RC - Point release v3.18.4

This commit is contained in:
Stefan Reimer 2023-10-05 16:46:40 +00:00
parent d4c543a330
commit b0ca301ee5
20 changed files with 199 additions and 83 deletions

View File

@ -4,7 +4,7 @@ REGION := us-east-1
include .ci/podman.mk
BUILDER := v3.18.2
BUILDER := v3.18.4
PKG := '*'
CF_DIST := E11OFTOA3L8IVY

View File

@ -1,7 +1,7 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=fluent-bit
pkgver=2.1.5
pkgver=2.1.10
pkgrel=0
pkgdesc="Fast and Lightweight Log processor and forwarder"
url="https://fluentbit.io/"
@ -12,10 +12,10 @@ makedepends="
bison
cmake
flex
gtest-dev
linux-headers
musl-fts-dev
openssl-dev
gtest-dev
yaml-dev
zlib-dev
"
@ -27,8 +27,11 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/fluent/fluent-bit/archive/v$
fluent-bit.confd
fluent-bit.initd
chunkio-static-lib-fts.patch
exclude-luajit.patch
xsi-strerror.patch
fluent-bit.conf
zdt-parsers.conf
fluent-bit.logrotated
"
# enable check when this solved - https://github.com/fluent/fluent-bit/issues/2464#issuecomment-673280055
# Disable all things AWS to make tests pass
@ -50,15 +53,16 @@ build() {
-DFLB_DEBUG=Off \
-DFLB_SHARED_LIB=Off \
-DFLB_JEMALLOC=Yes \
-DFLB_LUAJIT=Yes \
-DFLB_IN_SYSTEMD=Off \
-DFLB_PROXY_GO=No \
-DFLB_TLS=Yes \
-DFLB_HTTP_SERVER=Yes \
$CMAKE_CROSSOPTS .
make -C build
#-DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \
#-DCMAKE_EXE_LINKER_FLAGS="-static" \
#-DFLB_STREAM_PROCESSOR=No \
#-DFLB_LUAJIT=Yes \
#-DFLB_FILTER_LUA=Off \
#-DFLB_TESTS_INTERNAL=Yes \
#-DFLB_AWS=No \
@ -90,14 +94,20 @@ package() {
mkdir -p "$pkgdir"/var/spool/fluent-bit
install -Dm644 "$srcdir/fluent-bit.conf" "$pkgdir/etc/fluent-bit/fluent-bit.conf"
install -Dm644 "$srcdir/zdt-parsers.conf" "$pkgdir/etc/fluent-bit/zdt-parsers.conf"
install -Dm644 "$srcdir"/fluent-bit.logrotated "$pkgdir"/etc/logrotate.d/fluentbit
touch "$pkgdir"/etc/fluent-bit/metadata.conf
}
sha512sums="
de9c6a4744223ed0f6f401adeb95956c90524feba6f592459ed517e1058f7e1a21f1c42910d3ac721be639264979ba3ebb5503cd7dc5874e1f676bf32a7e7df0 fluent-bit-2.1.5.tar.gz
55caefa81cdeaf293b727829383c6eaa75bc2f8b8c61ebe15e1478c66033921fde6e50c39fc8c39a7d2d93d03892f709daf4d1b6caacf586133de5268de10299 fluent-bit-2.1.10.tar.gz
f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949 fluent-bit.confd
8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f fluent-bit.initd
e17bad6abd597da620fdb930e3f18612a828dd956abf87ce850e2660b83db4d9ab7d373ab3a9bf1d07f605b5077998234ce4774007c0197cfbfdad465ca6b47a fluent-bit.initd
6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0 chunkio-static-lib-fts.patch
ea125b68825ae17bb6d08b1cbe7b3594d4844f7abb06465d7de0a39995dfa927087a28e592f40239792aee7f3494a8ba7a2d2373efc36f6ac712e802ace2f8a2 fluent-bit.conf
e3308a8377fb8ba496415b7a31e9e022e5aa9965d27a0c33ea5166a29049b72cb364bbcdf9d8611ef3407b0968f9bd4adff12cdb39728bbebd382710e5bc75d0 exclude-luajit.patch
d61f30344af997f126486fa5b34cd3fbfe88bfc9aea394a8c60d0206f4db8db998eadf637a3a581b89512411c1e7980c414e236e455d5e2b889d20a556ee6577 xsi-strerror.patch
52aba9d23584d64842bc967504701a10166a43a03ca0d31de9b6cbffaacdbaa7d99f0fd55a4b0194e3b65d456817cb1779b86d468d81c1d9681a6fa708e85449 fluent-bit.conf
31899a3c68bbb43adb9025a3a46bad4ca0c740d5bca5c252c8667197575698d98ac4a3b6e11ee160c4bb8df0d0089b639bfd7d0ffa52391e6c4f8f734a6952a6 zdt-parsers.conf
e166b0ff11a1789599e93f86b72102ca6a06725c98553a8fdd48c8d6414bfa765c3958d07bfb4c4d99101d8cdf7d00db1a8506d48c2cbd6bd375ce43c43d2bf9 fluent-bit.logrotated
"

