Feat: KubeZero v1.26.6

This commit is contained in:
Stefan Reimer 2023-07-04 15:10:30 +00:00
parent 582fbd5da3
commit c850734f9a
34 changed files with 329 additions and 152 deletions

View File

@ -1,5 +1,5 @@
FROM alpine:3.17
ARG ALPINE="v3.17"
FROM alpine:3.18
ARG ALPINE="v3.18"
ARG BUILDUSER=alpine
RUN echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \

View File

@ -4,7 +4,7 @@ REGION := us-east-1
include .ci/podman.mk
BUILDER := v3.17.3
BUILDER := v3.18.2
PKG := '*'
CF_DIST := E1YFUJXMCXT2RN

View File

@ -11,7 +11,7 @@ if [ "$1" = 'aarch64-toolchain' ]; then
else
# Set ENV for cross compile for aarch64
if [ "$2" = "cross-arm64" ]; then
ALPINE="v3.16"
ALPINE="v3.18"
TARGET_ARCH=aarch64
SUDO_APK=abuild-apk
APORTS=/home/alpine/aports

View File

@ -1,7 +1,7 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=aws-neuron-driver
pkgver=2.8.4.0
pkgver=2.10.11.0
pkgrel=0
pkgdesc="Linux Kernel module for AWS Neuron INF instances"
url="https://awsdocs-neuron.readthedocs-hosted.com/en/latest/release-notes/index.html#"
@ -42,5 +42,5 @@ package() {
}
sha512sums="
1fa536cf32fb9a0d383e73c6694ddbdee38a775a25a7d0013322c4e4b4c724d546082f88ac1c8e485e808312d7821453a9d27391e98f613431ccff0081a76483 aws-neuron-driver-2.8.4.0.deb
0fdbc1ebd12044be77714affd427c198f72ce04f0236a100e49642fbdb143a4e6c1156f4555ac0fe8baa6bea09420408bbb1cfd2857f29d54e615b22193afd0d aws-neuron-driver-2.10.11.0.deb
"

View File

@ -3,7 +3,7 @@
# Contributor: TBK <alpine@jjtc.eu>
# Maintainer: ungleich <foss@ungleich.ch>
pkgname=cri-o
pkgver=1.25.3
pkgver=1.26.3
pkgrel=0
pkgdesc="OCI-based implementation of Kubernetes Container Runtime Interface"
url="https://github.com/cri-o/cri-o/"
@ -14,12 +14,12 @@ license="Apache-2.0"
options="net chmod-clean !check"
depends="
cni-plugins
conmon
conntrack-tools
conmon
containers-common
iproute2
iptables
runc
oci-runtime
"
makedepends="
bash
@ -35,33 +35,41 @@ makedepends="
ostree-dev
tzdata
"
checkdepends="bats cri-tools jq parallel sudo"
checkdepends="bats cri-tools jq parallel sudo conmon"
subpackages="
$pkgname-doc
$pkgname-bash-completion
$pkgname-zsh-completion
$pkgname-fish-completion
$pkgname-contrib-cni:contrib_cni:noarch
$pkgname-openrc
"
source="https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz
source="
$pkgname-$pkgver.tar.gz::https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz
crio.conf
crio.initd
crio.logrotated
cni-plugins-path.patch
makefile-fix-install.patch
fix-test.patch
remove-systemd-files.patch
"
# secfixes:
# 1.23.2-r0:
# - CVE-2022-0811
# 1.24.1-r0:
# - CVE-2022-1708
# 1.26.2-r0:
# - CVE-2022-4318
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
export GOBIN="$GOPATH/bin"
build() {
export GOPATH="$srcdir"
export GOBIN="$GOPATH/bin"
# https://github.com/cri-o/cri-o/blob/master/install.md#build-tags
make BUILDTAGS="seccomp selinux containers_image_openpgp containers_image_ostree_stub apparmor"
make BUILDTAGS="seccomp selinux apparmor containers_image_openpgp containers_image_ostree_stub"
}
check() {
@ -75,23 +83,21 @@ package() {
mkdir -p "$pkgdir"/usr/share/oci-umount/oci-umount.d/
ln -sf /etc/crio/crio-umount.conf "$pkgdir"/usr/share/oci-umount/oci-umount.d/crio-umount.conf
# The CNI plugins are recommended to be installed as examples
install -Dm644 contrib/cni/*.conflist -t "$pkgdir"/usr/share/doc/cri-o/examples/cni/
install -Dm755 "$srcdir"/crio.initd "$pkgdir"/etc/init.d/crio
install -Dm644 "$srcdir"/crio.conf "$pkgdir"/etc/crio/crio.conf
install -Dm644 "$srcdir"/crio.logrotated "$pkgdir"/etc/logrotate.d/crio
}
contrib_cni() {
pkgdesc="$pkgname contrib cni config files"
mkdir -p "$subpkgdir"/etc/cni/net.d
cp "$builddir"/contrib/cni/*.conf "$subpkgdir"/etc/cni/net.d
}
sha512sums="
39b162c55141af009879f600c4b6cf91b6d710392bf07783080efe195f3ece1a0ed186eeadaf3a84bbed11a376995c3fab3c951a6d7ed14bb7e85b39e7920e21 cri-o-1.25.3.tar.gz
e026f056ed92489413e16ed7955a9dcd7d1f4df1cc28e3ea785771b44d43811fea4f5b953cc46bc0c4aeac8ad07115bfff304d7516ebd24f2e58fe782ff812c8 crio.conf
29561e95398975748236217bbd9df64997f6e3de6c0555d007306bd0535895a648368385a13079eb7d52c06249a91980523a73b6563e86d0575d9cd9c3fa4ee9 crio.initd
58718db358d35b61e5edb8a16185bc534337a1ebfaf0d40ab17efb73c266fb2c337fad3cf92a7d8bcc7a02c4e2180b2b79a5896eb635b43334bcc1366b12baf8 cri-o-1.26.3.tar.gz
1f60719677295c9c5c615eb25d9159bde0af68a132eee67747f57fe76642d457c98c896c6189f85637d7b4ac24ba55fd9eaeb1699f43c3c5077b645f72a479fb crio.conf
26048a219bc426ef4a4f50e96d6e0ded1c55dc8415df9a2773764d2ebcb3d9e91077b2916da1ff32674ca4a53062e41e185503d671dacc3167a018b0066347e1 crio.initd
1115228546a696eeebeb6d4b3e5c3152af0c99a2559097fc5829d8b416d979c457b4b1789e0120054babf57f585d3f63cbe49949d40417ae7aab613184bf4516 crio.logrotated
0a567dfa431ab1e53f2a351689be8d588a60cc5fcdbda403ec4f8b6ab9b1c18ad425f6c47f9a5ab1491e3a61a269dc4efa6a59e91e7521fa2b6bb165074aa8e0 cni-plugins-path.patch
f9577aa7b1c90c6809010e9e406e65092251b6e82f6a0adbc3633290aa35f2a21895e1a8b6ba4b6375dcad3e02629b49a34ab16387e1c36eeb32c8f4dac74706 makefile-fix-install.patch
1c1bfa5feeb0c5ddc92271a5ef80edc38d56afa1574ffc124605d5bb227a407b55dd5268df6cebc6720768ac31245e08b7950e5ab2b7f14ba934c94f1e325f86 fix-test.patch
78c150f87027de489289596371dce0465159ced0758776b445deb58990e099de9c654406183c9da3cc909878b24d28db62121b7056cd180a6f2820e79e165cc6 remove-systemd-files.patch
"

