
expect_disconnect = true
inline = ["/usr/bin/eject -s", "/sbin/reboot"]
}
provisioner "ansible" {
ansible_env_vars = [ "ANSIBLE_USERNAME=${var.ansible_user}" ]
// https://github.com/hashicorp/packer-plugin-ansible/issues/69
ansible_ssh_extra_args = ["-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"]
extra_arguments = ["--extra-vars", "${var.ansible_extra_vars}", "${var.ansible_verbose}"]
inventory_directory = "ansible/inventories"
pause_before = "${var.pause_before}"
playbook_file = "ansible/playbook.yml"
sftp_command = "/usr/lib/ssh/sftp-server -e"
use_proxy = "true"
use_sftp = "true"
user = "${var.ansible_user}"
}
}

9
packer/alpine/setup.sh
View File

@ -3,11 +3,11 @@
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
ALPINE_VERSION="${ALPINE_VERSION:-3.10}"
ALPINE_VERSION="${ALPINE_VERSION:-3.16}"
APKREPOSOPTS="http://dl-cdn.alpinelinux.org/alpine/v${ALPINE_VERSION}/main http://dl-cdn.alpinelinux.org/alpine/v${ALPINE_VERSION}/community"
BOOT_SIZE="32"
DISKOPTS="-s 0 -m sys /dev/vda"
DNSOPTS="-n 8.8.8.8"
DNSOPTS="-n ${NAMESERVER:-1.1.1.1}"
HOSTNAME="${HOSTNAME:-alpine}"
HOSTNAMEOPTS="-n ${HOSTNAME}"
INTERFACESOPTS="auto lo
@ -15,9 +15,6 @@ iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet dhcp
"
KEYMAPOPTS="fr fr"
NTPOPTS="-c openntpd"
@ -35,7 +32,7 @@ http://dl-8.alpinelinux.org/alpine/"
/sbin/setup-hostname ${HOSTNAMEOPTS}
echo "${INTERFACESOPTS}" | /sbin/setup-interfaces -i
# /etc/init.d/networking --quiet start >/dev/null
# /sbin/setup-dns ${DNSOPTS}
/sbin/setup-dns ${DNSOPTS}
/sbin/setup-timezone ${TIMEZONEOPTS}
/sbin/setup-proxy -q ${PROXYOPTS}
/sbin/setup-apkrepos ${APKREPOSOPTS}

2
packer/def.packer.alpine.mk
View File

@ -1,5 +1,5 @@
PACKER_ALPINE_ARCH ?= x86_64
PACKER_ALPINE_RELEASE ?= 3.12.0
PACKER_ALPINE_RELEASE ?= 3.16.2
PACKER_BUILD_VARS += alpine_arch alpine_release alpine_version
alpine_arch ?= $(PACKER_ALPINE_ARCH)
alpine_release ?= $(PACKER_ALPINE_RELEASE)