View File

@ -0,0 +1,12 @@
otherwise it installs an unused /usr/bin/luajit ....
-0
diff --git a/cmake/luajit.cmake b/cmake/luajit.cmake
index b6774eb..f8042ae 100644
--- a/cmake/luajit.cmake
+++ b/cmake/luajit.cmake
@@ -1,4 +1,4 @@
# luajit cmake
option(LUAJIT_DIR "Path of LuaJIT 2.1 source dir" ON)
set(LUAJIT_DIR ${FLB_PATH_ROOT_SOURCE}/${FLB_PATH_LIB_LUAJIT})
-add_subdirectory("lib/luajit-cmake")
+add_subdirectory("lib/luajit-cmake" EXCLUDE_FROM_ALL)

View File

@ -30,12 +30,4 @@
@INCLUDE metadata.conf
[OUTPUT]
Match *
Name forward
Host fluentd
Port 24224
Shared_Key cloudbender
tls on
Send_options true
Require_ack_response true
@INCLUDE output.conf

View File

@ -7,5 +7,5 @@ command_args="$fluentbit_opts"
depend() {
need net
after firewall
after firewall cloudbender
}

View File

@ -0,0 +1,12 @@
/var/log/fluentbit.log
{
rotate 2
missingok
notifempty
compress
maxsize 10M
daily
postrotate
rc-service fluent-bit restart
endscript
}

View File

@ -0,0 +1,15 @@
--- a/src/flb_network.c
+++ b/src/flb_network.c
@@ -523,9 +523,10 @@
}
/* Connection is broken, not much to do here */
- str = strerror_r(error, so_error_buf, sizeof(so_error_buf));
+ /* XXX: XSI */
+ int _err = strerror_r(error, so_error_buf, sizeof(so_error_buf));
flb_error("[net] TCP connection failed: %s:%i (%s)",
- u->tcp_host, u->tcp_port, str);
+ u->tcp_host, u->tcp_port, so_error_buf);
return -1;
}
}

