Feat: KubeZero v1.26.6
This commit is contained in:
parent
582fbd5da3
commit
c850734f9a
@ -1,5 +1,5 @@
|
||||
FROM alpine:3.17
|
||||
ARG ALPINE="v3.17"
|
||||
FROM alpine:3.18
|
||||
ARG ALPINE="v3.18"
|
||||
ARG BUILDUSER=alpine
|
||||
|
||||
RUN echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE}/main" > /etc/apk/repositories && \
|
||||
|
2
Makefile
2
Makefile
@ -4,7 +4,7 @@ REGION := us-east-1
|
||||
|
||||
include .ci/podman.mk
|
||||
|
||||
BUILDER := v3.17.3
|
||||
BUILDER := v3.18.2
|
||||
PKG := '*'
|
||||
CF_DIST := E1YFUJXMCXT2RN
|
||||
|
||||
|
2
abuilder
2
abuilder
@ -11,7 +11,7 @@ if [ "$1" = 'aarch64-toolchain' ]; then
|
||||
else
|
||||
# Set ENV for cross compile for aarch64
|
||||
if [ "$2" = "cross-arm64" ]; then
|
||||
ALPINE="v3.16"
|
||||
ALPINE="v3.18"
|
||||
TARGET_ARCH=aarch64
|
||||
SUDO_APK=abuild-apk
|
||||
APORTS=/home/alpine/aports
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=aws-neuron-driver
|
||||
pkgver=2.8.4.0
|
||||
pkgver=2.10.11.0
|
||||
pkgrel=0
|
||||
pkgdesc="Linux Kernel module for AWS Neuron INF instances"
|
||||
url="https://awsdocs-neuron.readthedocs-hosted.com/en/latest/release-notes/index.html#"
|
||||
@ -42,5 +42,5 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
1fa536cf32fb9a0d383e73c6694ddbdee38a775a25a7d0013322c4e4b4c724d546082f88ac1c8e485e808312d7821453a9d27391e98f613431ccff0081a76483 aws-neuron-driver-2.8.4.0.deb
|
||||
0fdbc1ebd12044be77714affd427c198f72ce04f0236a100e49642fbdb143a4e6c1156f4555ac0fe8baa6bea09420408bbb1cfd2857f29d54e615b22193afd0d aws-neuron-driver-2.10.11.0.deb
|
||||
"
|
||||
|
@ -3,7 +3,7 @@
|
||||
# Contributor: TBK <alpine@jjtc.eu>
|
||||
# Maintainer: ungleich <foss@ungleich.ch>
|
||||
pkgname=cri-o
|
||||
pkgver=1.25.3
|
||||
pkgver=1.26.3
|
||||
pkgrel=0
|
||||
pkgdesc="OCI-based implementation of Kubernetes Container Runtime Interface"
|
||||
url="https://github.com/cri-o/cri-o/"
|
||||
@ -14,12 +14,12 @@ license="Apache-2.0"
|
||||
options="net chmod-clean !check"
|
||||
depends="
|
||||
cni-plugins
|
||||
conmon
|
||||
conntrack-tools
|
||||
conmon
|
||||
containers-common
|
||||
iproute2
|
||||
iptables
|
||||
runc
|
||||
oci-runtime
|
||||
"
|
||||
makedepends="
|
||||
bash
|
||||
@ -35,33 +35,41 @@ makedepends="
|
||||
ostree-dev
|
||||
tzdata
|
||||
"
|
||||
checkdepends="bats cri-tools jq parallel sudo"
|
||||
checkdepends="bats cri-tools jq parallel sudo conmon"
|
||||
subpackages="
|
||||
$pkgname-doc
|
||||
$pkgname-bash-completion
|
||||
$pkgname-zsh-completion
|
||||
$pkgname-fish-completion
|
||||
$pkgname-contrib-cni:contrib_cni:noarch
|
||||
$pkgname-openrc
|
||||
"
|
||||
source="https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz
|
||||
source="
|
||||
$pkgname-$pkgver.tar.gz::https://github.com/cri-o/cri-o/archive/v$pkgver/cri-o-$pkgver.tar.gz
|
||||
crio.conf
|
||||
crio.initd
|
||||
crio.logrotated
|
||||
cni-plugins-path.patch
|
||||
makefile-fix-install.patch
|
||||
fix-test.patch
|
||||
remove-systemd-files.patch
|
||||
"
|
||||
|
||||
# secfixes:
|
||||
# 1.23.2-r0:
|
||||
# - CVE-2022-0811
|
||||
# 1.24.1-r0:
|
||||
# - CVE-2022-1708
|
||||
# 1.26.2-r0:
|
||||
# - CVE-2022-4318
|
||||
|
||||
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
|
||||
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
|
||||
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
|
||||
export GOBIN="$GOPATH/bin"
|
||||
|
||||
build() {
|
||||
export GOPATH="$srcdir"
|
||||
export GOBIN="$GOPATH/bin"
|
||||
# https://github.com/cri-o/cri-o/blob/master/install.md#build-tags
|
||||
make BUILDTAGS="seccomp selinux containers_image_openpgp containers_image_ostree_stub apparmor"
|
||||
make BUILDTAGS="seccomp selinux apparmor containers_image_openpgp containers_image_ostree_stub"
|
||||
}
|
||||
|
||||
check() {
|
||||
@ -75,23 +83,21 @@ package() {
|
||||
mkdir -p "$pkgdir"/usr/share/oci-umount/oci-umount.d/
|
||||
ln -sf /etc/crio/crio-umount.conf "$pkgdir"/usr/share/oci-umount/oci-umount.d/crio-umount.conf
|
||||
|
||||
# The CNI plugins are recommended to be installed as examples
|
||||
install -Dm644 contrib/cni/*.conflist -t "$pkgdir"/usr/share/doc/cri-o/examples/cni/
|
||||
|
||||
install -Dm755 "$srcdir"/crio.initd "$pkgdir"/etc/init.d/crio
|
||||
install -Dm644 "$srcdir"/crio.conf "$pkgdir"/etc/crio/crio.conf
|
||||
install -Dm644 "$srcdir"/crio.logrotated "$pkgdir"/etc/logrotate.d/crio
|
||||
}
|
||||
|
||||
contrib_cni() {
|
||||
pkgdesc="$pkgname contrib cni config files"
|
||||
mkdir -p "$subpkgdir"/etc/cni/net.d
|
||||
cp "$builddir"/contrib/cni/*.conf "$subpkgdir"/etc/cni/net.d
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
39b162c55141af009879f600c4b6cf91b6d710392bf07783080efe195f3ece1a0ed186eeadaf3a84bbed11a376995c3fab3c951a6d7ed14bb7e85b39e7920e21 cri-o-1.25.3.tar.gz
|
||||
e026f056ed92489413e16ed7955a9dcd7d1f4df1cc28e3ea785771b44d43811fea4f5b953cc46bc0c4aeac8ad07115bfff304d7516ebd24f2e58fe782ff812c8 crio.conf
|
||||
29561e95398975748236217bbd9df64997f6e3de6c0555d007306bd0535895a648368385a13079eb7d52c06249a91980523a73b6563e86d0575d9cd9c3fa4ee9 crio.initd
|
||||
58718db358d35b61e5edb8a16185bc534337a1ebfaf0d40ab17efb73c266fb2c337fad3cf92a7d8bcc7a02c4e2180b2b79a5896eb635b43334bcc1366b12baf8 cri-o-1.26.3.tar.gz
|
||||
1f60719677295c9c5c615eb25d9159bde0af68a132eee67747f57fe76642d457c98c896c6189f85637d7b4ac24ba55fd9eaeb1699f43c3c5077b645f72a479fb crio.conf
|
||||
26048a219bc426ef4a4f50e96d6e0ded1c55dc8415df9a2773764d2ebcb3d9e91077b2916da1ff32674ca4a53062e41e185503d671dacc3167a018b0066347e1 crio.initd
|
||||
1115228546a696eeebeb6d4b3e5c3152af0c99a2559097fc5829d8b416d979c457b4b1789e0120054babf57f585d3f63cbe49949d40417ae7aab613184bf4516 crio.logrotated
|
||||
0a567dfa431ab1e53f2a351689be8d588a60cc5fcdbda403ec4f8b6ab9b1c18ad425f6c47f9a5ab1491e3a61a269dc4efa6a59e91e7521fa2b6bb165074aa8e0 cni-plugins-path.patch
|
||||
f9577aa7b1c90c6809010e9e406e65092251b6e82f6a0adbc3633290aa35f2a21895e1a8b6ba4b6375dcad3e02629b49a34ab16387e1c36eeb32c8f4dac74706 makefile-fix-install.patch
|
||||
1c1bfa5feeb0c5ddc92271a5ef80edc38d56afa1574ffc124605d5bb227a407b55dd5268df6cebc6720768ac31245e08b7950e5ab2b7f14ba934c94f1e325f86 fix-test.patch
|
||||
78c150f87027de489289596371dce0465159ced0758776b445deb58990e099de9c654406183c9da3cc909878b24d28db62121b7056cd180a6f2820e79e165cc6 remove-systemd-files.patch
|
||||
"