View File

@ -3,3 +3,9 @@
# Overide defaults to not use systemd cgroups.
conmon_cgroup = "pod"
cgroup_manager = "cgroupfs"
default_runtime = "crun"
[crio.runtime.runtimes.crun]
runtime_type = "oci"
runtime_root = "/run/crun"

View File

@ -21,6 +21,8 @@ checkconfig() {
/var/log/${RC_SVCNAME}
checkpath --file --owner root:root --mode 0644 \
/var/log/${RC_SVCNAME}/${RC_SVCNAME}.log
checkpath --directory --owner root:root --mode 0750 \
/var/lib/crio
}
start() {

View File

@ -1,26 +1,45 @@
--- a/test/helpers.bash
+++ b/test/helpers.bash
@@ -68,7 +68,7 @@
# The default log directory where all logs will go unless directly specified by the kubelet
DEFAULT_LOG_PATH=${DEFAULT_LOG_PATH:-/var/log/crio/pods}
# Cgroup manager to be used
-CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-systemd}
+CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-cgroupfs}
# Image volumes handling
CONTAINER_IMAGE_VOLUMES=${CONTAINER_IMAGE_VOLUMES:-mkdir}
# Container pids limit
@@ -166,7 +166,7 @@
# Copy all the CNI dependencies around to ensure encapsulated tests
CRIO_CNI_PLUGIN="$TESTDIR/cni-bin"
mkdir "$CRIO_CNI_PLUGIN"
- cp /opt/cni/bin/* "$CRIO_CNI_PLUGIN"
+ cp /usr/libexec/cni/* "$CRIO_CNI_PLUGIN"
cp "$INTEGRATION_ROOT"/cni_plugin_helper.bash "$CRIO_CNI_PLUGIN"
sed -i "s;%TEST_DIR%;$TESTDIR;" "$CRIO_CNI_PLUGIN"/cni_plugin_helper.bash
diff --git a/test/cgroups.bats b/test/cgroups.bats
index 8beb6f06..80193413 100644
--- a/test/cgroups.bats
+++ b/test/cgroups.bats
@@ -45,6 +45,10 @@ EOF
}
@test "conmon pod cgroup" {
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
+ skip "need systemd cgroup manager"
+ fi
+
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_CONMON_CGROUP="pod" start_crio
jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \
@@ -61,6 +65,10 @@ EOF
skip "not yet supported by conmonrs"
fi
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
+ skip "need systemd cgroup manager"
+ fi
+
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_MANAGE_NS_LIFECYCLE=false CONTAINER_CONMON_CGROUP="customcrioconmon.slice" start_crio
jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \
@@ -77,6 +85,10 @@ EOF
skip "not supported for conmon"
fi
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
+ skip "need systemd cgroup manager"
+ fi
+
configure_monitor_cgroup_for_conmonrs "customcrioconmon.slice"
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=true start_crio
diff --git a/test/cni_plugin_helper.bash b/test/cni_plugin_helper.bash
index 04492172..abae521e 100755
--- a/test/cni_plugin_helper.bash
+++ b/test/cni_plugin_helper.bash
@@ -43,7 +43,7 @@
@@ -48,7 +48,7 @@ EOT
. "$TEST_DIR"/cni_plugin_helper_input.env
rm -f "$TEST_DIR"/cni_plugin_helper_input.env
@ -29,16 +48,25 @@
if [[ "${DEBUG_ARGS}" == "malformed-result" ]]; then
cat <<-EOF
--- a/test/cgroups.bats
+++ b/test/cgroups.bats
@@ -26,6 +26,10 @@
}
@test "conmon custom cgroup" {
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
+ skip "need systemd cgroup manager"
+ fi
+
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_MANAGE_NS_LIFECYCLE=false CONTAINER_CONMON_CGROUP="customcrioconmon.slice" start_crio
jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \
diff --git a/test/helpers.bash b/test/helpers.bash
index f7f8e1f2..45b7dd58 100644
--- a/test/helpers.bash
+++ b/test/helpers.bash
@@ -38,7 +38,7 @@ CONTAINER_UID_MAPPINGS=${CONTAINER_UID_MAPPINGS:-}
CONTAINER_GID_MAPPINGS=${CONTAINER_GID_MAPPINGS:-}
OVERRIDE_OPTIONS=${OVERRIDE_OPTIONS:-}
# CNI path
-CONTAINER_CNI_PLUGIN_DIR=${CONTAINER_CNI_PLUGIN_DIR:-/opt/cni/bin}
+CONTAINER_CNI_PLUGIN_DIR=${CONTAINER_CNI_PLUGIN_DIR:-/usr/libexec/cni}
# Runtime
CONTAINER_DEFAULT_RUNTIME=${CONTAINER_DEFAULT_RUNTIME:-runc}
RUNTIME_BINARY_PATH=$(command -v "$CONTAINER_DEFAULT_RUNTIME")
@@ -70,7 +70,7 @@ CHECKCRIU_BINARY=${CHECKCRIU_BINARY:-${CRIO_ROOT}/test/checkcriu/checkcriu}
# The default log directory where all logs will go unless directly specified by the kubelet
DEFAULT_LOG_PATH=${DEFAULT_LOG_PATH:-/var/log/crio/pods}
# Cgroup manager to be used
-CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-systemd}
+CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-cgroupfs}
# Image volumes handling
CONTAINER_IMAGE_VOLUMES=${CONTAINER_IMAGE_VOLUMES:-mkdir}
# Container pids limit

