RC - Point release v3.18.4
This commit is contained in:
parent
d4c543a330
commit
b0ca301ee5
2
Makefile
2
Makefile
@ -4,7 +4,7 @@ REGION := us-east-1
|
|||||||
|
|
||||||
include .ci/podman.mk
|
include .ci/podman.mk
|
||||||
|
|
||||||
BUILDER := v3.18.2
|
BUILDER := v3.18.4
|
||||||
PKG := '*'
|
PKG := '*'
|
||||||
CF_DIST := E11OFTOA3L8IVY
|
CF_DIST := E11OFTOA3L8IVY
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||||
pkgname=fluent-bit
|
pkgname=fluent-bit
|
||||||
pkgver=2.1.5
|
pkgver=2.1.10
|
||||||
pkgrel=0
|
pkgrel=0
|
||||||
pkgdesc="Fast and Lightweight Log processor and forwarder"
|
pkgdesc="Fast and Lightweight Log processor and forwarder"
|
||||||
url="https://fluentbit.io/"
|
url="https://fluentbit.io/"
|
||||||
@ -12,10 +12,10 @@ makedepends="
|
|||||||
bison
|
bison
|
||||||
cmake
|
cmake
|
||||||
flex
|
flex
|
||||||
|
gtest-dev
|
||||||
linux-headers
|
linux-headers
|
||||||
musl-fts-dev
|
musl-fts-dev
|
||||||
openssl-dev
|
openssl-dev
|
||||||
gtest-dev
|
|
||||||
yaml-dev
|
yaml-dev
|
||||||
zlib-dev
|
zlib-dev
|
||||||
"
|
"
|
||||||
@ -27,8 +27,11 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/fluent/fluent-bit/archive/v$
|
|||||||
fluent-bit.confd
|
fluent-bit.confd
|
||||||
fluent-bit.initd
|
fluent-bit.initd
|
||||||
chunkio-static-lib-fts.patch
|
chunkio-static-lib-fts.patch
|
||||||
|
exclude-luajit.patch
|
||||||
|
xsi-strerror.patch
|
||||||
fluent-bit.conf
|
fluent-bit.conf
|
||||||
zdt-parsers.conf
|
zdt-parsers.conf
|
||||||
|
fluent-bit.logrotated
|
||||||
"
|
"
|
||||||
# enable check when this solved - https://github.com/fluent/fluent-bit/issues/2464#issuecomment-673280055
|
# enable check when this solved - https://github.com/fluent/fluent-bit/issues/2464#issuecomment-673280055
|
||||||
# Disable all things AWS to make tests pass
|
# Disable all things AWS to make tests pass
|
||||||
@ -50,15 +53,16 @@ build() {
|
|||||||
-DFLB_DEBUG=Off \
|
-DFLB_DEBUG=Off \
|
||||||
-DFLB_SHARED_LIB=Off \
|
-DFLB_SHARED_LIB=Off \
|
||||||
-DFLB_JEMALLOC=Yes \
|
-DFLB_JEMALLOC=Yes \
|
||||||
-DFLB_LUAJIT=Yes \
|
|
||||||
-DFLB_IN_SYSTEMD=Off \
|
-DFLB_IN_SYSTEMD=Off \
|
||||||
-DFLB_PROXY_GO=No \
|
-DFLB_PROXY_GO=No \
|
||||||
|
-DFLB_TLS=Yes \
|
||||||
-DFLB_HTTP_SERVER=Yes \
|
-DFLB_HTTP_SERVER=Yes \
|
||||||
$CMAKE_CROSSOPTS .
|
$CMAKE_CROSSOPTS .
|
||||||
make -C build
|
make -C build
|
||||||
#-DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \
|
#-DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \
|
||||||
#-DCMAKE_EXE_LINKER_FLAGS="-static" \
|
#-DCMAKE_EXE_LINKER_FLAGS="-static" \
|
||||||
#-DFLB_STREAM_PROCESSOR=No \
|
#-DFLB_STREAM_PROCESSOR=No \
|
||||||
|
#-DFLB_LUAJIT=Yes \
|
||||||
#-DFLB_FILTER_LUA=Off \
|
#-DFLB_FILTER_LUA=Off \
|
||||||
#-DFLB_TESTS_INTERNAL=Yes \
|
#-DFLB_TESTS_INTERNAL=Yes \
|
||||||
#-DFLB_AWS=No \
|
#-DFLB_AWS=No \
|
||||||
@ -90,14 +94,20 @@ package() {
|
|||||||
mkdir -p "$pkgdir"/var/spool/fluent-bit
|
mkdir -p "$pkgdir"/var/spool/fluent-bit
|
||||||
install -Dm644 "$srcdir/fluent-bit.conf" "$pkgdir/etc/fluent-bit/fluent-bit.conf"
|
install -Dm644 "$srcdir/fluent-bit.conf" "$pkgdir/etc/fluent-bit/fluent-bit.conf"
|
||||||
install -Dm644 "$srcdir/zdt-parsers.conf" "$pkgdir/etc/fluent-bit/zdt-parsers.conf"
|
install -Dm644 "$srcdir/zdt-parsers.conf" "$pkgdir/etc/fluent-bit/zdt-parsers.conf"
|
||||||
|
|
||||||
|
install -Dm644 "$srcdir"/fluent-bit.logrotated "$pkgdir"/etc/logrotate.d/fluentbit
|
||||||
|
|
||||||
touch "$pkgdir"/etc/fluent-bit/metadata.conf
|
touch "$pkgdir"/etc/fluent-bit/metadata.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="
|
sha512sums="
|
||||||
de9c6a4744223ed0f6f401adeb95956c90524feba6f592459ed517e1058f7e1a21f1c42910d3ac721be639264979ba3ebb5503cd7dc5874e1f676bf32a7e7df0 fluent-bit-2.1.5.tar.gz
|
55caefa81cdeaf293b727829383c6eaa75bc2f8b8c61ebe15e1478c66033921fde6e50c39fc8c39a7d2d93d03892f709daf4d1b6caacf586133de5268de10299 fluent-bit-2.1.10.tar.gz
|
||||||
f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949 fluent-bit.confd
|
f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949 fluent-bit.confd
|
||||||
8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f fluent-bit.initd
|
e17bad6abd597da620fdb930e3f18612a828dd956abf87ce850e2660b83db4d9ab7d373ab3a9bf1d07f605b5077998234ce4774007c0197cfbfdad465ca6b47a fluent-bit.initd
|
||||||
6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0 chunkio-static-lib-fts.patch
|
6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0 chunkio-static-lib-fts.patch
|
||||||
ea125b68825ae17bb6d08b1cbe7b3594d4844f7abb06465d7de0a39995dfa927087a28e592f40239792aee7f3494a8ba7a2d2373efc36f6ac712e802ace2f8a2 fluent-bit.conf
|
e3308a8377fb8ba496415b7a31e9e022e5aa9965d27a0c33ea5166a29049b72cb364bbcdf9d8611ef3407b0968f9bd4adff12cdb39728bbebd382710e5bc75d0 exclude-luajit.patch
|
||||||
|
d61f30344af997f126486fa5b34cd3fbfe88bfc9aea394a8c60d0206f4db8db998eadf637a3a581b89512411c1e7980c414e236e455d5e2b889d20a556ee6577 xsi-strerror.patch
|
||||||
|
52aba9d23584d64842bc967504701a10166a43a03ca0d31de9b6cbffaacdbaa7d99f0fd55a4b0194e3b65d456817cb1779b86d468d81c1d9681a6fa708e85449 fluent-bit.conf
|
||||||
31899a3c68bbb43adb9025a3a46bad4ca0c740d5bca5c252c8667197575698d98ac4a3b6e11ee160c4bb8df0d0089b639bfd7d0ffa52391e6c4f8f734a6952a6 zdt-parsers.conf
|
31899a3c68bbb43adb9025a3a46bad4ca0c740d5bca5c252c8667197575698d98ac4a3b6e11ee160c4bb8df0d0089b639bfd7d0ffa52391e6c4f8f734a6952a6 zdt-parsers.conf
|
||||||
|
e166b0ff11a1789599e93f86b72102ca6a06725c98553a8fdd48c8d6414bfa765c3958d07bfb4c4d99101d8cdf7d00db1a8506d48c2cbd6bd375ce43c43d2bf9 fluent-bit.logrotated
|
||||||
"
|
"
|
||||||
|
12
kubezero/fluent-bit/exclude-luajit.patch
Normal file
12
kubezero/fluent-bit/exclude-luajit.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
otherwise it installs an unused /usr/bin/luajit ....