|
||||
|
@ -3,3 +3,9 @@
|
||||
# Overide defaults to not use systemd cgroups.
|
||||
conmon_cgroup = "pod"
|
||||
cgroup_manager = "cgroupfs"
|
||||
|
||||
default_runtime = "crun"
|
||||
|
||||
[crio.runtime.runtimes.crun]
|
||||
runtime_type = "oci"
|
||||
runtime_root = "/run/crun"
|
||||
|
@ -21,6 +21,8 @@ checkconfig() {
|
||||
/var/log/${RC_SVCNAME}
|
||||
checkpath --file --owner root:root --mode 0644 \
|
||||
/var/log/${RC_SVCNAME}/${RC_SVCNAME}.log
|
||||
checkpath --directory --owner root:root --mode 0750 \
|
||||
/var/lib/crio
|
||||
}
|
||||
|
||||
start() {
|
||||
|
@ -1,26 +1,45 @@
|
||||
--- a/test/helpers.bash
|
||||
+++ b/test/helpers.bash
|
||||
@@ -68,7 +68,7 @@
|
||||
# The default log directory where all logs will go unless directly specified by the kubelet
|
||||
DEFAULT_LOG_PATH=${DEFAULT_LOG_PATH:-/var/log/crio/pods}
|
||||
# Cgroup manager to be used
|
||||
-CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-systemd}
|
||||
+CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-cgroupfs}
|
||||
# Image volumes handling
|
||||
CONTAINER_IMAGE_VOLUMES=${CONTAINER_IMAGE_VOLUMES:-mkdir}
|
||||
# Container pids limit
|
||||
@@ -166,7 +166,7 @@
|
||||
# Copy all the CNI dependencies around to ensure encapsulated tests
|
||||
CRIO_CNI_PLUGIN="$TESTDIR/cni-bin"
|
||||
mkdir "$CRIO_CNI_PLUGIN"
|
||||
- cp /opt/cni/bin/* "$CRIO_CNI_PLUGIN"
|
||||
+ cp /usr/libexec/cni/* "$CRIO_CNI_PLUGIN"
|
||||
cp "$INTEGRATION_ROOT"/cni_plugin_helper.bash "$CRIO_CNI_PLUGIN"
|
||||
sed -i "s;%TEST_DIR%;$TESTDIR;" "$CRIO_CNI_PLUGIN"/cni_plugin_helper.bash
|
||||
diff --git a/test/cgroups.bats b/test/cgroups.bats
|
||||
index 8beb6f06..80193413 100644
|
||||
--- a/test/cgroups.bats
|
||||
+++ b/test/cgroups.bats
|
||||
@@ -45,6 +45,10 @@ EOF
|
||||
}
|
||||
|
||||
@test "conmon pod cgroup" {
|
||||
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
|
||||
+ skip "need systemd cgroup manager"
|
||||
+ fi
|
||||
+
|
||||
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_CONMON_CGROUP="pod" start_crio
|
||||
|
||||
jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \
|
||||
@@ -61,6 +65,10 @@ EOF
|
||||
skip "not yet supported by conmonrs"
|
||||
fi
|
||||
|
||||
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
|
||||
+ skip "need systemd cgroup manager"
|
||||
+ fi
|
||||
+
|
||||
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_MANAGE_NS_LIFECYCLE=false CONTAINER_CONMON_CGROUP="customcrioconmon.slice" start_crio
|
||||
|
||||
jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \
|
||||
@@ -77,6 +85,10 @@ EOF
|
||||
skip "not supported for conmon"
|
||||
fi
|
||||
|
||||
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
|
||||
+ skip "need systemd cgroup manager"
|
||||
+ fi
|
||||
+
|
||||
configure_monitor_cgroup_for_conmonrs "customcrioconmon.slice"
|
||||
|
||||
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=true start_crio
|
||||
diff --git a/test/cni_plugin_helper.bash b/test/cni_plugin_helper.bash
|
||||
index 04492172..abae521e 100755
|
||||
--- a/test/cni_plugin_helper.bash
|
||||
+++ b/test/cni_plugin_helper.bash
|
||||
@@ -43,7 +43,7 @@
|
||||
@@ -48,7 +48,7 @@ EOT
|
||||
. "$TEST_DIR"/cni_plugin_helper_input.env
|
||||
rm -f "$TEST_DIR"/cni_plugin_helper_input.env
|
||||
|
||||
@ -29,16 +48,25 @@
|
||||
|
||||
if [[ "${DEBUG_ARGS}" == "malformed-result" ]]; then
|
||||
cat <<-EOF
|
||||
--- a/test/cgroups.bats
|
||||
+++ b/test/cgroups.bats
|
||||
@@ -26,6 +26,10 @@
|
||||
}
|
||||
|
||||
@test "conmon custom cgroup" {
|
||||
+ if [[ "$CONTAINER_CGROUP_MANAGER" != "systemd" ]]; then
|
||||
+ skip "need systemd cgroup manager"
|
||||
+ fi
|
||||
+
|
||||
CONTAINER_CGROUP_MANAGER="systemd" CONTAINER_DROP_INFRA_CTR=false CONTAINER_MANAGE_NS_LIFECYCLE=false CONTAINER_CONMON_CGROUP="customcrioconmon.slice" start_crio
|
||||
|
||||
jq ' .linux.cgroup_parent = "Burstablecriotest123.slice"' \
|
||||
diff --git a/test/helpers.bash b/test/helpers.bash
|
||||
index f7f8e1f2..45b7dd58 100644
|
||||
--- a/test/helpers.bash
|
||||
+++ b/test/helpers.bash
|
||||
@@ -38,7 +38,7 @@ CONTAINER_UID_MAPPINGS=${CONTAINER_UID_MAPPINGS:-}
|
||||
CONTAINER_GID_MAPPINGS=${CONTAINER_GID_MAPPINGS:-}
|
||||
OVERRIDE_OPTIONS=${OVERRIDE_OPTIONS:-}
|
||||
# CNI path
|
||||
-CONTAINER_CNI_PLUGIN_DIR=${CONTAINER_CNI_PLUGIN_DIR:-/opt/cni/bin}
|
||||
+CONTAINER_CNI_PLUGIN_DIR=${CONTAINER_CNI_PLUGIN_DIR:-/usr/libexec/cni}
|
||||
# Runtime
|
||||
CONTAINER_DEFAULT_RUNTIME=${CONTAINER_DEFAULT_RUNTIME:-runc}
|
||||
RUNTIME_BINARY_PATH=$(command -v "$CONTAINER_DEFAULT_RUNTIME")
|
||||
@@ -70,7 +70,7 @@ CHECKCRIU_BINARY=${CHECKCRIU_BINARY:-${CRIO_ROOT}/test/checkcriu/checkcriu}
|
||||
# The default log directory where all logs will go unless directly specified by the kubelet
|
||||
DEFAULT_LOG_PATH=${DEFAULT_LOG_PATH:-/var/log/crio/pods}
|
||||
# Cgroup manager to be used
|
||||
-CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-systemd}
|
||||
+CONTAINER_CGROUP_MANAGER=${CONTAINER_CGROUP_MANAGER:-cgroupfs}
|
||||
# Image volumes handling
|
||||
CONTAINER_IMAGE_VOLUMES=${CONTAINER_IMAGE_VOLUMES:-mkdir}
|
||||
# Container pids limit
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
|