View File

@ -1,8 +1,8 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=cri-tools
pkgver=1.24.2
pkgrel=0
pkgver=1.26.1
pkgrel=1
pkgdesc="CLI tool for Kubelet Container Runtime Interface (CRI)"
url="https://github.com/kubernetes-sigs/cri-tools"
arch="x86_64 aarch64 ppc64le s390x armv7 x86"
@ -11,15 +11,21 @@ makedepends="go"
options="!check" # no check available
source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes-sigs/cri-tools/archive/v$pkgver.tar.gz"
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
build() {
make all
}
check() {
make test
}
package() {
install -Dm755 build/bin/crictl "$pkgdir/usr/bin/crictl"
install -Dm755 build/bin/critest "$pkgdir/usr/bin/critest"
make BINDIR="$pkgdir"/usr/bin install
}
sha512sums='
9b5907b37bb5f00295eff4fa4207ae55d930feae7e0f48fa130c7ecc936bcd259a11d59ed240684a3e12c8bcee40f2c67d7f4af52c2a76df3d7bf82e5e388a75 cri-tools-1.24.2.tar.gz
'
sha512sums="
1900b5d22a20ab1f01c13832be4dcf1e9845b64afb3cdcb6169752bbb20a6e69dcbb6ccc8d31b9d4bf091bf81aa04b9979544586763ea985499f229e7ab2a39d cri-tools-1.26.1.tar.gz
"

View File

@ -1,8 +1,8 @@
# Contributor: Christian Kampka <christian@kampka.net>
# Maintainer:
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=docker-registry
pkgver=2.9.0_git20230327
pkgrel=1
pkgver=2.8.2_git20230519
pkgrel=0
pkgdesc="An implementation of the Docker Registry HTTP API V2 for use with docker 1.6+"
url="https://github.com/distribution/distribution"
# riscv64 blocked by dependency panicwrap
@ -14,7 +14,7 @@ pkgusers="docker-registry"
pkggroups="docker-registry"
subpackages="$pkgname-openrc"
#source="$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz
source="$pkgname-$pkgver.tar.gz::$url/archive/0c958010ace2e0c2a87f1bf9915b7c74157dfb62.tar.gz
source="$pkgname-$pkgver.tar.gz::$url/archive/983358f8e2509bf8ae196a8e135180a2c5b11264.tar.gz
docker-registry.initd
config-example.patch"
builddir="$srcdir/src/github.com/docker/distribution"
@ -23,7 +23,7 @@ options="chmod-clean"
prepare() {
mkdir -p "${builddir%/*}"
#mv "$srcdir"/distribution-$pkgver "$builddir"
mv "$srcdir"/distribution-0c958010ace2e0c2a87f1bf9915b7c74157dfb62 "$builddir"
mv "$srcdir"/distribution-* "$builddir"
}
build() {
@ -57,7 +57,7 @@ package() {
}
sha512sums="
baf540b81d5f736e105eb2c05f5f4775c61ace3118f965a52b7b477a596291e12b33e56f882ce364731e9701ae6e9b2e09add3bcf8a1a11bb25eb54833c14368 docker-registry-2.9.0_git20230327.tar.gz
8ceb8b994085bc6522e8a203785bd670977117988d391023148a4153e3c150ad7c17fb98de863c4c2300714022444dc5141a75a2899b8b0f04cbbdc17794b5c7 docker-registry-2.8.2_git20230519.tar.gz
96100a4de311afa19d293a3b8a63105e1fcdf49258aa8b1752befd389e6b4a2b1f70711341ea011b450d4468bd37dbd07a393ffab3b9aa1b2213cf0fdd915904 docker-registry.initd
5a38f4d3f0ee5cd00c0a5ced744eb5b29b839da5921adea26c5de3eb88b6b2626a7ba29b1ab931e5f8fbfafbed8c94cb972a58737ec0c0a69cf515c32139e387 config-example.patch
"

View File

@ -1,7 +1,7 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=ecr-credential-provider
pkgver=1.25.3
pkgver=1.26.1
pkgrel=0
pkgdesc="AWS Kubernetes ecr-credential-provider"
url="https://github.com/kubernetes/cloud-provider-aws"
@ -24,5 +24,5 @@ package() {
}
sha512sums="
d727c01ea98608b0b51edc2bfe892218b55eee7148e358e18387f3f4a52ad765f8d0ee372884e36f95f1303c13dbeba81926f7560c325a8d3c258da11cdfc24b ecr-credential-provider-1.25.3.tar.gz
59ec934a93b94290b0dce830a53301957842d8d45118471bb6eaa142b06dc37ed7f32e4c4a83f1f5341b0dda6745cfa7d8ebbac6d31378e3288857808f2aef71 ecr-credential-provider-1.26.1.tar.gz
"