|
||||||
|
-0
|
||||||
|
diff --git a/cmake/luajit.cmake b/cmake/luajit.cmake
|
||||||
|
index b6774eb..f8042ae 100644
|
||||||
|
--- a/cmake/luajit.cmake
|
||||||
|
+++ b/cmake/luajit.cmake
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
# luajit cmake
|
||||||
|
option(LUAJIT_DIR "Path of LuaJIT 2.1 source dir" ON)
|
||||||
|
set(LUAJIT_DIR ${FLB_PATH_ROOT_SOURCE}/${FLB_PATH_LIB_LUAJIT})
|
||||||
|
-add_subdirectory("lib/luajit-cmake")
|
||||||
|
+add_subdirectory("lib/luajit-cmake" EXCLUDE_FROM_ALL)
|
@ -30,12 +30,4 @@
|
|||||||
|
|
||||||
@INCLUDE metadata.conf
|
@INCLUDE metadata.conf
|
||||||
|
|
||||||
[OUTPUT]
|
@INCLUDE output.conf
|
||||||
Match *
|
|
||||||
Name forward
|
|
||||||
Host fluentd
|
|
||||||
Port 24224
|
|
||||||
Shared_Key cloudbender
|
|
||||||
tls on
|
|
||||||
Send_options true
|
|
||||||
Require_ack_response true
|
|
||||||
|
@ -7,5 +7,5 @@ command_args="$fluentbit_opts"
|
|||||||
|
|
||||||
depend() {
|
depend() {
|
||||||
need net
|
need net
|
||||||
after firewall
|
after firewall cloudbender
|
||||||
}
|
}
|
||||||
|
12
kubezero/fluent-bit/fluent-bit.logrotated
Normal file
12
kubezero/fluent-bit/fluent-bit.logrotated
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
/var/log/fluentbit.log
|
||||||
|
{
|
||||||
|
rotate 2
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
compress
|
||||||
|
maxsize 10M
|
||||||
|
daily
|
||||||
|
postrotate
|
||||||
|
rc-service fluent-bit restart
|
||||||
|
endscript
|
||||||
|
}
|
15
kubezero/fluent-bit/xsi-strerror.patch
Normal file
15
kubezero/fluent-bit/xsi-strerror.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
--- a/src/flb_network.c
|
||||||
|
+++ b/src/flb_network.c
|
||||||
|
@@ -523,9 +523,10 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Connection is broken, not much to do here */
|
||||||
|
- str = strerror_r(error, so_error_buf, sizeof(so_error_buf));
|
||||||
|
+ /* XXX: XSI */
|
||||||
|
+ int _err = strerror_r(error, so_error_buf, sizeof(so_error_buf));
|
||||||
|
flb_error("[net] TCP connection failed: %s:%i (%s)",
|
||||||
|
- u->tcp_host, u->tcp_port, str);
|
||||||
|
+ u->tcp_host, u->tcp_port, so_error_buf);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
@ -5,7 +5,7 @@
|
|||||||
# Contributor: Dave <dj.2dixx@gmail.com>
|
# Contributor: Dave <dj.2dixx@gmail.com>
|
||||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||||
pkgname=kubernetes
|
pkgname=kubernetes
|
||||||
pkgver=1.26.7
|
pkgver=1.26.8
|
||||||
pkgrel=0
|
pkgrel=0
|
||||||
pkgdesc="Container Cluster Manager"
|
pkgdesc="Container Cluster Manager"
|
||||||
url="https://kubernetes.io/"
|
url="https://kubernetes.io/"
|
||||||
@ -208,7 +208,7 @@ _do_zshcomp() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="
|
sha512sums="
|
||||||
9069e653e87883e54df8e01edf2cce9d847a83d593f13e8281654653924586e73841d1ee302de4de93dadf2a2474e875cf350f03c2aec512c100cb3d4fb7d9c5 kubernetes-1.26.7.tar.gz
|
38649d4c8a85e236a8ceffe5bba5146cf1a4eb9191534707dd39443303f99d830e95dc4e9be0febfb2a8bd4d0b57f13b5cb883b51fea57306f1f2ceff2052d69 kubernetes-1.26.8.tar.gz
|
||||||
5427c2e653504cfd5b0bcaf195d4734ee40947ddfebc9f155cd96dddccfc27692c29d94af4ac99f1018925b52995c593b584c5d7a82df2f185ebce1a9e463c40 make-e2e_node-run-over-distro-bins.patch
|
5427c2e653504cfd5b0bcaf195d4734ee40947ddfebc9f155cd96dddccfc27692c29d94af4ac99f1018925b52995c593b584c5d7a82df2f185ebce1a9e463c40 make-e2e_node-run-over-distro-bins.patch
|
||||||
94d07edfe7ca52b12e85dd9e29f4c9edcd144abc8d120fb71e2a0507f064afd4bac5dde30da7673a35bdd842b79a4770a03a1f3946bfae361c01dd4dc4903c64 make-test-cmd-run-over-hyperkube-based-kubectl.patch
|
94d07edfe7ca52b12e85dd9e29f4c9edcd144abc8d120fb71e2a0507f064afd4bac5dde30da7673a35bdd842b79a4770a03a1f3946bfae361c01dd4dc4903c64 make-test-cmd-run-over-hyperkube-based-kubectl.patch
|
||||||
e690daff2adb1013c92124f32e71f8ed9a18c611ae6ae5fcb5ce9674768dbf9d911a05d7e4028488cda886e63b82e8ac0606d14389a05844c1b5538a33dd09d1 kube-apiserver.initd
|
e690daff2adb1013c92124f32e71f8ed9a18c611ae6ae5fcb5ce9674768dbf9d911a05d7e4028488cda886e63b82e8ac0606d14389a05844c1b5538a33dd09d1 kube-apiserver.initd
|
||||||
@ -223,7 +223,7 @@ d7e022ee22da191bda7382f87cb293d9c9d115a3df0c2054bf918279eb866f99c6d5c21e4c98eae8
|
|||||||
561bef5633ba4b9021720624443d9c279a561e5fabea76e5d0fbee2e7ad8999029a2511a45895fbec8448026212a3c5b4c197b248a6afa7f8bd945f705524ea7 kube-scheduler.initd
|
561bef5633ba4b9021720624443d9c279a561e5fabea76e5d0fbee2e7ad8999029a2511a45895fbec8448026212a3c5b4c197b248a6afa7f8bd945f705524ea7 kube-scheduler.initd
|
||||||