30
packer/def.packer.mk
View File

@ -1,11 +1,11 @@
CMDS += packer
DOCKER_RUN_OPTIONS_PACKER ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT)
DOCKER_RUN_OPTIONS_PACKER ?= -it -p $(PACKER_SSH_PORT):$(PACKER_SSH_PORT) -p $(PACKER_VNC_PORT):$(PACKER_VNC_PORT) -v $(SSH_DIR):$(SSH_DIR)
ENV_VARS += PACKER_CACHE_DIR PACKER_KEY_INTERVAL PACKER_LOG
KVM_GID ?= $(call gid,kvm)
PACKER_ARCH ?= $(PACKER_ALPINE_ARCH)
PACKER_BOOT_WAIT ?= 11s
PACKER_BOOT_WAIT ?= 24s
PACKER_BUILD_ARGS ?= -on-error=cleanup $(foreach var,$(PACKER_BUILD_VARS),$(if $($(var)),-var $(var)='$($(var))'))
PACKER_BUILD_VARS += accelerator boot_wait hostname iso_name iso_size output password qemuargs ssh_wait_timeout template username
PACKER_BUILD_VARS += accelerator boot_wait hostname iso_name iso_size nameserver output password pause_before qemuargs ssh_timeout template username
PACKER_BUILD_VARS += ansible_extra_vars ansible_user ansible_verbose
PACKER_CACHE_DIR ?= build/cache
PACKER_HOSTNAME ?= $(PACKER_TEMPLATE)
@ -15,18 +15,20 @@ PACKER_ISO_FILE = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).iso
PACKER_ISO_INFO = $(PACKER_OUTPUT)/$(PACKER_ISO_NAME).nfo
PACKER_ISO_NAME = $(PACKER_TEMPLATE)-$(PACKER_RELEASE)-$(PACKER_ARCH)
PACKER_ISO_SIZE ?= 1024
PACKER_KEY_INTERVAL ?= 10ms
PACKER_KEY_INTERVAL ?= 11ms
PACKER_LOG ?= 1
PACKER_NAMESERVER ?= 1.1.1.1
PACKER_OUTPUT ?= build/iso/$(ENV)/$(PACKER_TEMPLATE)/$(PACKER_RELEASE)-$(PACKER_ARCH)
PACKER_PASSWORD ?= $(PACKER_TEMPLATE)
PACKER_PAUSE_BEFORE ?= 24s
PACKER_QEMU_ACCELERATOR ?= kvm
PACKER_QEMU_ARCH ?= $(PACKER_ARCH)
PACKER_QEMU_ARGS ?= -machine type=pc,accel=$(PACKER_QEMU_ACCELERATOR) -device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x7 -object rng-random,filename=/dev/urandom,id=rng0
PACKER_RELEASE ?= $(PACKER_ALPINE_RELEASE)
PACKER_SSH_ADDRESS ?= $(if $(ssh_bind_address),$(ssh_bind_address),0.0.0.0)
PACKER_SSH_PORT ?= $(if $(ssh_port_max),$(ssh_port_max),2222)
PACKER_SSH_WAIT_TIMEOUT ?= 42s
PACKER_TEMPLATES ?= $(wildcard packer/*/*.json)
PACKER_SSH_TIMEOUT ?= 42s
PACKER_TEMPLATES ?= $(wildcard packer/*/*.json packer/*/*.pkr.hcl)
PACKER_TEMPLATE ?= alpine
PACKER_USERNAME ?= root
PACKER_VNC_PORT ?= $(if $(vnc_port_max),$(vnc_port_max),5900)
@ -49,10 +51,12 @@ boot_wait ?= $(PACKER_BOOT_WAIT)
hostname ?= $(PACKER_HOSTNAME)
iso_name ?= $(PACKER_ISO_NAME)
iso_size ?= $(PACKER_ISO_SIZE)
nameserver ?= $(PACKER_NAMESERVER)
output ?= $(PACKER_OUTPUT)
password ?= $(PACKER_PASSWORD)
pause_before ?= $(PACKER_PAUSE_BEFORE)
qemuargs ?= $(call arrays_of_dquoted_args, $(PACKER_QEMU_ARGS))
ssh_wait_timeout ?= $(PACKER_SSH_WAIT_TIMEOUT)
ssh_timeout ?= $(PACKER_SSH_TIMEOUT)
template ?= $(PACKER_TEMPLATE)
username ?= $(PACKER_USERNAME)
@ -62,16 +66,17 @@ password := $(or $(shell pwgen -csy -r\' 64 1 2>/dev/null
endif
endif
ifeq ($(OPERATING_SYSTEM),Darwin)
ifeq ($(SYSTEM),Darwin)
ifneq ($(DOCKER), true)
PACKER_QEMU_ACCELERATOR := hvf
PACKER_QEMU_ARGS += -cpu host
else
PACKER_QEMU_ACCELERATOR := tcg
PACKER_QEMU_ARGS += -cpu max,vendor=GenuineIntel,vmware-cpuid-freq=on,+invtsc,+aes,+vmx
endif
else ifeq ($(OPERATING_SYSTEM),Linux)
else ifeq ($(SYSTEM),Linux)
DOCKER_RUN_OPTIONS_PACKER += $(if $(KVM_GID),--group-add $(KVM_GID)) --device /dev/kvm
else ifeq ($(OPERATING_SYSTEM),Windows_NT)
else ifeq ($(SYSTEM),Windows_NT)
PACKER_QEMU_ACCELERATOR := hax
endif
@ -90,12 +95,13 @@ endef
# function packer-build: Call packer build with arg 1, Add build infos to file PACKER_ISO_INFO
define packer-build
$(eval PACKER_TEMPLATE := $(notdir $(basename $(1))))
$(eval PACKER_TEMPLATE := $(notdir $(basename $(basename $(1)))))
echo Building $(PACKER_ISO_FILE)
$(call packer,build $(PACKER_BUILD_ARGS) $(1))
echo 'aws_id: $(ANSIBLE_AWS_ACCESS_KEY_ID)' > $(PACKER_ISO_INFO)
echo 'aws_key: $(ANSIBLE_AWS_SECRET_ACCESS_KEY)' >> $(PACKER_ISO_INFO)
echo 'aws_region: $(ANSIBLE_AWS_DEFAULT_REGION)' >> $(PACKER_ISO_INFO)
echo 'dns: $(nameserver)' >> $(PACKER_ISO_INFO)
echo 'docker_image_tag: $(ANSIBLE_DOCKER_IMAGE_TAG)' >> $(PACKER_ISO_INFO)
echo 'docker_registry: $(ANSIBLE_DOCKER_REGISTRY)' >> $(PACKER_ISO_INFO)
echo 'env: $(ENV)' >> $(PACKER_ISO_INFO)
@ -114,4 +120,4 @@ define packer-build
echo 'user: $(username)' >> $(PACKER_ISO_INFO)
endef
arrays_of_dquoted_args = $(subst $(dquote) $(dquote),$(dquote)$(comma) $(dquote),$(subst $(dquote) $(dquote)-,$(dquote) ]$(comma) [ $(dquote)-,$(patsubst %,$(dquote)%$(dquote),$1)))
arrays_of_dquoted_args = [ $(subst $(dquote) $(dquote),$(dquote)$(comma) $(dquote),$(subst $(dquote) $(dquote)-,$(dquote) ]$(comma) [ $(dquote)-,$(patsubst %,$(dquote)%$(dquote),$1))) ]