||||
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
|
||||
pkgname=cri-tools
|
||||
pkgver=1.24.2
|
||||
pkgrel=0
|
||||
pkgver=1.26.1
|
||||
pkgrel=1
|
||||
pkgdesc="CLI tool for Kubelet Container Runtime Interface (CRI)"
|
||||
url="https://github.com/kubernetes-sigs/cri-tools"
|
||||
arch="x86_64 aarch64 ppc64le s390x armv7 x86"
|
||||
@ -11,15 +11,21 @@ makedepends="go"
|
||||
options="!check" # no check available
|
||||
source="$pkgname-$pkgver.tar.gz::https://github.com/kubernetes-sigs/cri-tools/archive/v$pkgver.tar.gz"
|
||||
|
||||
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
|
||||
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
|
||||
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
|
||||
|
||||
build() {
|
||||
make all
|
||||
}
|
||||
|
||||
check() {
|
||||
make test
|
||||
}
|
||||
package() {
|
||||
install -Dm755 build/bin/crictl "$pkgdir/usr/bin/crictl"
|
||||
install -Dm755 build/bin/critest "$pkgdir/usr/bin/critest"
|
||||
make BINDIR="$pkgdir"/usr/bin install
|
||||
}
|
||||
|
||||
sha512sums='
|
||||
9b5907b37bb5f00295eff4fa4207ae55d930feae7e0f48fa130c7ecc936bcd259a11d59ed240684a3e12c8bcee40f2c67d7f4af52c2a76df3d7bf82e5e388a75 cri-tools-1.24.2.tar.gz
|
||||
'
|
||||
sha512sums="
|
||||
1900b5d22a20ab1f01c13832be4dcf1e9845b64afb3cdcb6169752bbb20a6e69dcbb6ccc8d31b9d4bf091bf81aa04b9979544586763ea985499f229e7ab2a39d cri-tools-1.26.1.tar.gz
|
||||
"
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Contributor: Christian Kampka <christian@kampka.net>
|
||||
# Maintainer:
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=docker-registry
|
||||
pkgver=2.9.0_git20230327
|
||||
pkgrel=1
|
||||
pkgver=2.8.2_git20230519
|
||||
pkgrel=0
|
||||
pkgdesc="An implementation of the Docker Registry HTTP API V2 for use with docker 1.6+"
|
||||
url="https://github.com/distribution/distribution"
|
||||
# riscv64 blocked by dependency panicwrap
|
||||
@ -14,7 +14,7 @@ pkgusers="docker-registry"
|
||||
pkggroups="docker-registry"
|
||||
subpackages="$pkgname-openrc"
|
||||
#source="$pkgname-$pkgver.tar.gz::$url/archive/v$pkgver.tar.gz
|
||||
source="$pkgname-$pkgver.tar.gz::$url/archive/0c958010ace2e0c2a87f1bf9915b7c74157dfb62.tar.gz
|
||||
source="$pkgname-$pkgver.tar.gz::$url/archive/983358f8e2509bf8ae196a8e135180a2c5b11264.tar.gz
|
||||
docker-registry.initd
|
||||
config-example.patch"
|
||||
builddir="$srcdir/src/github.com/docker/distribution"
|
||||
@ -23,7 +23,7 @@ options="chmod-clean"
|
||||
prepare() {
|
||||
mkdir -p "${builddir%/*}"
|
||||
#mv "$srcdir"/distribution-$pkgver "$builddir"
|
||||
mv "$srcdir"/distribution-0c958010ace2e0c2a87f1bf9915b7c74157dfb62 "$builddir"
|
||||
mv "$srcdir"/distribution-* "$builddir"
|
||||
}
|
||||
|
||||
build() {
|
||||
@ -57,7 +57,7 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
baf540b81d5f736e105eb2c05f5f4775c61ace3118f965a52b7b477a596291e12b33e56f882ce364731e9701ae6e9b2e09add3bcf8a1a11bb25eb54833c14368 docker-registry-2.9.0_git20230327.tar.gz
|
||||
8ceb8b994085bc6522e8a203785bd670977117988d391023148a4153e3c150ad7c17fb98de863c4c2300714022444dc5141a75a2899b8b0f04cbbdc17794b5c7 docker-registry-2.8.2_git20230519.tar.gz
|
||||
96100a4de311afa19d293a3b8a63105e1fcdf49258aa8b1752befd389e6b4a2b1f70711341ea011b450d4468bd37dbd07a393ffab3b9aa1b2213cf0fdd915904 docker-registry.initd
|
||||
5a38f4d3f0ee5cd00c0a5ced744eb5b29b839da5921adea26c5de3eb88b6b2626a7ba29b1ab931e5f8fbfafbed8c94cb972a58737ec0c0a69cf515c32139e387 config-example.patch
|
||||
"
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=ecr-credential-provider
|
||||
pkgver=1.25.3
|
||||
pkgver=1.26.1
|
||||
pkgrel=0
|
||||
pkgdesc="AWS Kubernetes ecr-credential-provider"
|
||||
url="https://github.com/kubernetes/cloud-provider-aws"
|
||||
@ -24,5 +24,5 @@ package() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
d727c01ea98608b0b51edc2bfe892218b55eee7148e358e18387f3f4a52ad765f8d0ee372884e36f95f1303c13dbeba81926f7560c325a8d3c258da11cdfc24b ecr-credential-provider-1.25.3.tar.gz
|
||||
59ec934a93b94290b0dce830a53301957842d8d45118471bb6eaa142b06dc37ed7f32e4c4a83f1f5341b0dda6745cfa7d8ebbac6d31378e3288857808f2aef71 ecr-credential-provider-1.26.1.tar.gz
|
||||
"
|
||||
|
59
kubezero/falco/APKBUILD
Normal file
59
kubezero/falco/APKBUILD
Normal file
@ -0,0 +1,59 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=falco
|
||||
pkgver=0.35.1
|
||||
pkgrel=0
|
||||
pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud"
|
||||
url="https://github.com/falcosecurity/falco"
|
||||
arch="x86_64 aarch64"
|
||||
license="AGPL-3.0"
|
||||
makedepends="cmake bash linux-virt-dev linux-headers perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev"
|
||||
#protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev jsoncpp-dev re2-dev"
|
||||
options="!check"
|
||||
source="$pkgname-$pkgver.tar.gz::https://github.com/falcosecurity/falco/archive/refs/tags/$pkgver.tar.gz"
|
||||
|
||||
subpackages="$pkgname-kernel" # $pkgname-plugins"
|
||||
|
||||
prepare() {
|
||||
[[ -d build ]] || mkdir build
|
||||
}
|
||||
|
||||
build() {
|
||||
# Hack running the build inside a container other uname -r returns host kernel
|
||||
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