af88b382ab75657d0ff13c3f8f6d924cef9f2df7807a9a27daa63495981801bc4b607998f65c0758c11a7e070e43c24f7184ba7720711109c74b1c4d57919e34 kube-scheduler.confd
|
af88b382ab75657d0ff13c3f8f6d924cef9f2df7807a9a27daa63495981801bc4b607998f65c0758c11a7e070e43c24f7184ba7720711109c74b1c4d57919e34 kube-scheduler.confd
|
||||||
3692da349dd6ed0f5acc09d7b95ac562ffecb103e2270bebdfe4a7808d48dada9d2debff262d85b11c47f9ca3f0c20000712d03629ed813ff08a3e02d69267e6 kube-scheduler.logrotated
|
3692da349dd6ed0f5acc09d7b95ac562ffecb103e2270bebdfe4a7808d48dada9d2debff262d85b11c47f9ca3f0c20000712d03629ed813ff08a3e02d69267e6 kube-scheduler.logrotated
|
||||||
73fdb0303e72c006f4570af28312ecee224beb1d6cc1e19003593af377436b4082f6d49bd25cd9cae258ffa01bc9f2f0624d11ef0ecc64c658761888923be812 kubelet.initd
|
7cb03bde52820c3ce8b10df1a16cf0b46b39d185e01b4d312400f70bba5875992ec71166539d3820cf59ddbabeb48dec7ae8185820646fae3f851c4cd144fe69 kubelet.initd
|
||||||
887ee5b4c67198727407e74c92639b23674515d5f049938f8ce5f3ba2eabcf7f321c00c914b254a7b2baa5c2f45a9ae4a945c9c90f1968f1012dbd60245d1b81 kubelet.confd
|
44eb973de8ee8e0c5a77d76ab0e105fe0ae892be1ff86c238a5449b43f83cab6f844575b6c3218f08c5ff077e9f828f5aef72425c1d77546cce2e0136e8a8da8 kubelet.confd
|
||||||
941f4a7579dcf78da2d323ac69195e95eba6600e6fcefe9231447f11c9867a7aa57b4189ee1fefb10eab19c89665ea2e7696b539c92e99fbcde905d2ff85be58 kubelet.logrotated
|
941f4a7579dcf78da2d323ac69195e95eba6600e6fcefe9231447f11c9867a7aa57b4189ee1fefb10eab19c89665ea2e7696b539c92e99fbcde905d2ff85be58 kubelet.logrotated
|
||||||
"
|
"
|
||||||
|
@ -1,2 +1 @@
|
|||||||
command_args="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --image-credential-provider-bin-dir=/usr/libexec/kubernetes/kubelet-plugins --image-credential-provider-config=/etc/kubernetes/credential-provider.yaml"
|
command_args="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --image-credential-provider-bin-dir=/usr/libexec/kubernetes/kubelet-plugins --image-credential-provider-config=/etc/kubernetes/credential-provider.yaml"
|
||||||
rc_after="cloudbender"
|
|
||||||
|
@ -7,7 +7,10 @@ description="Kubelet, a Kubernetes node agent"
|
|||||||
|
|
||||||
# do not start without kubezero node config in place
|
# do not start without kubezero node config in place
|
||||||
required_files="/var/lib/kubelet/kubeadm-flags.env /var/lib/kubelet/config.yaml"
|
required_files="/var/lib/kubelet/kubeadm-flags.env /var/lib/kubelet/config.yaml"
|
||||||
|
|
||||||
|
# Restart forever just like systemd upstream
|
||||||
respawn_max=0
|
respawn_max=0
|
||||||
|
respawn_delay=5
|
||||||
|
|
||||||
if [ -e /var/lib/kubelet/kubeadm-flags.env ]; then
|
if [ -e /var/lib/kubelet/kubeadm-flags.env ]; then
|
||||||
. /var/lib/kubelet/kubeadm-flags.env;
|
. /var/lib/kubelet/kubeadm-flags.env;
|
||||||
@ -20,7 +23,6 @@ pidfile="${KUBELET_PIDFILE:-/run/${RC_SVCNAME}.pid}"
|
|||||||
: ${error_log:=/var/log/$RC_SVCNAME/$RC_SVCNAME.log}
|
: ${error_log:=/var/log/$RC_SVCNAME/$RC_SVCNAME.log}
|
||||||
|
|
||||||
depend() {
|
depend() {
|
||||||
after net
|
after net cloudbender
|
||||||
need cgroups
|
need cgroups crio
|
||||||
want containerd crio
|
|
||||||
}
|
}
|
||||||
|
@ -55,7 +55,7 @@ package() {
|
|||||||
install -Dm644 "$srcdir"/kubelet.monit "$pkgdir/etc/monit.d/kubelet.conf"
|
install -Dm644 "$srcdir"/kubelet.monit "$pkgdir/etc/monit.d/kubelet.conf"
|
||||||
|
|
||||||
# crio settings
|
# crio settings
|
||||||
install -Dm644 "$srcdir"/crio.conf "$pkgdir/etc/crio.conf.d/01-kubezero.conf"
|
install -Dm644 "$srcdir"/crio.conf "$pkgdir/etc/crio/crio.conf.d/01-kubezero.conf"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Preload container images all nodes need to speed up boot time and reduce data transfer
|
# Preload container images all nodes need to speed up boot time and reduce data transfer
|
||||||
@ -72,6 +72,6 @@ sha512sums="
|
|||||||
ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc58de8bf577059e6f19b417655b5301ef8c32deff67a29dff shared-sys-fs.start
|
ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc58de8bf577059e6f19b417655b5301ef8c32deff67a29dff shared-sys-fs.start
|
||||||
fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593 evictLocalNode.sh
|
fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593 evictLocalNode.sh
|
||||||
716ec3404d7016bce57d663f750a18db3ede07c1ba7a2908f9f01f41c5ca8fe4e7232ded27bc2bccd705b11ae5cd26574322a8eacefcf8c102bba0f8e4995e59 credential-provider.yaml
|
716ec3404d7016bce57d663f750a18db3ede07c1ba7a2908f9f01f41c5ca8fe4e7232ded27bc2bccd705b11ae5cd26574322a8eacefcf8c102bba0f8e4995e59 credential-provider.yaml