View File

@ -5,7 +5,7 @@
# Contributor: Dave <dj.2dixx@gmail.com>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=kubernetes
pkgver=1.26.7
pkgver=1.26.8
pkgrel=0
pkgdesc="Container Cluster Manager"
url="https://kubernetes.io/"
@ -208,7 +208,7 @@ _do_zshcomp() {
}
sha512sums="
9069e653e87883e54df8e01edf2cce9d847a83d593f13e8281654653924586e73841d1ee302de4de93dadf2a2474e875cf350f03c2aec512c100cb3d4fb7d9c5 kubernetes-1.26.7.tar.gz
38649d4c8a85e236a8ceffe5bba5146cf1a4eb9191534707dd39443303f99d830e95dc4e9be0febfb2a8bd4d0b57f13b5cb883b51fea57306f1f2ceff2052d69 kubernetes-1.26.8.tar.gz
5427c2e653504cfd5b0bcaf195d4734ee40947ddfebc9f155cd96dddccfc27692c29d94af4ac99f1018925b52995c593b584c5d7a82df2f185ebce1a9e463c40 make-e2e_node-run-over-distro-bins.patch
94d07edfe7ca52b12e85dd9e29f4c9edcd144abc8d120fb71e2a0507f064afd4bac5dde30da7673a35bdd842b79a4770a03a1f3946bfae361c01dd4dc4903c64 make-test-cmd-run-over-hyperkube-based-kubectl.patch
e690daff2adb1013c92124f32e71f8ed9a18c611ae6ae5fcb5ce9674768dbf9d911a05d7e4028488cda886e63b82e8ac0606d14389a05844c1b5538a33dd09d1 kube-apiserver.initd
@ -223,7 +223,7 @@ d7e022ee22da191bda7382f87cb293d9c9d115a3df0c2054bf918279eb866f99c6d5c21e4c98eae8
561bef5633ba4b9021720624443d9c279a561e5fabea76e5d0fbee2e7ad8999029a2511a45895fbec8448026212a3c5b4c197b248a6afa7f8bd945f705524ea7 kube-scheduler.initd
af88b382ab75657d0ff13c3f8f6d924cef9f2df7807a9a27daa63495981801bc4b607998f65c0758c11a7e070e43c24f7184ba7720711109c74b1c4d57919e34 kube-scheduler.confd
3692da349dd6ed0f5acc09d7b95ac562ffecb103e2270bebdfe4a7808d48dada9d2debff262d85b11c47f9ca3f0c20000712d03629ed813ff08a3e02d69267e6 kube-scheduler.logrotated
73fdb0303e72c006f4570af28312ecee224beb1d6cc1e19003593af377436b4082f6d49bd25cd9cae258ffa01bc9f2f0624d11ef0ecc64c658761888923be812 kubelet.initd
887ee5b4c67198727407e74c92639b23674515d5f049938f8ce5f3ba2eabcf7f321c00c914b254a7b2baa5c2f45a9ae4a945c9c90f1968f1012dbd60245d1b81 kubelet.confd
7cb03bde52820c3ce8b10df1a16cf0b46b39d185e01b4d312400f70bba5875992ec71166539d3820cf59ddbabeb48dec7ae8185820646fae3f851c4cd144fe69 kubelet.initd
44eb973de8ee8e0c5a77d76ab0e105fe0ae892be1ff86c238a5449b43f83cab6f844575b6c3218f08c5ff077e9f828f5aef72425c1d77546cce2e0136e8a8da8 kubelet.confd
941f4a7579dcf78da2d323ac69195e95eba6600e6fcefe9231447f11c9867a7aa57b4189ee1fefb10eab19c89665ea2e7696b539c92e99fbcde905d2ff85be58 kubelet.logrotated
"

View File

@ -1,2 +1 @@
command_args="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --image-credential-provider-bin-dir=/usr/libexec/kubernetes/kubelet-plugins --image-credential-provider-config=/etc/kubernetes/credential-provider.yaml"
rc_after="cloudbender"

View File

@ -7,7 +7,10 @@ description="Kubelet, a Kubernetes node agent"
# do not start without kubezero node config in place
required_files="/var/lib/kubelet/kubeadm-flags.env /var/lib/kubelet/config.yaml"
# Restart forever just like systemd upstream
respawn_max=0
respawn_delay=5
if [ -e /var/lib/kubelet/kubeadm-flags.env ]; then
. /var/lib/kubelet/kubeadm-flags.env;
@ -20,7 +23,6 @@ pidfile="${KUBELET_PIDFILE:-/run/${RC_SVCNAME}.pid}"
: ${error_log:=/var/log/$RC_SVCNAME/$RC_SVCNAME.log}
depend() {
after net
need cgroups
want containerd crio
after net cloudbender
need cgroups crio
}

View File

@ -55,7 +55,7 @@ package() {
install -Dm644 "$srcdir"/kubelet.monit "$pkgdir/etc/monit.d/kubelet.conf"
# crio settings
install -Dm644 "$srcdir"/crio.conf "$pkgdir/etc/crio.conf.d/01-kubezero.conf"
install -Dm644 "$srcdir"/crio.conf "$pkgdir/etc/crio/crio.conf.d/01-kubezero.conf"
}
# Preload container images all nodes need to speed up boot time and reduce data transfer
@ -72,6 +72,6 @@ sha512sums="
ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc58de8bf577059e6f19b417655b5301ef8c32deff67a29dff shared-sys-fs.start
fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593 evictLocalNode.sh
716ec3404d7016bce57d663f750a18db3ede07c1ba7a2908f9f01f41c5ca8fe4e7232ded27bc2bccd705b11ae5cd26574322a8eacefcf8c102bba0f8e4995e59 credential-provider.yaml
abf062fbb2b94831f5321265a648bd17ddbb198e446e763d64d0cc8e3b7320e1545376cfa57b1491bb296ace28f1623439807a4157a2f32984082e565e2edcba kubelet.monit
8b81eb0fb66e6a739965db6af6a31c443e8f612c06146bd51107372abd833b527423299ee11b27e011f46cfbee11415234b3fa0dea695dbbb06711e0ad58f08d kubelet.monit
064fc245b7ffd67834a2f5fd13cb0bcb5f4a5caf79b8113b3669bf1d0e1a4af2042e69f8f496991de76d621fd01bc7e67de37c59f034584d12622c6af96376ff crio.conf
"