|
||||
|
||||
cd build
|
||||
cmake .. \
|
||||
-DCMAKE_BUILD_TYPE=Release \
|
||||
-DFALCO_VERSION=$pkgver \
|
||||
-DCMAKE_INSTALL_PREFIX=/usr \
|
||||
-DMUSL_OPTIMIZED_BUILD=On \
|
||||
-DUSE_BUNDLED_DEPS=On
|
||||
|
||||
KERNELDIR=/lib/modules/$KERNEL_VERSION/build make -j4
|
||||
}
|
||||
|
||||
package() {
|
||||
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
|
||||
|
||||
cd build
|
||||
make DESTDIR="${pkgdir}" KERNELDIR=/lib/modules/$KERNEL_VERSION/build install
|
||||
|
||||
# We dont build anything on targets so remove sources
|
||||
rm -rf $pkgdir/usr/src
|
||||
rm -rf $pkgdir/usr/lib
|
||||
rm -rf $pkgdir/usr/include
|
||||
}
|
||||
|
||||
kernel() {
|
||||
KERNEL_VERSION=$(basename $(ls -d /lib/modules/*-virt))
|
||||
depends="linux-virt~$(echo $KERNEL_VERSION | sed -e 's/-.*$//')"
|
||||
|
||||
cd src/$pkgname-$pkgver/build
|
||||
mkdir -p "$subpkgdir"/lib/modules/$KERNEL_VERSION/kernel
|
||||
gzip -9 -c driver/falco.ko > "$subpkgdir"/lib/modules/$KERNEL_VERSION/kernel/falco.ko.gz
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
dc648d9b0a625a02320ff0235bbf4f4940e7ba40c684a8a1f972d34f0a3447b4a34e665d7fbc0ee1ec9a014f65f81a304dc76b4ec804fc7b4e448f330b9474af falco-0.35.1.tar.gz
|
||||
"
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=fluent-bit
|
||||
pkgver=2.1.1
|
||||
pkgver=2.1.5
|
||||
pkgrel=0
|
||||
pkgdesc="Fast and Lightweight Log processor and forwarder"
|
||||
url="https://fluentbit.io/"
|
||||
@ -27,6 +27,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/fluent/fluent-bit/archive/v$
|
||||
fluent-bit.confd
|
||||
fluent-bit.initd
|
||||
chunkio-static-lib-fts.patch
|
||||
fluent-bit.conf
|
||||
zdt-parsers.conf
|
||||
"
|
||||
# enable check when this solved - https://github.com/fluent/fluent-bit/issues/2464#issuecomment-673280055
|
||||
# Disable all things AWS to make tests pass
|
||||
@ -83,11 +85,19 @@ package() {
|
||||
"$pkgdir"/etc/conf.d/$pkgname
|
||||
|
||||
mv "$pkgdir"/usr/etc/* "$pkgdir"/etc
|
||||
rm "$pkgdir"/etc/fluent-bit/fluent-bit.conf
|
||||
|
||||
mkdir -p "$pkgdir"/var/spool/fluent-bit
|
||||
install -Dm644 "$srcdir/fluent-bit.conf" "$pkgdir/etc/fluent-bit/fluent-bit.conf"
|
||||
install -Dm644 "$srcdir/zdt-parsers.conf" "$pkgdir/etc/fluent-bit/zdt-parsers.conf"
|
||||
touch "$pkgdir"/etc/fluent-bit/metadata.conf
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
8c682e41411cae42580636a8d55b3f6c09b729f8e25f7d4e4b306ff286e0aea91da9ebc1a57dee153a90117884cc2a9d4342cae0e860a2f5f74a8a8c4f3b1e81 fluent-bit-2.1.1.tar.gz
|
||||
de9c6a4744223ed0f6f401adeb95956c90524feba6f592459ed517e1058f7e1a21f1c42910d3ac721be639264979ba3ebb5503cd7dc5874e1f676bf32a7e7df0 fluent-bit-2.1.5.tar.gz
|
||||
f6431397c80a036980b5377b51e38aec25dfceeb8dbe4cd54dce1f6e77d669d9f8daf983fcc96d25332385888f1809ced5e8ab0e8ccfcd93d19494036e3dc949 fluent-bit.confd
|
||||
8ba6c8e84dee90176f9b4375fb2c6444fa5d32fa601d9bcf3ea7960fec87f1ef664f175caf08bd0b052843e971efdbf08e2a5cd180ad9a8f23ff2c5cb233814f fluent-bit.initd
|
||||
6bd7d8b4da93a17f29b6ea1e0286ea226d0e376024284741110936779b3229bd8d6cd03ffbdc5d3b4842294e7f32a888de0dd16b0851b65d91b062ca58530ea0 chunkio-static-lib-fts.patch
|
||||
ea125b68825ae17bb6d08b1cbe7b3594d4844f7abb06465d7de0a39995dfa927087a28e592f40239792aee7f3494a8ba7a2d2373efc36f6ac712e802ace2f8a2 fluent-bit.conf
|
||||
31899a3c68bbb43adb9025a3a46bad4ca0c740d5bca5c252c8667197575698d98ac4a3b6e11ee160c4bb8df0d0089b639bfd7d0ffa52391e6c4f8f734a6952a6 zdt-parsers.conf
|
||||
"
|
||||
|
41
kubezero/fluent-bit/fluent-bit.conf
Normal file
41
kubezero/fluent-bit/fluent-bit.conf
Normal file
@ -0,0 +1,41 @@
|
||||
[SERVICE]
|
||||
Flush 5
|
||||
Daemon Off
|
||||
Log_Level info
|
||||
log_file /var/log/fluent-bit.log
|
||||
|
||||
HTTP_Server On
|
||||
HTTP_Listen 0.0.0.0
|
||||
HTTP_Port 2020
|
||||
Health_Check On
|
||||
|
||||
parsers_file parsers.conf
|
||||
parsers_file zdt-parsers.conf
|
||||
plugins_file plugins.conf
|
||||
|
||||
storage.metrics on
|
||||
storage.path /var/spool/fluent-bit
|
||||
storage.sync normal
|
||||
storage.checksum on
|
||||
storage.backlog.mem_limit 5M
|
||||
|
||||
[INPUT]
|
||||
Name tail
|
||||
Path /var/log/messages
|
||||
Parser syslog-ng-json
|
||||
Tag system
|
||||
DB /var/log/flb_kube.db
|
||||
DB.Sync Normal
|
||||
DB.locking true
|
||||
|
||||
@INCLUDE metadata.conf
|
||||
|
||||
[OUTPUT]
|
||||
Match *
|
||||
Name forward
|
||||
Host fluentd
|
||||
Port 24224
|
||||
Shared_Key cloudbender
|
||||
tls on
|
||||
Send_options true
|
||||
Require_ack_response true
|
22
kubezero/fluent-bit/zdt-parsers.conf
Normal file
22
kubezero/fluent-bit/zdt-parsers.conf
Normal file
@ -0,0 +1,22 @@
|
||||
[PARSER]
|
||||
Name syslog-ng-json
|
||||
Format json
|
||||
Time_Key time
|
||||
Time_Format %s.%L
|
||||
|
||||
# SQUID access.logs
|
||||
# "%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s"
|
||||
[PARSER]
|
||||
Name squid-access
|
||||
Format regex
|
||||
Regex /^(?<time>\d+\.\d{1,3})\s+\d+\s(?<host>[^ ]*)\s(?<cache>\w+)\/(?<code>\d+)\s(?<size>\d+)\s(?<method>\S+)\s(?<request_url>[^ ]*)\s(?<user>\S+)\s(?<hierachy_code>\S+)\/(?<forward_host>[^ ]*)\s(?<content_type>\S+)$/
|
||||
Time_Key time
|
||||
Time_Format %s.%L
|