|
||||||
abf062fbb2b94831f5321265a648bd17ddbb198e446e763d64d0cc8e3b7320e1545376cfa57b1491bb296ace28f1623439807a4157a2f32984082e565e2edcba kubelet.monit
|
8b81eb0fb66e6a739965db6af6a31c443e8f612c06146bd51107372abd833b527423299ee11b27e011f46cfbee11415234b3fa0dea695dbbb06711e0ad58f08d kubelet.monit
|
||||||
064fc245b7ffd67834a2f5fd13cb0bcb5f4a5caf79b8113b3669bf1d0e1a4af2042e69f8f496991de76d621fd01bc7e67de37c59f034584d12622c6af96376ff crio.conf
|
064fc245b7ffd67834a2f5fd13cb0bcb5f4a5caf79b8113b3669bf1d0e1a4af2042e69f8f496991de76d621fd01bc7e67de37c59f034584d12622c6af96376ff crio.conf
|
||||||
"
|
"
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
check process kubelet pidfile /run/kubelet.pid
|
check process kubelet pidfile /run/kubelet.pid
|
||||||
start program = "/etc/init.d/kubelet start"
|
start program = "/sbin/rc-service kubelet start"
|
||||||
stop program = "/etc/init.d/kubelet stop"
|
stop program = "/sbin/rc-service kubelet stop"
|
||||||
|
restart program = "/sbin/rc-service kubelet restart"
|
||||||
if failed
|
if failed
|
||||||
port 10248
|
port 10248
|
||||||
protocol http
|
protocol http
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||||
pkgname=nvidia-container-toolkit
|
pkgname=nvidia-container-toolkit
|
||||||
pkgver=1.13.2
|
pkgver=1.13.5
|
||||||
pkgrel=0
|
pkgrel=0
|
||||||
pkgdesc="NVIDIA Container toolkit incl. cri hooks"
|
pkgdesc="NVIDIA Container toolkit incl. cri hooks"
|
||||||
url="https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html"
|
url="https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html"
|
||||||
@ -68,11 +68,11 @@ package() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="
|
sha512sums="
|
||||||
0edd50e9d42d345bcc26410752ac50425a5806144b0fdd4f6eea07f62501a325a3f58e74d68b6bb2a834b33977ddcc86723b1d96c4ae9664827ad86b4756172b libnvidia-container1_1.13.2-1_amd64.deb
|
903155c63c7af83dbd431ba3e5bc0d8ca74cce38996bf944b80520b5838f9765bbc0cbe201122d8ccc21cbd01dd4c4e47d2b451bdab7fadc99a8d75b941fda67 libnvidia-container1_1.13.5-1_amd64.deb
|
||||||
3d61c5e610402344411f40db7b9da090b4de467f170779eac7fd8787bd5c30035128196b265a55af5ddadee704056dbcdf30b5cfb0ed72e90ea307db25285b1d libnvidia-container-tools_1.13.2-1_amd64.deb
|
2d4cbbdd80db2730b1ed9db8d4b36c5212ce5361350dcdfbc5795dac887136cecd40c13843e61350bad12b103cd1550030c76de35a2cbbca2a6df3850b6b68ca libnvidia-container-tools_1.13.5-1_amd64.deb
|
||||||
f15af5460823667476e8b788708d1b76e81b73e99e0c6c9a045c830160ab2bb78988de1b4ad1963656f590faa1c5ee415b951275704fd77849d16a0ef712ed4a nvidia-container-toolkit_1.13.2-1_amd64.deb
|
8614c2b436dab3886df6a2328b3753c27704dd3a78f0abe5c333c57fb4ee8deebb6fc03051931b3794bf152d947b721c160acf6614e5145b39bb7162d1ef45d8 nvidia-container-toolkit_1.13.5-1_amd64.deb
|
||||||
694a3ec64ef3056d5874ff03b889b868c294bccb16506468fdf1c289fe3aaadc2da25a5934de653af9633a5d993d2bb21491d84b3b2e2529e6b31d92c78a2228 libcap2_2.25-2_amd64.deb
|
694a3ec64ef3056d5874ff03b889b868c294bccb16506468fdf1c289fe3aaadc2da25a5934de653af9633a5d993d2bb21491d84b3b2e2529e6b31d92c78a2228 libcap2_2.25-2_amd64.deb
|
||||||
5a4eaa96e6e774948889909d618a8ed44a82f649cbba11622dc7b4478098bea006995d5a5a60ca026a57b76ad866d1e2c6caebd154a26eb6bd7e15291b558057 libseccomp2_2.3.3-4_amd64.deb
|
5a4eaa96e6e774948889909d618a8ed44a82f649cbba11622dc7b4478098bea006995d5a5a60ca026a57b76ad866d1e2c6caebd154a26eb6bd7e15291b558057 libseccomp2_2.3.3-4_amd64.deb
|
||||||
040ac2e3f58549dc09e5bce0d694e4be2f6aae736014bf0ee90042646562d5f1ef1f5990eb9f2c2a2fdf504587b82f4aa0eb99d04c5d3e407670e4012e3edd4e config.toml
|
040ac2e3f58549dc09e5bce0d694e4be2f6aae736014bf0ee90042646562d5f1ef1f5990eb9f2c2a2fdf504587b82f4aa0eb99d04c5d3e407670e4012e3edd4e config.toml
|
||||||
cf5673231d1862e3ec03f792cddf54ff27237656f762c3f42b6d7e1584de2201c487861ac399ab26951b5dbf3e3cd9b4451dbf61f02b55e0991889b507319764 oci-nvidia-hook.json
|
0f150ea59b2372bf3ef60e657142b19f46500d1c70cb179d37ce117d6b03e86427dbf356873affb7639e082a07f852a922ae3aea4a8f8885640e43675c4e4add oci-nvidia-hook.json
|
||||||
"
|
"
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
{
|
{
|
||||||
"version": "1.0.0",
|
"version": "1.0.0",
|
||||||
"hook": {
|
"hook": {
|
||||||
"path": "/usr/bin/nvidia-container-toolkit",
|
"path": "/usr/bin/nvidia-container-runtime-hook",
|
||||||
"args": ["nvidia-container-toolkit", "prestart"]
|
"args": ["nvidia-container-runtime-hook", "prestart"]
|
||||||
},
|
},
|
||||||
"when": {
|
"when": {
|
||||||
"always": true,
|
"always": true,
|
||||||
|
@ -39,7 +39,7 @@ package() {
|
|||||||