59
kubezero/falco/APKBUILD Normal file
View File

@ -0,0 +1,59 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=falco
pkgver=0.35.1
pkgrel=0
pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud"
url="https://github.com/falcosecurity/falco"
arch="x86_64 aarch64"
license="AGPL-3.0"
makedepends="cmake bash linux-virt-dev linux-headers perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev"
#protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev jsoncpp-dev re2-dev"
options="!check"
source="$pkgname-$pkgver.tar.gz::https://github.com/falcosecurity/falco/archive/refs/tags/$pkgver.tar.gz"
subpackages="$pkgname-kernel" # $pkgname-plugins"
prepare() {
[[ -d build ]] || mkdir build
}
build() {
# Hack running the build inside a container other uname -r returns host kernel
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
cd build
cmake .. \
-DCMAKE_BUILD_TYPE=Release \
-DFALCO_VERSION=$pkgver \
-DCMAKE_INSTALL_PREFIX=/usr \
-DMUSL_OPTIMIZED_BUILD=On \
-DUSE_BUNDLED_DEPS=On
KERNELDIR=/lib/modules/$KERNEL_VERSION/build make -j4
}
package() {
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
cd build
make DESTDIR="${pkgdir}" KERNELDIR=/lib/modules/$KERNEL_VERSION/build install
# We dont build anything on targets so remove sources
rm -rf $pkgdir/usr/src
rm -rf $pkgdir/usr/lib
rm -rf $pkgdir/usr/include
}
kernel() {
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
depends="linux-virt~$(echo $KERNEL_VERSION | sed -e 's/-.*$//')"
cd src/$pkgname-$pkgver/build
mkdir -p "$subpkgdir"/lib/modules/$KERNEL_VERSION/kernel
gzip -9 -c driver/falco.ko > "$subpkgdir"/lib/modules/$KERNEL_VERSION/kernel/falco.ko.gz
}
sha512sums="
dc648d9b0a625a02320ff0235bbf4f4940e7ba40c684a8a1f972d34f0a3447b4a34e665d7fbc0ee1ec9a014f65f81a304dc76b4ec804fc7b4e448f330b9474af falco-0.35.1.tar.gz
"

View File

@ -1,7 +1,7 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=fluent-bit
pkgver=2.1.1
pkgver=2.1.5
pkgrel=0
pkgdesc="Fast and Lightweight Log processor and forwarder"
url="https://fluentbit.io/"
@ -27,6 +27,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/fluent/fluent-bit/archive/v$
fluent-bit.confd
fluent-bit.initd
chunkio-static-lib-fts.patch
fluent-bit.conf
zdt-parsers.conf
"
# enable check when this solved - https://github.com/fluent/fluent-bit/issues/2464#issuecomment-673280055
# Disable all things AWS to make tests pass
@ -83,11 +85,19 @@ package() {
"$pkgdir"/etc/conf.d/$pkgname
mv "$pkgdir"/usr/etc/* "$pkgdir"/etc
rm "$pkgdir"/etc/fluent-bit/fluent-bit.conf
mkdir -p "$pkgdir"/var/spool/fluent-bit
install -Dm644 "$srcdir/fluent-bit.conf" "$pkgdir/etc/fluent-bit/fluent-bit.conf"
install -Dm644 "$srcdir/zdt-parsers.conf" "$pkgdir/etc/fluent-bit/zdt-parsers.conf"
touch "$pkgdir"/etc/fluent-bit/metadata.conf
}
sha512sums="
8c682e41411cae42580636a8d55b3f6c09b729f8e25f7d4e4b306ff286e0aea91da9ebc1a57dee153a90117884cc2a9d4342cae0e860a2f5f74a8a8c4f3b1e81 fluent-bit-2.1.1.tar.gz
de9c6a4744223ed0f6f401adeb95956c90524feba6f592459ed517e1058f7e1a21f1c42910d3ac721be639264979ba3ebb5503cd7dc5874e1f676bf32a7e7df0 fluent-bit-2.1.5.tar.gz
f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949 fluent-bit.confd
8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f fluent-bit.initd
6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0 chunkio-static-lib-fts.patch
ea125b68825ae17bb6d08b1cbe7b3594d4844f7abb06465d7de0a39995dfa927087a28e592f40239792aee7f3494a8ba7a2d2373efc36f6ac712e802ace2f8a2 fluent-bit.conf
31899a3c68bbb43adb9025a3a46bad4ca0c740d5bca5c252c8667197575698d98ac4a3b6e11ee160c4bb8df0d0089b639bfd7d0ffa52391e6c4f8f734a6952a6 zdt-parsers.conf
"

View File

@ -0,0 +1,41 @@
[SERVICE]
Flush 5
Daemon Off
Log_Level info
log_file /var/log/fluent-bit.log
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
Health_Check On
parsers_file parsers.conf
parsers_file zdt-parsers.conf
plugins_file plugins.conf
storage.metrics on
storage.path /var/spool/fluent-bit
storage.sync normal
storage.checksum on
storage.backlog.mem_limit 5M
[INPUT]
Name tail
Path /var/log/messages
Parser syslog-ng-json
Tag system
DB /var/log/flb_kube.db
DB.Sync Normal
DB.locking true
@INCLUDE metadata.conf
[OUTPUT]
Match *
Name forward
Host fluentd
Port 24224
Shared_Key cloudbender
tls on
Send_options true
Require_ack_response true

View File

@ -0,0 +1,22 @@
[PARSER]
Name syslog-ng-json
Format json
Time_Key time
Time_Format %s.%L
# SQUID access.logs
# "%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s"
[PARSER]
Name squid-access
Format regex
Regex /^(?<time>\d+\.\d{1,3})\s+\d+\s(?<host>[^ ]*)\s(?<cache>\w+)\/(?<code>\d+)\s(?<size>\d+)\s(?<method>\S+)\s(?<request_url>[^ ]*)\s(?<user>\S+)\s(?<hierachy_code>\S+)\/(?<forward_host>[^ ]*)\s(?<content_type>\S+)$/
Time_Key time
Time_Format %s.%L
# Laravel logs
[PARSER]
Name laravel
Format regex
Regex /^\[(?<time>\d{4}-\d\d-\d\d \d\d:\d\d:\d\d)\]\s(?<ident>[a-zA-Z0-9]*)\.(?<severity>[a-zA-Z0-9]*):\s(?<message>.*)$/
Time_Key time
Time_Format %Y-%m-%d %H:%M:%S