||||
|
||||
# Laravel logs
|
||||
[PARSER]
|
||||
Name laravel
|
||||
Format regex
|
||||
Regex /^\[(?<time>\d{4}-\d\d-\d\d \d\d:\d\d:\d\d)\]\s(?<ident>[a-zA-Z0-9]*)\.(?<severity>[a-zA-Z0-9]*):\s(?<message>.*)$/
|
||||
Time_Key time
|
||||
Time_Format %Y-%m-%d %H:%M:%S
|
@ -5,14 +5,14 @@
|
||||
# Contributor: Dave <dj.2dixx@gmail.com>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=kubernetes
|
||||
pkgver=1.25.8
|
||||
pkgver=1.26.6
|
||||
pkgrel=0
|
||||
pkgdesc="Container Cluster Manager"
|
||||
url="https://kubernetes.io/"
|
||||
# ppc64le: failed to build
|
||||
arch="x86_64 aarch64 armv7 x86"
|
||||
license="Apache-2.0"
|
||||
options="!check chmod-clean" # Tests hang
|
||||
options="!check chmod-clean net" # Tests hang
|
||||
|
||||
_kube_proxy_deps="iptables"
|
||||
_kubelet_deps="iptables"
|
||||
@ -72,9 +72,10 @@ _services="kube-apiserver kube-controller-manager kube-proxy kube-scheduler"
|
||||
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
|
||||
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
|
||||
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"
|
||||
export FORCE_HOST_GO="y"
|
||||
|
||||
build() {
|
||||
make generated_files
|
||||
hack/update-codegen.sh
|
||||
for _pkgs in $_agent $_cli $_services ; do
|
||||
make -j1 GOFLAGS="-buildmode=pie -v -tags=providerless" GOLDFLAGS="-extldflags=-static" WHAT=cmd/$_pkgs
|
||||
done
|
||||
@ -207,9 +208,9 @@ _do_zshcomp() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
30f1815de4d5bf3a091f1937c94e0e6cf0abc0f527488b72ec4a7d72c014bb8fef450abbf4c908f8a5b791e8d4ab501edb3f5c55af4e370359a952a6228362be kubernetes-1.25.8.tar.gz
|
||||
c350bb0a63ada0cc3657fe07598101775243083aa1eabda898080b7b01b129e6fdd7ad1a61950cc039b73b081f38de3b856baedf5c075f39916be1547b11d184 make-e2e_node-run-over-distro-bins.patch
|
||||
56201491d2dfe3a487931cbf5c6e60af898701b9541a936d80e3823948fcfb98508e3d51f4aaa415ce971f7bd20a7b51f74f025c76b83f58d5a8de8ce0ab679b make-test-cmd-run-over-hyperkube-based-kubectl.patch
|
||||
02a6ce3c0ec44dce5b03b97d4a544ac96d43a2342f172c176cbe83b269ffec4c3704f01f620eb11cfdc61728f8431ab6ffdbecc21e0cb29cb388b62c1a930cdf kubernetes-1.26.6.tar.gz
|
||||
5427c2e653504cfd5b0bcaf195d4734ee40947ddfebc9f155cd96dddccfc27692c29d94af4ac99f1018925b52995c593b584c5d7a82df2f185ebce1a9e463c40 make-e2e_node-run-over-distro-bins.patch
|
||||
94d07edfe7ca52b12e85dd9e29f4c9edcd144abc8d120fb71e2a0507f064afd4bac5dde30da7673a35bdd842b79a4770a03a1f3946bfae361c01dd4dc4903c64 make-test-cmd-run-over-hyperkube-based-kubectl.patch
|
||||
e690daff2adb1013c92124f32e71f8ed9a18c611ae6ae5fcb5ce9674768dbf9d911a05d7e4028488cda886e63b82e8ac0606d14389a05844c1b5538a33dd09d1 kube-apiserver.initd
|
||||
302b2a7ec715967c0aa7d1c177d4e55b26e37ebba8d04dd37ecf627d20042fe91cd7e6192ff9d71422129b0ea54a9eec6046f505af550548bd450998924f37ee kube-apiserver.confd
|
||||
1a4bcd54dafaedc614e34bbadc2a1163f003b5925d47552fb2c47049c033c147e612171e263d9659d189fc2d95688a0b7153322d8dba97c083c079fdef6c400e kube-apiserver.logrotated
|
||||
|
@ -1,10 +1,10 @@
|
||||
diff --git a/hack/make-rules/test-e2e-node.sh b/hack/make-rules/test-e2e-node.sh
|
||||
index fb0720a7..43a57c1f 100755
|
||||
index f468d36b..a115aab9 100755
|
||||
--- a/hack/make-rules/test-e2e-node.sh
|
||||
+++ b/hack/make-rules/test-e2e-node.sh
|
||||
@@ -240,6 +240,6 @@ else
|
||||
--alsologtostderr --v 4 --report-dir=${artifacts} --node-name $(hostname) \
|
||||
${test_args}" --runtime-config="${runtime_config}" \
|
||||
@@ -225,6 +225,6 @@ else
|
||||
--test-flags="--v 4 --report-dir=${artifacts} --node-name $(hostname) ${test_args}" \
|
||||
--runtime-config="${runtime_config}" \
|
||||
--kubelet-config-file="${kubelet_config_file}" \
|
||||
- --build-dependencies=true 2>&1 | tee -i "${artifacts}/build-log.txt"
|
||||
+ --k8s-bin-dir "/usr/bin" --build-dependencies=true 2>&1 | tee -i "${artifacts}/build-log.txt"
|
||||
|
@ -1,8 +1,8 @@
|
||||
diff --git a/hack/lib/test.sh b/hack/lib/test.sh
|
||||
index 62a6765f..775d1d96 100644
|
||||
index 36ea5f04..045de151 100644
|
||||
--- a/hack/lib/test.sh
|
||||
+++ b/hack/lib/test.sh
|
||||
@@ -77,12 +77,12 @@ kube::test::object_assert() {
|
||||
@@ -78,12 +78,12 @@ kube::test::object_assert() {
|
||||
local object=$2
|
||||
local request=$3
|
||||
local expected=$4
|
||||
@ -11,8 +11,8 @@ index 62a6765f..775d1d96 100644
|
||||
|
||||
for j in $(seq 1 "${tries}"); do
|
||||
# shellcheck disable=SC2086
|
||||
# Disabling because "args" needs to allow for expansion here
|
||||
- res=$(eval kubectl get "${kube_flags[@]}" ${args} "${object}" -o go-template=\""${request}"\")
|
||||
# Disabling because to allow for expansion here
|
||||
- res=$(kubectl get "${kube_flags[@]}" ${args} ${object} -o go-template="${request}")
|
||||
+ res=$(eval kubectl ${args} get "${kube_flags[@]}" ${get_args} "${object}" -o go-template=\""${request}"\")
|
||||
if [[ "${res}" =~ ^$expected$ ]]; then
|
||||
echo -n "${green}"
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=kubezero
|
||||
pkgver=1.25
|
||||
pkgver=1.26
|
||||
pkgrel=0
|
||||
pkgdesc="KubeZero release package"
|
||||
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/kubezero"
|
||||
@ -29,7 +29,10 @@ source="
|
||||