View File

@ -1,6 +1,7 @@
check process kubelet pidfile /run/kubelet.pid
start program = "/etc/init.d/kubelet start"
stop program = "/etc/init.d/kubelet stop"
start program = "/sbin/rc-service kubelet start"
stop program = "/sbin/rc-service kubelet stop"
restart program = "/sbin/rc-service kubelet restart"
if failed
port 10248
protocol http

View File

@ -1,7 +1,7 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=nvidia-container-toolkit
pkgver=1.13.2
pkgver=1.13.5
pkgrel=0
pkgdesc="NVIDIA Container toolkit incl. cri hooks"
url="https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html"
@ -68,11 +68,11 @@ package() {
}
sha512sums="
0edd50e9d42d345bcc26410752ac50425a5806144b0fdd4f6eea07f62501a325a3f58e74d68b6bb2a834b33977ddcc86723b1d96c4ae9664827ad86b4756172b libnvidia-container1_1.13.2-1_amd64.deb
3d61c5e610402344411f40db7b9da090b4de467f170779eac7fd8787bd5c30035128196b265a55af5ddadee704056dbcdf30b5cfb0ed72e90ea307db25285b1d libnvidia-container-tools_1.13.2-1_amd64.deb
f15af5460823667476e8b788708d1b76e81b73e99e0c6c9a045c830160ab2bb78988de1b4ad1963656f590faa1c5ee415b951275704fd77849d16a0ef712ed4a nvidia-container-toolkit_1.13.2-1_amd64.deb
903155c63c7af83dbd431ba3e5bc0d8ca74cce38996bf944b80520b5838f9765bbc0cbe201122d8ccc21cbd01dd4c4e47d2b451bdab7fadc99a8d75b941fda67 libnvidia-container1_1.13.5-1_amd64.deb
2d4cbbdd80db2730b1ed9db8d4b36c5212ce5361350dcdfbc5795dac887136cecd40c13843e61350bad12b103cd1550030c76de35a2cbbca2a6df3850b6b68ca libnvidia-container-tools_1.13.5-1_amd64.deb
8614c2b436dab3886df6a2328b3753c27704dd3a78f0abe5c333c57fb4ee8deebb6fc03051931b3794bf152d947b721c160acf6614e5145b39bb7162d1ef45d8 nvidia-container-toolkit_1.13.5-1_amd64.deb
694a3ec64ef3056d5874ff03b889b868c294bccb16506468fdf1c289fe3aaadc2da25a5934de653af9633a5d993d2bb21491d84b3b2e2529e6b31d92c78a2228 libcap2_2.25-2_amd64.deb
5a4eaa96e6e774948889909d618a8ed44a82f649cbba11622dc7b4478098bea006995d5a5a60ca026a57b76ad866d1e2c6caebd154a26eb6bd7e15291b558057 libseccomp2_2.3.3-4_amd64.deb
040ac2e3f58549dc09e5bce0d694e4be2f6aae736014bf0ee90042646562d5f1ef1f5990eb9f2c2a2fdf504587b82f4aa0eb99d04c5d3e407670e4012e3edd4e config.toml
cf5673231d1862e3ec03f792cddf54ff27237656f762c3f42b6d7e1584de2201c487861ac399ab26951b5dbf3e3cd9b4451dbf61f02b55e0991889b507319764 oci-nvidia-hook.json
0f150ea59b2372bf3ef60e657142b19f46500d1c70cb179d37ce117d6b03e86427dbf356873affb7639e082a07f852a922ae3aea4a8f8885640e43675c4e4add oci-nvidia-hook.json
"