View File

@ -5,14 +5,14 @@
# Contributor: Dave <dj.2dixx@gmail.com>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=kubernetes
pkgver=1.25.8
pkgver=1.26.6
pkgrel=0
pkgdesc="Container Cluster Manager"
url="https://kubernetes.io/"
# ppc64le: failed to build
arch="x86_64 aarch64 armv7 x86"
license="Apache-2.0"
options="!check chmod-clean" # Tests hang
options="!check chmod-clean net" # Tests hang
_kube_proxy_deps="iptables"
_kubelet_deps="iptables"
@ -72,9 +72,10 @@ _services="kube-apiserver kube-controller-manager kube-proxy kube-scheduler"
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
export FORCE_HOST_GO="y"
build() {
make generated_files
hack/update-codegen.sh
for _pkgs in $_agent $_cli $_services ; do
make -j1 GOFLAGS="-buildmode=pie -v -tags=providerless" GOLDFLAGS="-extldflags=-static" WHAT=cmd/$_pkgs
done
@ -207,9 +208,9 @@ _do_zshcomp() {
}
sha512sums="
30f1815de4d5bf3a091f1937c94e0e6cf0abc0f527488b72ec4a7d72c014bb8fef450abbf4c908f8a5b791e8d4ab501edb3f5c55af4e370359a952a6228362be kubernetes-1.25.8.tar.gz
c350bb0a63ada0cc3657fe07598101775243083aa1eabda898080b7b01b129e6fdd7ad1a61950cc039b73b081f38de3b856baedf5c075f39916be1547b11d184 make-e2e_node-run-over-distro-bins.patch
56201491d2dfe3a487931cbf5c6e60af898701b9541a936d80e3823948fcfb98508e3d51f4aaa415ce971f7bd20a7b51f74f025c76b83f58d5a8de8ce0ab679b make-test-cmd-run-over-hyperkube-based-kubectl.patch
02a6ce3c0ec44dce5b03b97d4a544ac96d43a2342f172c176cbe83b269ffec4c3704f01f620eb11cfdc61728f8431ab6ffdbecc21e0cb29cb388b62c1a930cdf kubernetes-1.26.6.tar.gz
5427c2e653504cfd5b0bcaf195d4734ee40947ddfebc9f155cd96dddccfc27692c29d94af4ac99f1018925b52995c593b584c5d7a82df2f185ebce1a9e463c40 make-e2e_node-run-over-distro-bins.patch
94d07edfe7ca52b12e85dd9e29f4c9edcd144abc8d120fb71e2a0507f064afd4bac5dde30da7673a35bdd842b79a4770a03a1f3946bfae361c01dd4dc4903c64 make-test-cmd-run-over-hyperkube-based-kubectl.patch
e690daff2adb1013c92124f32e71f8ed9a18c611ae6ae5fcb5ce9674768dbf9d911a05d7e4028488cda886e63b82e8ac0606d14389a05844c1b5538a33dd09d1 kube-apiserver.initd
302b2a7ec715967c0aa7d1c177d4e55b26e37ebba8d04dd37ecf627d20042fe91cd7e6192ff9d71422129b0ea54a9eec6046f505af550548bd450998924f37ee kube-apiserver.confd
1a4bcd54dafaedc614e34bbadc2a1163f003b5925d47552fb2c47049c033c147e612171e263d9659d189fc2d95688a0b7153322d8dba97c083c079fdef6c400e kube-apiserver.logrotated

View File

@ -1,10 +1,10 @@
diff --git a/hack/make-rules/test-e2e-node.sh b/hack/make-rules/test-e2e-node.sh
index fb0720a7..43a57c1f 100755
index f468d36b..a115aab9 100755
--- a/hack/make-rules/test-e2e-node.sh
+++ b/hack/make-rules/test-e2e-node.sh
@@ -240,6 +240,6 @@ else
--alsologtostderr --v 4 --report-dir=${artifacts} --node-name $(hostname) \
${test_args}" --runtime-config="${runtime_config}" \
@@ -225,6 +225,6 @@ else
--test-flags="--v 4 --report-dir=${artifacts} --node-name $(hostname) ${test_args}" \
--runtime-config="${runtime_config}" \
--kubelet-config-file="${kubelet_config_file}" \
- --build-dependencies=true 2>&1 | tee -i "${artifacts}/build-log.txt"
+ --k8s-bin-dir "/usr/bin" --build-dependencies=true 2>&1 | tee -i "${artifacts}/build-log.txt"

View File

@ -1,8 +1,8 @@
diff --git a/hack/lib/test.sh b/hack/lib/test.sh
index 62a6765f..775d1d96 100644
index 36ea5f04..045de151 100644
--- a/hack/lib/test.sh
+++ b/hack/lib/test.sh
@@ -77,12 +77,12 @@ kube::test::object_assert() {
@@ -78,12 +78,12 @@ kube::test::object_assert() {
local object=$2
local request=$3
local expected=$4
@ -11,8 +11,8 @@ index 62a6765f..775d1d96 100644
for j in $(seq 1 "${tries}"); do
# shellcheck disable=SC2086
# Disabling because "args" needs to allow for expansion here
- res=$(eval kubectl get "${kube_flags[@]}" ${args} "${object}" -o go-template=\""${request}"\")
# Disabling because to allow for expansion here
- res=$(kubectl get "${kube_flags[@]}" ${args} ${object} -o go-template="${request}")
+ res=$(eval kubectl ${args} get "${kube_flags[@]}" ${get_args} "${object}" -o go-template=\""${request}"\")
if [[ "${res}" =~ ^$expected$ ]]; then
echo -n "${green}"

View File

@ -1,7 +1,7 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=kubezero
pkgver=1.25
pkgver=1.26
pkgrel=0
pkgdesc="KubeZero release package"
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/kubezero"
@ -29,7 +29,10 @@ source="
evictLocalNode.sh
"
IMAGES="quay.io/cilium/cilium:v1.13.1 ghcr.io/k8snetworkplumbingwg/multus-cni:v3.9.3"
IMAGES="
quay.io/cilium/cilium:v1.13.4
ghcr.io/k8snetworkplumbingwg/multus-cni:v3.9.3
"
build() {
for i in $IMAGES; do
@ -58,6 +61,6 @@ imagecache() {
}
sha512sums="
b0cadf577ea912630efabf8d104f2edaa79bd1697a1f9224ce8a75354dd204196c6d3c15c0318afa44be10be9696ce20ef0015198ee0b74050897d164f77ae60 shared-sys-fs.start
ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc58de8bf577059e6f19b417655b5301ef8c32deff67a29dff shared-sys-fs.start
fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593 evictLocalNode.sh
"