evictLocalNode.sh
|
||||
"
|
||||
|
||||
IMAGES="quay.io/cilium/cilium:v1.13.1 ghcr.io/k8snetworkplumbingwg/multus-cni:v3.9.3"
|
||||
IMAGES="
|
||||
quay.io/cilium/cilium:v1.13.4
|
||||
ghcr.io/k8snetworkplumbingwg/multus-cni:v3.9.3
|
||||
"
|
||||
|
||||
build() {
|
||||
for i in $IMAGES; do
|
||||
@ -58,6 +61,6 @@ imagecache() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
b0cadf577ea912630efabf8d104f2edaa79bd1697a1f9224ce8a75354dd204196c6d3c15c0318afa44be10be9696ce20ef0015198ee0b74050897d164f77ae60 shared-sys-fs.start
|
||||
ecb33fc3a0ffc378723624858002f9f5e180e851b55b98ab6611ecc6a73d4719bc7de240f87683fc58de8bf577059e6f19b417655b5301ef8c32deff67a29dff shared-sys-fs.start
|
||||
fce1013f7b1bfa8ee526de62e642a37fda3168889723e873d3fb69e257f4caa1423b5a14b9343b12a87f3b6f93c7d3861b854efda67ef2d6a42a5ca8cf3d1593 evictLocalNode.sh
|
||||
"
|
||||
|
@ -1,3 +1,4 @@
|
||||
#!/bin/sh
|
||||
mount --make-shared /sys/fs/cgroup
|
||||
mount --make-shared /sys/fs/bpf
|
||||
mount --make-shared /sys
|
||||
|
@ -1,8 +1,8 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=nvidia-container-toolkit
|
||||
pkgver=1.10.0
|
||||
pkgrel=1
|
||||
pkgver=1.13.2
|
||||
pkgrel=0
|
||||
pkgdesc="NVIDIA Container toolkit incl. cri hooks"
|
||||
url="https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html"
|
||||
arch="x86_64"
|
||||
@ -67,12 +67,12 @@ package() {
|
||||
install -Dm644 config.toml "$pkgdir"/etc/nvidia-container-runtime/config.toml
|
||||
}
|
||||
|
||||
sha512sums='
|
||||
23ba2aec28f01c0037bbb4812ea542589e96f6527cf49468a4a7c54ca05808cf0984a8dfe13ee3455b8c6ae8468c58590f9e1e6996927c710bcf3e545772a356 libnvidia-container1_1.10.0-1_amd64.deb
|
||||
c5369c832bd91703e6e6e86a4431c2eebb2ddeaadff126174b41ed11e969dc8cc49dcab26b3ac18abb43b466a86ce76908eaa2f5e4109c689a0c3a4fa47548b5 libnvidia-container-tools_1.10.0-1_amd64.deb
|
||||
3043729bd96dd153db1dc317685167f34da6b9d202134335212fb7d861532a265a59e002c86fff2664c67687f4c8bcc75913c74018930a6c68c0f2044eceacf0 nvidia-container-toolkit_1.10.0-1_amd64.deb
|
||||
sha512sums="
|
||||
0edd50e9d42d345bcc26410752ac50425a5806144b0fdd4f6eea07f62501a325a3f58e74d68b6bb2a834b33977ddcc86723b1d96c4ae9664827ad86b4756172b libnvidia-container1_1.13.2-1_amd64.deb
|
||||
3d61c5e610402344411f40db7b9da090b4de467f170779eac7fd8787bd5c30035128196b265a55af5ddadee704056dbcdf30b5cfb0ed72e90ea307db25285b1d libnvidia-container-tools_1.13.2-1_amd64.deb
|
||||
f15af5460823667476e8b788708d1b76e81b73e99e0c6c9a045c830160ab2bb78988de1b4ad1963656f590faa1c5ee415b951275704fd77849d16a0ef712ed4a nvidia-container-toolkit_1.13.2-1_amd64.deb
|
||||
694a3ec64ef3056d5874ff03b889b868c294bccb16506468fdf1c289fe3aaadc2da25a5934de653af9633a5d993d2bb21491d84b3b2e2529e6b31d92c78a2228 libcap2_2.25-2_amd64.deb
|
||||
5a4eaa96e6e774948889909d618a8ed44a82f649cbba11622dc7b4478098bea006995d5a5a60ca026a57b76ad866d1e2c6caebd154a26eb6bd7e15291b558057 libseccomp2_2.3.3-4_amd64.deb
|
||||
040ac2e3f58549dc09e5bce0d694e4be2f6aae736014bf0ee90042646562d5f1ef1f5990eb9f2c2a2fdf504587b82f4aa0eb99d04c5d3e407670e4012e3edd4e config.toml
|
||||
cf5673231d1862e3ec03f792cddf54ff27237656f762c3f42b6d7e1584de2201c487861ac399ab26951b5dbf3e3cd9b4451dbf61f02b55e0991889b507319764 oci-nvidia-hook.json
|
||||
'
|
||||
"
|
||||
|
@ -1,7 +1,8 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=nvidia-drivers
|
||||
pkgver=515.65.01
|
||||
#pkgver=535.54.03
|
||||
pkgver=525.125.06
|
||||
pkgrel=0
|
||||
pkgdesc="NVIDIA Driver"
|
||||
url="https://www.nvidia.com/download/index.aspx"
|
||||
@ -27,7 +28,7 @@ package() {
|
||||
cd "$srcdir"/NVIDIA-Linux-x86_64-$pkgver
|
||||
|
||||
# GSP firmware
|
||||
cp firmware/gsp.bin "$pkgdir"/lib/firmware/nvidia/"$pkgver"/gsp.bin
|
||||
cp firmware/*.bin "$pkgdir"/lib/firmware/nvidia/"$pkgver"/
|
||||
|
||||
# Various bins
|
||||
SBINS="nvidia-smi nvidia-debugdump nvidia-cuda-mps-control nvidia-cuda-mps-server nvidia-persistenced"
|
||||
@ -54,6 +55,6 @@ package() {
|
||||
done
|
||||
}
|
||||
|
||||
sha512sums='
|
||||
5221a4ac071eb39a37a841f19cfe4983286dc35e918956b40604404ef36c122612475df7b9a391a9a70bd60f44e598c8a0e5ec54ccc3e90d51f01e1b2fbe5e33 NVIDIA-Linux-x86_64-515.65.01.run
|
||||
'
|
||||
sha512sums="
|
||||
a5f13b633d111d9dc928e8522cd916a2b756fccbf2dc532649762a3f9bdc5503bd57c9c698da8205c49e82720b45789413a1afc26be77d741f823b49ae2f333d NVIDIA-Linux-x86_64-525.125.06.run
|
||||
"
|
||||
|
@ -1,7 +1,8 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=nvidia-open-gpu
|
||||
pkgver=515.65.01
|
||||
#pkgver=535.54.03
|
||||
pkgver=525.125.06
|
||||
pkgrel=0
|
||||
pkgdesc="NVIDIA Linux open GPU kernel modules"
|
||||
url="https://github.com/NVIDIA/open-gpu-kernel-modules"
|
||||
@ -43,8 +44,8 @@ package() {
|
||||
install -Dm755 "$srcdir"/create-nvidia-uvm-dev-node.sh "$pkgdir"/usr/sbin/create-nvidia-uvm-dev-node.sh
|
||||
}
|
||||
|
||||
sha512sums='
|
||||
c2ff6fd02272b6981a65e7e14c6b636f0113e21da910898c27682f58e60fa8e6deea3670081c57e4961fb5e7794eef8eddb90d134ba1892536a8468c5dc9d669 nvidia-515.65.01.tar.gz
|
||||
sha512sums="
|
||||
4cedcf56e87c93354bc56d168de64b30866cf0b8fba2d2861ac60893b43f8140fa29626c4825af8250c420f9228fd1b64c93750cc50dd210040b4e7c4927e90a nvidia-525.125.06.tar.gz
|
||||