View File

@ -1,8 +1,8 @@
{
"version": "1.0.0",
"hook": {
"path": "/usr/bin/nvidia-container-toolkit",
"args": ["nvidia-container-toolkit", "prestart"]
"path": "/usr/bin/nvidia-container-runtime-hook",
"args": ["nvidia-container-runtime-hook", "prestart"]
},
"when": {
"always": true,

View File

@ -39,7 +39,7 @@ package() {
# which libs are from debug log at runtime
# LIBS=$(grep "missing library" /var/log/nvidia-container-toolkit.log | awk '{print $7}' | sort | uniq)
# cross checked via .manifest for targets and symlinks
LIBS="libEGL_nvidia.so libGLESv1_CM_nvidia.so libGLESv2_nvidia.so libGLX_nvidia.so libcuda.so libcudadebugger.so libnvcuvid.so libnvidia-allocator.so libnvidia-cbl.so libnvidia-cfg.so libnvidia-compiler.so libnvidia-eglcore.so libnvidia-encode.so libnvidia-fatbinaryloader.so libnvidia-fbc.so libnvidia-glcore.so libnvidia-glsi.so libnvidia-glvkspirv.so libnvidia-ifr.so libnvidia-ml.so libnvidia-ngx.so libnvidia-nscq.so libnvidia-opencl.so libnvidia-opticalflow.so libnvidia-pkcs11.so libnvidia-ptxjitcompiler.so libnvidia-rtcore.so libnvidia-tls.so libnvoptix.so libvdpau_nvidia.so"
LIBS="libEGL_nvidia.so libGLESv1_CM_nvidia.so libGLESv2_nvidia.so libGLX_nvidia.so libcuda.so libcudadebugger.so libnvcuvid.so libnvidia-allocator.so libnvidia-cbl.so libnvidia-cfg.so libnvidia-compiler.so libnvidia-eglcore.so libnvidia-encode.so libnvidia-fatbinaryloader.so libnvidia-fbc.so libnvidia-glcore.so libnvidia-glsi.so libnvidia-glvkspirv.so libnvidia-ifr.so libnvidia-ml.so libnvidia-ngx.so libnvidia-nscq.so libnvidia-opencl.so libnvidia-opticalflow.so libnvidia-pkcs11.so libnvidia-ptxjitcompiler.so libnvidia-rtcore.so libnvidia-tls.so libnvoptix.so libvdpau_nvidia.so libnvidia-gpucomp.so libnvidia-nvvm.so"
# inspired from Gentoo x11-drivers/nvidia-drivers
for lib in $LIBS; do