# which libs are from debug log at runtime
|
# which libs are from debug log at runtime
|
||||||
# LIBS=$(grep "missing library" /var/log/nvidia-container-toolkit.log | awk '{print $7}' | sort | uniq)
|
# LIBS=$(grep "missing library" /var/log/nvidia-container-toolkit.log | awk '{print $7}' | sort | uniq)
|
||||||
# cross checked via .manifest for targets and symlinks
|
# cross checked via .manifest for targets and symlinks
|
||||||
LIBS="libEGL_nvidia.so libGLESv1_CM_nvidia.so libGLESv2_nvidia.so libGLX_nvidia.so libcuda.so libcudadebugger.so libnvcuvid.so libnvidia-allocator.so libnvidia-cbl.so libnvidia-cfg.so libnvidia-compiler.so libnvidia-eglcore.so libnvidia-encode.so libnvidia-fatbinaryloader.so libnvidia-fbc.so libnvidia-glcore.so libnvidia-glsi.so libnvidia-glvkspirv.so libnvidia-ifr.so libnvidia-ml.so libnvidia-ngx.so libnvidia-nscq.so libnvidia-opencl.so libnvidia-opticalflow.so libnvidia-pkcs11.so libnvidia-ptxjitcompiler.so libnvidia-rtcore.so libnvidia-tls.so libnvoptix.so libvdpau_nvidia.so"
|
LIBS="libEGL_nvidia.so libGLESv1_CM_nvidia.so libGLESv2_nvidia.so libGLX_nvidia.so libcuda.so libcudadebugger.so libnvcuvid.so libnvidia-allocator.so libnvidia-cbl.so libnvidia-cfg.so libnvidia-compiler.so libnvidia-eglcore.so libnvidia-encode.so libnvidia-fatbinaryloader.so libnvidia-fbc.so libnvidia-glcore.so libnvidia-glsi.so libnvidia-glvkspirv.so libnvidia-ifr.so libnvidia-ml.so libnvidia-ngx.so libnvidia-nscq.so libnvidia-opencl.so libnvidia-opticalflow.so libnvidia-pkcs11.so libnvidia-ptxjitcompiler.so libnvidia-rtcore.so libnvidia-tls.so libnvoptix.so libvdpau_nvidia.so libnvidia-gpucomp.so libnvidia-nvvm.so"
|
||||||
|
|
||||||
# inspired from Gentoo x11-drivers/nvidia-drivers
|
# inspired from Gentoo x11-drivers/nvidia-drivers
|
||||||
for lib in $LIBS; do
|
for lib in $LIBS; do
|
||||||
|
@ -7,7 +7,7 @@ pkgdesc="ZeroDownTime Alpine additions and customizations"
|
|||||||
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
|
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
|
||||||
arch="noarch"
|
arch="noarch"
|
||||||
license="AGPL-3.0"
|
license="AGPL-3.0"
|
||||||
depends="logrotate syslog-ng neofetch monit file tiny-cloud"
|
depends="logrotate syslog-ng neofetch monit file tiny-cloud dhcpcd"
|
||||||
options="!check"
|
options="!check"
|
||||||
subpackages="$pkgname-openrc $pkgname-aws"
|
subpackages="$pkgname-openrc $pkgname-aws"
|
||||||
install="$pkgname.post-install"
|
install="$pkgname.post-install"
|
||||||
@ -22,6 +22,7 @@ source="
|
|||||||
syslog-ng.conf
|
syslog-ng.conf
|
||||||
syslog-ng.logrotate.conf
|
syslog-ng.logrotate.conf
|
||||||
syslog-ng.apparmor
|
syslog-ng.apparmor
|
||||||
|
dhcpcd-mtu.hook
|
||||||
monitrc
|
monitrc
|
||||||
monit_alert.sh.aws
|
monit_alert.sh.aws
|
||||||
neofetch.conf
|
neofetch.conf
|
||||||
@ -45,6 +46,9 @@ package() {
|
|||||||
mkdir -p "$pkgdir/home/alpine"
|
mkdir -p "$pkgdir/home/alpine"
|
||||||
install -Dm644 "$srcdir/profile" "$pkgdir/home/alpine/.profile"
|
install -Dm644 "$srcdir/profile" "$pkgdir/home/alpine/.profile"
|
||||||
|
|
||||||
|
# set mtu on interface via dhcpcd
|
||||||
|
install -Dm644 "$srcdir/dhcpcd-mtu.hook" "$pkgdir/usr/lib/dhcpcd/dhcpcd-hooks/10-mtu"
|
||||||
|
|
||||||
# various sysctl tunings
|
# various sysctl tunings
|
||||||
install -Dm644 "$srcdir"/zdt-sysctl.conf "$pkgdir"/etc/sysctl.d/60-zdt.conf
|
install -Dm644 "$srcdir"/zdt-sysctl.conf "$pkgdir"/etc/sysctl.d/60-zdt.conf
|
||||||
|
|
||||||
@ -85,15 +89,16 @@ aws() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="
|
sha512sums="
|
||||||
a99d8fada2ce90876abbd84d8f72c976d1363e0b1437952aee8b22983b7bc7492803950bcc4dfb9866fcf744b9b6056bdbd53c257780d26814f16c8b0983242f common.sh
|
a870cc7657757770fb573a0fb5df61887d1b9d2a6a57b3ee8be93a7dfb34df6a1d489cd5572ab273dfe896b97faad7e7479571f993a3e13cfefe24c4720bcbf4 common.sh
|
||||||
7f6a69a77d6a4a3c34928609108b7939cd43a892d72fb14bebc1d935cd66eda3bd625d15eebb4d6026715b36b12919fcaf863ed5f65ffdc0e2de9fc1b969cb3e boot.sh
|
7f6a69a77d6a4a3c34928609108b7939cd43a892d72fb14bebc1d935cd66eda3bd625d15eebb4d6026715b36b12919fcaf863ed5f65ffdc0e2de9fc1b969cb3e boot.sh
|
||||||
ee19dcc0b46bdff8581c2661cda69fd8a3fa2de4dd30d96a4ce438b2536043a9f0bc57a6b0d4056e2715a2663a89bc1b07ec33798d5430a2046a65069a327cda cloudbender-early.init
|
ee19dcc0b46bdff8581c2661cda69fd8a3fa2de4dd30d96a4ce438b2536043a9f0bc57a6b0d4056e2715a2663a89bc1b07ec33798d5430a2046a65069a327cda cloudbender-early.init
|
||||||
9ca46acc407ff6aa18beec02564c3822db215bd5dc0a94f9bd9258c9b99f85cc40f793e20618509ed7f1e8645407cffb8274d7838b46442ad44e64726e37e3a0 cloudbender.init