View File

@ -1,3 +1,4 @@
#!/bin/sh
mount --make-shared /sys/fs/cgroup
mount --make-shared /sys/fs/bpf
mount --make-shared /sys

View File

@ -1,8 +1,8 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=nvidia-container-toolkit
pkgver=1.10.0
pkgrel=1
pkgver=1.13.2
pkgrel=0
pkgdesc="NVIDIA Container toolkit incl. cri hooks"
url="https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html"
arch="x86_64"
@ -67,12 +67,12 @@ package() {
install -Dm644 config.toml "$pkgdir"/etc/nvidia-container-runtime/config.toml
}
sha512sums='
23ba2aec28f01c0037bbb4812ea542589e96f6527cf49468a4a7c54ca05808cf0984a8dfe13ee3455b8c6ae8468c58590f9e1e6996927c710bcf3e545772a356 libnvidia-container1_1.10.0-1_amd64.deb
c5369c832bd91703e6e6e86a4431c2eebb2ddeaadff126174b41ed11e969dc8cc49dcab26b3ac18abb43b466a86ce76908eaa2f5e4109c689a0c3a4fa47548b5 libnvidia-container-tools_1.10.0-1_amd64.deb
3043729bd96dd153db1dc317685167f34da6b9d202134335212fb7d861532a265a59e002c86fff2664c67687f4c8bcc75913c74018930a6c68c0f2044eceacf0 nvidia-container-toolkit_1.10.0-1_amd64.deb
sha512sums="
0edd50e9d42d345bcc26410752ac50425a5806144b0fdd4f6eea07f62501a325a3f58e74d68b6bb2a834b33977ddcc86723b1d96c4ae9664827ad86b4756172b libnvidia-container1_1.13.2-1_amd64.deb
3d61c5e610402344411f40db7b9da090b4de467f170779eac7fd8787bd5c30035128196b265a55af5ddadee704056dbcdf30b5cfb0ed72e90ea307db25285b1d libnvidia-container-tools_1.13.2-1_amd64.deb
f15af5460823667476e8b788708d1b76e81b73e99e0c6c9a045c830160ab2bb78988de1b4ad1963656f590faa1c5ee415b951275704fd77849d16a0ef712ed4a nvidia-container-toolkit_1.13.2-1_amd64.deb
694a3ec64ef3056d5874ff03b889b868c294bccb16506468fdf1c289fe3aaadc2da25a5934de653af9633a5d993d2bb21491d84b3b2e2529e6b31d92c78a2228 libcap2_2.25-2_amd64.deb
5a4eaa96e6e774948889909d618a8ed44a82f649cbba11622dc7b4478098bea006995d5a5a60ca026a57b76ad866d1e2c6caebd154a26eb6bd7e15291b558057 libseccomp2_2.3.3-4_amd64.deb
040ac2e3f58549dc09e5bce0d694e4be2f6aae736014bf0ee90042646562d5f1ef1f5990eb9f2c2a2fdf504587b82f4aa0eb99d04c5d3e407670e4012e3edd4e config.toml
cf5673231d1862e3ec03f792cddf54ff27237656f762c3f42b6d7e1584de2201c487861ac399ab26951b5dbf3e3cd9b4451dbf61f02b55e0991889b507319764 oci-nvidia-hook.json
'
"

View File

@ -1,7 +1,8 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=nvidia-drivers
pkgver=515.65.01
#pkgver=535.54.03
pkgver=525.125.06
pkgrel=0
pkgdesc="NVIDIA Driver"
url="https://www.nvidia.com/download/index.aspx"
@ -27,7 +28,7 @@ package() {
cd "$srcdir"/NVIDIA-Linux-x86_64-$pkgver
# GSP firmware
cp firmware/gsp.bin "$pkgdir"/lib/firmware/nvidia/"$pkgver"/gsp.bin
cp firmware/*.bin "$pkgdir"/lib/firmware/nvidia/"$pkgver"/
# Various bins
SBINS="nvidia-smi nvidia-debugdump nvidia-cuda-mps-control nvidia-cuda-mps-server nvidia-persistenced"
@ -54,6 +55,6 @@ package() {
done
}
sha512sums='
5221a4ac071eb39a37a841f19cfe4983286dc35e918956b40604404ef36c122612475df7b9a391a9a70bd60f44e598c8a0e5ec54ccc3e90d51f01e1b2fbe5e33 NVIDIA-Linux-x86_64-515.65.01.run
'
sha512sums="
a5f13b633d111d9dc928e8522cd916a2b756fccbf2dc532649762a3f9bdc5503bd57c9c698da8205c49e82720b45789413a1afc26be77d741f823b49ae2f333d NVIDIA-Linux-x86_64-525.125.06.run
"

View File

@ -1,7 +1,8 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=nvidia-open-gpu
pkgver=515.65.01
#pkgver=535.54.03
pkgver=525.125.06
pkgrel=0
pkgdesc="NVIDIA Linux open GPU kernel modules"
url="https://github.com/NVIDIA/open-gpu-kernel-modules"
@ -43,8 +44,8 @@ package() {
install -Dm755 "$srcdir"/create-nvidia-uvm-dev-node.sh "$pkgdir"/usr/sbin/create-nvidia-uvm-dev-node.sh
}
sha512sums='
c2ff6fd02272b6981a65e7e14c6b636f0113e21da910898c27682f58e60fa8e6deea3670081c57e4961fb5e7794eef8eddb90d134ba1892536a8468c5dc9d669 nvidia-515.65.01.tar.gz
sha512sums="
4cedcf56e87c93354bc56d168de64b30866cf0b8fba2d2861ac60893b43f8140fa29626c4825af8250c420f9228fd1b64c93750cc50dd210040b4e7c4927e90a nvidia-525.125.06.tar.gz
b16b86ded8601ff802477e2b191c5728290014f90bb85ad6ec0e5b7e84f8004c467f5b6c66b80dc5d205fb70a3900ac286764a3829ca3ad3b8a3a5fd0b73a702 91-nvidia.rules
8335bd69c482da1f67b5cddd31a0b40d01b5c627aeca137b40ac7776cb3e7475767bec808a972ed739c26914207aca264324c41496f6fb579d910c8477f7cc1c create-nvidia-uvm-dev-node.sh
'
"