View File

@ -7,7 +7,7 @@ pkgdesc="ZeroDownTime Alpine additions and customizations"
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
arch="noarch"
license="AGPL-3.0"
depends="logrotate syslog-ng neofetch monit file tiny-cloud"
depends="logrotate syslog-ng neofetch monit file tiny-cloud dhcpcd"
options="!check"
subpackages="$pkgname-openrc $pkgname-aws"
install="$pkgname.post-install"
@ -22,6 +22,7 @@ source="
syslog-ng.conf
syslog-ng.logrotate.conf
syslog-ng.apparmor
dhcpcd-mtu.hook
monitrc
monit_alert.sh.aws
neofetch.conf
@ -45,6 +46,9 @@ package() {
mkdir -p "$pkgdir/home/alpine"
install -Dm644 "$srcdir/profile" "$pkgdir/home/alpine/.profile"
# set mtu on interface via dhcpcd
install -Dm644 "$srcdir/dhcpcd-mtu.hook" "$pkgdir/usr/lib/dhcpcd/dhcpcd-hooks/10-mtu"
# various sysctl tunings
install -Dm644 "$srcdir"/zdt-sysctl.conf "$pkgdir"/etc/sysctl.d/60-zdt.conf
@ -85,15 +89,16 @@ aws() {
}
sha512sums="
a99d8fada2ce90876abbd84d8f72c976d1363e0b1437952aee8b22983b7bc7492803950bcc4dfb9866fcf744b9b6056bdbd53c257780d26814f16c8b0983242f common.sh
a870cc7657757770fb573a0fb5df61887d1b9d2a6a57b3ee8be93a7dfb34df6a1d489cd5572ab273dfe896b97faad7e7479571f993a3e13cfefe24c4720bcbf4 common.sh
7f6a69a77d6a4a3c34928609108b7939cd43a892d72fb14bebc1d935cd66eda3bd625d15eebb4d6026715b36b12919fcaf863ed5f65ffdc0e2de9fc1b969cb3e boot.sh
ee19dcc0b46bdff8581c2661cda69fd8a3fa2de4dd30d96a4ce438b2536043a9f0bc57a6b0d4056e2715a2663a89bc1b07ec33798d5430a2046a65069a327cda cloudbender-early.init
9ca46acc407ff6aa18beec02564c3822db215bd5dc0a94f9bd9258c9b99f85cc40f793e20618509ed7f1e8645407cffb8274d7838b46442ad44e64726e37e3a0 cloudbender.init
df610d896c6b2821925df8d65ab44a0008b31e5b738172076234ae7645e8ef7e25d710c43f9b3999fb3f0303ccd81b57327c2e7694e1fc3f790abdbc77e0a097 cloudbender.init
b9479835d8667fa99f8b1b140f969f0464a9bb3c60c7d19b57e306cfe82357d453932791e446caded71fddd379161ae8328367f1ee75ae3afc1b85e12294b621 zdt-sysctl.conf
76e6a4f309f31bfa07de2d3b1faebe5670722752e18157b69d6e868cbe9e85eda393aed0728b0347a01a810eee442844c78259f86ff71e3136a013f4cbfaaea4 ps_mem.py
5376f4bf8356ce9249c45e78085073245181e8742c7b4be47c71dcd97a611ae125a7dfd3060502bdd591560af070334f89fe60dbc09c008926149c538ab0560a syslog-ng.conf
484bdcf001b71ce5feed26935db437c613c059790b99f3f5a3e788b129f3e22ba096843585309993446a88c0ab5d60fd0fa530ef3cfb6de1fd34ffc828172329 syslog-ng.logrotate.conf
e86eed7dd2f4507b04050b869927b471e8de26bc7d97e7064850478323380a0580a92de302509901ea531d6e3fa79afcbf24997ef13cd0496bb3ee719ad674ee syslog-ng.apparmor
f8c052c7ec12c71937c7b8bc05d8374c588f345e303b30eda9c8612dff8f8f34a87a433648a3e9b85b278196ece198533b29680a303ff6478171d43f8e095189 dhcpcd-mtu.hook
e00a8f296c76446fe1241bf804c0108f47a2676f377a413ee9fede0943362a6582cad30fe13edd93f3d0daab0e2d7696553fb9458dca62adc05572dce339021a monitrc
c955dabe692c0a4a2fa2b09ab9096f6b14e83064b34ae8d22697096daf6551f00b590d837787d66ea1d0030a7cc30bef583cc4c936c980465663e73aec5fa2dc monit_alert.sh.aws
346b0170ada6cc1207ffb7b8ef138a1570a63c7df4d57618aa4b6b6c0d2df2197b0f5b23578ec83c641ee5e724865ac06985222e125809c990467426a0851b72 neofetch.conf

View File

@ -30,7 +30,16 @@ start() {
# if fixed hostname use persistent sshd keys
[ -n "$CUSTOMHOSTNAME" ] && persistent_sshd_hostkeys "/_ssh/${ARTIFACT}/${CONGLOMERATE}/${HOSTNAME}"
eend $?
associate_eip $INSTANCE_ID $ELASTICIP && PUBLIC_IP_ADDRESS=$ELASTICIP
register_service_dns
is_enabled $LOGGING_ENABLED && setup_fluentbit $LOGGING_HOST
# cleanup previous reboot logs
rm -f /tmp/shutdown.log
eend 0
}
@ -46,5 +55,5 @@ stop() {
[ -n "$RC_REBOOT" ] && ACTION="rebooting" || ACTION="terminated"
[ -z "$DISABLE_SCALING_EVENTS" ] && /var/lib/cloud/sns_alarm.sh "Instance $ACTION" "" Info "$SHUTDOWNLOG"
eend $?
eend 0
}