|
df610d896c6b2821925df8d65ab44a0008b31e5b738172076234ae7645e8ef7e25d710c43f9b3999fb3f0303ccd81b57327c2e7694e1fc3f790abdbc77e0a097 cloudbender.init
|
||||||
b9479835d8667fa99f8b1b140f969f0464a9bb3c60c7d19b57e306cfe82357d453932791e446caded71fddd379161ae8328367f1ee75ae3afc1b85e12294b621 zdt-sysctl.conf
|
b9479835d8667fa99f8b1b140f969f0464a9bb3c60c7d19b57e306cfe82357d453932791e446caded71fddd379161ae8328367f1ee75ae3afc1b85e12294b621 zdt-sysctl.conf
|
||||||
76e6a4f309f31bfa07de2d3b1faebe5670722752e18157b69d6e868cbe9e85eda393aed0728b0347a01a810eee442844c78259f86ff71e3136a013f4cbfaaea4 ps_mem.py
|
76e6a4f309f31bfa07de2d3b1faebe5670722752e18157b69d6e868cbe9e85eda393aed0728b0347a01a810eee442844c78259f86ff71e3136a013f4cbfaaea4 ps_mem.py
|
||||||
5376f4bf8356ce9249c45e78085073245181e8742c7b4be47c71dcd97a611ae125a7dfd3060502bdd591560af070334f89fe60dbc09c008926149c538ab0560a syslog-ng.conf
|
5376f4bf8356ce9249c45e78085073245181e8742c7b4be47c71dcd97a611ae125a7dfd3060502bdd591560af070334f89fe60dbc09c008926149c538ab0560a syslog-ng.conf
|
||||||
484bdcf001b71ce5feed26935db437c613c059790b99f3f5a3e788b129f3e22ba096843585309993446a88c0ab5d60fd0fa530ef3cfb6de1fd34ffc828172329 syslog-ng.logrotate.conf
|
484bdcf001b71ce5feed26935db437c613c059790b99f3f5a3e788b129f3e22ba096843585309993446a88c0ab5d60fd0fa530ef3cfb6de1fd34ffc828172329 syslog-ng.logrotate.conf
|
||||||
e86eed7dd2f4507b04050b869927b471e8de26bc7d97e7064850478323380a0580a92de302509901ea531d6e3fa79afcbf24997ef13cd0496bb3ee719ad674ee syslog-ng.apparmor
|
e86eed7dd2f4507b04050b869927b471e8de26bc7d97e7064850478323380a0580a92de302509901ea531d6e3fa79afcbf24997ef13cd0496bb3ee719ad674ee syslog-ng.apparmor
|
||||||
|
f8c052c7ec12c71937c7b8bc05d8374c588f345e303b30eda9c8612dff8f8f34a87a433648a3e9b85b278196ece198533b29680a303ff6478171d43f8e095189 dhcpcd-mtu.hook
|
||||||
e00a8f296c76446fe1241bf804c0108f47a2676f377a413ee9fede0943362a6582cad30fe13edd93f3d0daab0e2d7696553fb9458dca62adc05572dce339021a monitrc
|
e00a8f296c76446fe1241bf804c0108f47a2676f377a413ee9fede0943362a6582cad30fe13edd93f3d0daab0e2d7696553fb9458dca62adc05572dce339021a monitrc
|
||||||
c955dabe692c0a4a2fa2b09ab9096f6b14e83064b34ae8d22697096daf6551f00b590d837787d66ea1d0030a7cc30bef583cc4c936c980465663e73aec5fa2dc monit_alert.sh.aws
|
c955dabe692c0a4a2fa2b09ab9096f6b14e83064b34ae8d22697096daf6551f00b590d837787d66ea1d0030a7cc30bef583cc4c936c980465663e73aec5fa2dc monit_alert.sh.aws
|
||||||
346b0170ada6cc1207ffb7b8ef138a1570a63c7df4d57618aa4b6b6c0d2df2197b0f5b23578ec83c641ee5e724865ac06985222e125809c990467426a0851b72 neofetch.conf
|
346b0170ada6cc1207ffb7b8ef138a1570a63c7df4d57618aa4b6b6c0d2df2197b0f5b23578ec83c641ee5e724865ac06985222e125809c990467426a0851b72 neofetch.conf
|
||||||
|
@ -30,7 +30,16 @@ start() {
|
|||||||
# if fixed hostname use persistent sshd keys
|
# if fixed hostname use persistent sshd keys
|
||||||
[ -n "$CUSTOMHOSTNAME" ] && persistent_sshd_hostkeys "/_ssh/${ARTIFACT}/${CONGLOMERATE}/${HOSTNAME}"
|
[ -n "$CUSTOMHOSTNAME" ] && persistent_sshd_hostkeys "/_ssh/${ARTIFACT}/${CONGLOMERATE}/${HOSTNAME}"
|
||||||
|
|
||||||
eend $?
|
associate_eip $INSTANCE_ID $ELASTICIP && PUBLIC_IP_ADDRESS=$ELASTICIP
|
||||||
|
|
||||||
|
register_service_dns
|
||||||
|
|
||||||
|
is_enabled $LOGGING_ENABLED && setup_fluentbit $LOGGING_HOST
|
||||||
|
|
||||||
|
# cleanup previous reboot logs
|
||||||
|
rm -f /tmp/shutdown.log
|
||||||
|
|
||||||
|
eend 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -46,5 +55,5 @@ stop() {
|
|||||||
[ -n "$RC_REBOOT" ] && ACTION="rebooting" || ACTION="terminated"
|
[ -n "$RC_REBOOT" ] && ACTION="rebooting" || ACTION="terminated"
|
||||||
[ -z "$DISABLE_SCALING_EVENTS" ] && /var/lib/cloud/sns_alarm.sh "Instance $ACTION" "" Info "$SHUTDOWNLOG"
|
[ -z "$DISABLE_SCALING_EVENTS" ] && /var/lib/cloud/sns_alarm.sh "Instance $ACTION" "" Info "$SHUTDOWNLOG"
|
||||||
|
|
||||||
eend $?
|
eend 0
|
||||||
}
|
}
|
||||||
|
@ -105,6 +105,9 @@ setup_instance() {
|
|||||||
# Set system wide default region for boto3
|
# Set system wide default region for boto3
|
||||||
echo "export AWS_DEFAULT_REGION=$REGION" > /etc/profile.d/aws.sh
|
echo "export AWS_DEFAULT_REGION=$REGION" > /etc/profile.d/aws.sh
|
||||||
|
|
||||||
|
# workaround for dhcpcd / openresolv to omit search domain if equal to domain breaking DNS resolution of shortnames for eg. etcd and kube-apiserver
|
||||||
|
add_once /etc/resolv.conf "search $DOMAIN_NAME"
|
||||||
|
|
||||||
case "$CLOUD" in
|
case "$CLOUD" in
|
||||||
aws)
|
aws)