8
packer/packer.mk
View File

@ -18,7 +18,7 @@ packer-build-templates: $(PACKER_TEMPLATES) ## Build all packer templates
# target $(PACKER_TEMPLATES): Call packer-build $@
.PHONY: $(PACKER_TEMPLATES)
ifeq ($(OPERATING_SYSTEM),Darwin)
ifeq ($(SYSTEM),Darwin)
$(PACKER_TEMPLATES): DOCKER ?= false
endif
$(PACKER_TEMPLATES):
@ -27,8 +27,8 @@ $(PACKER_TEMPLATES):
# target packer-build-%: Call packer-build with file packer/*/%.json
.PHONY: packer-build-%
packer-build-%: docker-build-packer
$(if $(wildcard packer/*/$*.json),\
$(call packer-build,$(wildcard packer/*/$*.json)))
$(if $(wildcard packer/*/$*.json packer/*/$*.pkr.hcl),\
$(call packer-build,$(firstword $(wildcard packer/*/$*.json packer/*/$*.pkr.hcl))))
# target packer-qemu: Fire packer-quemu-% for PACKER_ISO_NAME
.PHONY: packer-qemu
@ -36,7 +36,7 @@ packer-qemu: packer-qemu-$(PACKER_ISO_NAME) ## Launch iso image in qemu
# target packer-qemu-%: Call packer-qemu PACKER_OUTPUT/%.iso
.PHONY: packer-qemu-%
ifeq ($(OPERATING_SYSTEM),Darwin)
ifeq ($(SYSTEM),Darwin)
packer-qemu-%: DOCKER ?= false
endif
packer-qemu-%: docker-build-packer ## Run iso image in qemu

2
stack/ipfs.mk
View File

@ -1,5 +1,5 @@
ENV_VARS += IPFS_DAEMON_ARGS IPFS_PROFILE IPFS_VERSION
IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(PROCESSOR_ARCHITECTURE)),lowpower,server)
IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(MACHINE)),lowpower,server)
IPFS_VERSION ?= 0.15.0
.PHONY: bootstrap-stack-ipfs

4
stack/node/node.yml
View File

@ -47,8 +47,8 @@ services:
args:
- DOCKER_BUILD_DIR=docker/fabio
- FABIO_VERSION=1.6.0
- OPERATING_SYSTEM=${OPERATING_SYSTEM}
- PROCESSOR_ARCHITECTURE=${PROCESSOR_ARCHITECTURE}
- SYSTEM=${SYSTEM}
- MACHINE=${MACHINE}
context: ../..
dockerfile: docker/fabio/Dockerfile
container_name: ${NODE_COMPOSE_PROJECT_NAME}-fabio