View File

@ -105,6 +105,9 @@ setup_instance() {
# Set system wide default region for boto3
echo "export AWS_DEFAULT_REGION=$REGION" > /etc/profile.d/aws.sh
# workaround for dhcpcd / openresolv to omit search domain if equal to domain breaking DNS resolution of shortnames for eg. etcd and kube-apiserver
add_once /etc/resolv.conf "search $DOMAIN_NAME"
case "$CLOUD" in
aws)
setup_sns_alarms
@ -148,20 +151,26 @@ configure_sshd() {
# Persist host keys
# has to run before sshd starts up first time !
persistent_sshd_hostkeys() {
# Top level is artifact to be able to limit the SSM IAM permissions
local ssm_path=$1
local key_types="dsa ecdsa ed25519 rsa"
local key_types="ecdsa ed25519 rsa"
# If host keys exist on SSM try to download
# try to get none existing host keys from SSM
RET=0
for key in $key_types; do
if [ ! -f /etc/ssh/ssh_host_${key}_key.pub -a ! -f /etc/ssh/ssh_host_${key}_key ]; then
(aws ssm get-parameters --names "${ssm_path}/host_${key}.tgz" --with-decryption --query 'Parameters[0].Value' | base64 -d | tar xzf - --directory=/ 1>/dev/null 2>&1) \
&& log -t user-data info "Restored ssh_host_${key}_key from SSM" || RET=1
fi
done
# Update keys if any key couldn't be restored from SSM
if [ $RET -eq 1 ]; then
# generate any missing keys
ssh-keygen -A
for key in $key_types; do
if [ -r /etc/ssh/ssh_host_${key}_key -a -r /etc/ssh/ssh_host_${key}_key.pub ]; then
(aws ssm put-parameter --name "${ssm_path}/host_${key}.tgz" --type SecureString --value \
@ -302,6 +311,17 @@ unmount_volumes() {
# msg used for sns event, last one wins
msg() { MSG="$@"; log -t user-data info "$@"; }
# boolean flags
is_enabled() {
local flag=$(echo "$1" | tr '[:upper:]' '[:lower:]')
[ "$flag" == 1 -o "$flag" == "true" ] && return 0
[ "$flag" == 0 -o "$flag" == "false" -o -z "$flag" ] && return 1
log -t user-data warn "Unknown value for boolean option: $flag - assuming False"
return 1
}
# Generic retry command wrapper, incl. timeout of 30s
# $1 = number of tries; 0 = forever
# $2 = number of seconds to sleep between tries
@ -313,7 +333,7 @@ retry() {
while true; do
# Only use timeout of $1 is an executable, call directly if function
type -tf $1 >/dev/null && { timeout 30 $@ && return; } || { $@ && return; }
((tries=tries-1))
((tries=tries-1)) || true
[ $tries -eq 0 ] && return 1
sleep $waitfor
done
@ -519,14 +539,12 @@ check_lock() {
# All things networking
enable_ip_forwarding() {
local interface=$1
modprobe nf_conntrack
cat <<EOF > /etc/sysctl.d/40-ip-forward.conf
net.ipv4.ip_forward=1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.conf.$interface.send_redirects=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.default.forwarding = 1
@ -548,6 +566,7 @@ register_service_dns() {
[ -n "SERVICEPRIVATE" ] && _IP=$IP_ADDRESS
route53.py --fqdn "${SERVICENAME}.${DNSZONE}" --record $_IP
# Register shutdown hook to remove DNS entry on terminate
cat <<EOF >> /etc/local.d/route53.stop
echo "Deleting Route53 record for ${SERVICENAME}.${DNSZONE}" >> /tmp/shutdown.log
route53.py --delete --fqdn "${SERVICENAME}.${DNSZONE}" --record ${PUBLIC_IP_ADDRESS:-$IP_ADDRESS}
@ -561,8 +580,8 @@ EOF
# associate EIP
# return 0 if we attache EIP
# return 1 if we public did NOT change
# return 0 if we attached an EIP
# return 1 if we the public IP did NOT change or other error
associate_eip() {
local instance_id=$1
local eip=$(echo $2 | sed -e 's/\/32//' | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)") || true
@ -609,16 +628,20 @@ disable_source_dest_check() {
# Register ourself at route tables
register_routes() {
local rtb_id_list=$1
local route_cidr=${2:-"0.0.0.0/0"}
local rtb_id_list="$1"
local route_cidr="$2"
for cidr in ${route_cidr//,/ }; do
if [ "$cidr" != "$VPC_CIDR_RANGE" ]; then
for rt in ${rtb_id_list//,/ }; do
[[ "$rt" =~ ^rtb-[a-f0-9]*$ ]] || { log -t user-data warn "Invalid Route Table ID: $rt"; return 1; }
if [[ "$rt" =~ ^rtb-[a-f0-9]*$ ]]; then
aws ec2 create-route --route-table-id $rt --destination-cidr-block "${cidr}" --instance-id ${INSTANCE_ID} || \
aws ec2 replace-route --route-table-id $rt --destination-cidr-block "${cidr}" --instance-id ${INSTANCE_ID}
else
log -t user-data warn "Invalid Route Table ID: $rt"
fi
done
fi
done
}
@ -632,17 +655,16 @@ setup_nat() {
setup_fluentbit() {
local token="cloudbender"
local key="cloudbender"
local host="$1"
if [[ $FLUENTDURL == *@* ]]; then
token=${FLUENTDURL%%@*}
FLUENTD_URL=${FLUENTDURL##*@}
if [[ "$host" =~ "@" ]]; then
key=${host%%@*}
host=${host##*@}
fi
LOG_FILES=$FLUENTDLOGFILES
# Add a local file based syslog parser which does not require Priority
# add some AWS metadata
cat <<EOF > /etc/fluent-bit/metadata.conf
# add some AWS metadata
[FILTER]
Name record_modifier
Match *
@ -654,22 +676,21 @@ setup_fluentbit() {
Record source.artifact $ARTIFACT
EOF
# install logrotate fragment
cat <<EOF > /etc/logrotate.d/fluentbit
/var/log/fluentbit.log
{
rotate 3
missingok
notifempty
compress
maxsize 10M
daily
postrotate
rc-service fluent-bit restart
endscript
}
# Configure output
cat <<EOF > /etc/fluent-bit/output.conf
[OUTPUT]
Match *
Name forward
Host $host
Port 24224
Shared_Key $key
tls on
Send_options true
Require_ack_response true
EOF
rc-update add fluent-bit default
rc-service fluent-bit start
LOG_FILES=$LOGGING_FILES
## TODO:
# Add parameter parsing for custom logfile tailing
}