View File

@ -1,7 +1,7 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=zdt-base
pkgver=0.1.2
pkgver=0.3.18
pkgrel=0
pkgdesc="ZeroDownTime Alpine additions and customizations"
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
@ -28,7 +28,6 @@ source="
monit_alert.sh.aws
neofetch.conf
zdt-ascii.txt
dhclient.conf
profile
route53.py
get_iam_sshkeys.py
@ -50,9 +49,6 @@ package() {
mkdir -p "$pkgdir"/etc/cloudbender "$pkgdir/home/alpine"
install -Dm644 "$srcdir/profile" "$pkgdir/home/alpine/.profile"
# dhcp tuning for MTU
install -Dm644 "$srcdir"/dhclient.conf "$pkgdir"/etc/dhcp/dhclient.conf
# various sysctl tunings
install -Dm644 "$srcdir"/zdt-sysctl.conf "$pkgdir"/etc/sysctl.d/60-zdt.conf
@ -93,24 +89,23 @@ aws() {
}
sha512sums="
92e669eb440dbc89e083e3b61c9f9fa871bedfdca404b8c3533fa1caec0d061f428c39697921c68c49d3de9af2043946d9baf989ba47482827d5626fe9f3e479 cb_base.sh
13944b955f3c2db54674cd84d58950fc9d8ca522d96081f05ed9bfef8289e30c3dd508796c94d9b283b9c168aadc70f9a934442ec48a5c0c9f25578e62ea0b78 cb_base.sh
3e02b858680d751b2c1fb22feeec2b767e328fdf007d9fb6687f309e62630467e982cc33d47c4417311938d35bb17dc210f9e0a40b90298dc22cf142f022c124 cb_lock.sh
f392ae57c4a5ccc019eb5fcc191429a4ba81b2593bfb12bab3b3da3365342b2b89908dfd90d8debf813e3455a61ff8d123f49fa4adce8ea44c06d9db1f7b7e19 cb_volumes.sh
89a27da781fe302aaed9ed7dcd1b8fc8b94f39802f86b1faeedee50d68a9d61fcbfe037bc29a938994c507cbcda08d86d2c387db118408ca9b7d085f99bb0a17 cb_init.sh
d7bb357e25aa797b68185036814f1b34d4d6b098de43ef0cf3b71011ebee3d6c2e4bd8fa73a5c7dd6f37c6bbbf3c9c344461a9507346104d4fe783dd1f8b2e23 cb_volumes.sh
4ccae4451de8fa83d1a73182ad539ca218a98f68f0bbfe2fc4d99ade75e802e3baa65b4a0e00ae2a0b3c870e6467b219d1c5a22e04f3930c3efd7de6c3cf38ab cb_init.sh
9c688e08e44ae965eaa6021e005f65077690c30fe6b2de7371c57ae3a53a18f12a356587261c950b8c900f73cb35af3ba7795d33181532b485aeee3b6ca41757 cloudbender-early.init
46500f8dc08e2e5e5d34886225ef4993f02da9f0a8b55107e886337ec1318fe683a172c398d1236e8f2559b57e0aba66238725e0a20e0440e1423d71aa3d77ea cloudbender.init
7fea4ed0ebcf781ae197962c9f6d287c66e7380c758126a1b46c711baf3c7e93d6ccf1d536dada590ca02a7f7b271fd5ecb0dcb4854772cc8b1b70d379249f65 cloudbender.init
b9479835d8667fa99f8b1b140f969f0464a9bb3c60c7d19b57e306cfe82357d453932791e446caded71fddd379161ae8328367f1ee75ae3afc1b85e12294b621 zdt-sysctl.conf
76e6a4f309f31bfa07de2d3b1faebe5670722752e18157b69d6e868cbe9e85eda393aed0728b0347a01a810eee442844c78259f86ff71e3136a013f4cbfaaea4 ps_mem.py
9d087f2d4403a9c6d4d2f06fbb86519f2b8b134d8eb305facaef07c183815f917fb7bac916d39d504dbab7fdf3321a3f70954dde57e8986cc223371715bb1c54 syslog-ng.conf
5376f4bf8356ce9249c45e78085073245181e8742c7b4be47c71dcd97a611ae125a7dfd3060502bdd591560af070334f89fe60dbc09c008926149c538ab0560a syslog-ng.conf
484bdcf001b71ce5feed26935db437c613c059790b99f3f5a3e788b129f3e22ba096843585309993446a88c0ab5d60fd0fa530ef3cfb6de1fd34ffc828172329 syslog-ng.logrotate.conf
1db58e670748bf9a507068251c21c9ca1744727bbf53fd925059239a58721f6f60c0bd357e4c52e9277a913640a6784e0025a7f3834868a1e93e9e1cbc66d5a6 syslog-ng.apparmor
e86eed7dd2f4507b04050b869927b471e8de26bc7d97e7064850478323380a0580a92de302509901ea531d6e3fa79afcbf24997ef13cd0496bb3ee719ad674ee syslog-ng.apparmor
b928ba547af080a07dc9063d44cb0f258d0e88e7c5a977e8f1cf1263c23608f0a138b8ffca0cdf5818ee72fccb3ce8433f877811be3107bb9c275dfff988179c monitrc
64944727d658ff37e7ff9d22a23869e225e104d9229756ba4fef1fc481c56f782472a1c74f8127636b4a98d4545ae30e7d35822a1f0a0fa31a59ec8eaf8c0396 monit_alert.sh.aws
346b0170ada6cc1207ffb7b8ef138a1570a63c7df4d57618aa4b6b6c0d2df2197b0f5b23578ec83c641ee5e724865ac06985222e125809c990467426a0851b72 neofetch.conf
532b8e2eb04942ab20bdc36b5dea1c60239fcbfcb85706123f3e05c18d65c938b85e9072d964ae5793177625a8db47b532db1f5bd5ed5ecbb70d5a331666ff54 zdt-ascii.txt
c565516121b9e6f9d5f769511eb900546753e67cc4208d1b388fdce44cd28699261a5c3905f9a168d4b2d45ac65ac3a2a6a95335f1bbd76d2f444d5f50ec5c9e dhclient.conf
c3e72cd92936b03f2b9eab5e97e9a12fcddcdf2c943342e42e7702e2d2407e00859c62dc9b4de3378688d2f05458aa5c104272af7ab13e53a62f1676d1a9a1b4 profile
2d419d5c25a3829e99326b09876f459e48ab66f5756a8ad39b406c0f2829f5a323e8ff512afd8f32b7b07f24c88efa911bee495ce6c4d1925194cb54d3ba57bd route53.py
00eaff6c0a506580340b2547c3b1602a54238bac6090a15516839411478a4b4fdc138668b8ad23455445131f3a3e3fda175ed4bb0dd375402641c0e7b69c3218 get_iam_sshkeys.py
816049360aa442f9e9aa4d6525795913cfe3dc7c6c14dc4ccad59c0880500f9d42f198edc442fe036bc84ba2690d9c5bc8ae622341d8276b3f14947db6b879b1 route53.py
7da28446762a36a6737c5b30becbce78775bd943b4d0c5ef938a50f49b4f51f66708434aa79004c19d16c56c83f54c8d6d68e1502ebc250c73f8aae12bed83c0 get_iam_sshkeys.py
8fd5dca9b9fdae61022f136215afa8adc0d199afcf26593bdd0bd1946d0f2efc5d7ed345704ef9642fbeedeeea007ed31b67fafe89289b749a560a045da45b8e uniq_hostname.py
"