|
||||||
setup_sns_alarms
|
setup_sns_alarms
|
||||||
@ -148,20 +151,26 @@ configure_sshd() {
|
|||||||
|
|
||||||
|
|
||||||
# Persist host keys
|
# Persist host keys
|
||||||
|
# has to run before sshd starts up first time !
|
||||||
persistent_sshd_hostkeys() {
|
persistent_sshd_hostkeys() {
|
||||||
# Top level is artifact to be able to limit the SSM IAM permissions
|
# Top level is artifact to be able to limit the SSM IAM permissions
|
||||||
local ssm_path=$1
|
local ssm_path=$1
|
||||||
local key_types="dsa ecdsa ed25519 rsa"
|
local key_types="ecdsa ed25519 rsa"
|
||||||
|
|
||||||
# If host keys exist on SSM try to download
|
# try to get none existing host keys from SSM
|
||||||
RET=0
|
RET=0
|
||||||
for key in $key_types; do
|
for key in $key_types; do
|
||||||
|
if [ ! -f /etc/ssh/ssh_host_${key}_key.pub -a ! -f /etc/ssh/ssh_host_${key}_key ]; then
|
||||||
(aws ssm get-parameters --names "${ssm_path}/host_${key}.tgz" --with-decryption --query 'Parameters[0].Value' | base64 -d | tar xzf - --directory=/ 1>/dev/null 2>&1) \
|
(aws ssm get-parameters --names "${ssm_path}/host_${key}.tgz" --with-decryption --query 'Parameters[0].Value' | base64 -d | tar xzf - --directory=/ 1>/dev/null 2>&1) \
|
||||||
&& log -t user-data info "Restored ssh_host_${key}_key from SSM" || RET=1
|
&& log -t user-data info "Restored ssh_host_${key}_key from SSM" || RET=1
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# Update keys if any key couldn't be restored from SSM
|
# Update keys if any key couldn't be restored from SSM
|
||||||
if [ $RET -eq 1 ]; then
|
if [ $RET -eq 1 ]; then
|
||||||
|
# generate any missing keys
|
||||||
|
ssh-keygen -A
|
||||||
|
|
||||||
for key in $key_types; do
|
for key in $key_types; do
|
||||||
if [ -r /etc/ssh/ssh_host_${key}_key -a -r /etc/ssh/ssh_host_${key}_key.pub ]; then
|
if [ -r /etc/ssh/ssh_host_${key}_key -a -r /etc/ssh/ssh_host_${key}_key.pub ]; then
|
||||||
(aws ssm put-parameter --name "${ssm_path}/host_${key}.tgz" --type SecureString --value \
|
(aws ssm put-parameter --name "${ssm_path}/host_${key}.tgz" --type SecureString --value \
|
||||||
@ -302,6 +311,17 @@ unmount_volumes() {
|
|||||||
# msg used for sns event, last one wins
|
# msg used for sns event, last one wins
|
||||||
msg() { MSG="$@"; log -t user-data info "$@"; }
|
msg() { MSG="$@"; log -t user-data info "$@"; }
|
||||||
|
|
||||||
|
# boolean flags
|
||||||
|
is_enabled() {
|
||||||
|
local flag=$(echo "$1" | tr '[:upper:]' '[:lower:]')
|
||||||
|
|
||||||
|
[ "$flag" == 1 -o "$flag" == "true" ] && return 0
|
||||||
|
[ "$flag" == 0 -o "$flag" == "false" -o -z "$flag" ] && return 1
|
||||||
|
|
||||||
|
log -t user-data warn "Unknown value for boolean option: $flag - assuming False"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
# Generic retry command wrapper, incl. timeout of 30s
|
# Generic retry command wrapper, incl. timeout of 30s
|
||||||
# $1 = number of tries; 0 = forever
|
# $1 = number of tries; 0 = forever
|
||||||
# $2 = number of seconds to sleep between tries
|
# $2 = number of seconds to sleep between tries
|
||||||
@ -313,7 +333,7 @@ retry() {
|
|||||||
while true; do
|
while true; do
|
||||||
# Only use timeout of $1 is an executable, call directly if function
|
# Only use timeout of $1 is an executable, call directly if function
|
||||||
type -tf $1 >/dev/null && { timeout 30 $@ && return; } || { $@ && return; }
|
type -tf $1 >/dev/null && { timeout 30 $@ && return; } || { $@ && return; }
|
||||||
((tries=tries-1))
|
((tries=tries-1)) || true
|
||||||
[ $tries -eq 0 ] && return 1
|
[ $tries -eq 0 ] && return 1
|
||||||
sleep $waitfor
|
sleep $waitfor
|
||||||
done
|
done
|
||||||
@ -519,14 +539,12 @@ check_lock() {
|
|||||||
|
|
||||||
# All things networking
|
# All things networking
|
||||||
enable_ip_forwarding() {
|
enable_ip_forwarding() {
|
||||||
local interface=$1
|
|
||||||
|
|
||||||
modprobe nf_conntrack
|
modprobe nf_conntrack
|
||||||
|
|
||||||
cat <<EOF > /etc/sysctl.d/40-ip-forward.conf
|
cat <<EOF > /etc/sysctl.d/40-ip-forward.conf
|
||||||
net.ipv4.ip_forward=1
|
net.ipv4.ip_forward=1
|
||||||
net.ipv4.ip_local_port_range = 1024 65535
|
net.ipv4.ip_local_port_range = 1024 65535
|
||||||
net.ipv4.conf.$interface.send_redirects=0
|
net.ipv4.conf.all.send_redirects=0
|
||||||
net.ipv4.conf.all.rp_filter = 1
|
net.ipv4.conf.all.rp_filter = 1
|
||||||
net.ipv4.conf.all.accept_redirects = 0
|
net.ipv4.conf.all.accept_redirects = 0
|
||||||
net.ipv6.conf.default.forwarding = 1
|
net.ipv6.conf.default.forwarding = 1
|
||||||
@ -548,6 +566,7 @@ register_service_dns() {
|
|||||||
[ -n "SERVICEPRIVATE" ] && _IP=$IP_ADDRESS
|
[ -n "SERVICEPRIVATE" ] && _IP=$IP_ADDRESS
|
||||||
route53.py --fqdn "${SERVICENAME}.${DNSZONE}" --record $_IP
|
route53.py --fqdn "${SERVICENAME}.${DNSZONE}" --record $_IP
|
||||||
|
|
||||||
|
# Register shutdown hook to remove DNS entry on terminate
|
||||||
cat <<EOF >> /etc/local.d/route53.stop
|
cat <<EOF >> /etc/local.d/route53.stop
|
||||||
echo "Deleting Route53 record for ${SERVICENAME}.${DNSZONE}" >> /tmp/shutdown.log
|
echo "Deleting Route53 record for ${SERVICENAME}.${DNSZONE}" >> /tmp/shutdown.log
|
||||||
route53.py --delete --fqdn "${SERVICENAME}.${DNSZONE}" --record ${PUBLIC_IP_ADDRESS:-$IP_ADDRESS}
|
route53.py --delete --fqdn "${SERVICENAME}.${DNSZONE}" --record ${PUBLIC_IP_ADDRESS:-$IP_ADDRESS}
|
||||||
@ -561,8 +580,8 @@ EOF
|
|||||||
|
|
||||||
|
|
||||||
# associate EIP
|
# associate EIP
|
||||||
# return 0 if we attache EIP
|
# return 0 if we attached an EIP
|
||||||
# return 1 if we public did NOT change
|
# return 1 if we the public IP did NOT change or other error
|
||||||
associate_eip() {
|
associate_eip() {
|
||||||
local instance_id=$1
|