View File

@ -0,0 +1,36 @@
# From https://chromium.googlesource.com/chromiumos/third_party/dhcpcd/+/refs/tags/dhcpcd-6.0.0/dhcpcd-hooks
# Configure the MTU for the interface
mtu_dir="$state_dir/mtu"
set_mtu()
{
local mtu=$1
if [ -w /sys/class/net/$interface/mtu ]; then
echo "$mtu" >/sys/class/net/$interface/mtu
else
ifconfig "$interface" mtu "$mtu"
fi
}
if [ "$reason" = PREINIT -a -e "$mtu_dir/$interface" ]; then
rm "$mtu_dir/$interface"
elif [ -n "$new_interface_mtu" ] && $if_up; then
# The smalled MTU dhcpcd can work with is 576
if [ "$new_interface_mtu" -ge 576 ]; then
if set_mtu "$new_interface_mtu"; then
syslog info "MTU set to $new_interface_mtu"
# Save the MTU so we can restore it later
if [ ! -e "$mtu_dir/$interface" ]; then
mkdir -p "$mtu_dir"
echo "$ifmtu" > "$mtu_dir/$interface"
fi
fi
fi
elif [ -e "$mtu_dir/$interface" ]; then
if $if_up || $if_down; then
# No MTU in this state, so restore the prior MTU
mtu=$(cat "$mtu_dir/$interface")
syslog info "MTU restored to $mtu"
set_mtu "$mtu"
rm "$mtu_dir/$interface"
fi
fi

View File

@ -28,6 +28,8 @@ echo 'syslog-ng: all to /var/log/messages as json, rotate hourly'
echo ":2345:respawn:/usr/bin/monit -Ic /etc/monitrc.zdt" >> /etc/inittab
echo 'Enable monit via inittab'
# QoL
[ -f /etc/profile.d/color_prompt.sh.disabled ] && mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh || true
# QoL - color prompt even for doas bash
[ -f /etc/profile.d/color_prompt.sh.disabled ] && mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh
ln -sf /etc/profile.d/color_prompt.sh /etc/bash/color_prompt.sh
echo 'alias rs="doas bash"' > /etc/profile.d/alias.sh