View File

@ -17,7 +17,7 @@ retry() {
shift 2
while true; do
# Only use timeout of $1 is an executable, call directly if function
type -tf $1 >/dev/null && { timeout --preserve-status 30 $@ && return; } || { $@ && return; }
type -tf $1 >/dev/null && { timeout 30 $@ && return; } || { $@ && return; }
((tries=tries-1))
[ $tries -eq 0 ] && return 1
sleep $waitfor
@ -143,5 +143,8 @@ function exit_trap {
end_uptime=$(awk '{print $1}' < /proc/uptime)
log "Exiting user-data. Duration: $(echo "$end_uptime-$start_uptime" | bc) seconds"
# Shutdown / poweroff if we ran into error and not DEBUG
[ $ERR_CODE -ne 0 -a -z "$DEBUG" ] && poweroff
exit 0
}

View File

@ -1,8 +1,8 @@
# We built on top of tiny-cloud
. /etc/conf.d/tiny-cloud
. /etc/tiny-cloud.conf
IMDS_ENDPOINT="169.254.169.254"
. /lib/tiny-cloud/"$CLOUD"/imds
. /lib/tiny-cloud/cloud/"$CLOUD"/imds
_imds() {
wget --quiet --timeout 1 --output-document - \

View File

@ -1,7 +1,7 @@
#!/bin/sh
# We built on top of tiny-cloud
. /etc/conf.d/tiny-cloud
. /etc/tiny-cloud.conf
# archive orig /var, mount new var on top and restore orig var
copy_and_mount() {
@ -13,7 +13,7 @@ copy_and_mount() {
}
setup_var() {
for d in $(find /dev/sd?); do
for d in $(find /dev/xvd[a-z] /dev/sd[a-z]); do
# resolve to a valid block device
dev="$(realpath "$d")"
[ -b "$dev" ] || continue
@ -23,8 +23,8 @@ setup_var() {
case "$CLOUD" in
aws)
# on AWS look for sdx
if [ "$d" = "/dev/sdx" ]; then
# on AWS look for sdx/xvdx
if [ "$d" = "/dev/sdx" -o "$d" = "/dev/xvdx" ]; then
# check volume for existing filesystem
type=$(file -Lbs $d)
if [[ "$type" =~ "XFS filesystem" ]]; then

View File

@ -7,7 +7,7 @@ description="CloudBender - mount additional volumes, send shutdown messages"
depend() {
need net
before sshd
after tiny-cloud
after tiny-cloud-main
}
start() {

View File

@ -1,12 +0,0 @@
# Borrowed from Ubuntu 20.04LTS minimal EC2 AMi
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
timeout 300;

View File

@ -58,6 +58,7 @@ try:
Encoding="SSH",
)
if key["SSHPublicKey"]["Status"] == "Active":
print(key["SSHPublicKey"]["SSHPublicKeyBody"], user["UserName"])
print(key["SSHPublicKey"]
["SSHPublicKeyBody"], user["UserName"])
except:
pass

View File

@ -29,7 +29,8 @@ def update_dns(record_name, ips=[], ttl=180, action="UPSERT", record_type='A'):
{"Value": ip}
)
route53.change_resource_record_sets(HostedZoneId=zone_id, ChangeBatch=changeset)
route53.change_resource_record_sets(
HostedZoneId=zone_id, ChangeBatch=changeset)
parser = argparse.ArgumentParser(description='Update Route53 entries')
@ -49,4 +50,5 @@ action = "UPSERT"
if args.delete:
action = "DELETE"
update_dns(args.fqdn, args.record, action=action, ttl=args.ttl, record_type=args.record_type)
update_dns(args.fqdn, args.record, action=action,
ttl=args.ttl, record_type=args.record_type)

View File

@ -1,4 +1,6 @@
/proc/uptime r,
/var/lib/syslog-ng/syslog-ng.ctl rw,
@{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/loginuid r,
@{PROC}/@{pid}/sessionid r,
ptrace (read) peer=unconfined,

View File

@ -1,12 +1,12 @@
# syslog-ng, format all json into messages
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.23/administration-guide/63#TOPIC-1268643
@version: 3.36
@version: 4.1
@include "scl.conf"
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
dns_cache(no); owner("root"); group("adm"); perm(0640);
stats_freq(0); bad_hostname("^gconfd$"); frac-digits(6);
stats(freq(43200)); bad_hostname("^gconfd$"); frac-digits(6);
};
source s_sys { system(); internal();};

View File

@ -28,4 +28,3 @@ echo 'Enable monit via inittab'
# QoL
mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh || true
echo 'alias rs="doas bash"' > /etc/profile.d/alias.sh