b16b86ded8601ff802477e2b191c5728290014f90bb85ad6ec0e5b7e84f8004c467f5b6c66b80dc5d205fb70a3900ac286764a3829ca3ad3b8a3a5fd0b73a702 91-nvidia.rules
|
||||
8335bd69c482da1f67b5cddd31a0b40d01b5c627aeca137b40ac7776cb3e7475767bec808a972ed739c26914207aca264324c41496f6fb579d910c8477f7cc1c create-nvidia-uvm-dev-node.sh
|
||||
'
|
||||
"
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
|
||||
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
|
||||
pkgname=zdt-base
|
||||
pkgver=0.1.2
|
||||
pkgver=0.3.18
|
||||
pkgrel=0
|
||||
pkgdesc="ZeroDownTime Alpine additions and customizations"
|
||||
url="https://git.zero-downtime.net/ZeroDownTime/alpine-overlay/src/branch/master/kubezero/zdt-base"
|
||||
@ -28,7 +28,6 @@ source="
|
||||
monit_alert.sh.aws
|
||||
neofetch.conf
|
||||
zdt-ascii.txt
|
||||
dhclient.conf
|
||||
profile
|
||||
route53.py
|
||||
get_iam_sshkeys.py
|
||||
@ -50,9 +49,6 @@ package() {
|
||||
mkdir -p "$pkgdir"/etc/cloudbender "$pkgdir/home/alpine"
|
||||
install -Dm644 "$srcdir/profile" "$pkgdir/home/alpine/.profile"
|
||||
|
||||
# dhcp tuning for MTU
|
||||
install -Dm644 "$srcdir"/dhclient.conf "$pkgdir"/etc/dhcp/dhclient.conf
|
||||
|
||||
# various sysctl tunings
|
||||
install -Dm644 "$srcdir"/zdt-sysctl.conf "$pkgdir"/etc/sysctl.d/60-zdt.conf
|
||||
|
||||
@ -93,24 +89,23 @@ aws() {
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
92e669eb440dbc89e083e3b61c9f9fa871bedfdca404b8c3533fa1caec0d061f428c39697921c68c49d3de9af2043946d9baf989ba47482827d5626fe9f3e479 cb_base.sh
|
||||
13944b955f3c2db54674cd84d58950fc9d8ca522d96081f05ed9bfef8289e30c3dd508796c94d9b283b9c168aadc70f9a934442ec48a5c0c9f25578e62ea0b78 cb_base.sh
|
||||
3e02b858680d751b2c1fb22feeec2b767e328fdf007d9fb6687f309e62630467e982cc33d47c4417311938d35bb17dc210f9e0a40b90298dc22cf142f022c124 cb_lock.sh
|
||||
f392ae57c4a5ccc019eb5fcc191429a4ba81b2593bfb12bab3b3da3365342b2b89908dfd90d8debf813e3455a61ff8d123f49fa4adce8ea44c06d9db1f7b7e19 cb_volumes.sh
|
||||
89a27da781fe302aaed9ed7dcd1b8fc8b94f39802f86b1faeedee50d68a9d61fcbfe037bc29a938994c507cbcda08d86d2c387db118408ca9b7d085f99bb0a17 cb_init.sh
|
||||
d7bb357e25aa797b68185036814f1b34d4d6b098de43ef0cf3b71011ebee3d6c2e4bd8fa73a5c7dd6f37c6bbbf3c9c344461a9507346104d4fe783dd1f8b2e23 cb_volumes.sh
|
||||
4ccae4451de8fa83d1a73182ad539ca218a98f68f0bbfe2fc4d99ade75e802e3baa65b4a0e00ae2a0b3c870e6467b219d1c5a22e04f3930c3efd7de6c3cf38ab cb_init.sh
|
||||
9c688e08e44ae965eaa6021e005f65077690c30fe6b2de7371c57ae3a53a18f12a356587261c950b8c900f73cb35af3ba7795d33181532b485aeee3b6ca41757 cloudbender-early.init
|
||||
46500f8dc08e2e5e5d34886225ef4993f02da9f0a8b55107e886337ec1318fe683a172c398d1236e8f2559b57e0aba66238725e0a20e0440e1423d71aa3d77ea cloudbender.init
|
||||
7fea4ed0ebcf781ae197962c9f6d287c66e7380c758126a1b46c711baf3c7e93d6ccf1d536dada590ca02a7f7b271fd5ecb0dcb4854772cc8b1b70d379249f65 cloudbender.init
|
||||
b9479835d8667fa99f8b1b140f969f0464a9bb3c60c7d19b57e306cfe82357d453932791e446caded71fddd379161ae8328367f1ee75ae3afc1b85e12294b621 zdt-sysctl.conf
|
||||
76e6a4f309f31bfa07de2d3b1faebe5670722752e18157b69d6e868cbe9e85eda393aed0728b0347a01a810eee442844c78259f86ff71e3136a013f4cbfaaea4 ps_mem.py
|
||||
9d087f2d4403a9c6d4d2f06fbb86519f2b8b134d8eb305facaef07c183815f917fb7bac916d39d504dbab7fdf3321a3f70954dde57e8986cc223371715bb1c54 syslog-ng.conf
|
||||
5376f4bf8356ce9249c45e78085073245181e8742c7b4be47c71dcd97a611ae125a7dfd3060502bdd591560af070334f89fe60dbc09c008926149c538ab0560a syslog-ng.conf
|
||||
484bdcf001b71ce5feed26935db437c613c059790b99f3f5a3e788b129f3e22ba096843585309993446a88c0ab5d60fd0fa530ef3cfb6de1fd34ffc828172329 syslog-ng.logrotate.conf
|
||||
1db58e670748bf9a507068251c21c9ca1744727bbf53fd925059239a58721f6f60c0bd357e4c52e9277a913640a6784e0025a7f3834868a1e93e9e1cbc66d5a6 syslog-ng.apparmor
|
||||
e86eed7dd2f4507b04050b869927b471e8de26bc7d97e7064850478323380a0580a92de302509901ea531d6e3fa79afcbf24997ef13cd0496bb3ee719ad674ee syslog-ng.apparmor
|
||||
b928ba547af080a07dc9063d44cb0f258d0e88e7c5a977e8f1cf1263c23608f0a138b8ffca0cdf5818ee72fccb3ce8433f877811be3107bb9c275dfff988179c monitrc
|
||||
64944727d658ff37e7ff9d22a23869e225e104d9229756ba4fef1fc481c56f782472a1c74f8127636b4a98d4545ae30e7d35822a1f0a0fa31a59ec8eaf8c0396 monit_alert.sh.aws
|
||||
346b0170ada6cc1207ffb7b8ef138a1570a63c7df4d57618aa4b6b6c0d2df2197b0f5b23578ec83c641ee5e724865ac06985222e125809c990467426a0851b72 neofetch.conf
|
||||
532b8e2eb04942ab20bdc36b5dea1c60239fcbfcb85706123f3e05c18d65c938b85e9072d964ae5793177625a8db47b532db1f5bd5ed5ecbb70d5a331666ff54 zdt-ascii.txt
|
||||
c565516121b9e6f9d5f769511eb900546753e67cc4208d1b388fdce44cd28699261a5c3905f9a168d4b2d45ac65ac3a2a6a95335f1bbd76d2f444d5f50ec5c9e dhclient.conf
|
||||
c3e72cd92936b03f2b9eab5e97e9a12fcddcdf2c943342e42e7702e2d2407e00859c62dc9b4de3378688d2f05458aa5c104272af7ab13e53a62f1676d1a9a1b4 profile
|
||||
2d419d5c25a3829e99326b09876f459e48ab66f5756a8ad39b406c0f2829f5a323e8ff512afd8f32b7b07f24c88efa911bee495ce6c4d1925194cb54d3ba57bd route53.py
|
||||
00eaff6c0a506580340b2547c3b1602a54238bac6090a15516839411478a4b4fdc138668b8ad23455445131f3a3e3fda175ed4bb0dd375402641c0e7b69c3218 get_iam_sshkeys.py
|
||||