local instance_id=$1
|
||||||
local eip=$(echo $2 | sed -e 's/\/32//' | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)") || true
|
local eip=$(echo $2 | sed -e 's/\/32//' | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)") || true
|
||||||
@ -609,16 +628,20 @@ disable_source_dest_check() {
|
|||||||
|
|
||||||
# Register ourself at route tables
|
# Register ourself at route tables
|
||||||
register_routes() {
|
register_routes() {
|
||||||
local rtb_id_list=$1
|
local rtb_id_list="$1"
|
||||||
local route_cidr=${2:-"0.0.0.0/0"}
|
local route_cidr="$2"
|
||||||
|
|
||||||
for cidr in ${route_cidr//,/ }; do
|
for cidr in ${route_cidr//,/ }; do
|
||||||
for rt in ${rtb_id_list//,/ }; do
|
if [ "$cidr" != "$VPC_CIDR_RANGE" ]; then
|
||||||
[[ "$rt" =~ ^rtb-[a-f0-9]*$ ]] || { log -t user-data warn "Invalid Route Table ID: $rt"; return 1; }
|
for rt in ${rtb_id_list//,/ }; do
|
||||||
|
if [[ "$rt" =~ ^rtb-[a-f0-9]*$ ]]; then
|
||||||
aws ec2 create-route --route-table-id $rt --destination-cidr-block "${cidr}" --instance-id ${INSTANCE_ID} || \
|
aws ec2 create-route --route-table-id $rt --destination-cidr-block "${cidr}" --instance-id ${INSTANCE_ID} || \
|
||||||
aws ec2 replace-route --route-table-id $rt --destination-cidr-block "${cidr}" --instance-id ${INSTANCE_ID}
|
aws ec2 replace-route --route-table-id $rt --destination-cidr-block "${cidr}" --instance-id ${INSTANCE_ID}
|
||||||
done
|
else
|
||||||
|
log -t user-data warn "Invalid Route Table ID: $rt"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -632,17 +655,16 @@ setup_nat() {
|
|||||||
|
|
||||||
|
|
||||||
setup_fluentbit() {
|
setup_fluentbit() {
|
||||||
local token="cloudbender"
|
local key="cloudbender"
|
||||||
|
local host="$1"
|
||||||
|
|
||||||
if [[ $FLUENTDURL == *@* ]]; then
|
if [[ "$host" =~ "@" ]]; then
|
||||||
token=${FLUENTDURL%%@*}
|
key=${host%%@*}
|
||||||
FLUENTD_URL=${FLUENTDURL##*@}
|
host=${host##*@}
|
||||||
fi
|
fi
|
||||||
LOG_FILES=$FLUENTDLOGFILES
|
|
||||||
|
|
||||||
# Add a local file based syslog parser which does not require Priority
|
# add some AWS metadata
|
||||||
cat <<EOF > /etc/fluent-bit/metadata.conf
|
cat <<EOF > /etc/fluent-bit/metadata.conf
|
||||||
# add some AWS metadata
|
|
||||||
[FILTER]
|
[FILTER]
|
||||||
Name record_modifier
|
Name record_modifier
|
||||||
Match *
|
Match *
|
||||||
@ -654,22 +676,21 @@ setup_fluentbit() {
|
|||||||
Record source.artifact $ARTIFACT
|
Record source.artifact $ARTIFACT
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# install logrotate fragment
|
# Configure output
|
||||||
cat <<EOF > /etc/logrotate.d/fluentbit
|
cat <<EOF > /etc/fluent-bit/output.conf
|
||||||
/var/log/fluentbit.log
|
[OUTPUT]
|
||||||
{
|
Match *
|
||||||
rotate 3
|
Name forward
|
||||||
missingok
|
Host $host
|
||||||
notifempty
|
Port 24224
|
||||||
compress
|
Shared_Key $key
|
||||||
maxsize 10M
|
tls on
|
||||||
daily
|
Send_options true
|
||||||
postrotate
|
Require_ack_response true
|
||||||
rc-service fluent-bit restart
|
|
||||||
endscript
|
|
||||||
}
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
rc-update add fluent-bit default
|
LOG_FILES=$LOGGING_FILES
|
||||||
rc-service fluent-bit start
|
|
||||||
|
## TODO:
|
||||||
|
# Add parameter parsing for custom logfile tailing
|
||||||
}
|
}
|
||||||
|
36
kubezero/zdt-base/dhcpcd-mtu.hook
Normal file
36
kubezero/zdt-base/dhcpcd-mtu.hook
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# From https://chromium.googlesource.com/chromiumos/third_party/dhcpcd/+/refs/tags/dhcpcd-6.0.0/dhcpcd-hooks
|
||||||
|
|
||||||
|
# Configure the MTU for the interface
|
||||||
|
mtu_dir="$state_dir/mtu"
|
||||||
|
set_mtu()
|
||||||
|
{
|
||||||
|
local mtu=$1
|
||||||
|
if [ -w /sys/class/net/$interface/mtu ]; then
|
||||||
|
echo "$mtu" >/sys/class/net/$interface/mtu
|
||||||
|
else
|
||||||
|
ifconfig "$interface" mtu "$mtu"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
if [ "$reason" = PREINIT -a -e "$mtu_dir/$interface" ]; then
|
||||||
|
rm "$mtu_dir/$interface"
|
||||||
|
elif [ -n "$new_interface_mtu" ] && $if_up; then
|
||||||
|
# The smalled MTU dhcpcd can work with is 576
|
||||||
|
if [ "$new_interface_mtu" -ge 576 ]; then
|
||||||
|
if set_mtu "$new_interface_mtu"; then
|
||||||
|
syslog info "MTU set to $new_interface_mtu"
|
||||||
|
# Save the MTU so we can restore it later
|
||||||
|
if [ ! -e "$mtu_dir/$interface" ]; then
|
||||||
|
mkdir -p "$mtu_dir"
|
||||||
|
echo "$ifmtu" > "$mtu_dir/$interface"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
elif [ -e "$mtu_dir/$interface" ]; then
|
||||||
|
if $if_up || $if_down; then
|
||||||
|
# No MTU in this state, so restore the prior MTU
|
||||||
|
mtu=$(cat "$mtu_dir/$interface")
|
||||||
|
syslog info "MTU restored to $mtu"
|
||||||
|
set_mtu "$mtu"
|
||||||
|
rm "$mtu_dir/$interface"
|
||||||
|
fi
|
||||||
|
fi
|
@ -28,6 +28,8 @@ echo 'syslog-ng: all to /var/log/messages as json, rotate hourly'
|
|||||||
echo ":2345:respawn:/usr/bin/monit -Ic /etc/monitrc.zdt" >> /etc/inittab
|
echo ":2345:respawn:/usr/bin/monit -Ic /etc/monitrc.zdt" >> /etc/inittab
|
||||||
echo 'Enable monit via inittab'
|
echo 'Enable monit via inittab'
|
||||||
|
|
||||||
# QoL
|
# QoL - color prompt even for doas bash
|
||||||
[ -f /etc/profile.d/color_prompt.sh.disabled ] && mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh || true
|
[ -f /etc/profile.d/color_prompt.sh.disabled ] && mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh
|
||||||
|
ln -sf /etc/profile.d/color_prompt.sh /etc/bash/color_prompt.sh
|
||||||
|
|
||||||
echo 'alias rs="doas bash"' > /etc/profile.d/alias.sh
|
echo 'alias rs="doas bash"' > /etc/profile.d/alias.sh
|
||||||
|
Loading…
Reference in New Issue
Block a user