816049360aa442f9e9aa4d6525795913cfe3dc7c6c14dc4ccad59c0880500f9d42f198edc442fe036bc84ba2690d9c5bc8ae622341d8276b3f14947db6b879b1 route53.py
|
||||
7da28446762a36a6737c5b30becbce78775bd943b4d0c5ef938a50f49b4f51f66708434aa79004c19d16c56c83f54c8d6d68e1502ebc250c73f8aae12bed83c0 get_iam_sshkeys.py
|
||||
8fd5dca9b9fdae61022f136215afa8adc0d199afcf26593bdd0bd1946d0f2efc5d7ed345704ef9642fbeedeeea007ed31b67fafe89289b749a560a045da45b8e uniq_hostname.py
|
||||
"
|
||||
|
@ -17,7 +17,7 @@ retry() {
|
||||
shift 2
|
||||
while true; do
|
||||
# Only use timeout of $1 is an executable, call directly if function
|
||||
type -tf $1 >/dev/null && { timeout --preserve-status 30 $@ && return; } || { $@ && return; }
|
||||
type -tf $1 >/dev/null && { timeout 30 $@ && return; } || { $@ && return; }
|
||||
((tries=tries-1))
|
||||
[ $tries -eq 0 ] && return 1
|
||||
sleep $waitfor
|
||||
@ -143,5 +143,8 @@ function exit_trap {
|
||||
end_uptime=$(awk '{print $1}' < /proc/uptime)
|
||||
log "Exiting user-data. Duration: $(echo "$end_uptime-$start_uptime" | bc) seconds"
|
||||
|
||||
# Shutdown / poweroff if we ran into error and not DEBUG
|
||||
[ $ERR_CODE -ne 0 -a -z "$DEBUG" ] && poweroff
|
||||
|
||||
exit 0
|
||||
}
|
||||
|
@ -1,8 +1,8 @@
|
||||
# We built on top of tiny-cloud
|
||||
. /etc/conf.d/tiny-cloud
|
||||
. /etc/tiny-cloud.conf
|
||||
|
||||
IMDS_ENDPOINT="169.254.169.254"
|
||||
. /lib/tiny-cloud/"$CLOUD"/imds
|
||||
. /lib/tiny-cloud/cloud/"$CLOUD"/imds
|
||||
|
||||
_imds() {
|
||||
wget --quiet --timeout 1 --output-document - \
|
||||
|
@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
# We built on top of tiny-cloud
|
||||
. /etc/conf.d/tiny-cloud
|
||||
. /etc/tiny-cloud.conf
|
||||
|
||||
# archive orig /var, mount new var on top and restore orig var
|
||||
copy_and_mount() {
|
||||
@ -13,7 +13,7 @@ copy_and_mount() {
|
||||
}
|
||||
|
||||
setup_var() {
|
||||
for d in $(find /dev/sd?); do
|
||||
for d in $(find /dev/xvd[a-z] /dev/sd[a-z]); do
|
||||
# resolve to a valid block device
|
||||
dev="$(realpath "$d")"
|
||||
[ -b "$dev" ] || continue
|
||||
@ -23,8 +23,8 @@ setup_var() {
|
||||
|
||||
case "$CLOUD" in
|
||||
aws)
|
||||
# on AWS look for sdx
|
||||
if [ "$d" = "/dev/sdx" ]; then
|
||||
# on AWS look for sdx/xvdx
|
||||
if [ "$d" = "/dev/sdx" -o "$d" = "/dev/xvdx" ]; then
|
||||
# check volume for existing filesystem
|
||||
type=$(file -Lbs $d)
|
||||
if [[ "$type" =~ "XFS filesystem" ]]; then
|
||||
|
@ -7,7 +7,7 @@ description="CloudBender - mount additional volumes, send shutdown messages"
|
||||
depend() {
|
||||
need net
|
||||
before sshd
|
||||
after tiny-cloud
|
||||
after tiny-cloud-main
|
||||
}
|
||||
|
||||
start() {
|
||||
|
@ -1,12 +0,0 @@
|
||||
# Borrowed from Ubuntu 20.04LTS minimal EC2 AMi
|
||||
|
||||
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
|
||||
|
||||
send host-name = gethostname();
|
||||
request subnet-mask, broadcast-address, time-offset, routers,
|
||||
domain-name, domain-name-servers, domain-search, host-name,
|
||||
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
|
||||
netbios-name-servers, netbios-scope, interface-mtu,
|
||||
rfc3442-classless-static-routes, ntp-servers;
|
||||
|
||||
timeout 300;
|
@ -58,6 +58,7 @@ try:
|
||||
Encoding="SSH",
|
||||
)
|
||||
if key["SSHPublicKey"]["Status"] == "Active":
|
||||
print(key["SSHPublicKey"]["SSHPublicKeyBody"], user["UserName"])
|
||||
print(key["SSHPublicKey"]
|
||||
["SSHPublicKeyBody"], user["UserName"])
|
||||
except:
|
||||
pass
|
||||
|
@ -29,7 +29,8 @@ def update_dns(record_name, ips=[], ttl=180, action="UPSERT", record_type='A'):
|
||||
{"Value": ip}
|
||||
)
|
||||
|
||||
route53.change_resource_record_sets(HostedZoneId=zone_id, ChangeBatch=changeset)
|
||||
route53.change_resource_record_sets(
|
||||
HostedZoneId=zone_id, ChangeBatch=changeset)
|
||||
|
||||
|
||||
parser = argparse.ArgumentParser(description='Update Route53 entries')
|
||||
@ -49,4 +50,5 @@ action = "UPSERT"
|
||||
if args.delete:
|
||||
action = "DELETE"
|
||||
|
||||
update_dns(args.fqdn, args.record, action=action, ttl=args.ttl, record_type=args.record_type)
|
||||
update_dns(args.fqdn, args.record, action=action,
|
||||
ttl=args.ttl, record_type=args.record_type)
|
||||
|
@ -1,4 +1,6 @@
|
||||
/proc/uptime r,
|
||||
/var/lib/syslog-ng/syslog-ng.ctl rw,
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/@{pid}/loginuid r,
|
||||
@{PROC}/@{pid}/sessionid r,
|
||||
ptrace (read) peer=unconfined,
|
||||
|
@ -1,12 +1,12 @@
|
||||
# syslog-ng, format all json into messages
|
||||
# https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.23/administration-guide/63#TOPIC-1268643
|
||||
|
||||
@version: 3.36
|
||||
@version: 4.1
|
||||
@include "scl.conf"
|
||||
|
||||
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
|
||||
dns_cache(no); owner("root"); group("adm"); perm(0640);
|
||||
stats_freq(0); bad_hostname("^gconfd$"); frac-digits(6);
|
||||
stats(freq(43200)); bad_hostname("^gconfd$"); frac-digits(6);
|
||||
};
|
||||
|
||||
source s_sys { system(); internal();};
|
||||
|
@ -28,4 +28,3 @@ echo 'Enable monit via inittab'
|
||||
# QoL
|
||||
mv /etc/profile.d/color_prompt.sh.disabled /etc/profile.d/color_prompt.sh || true
|
||||
echo 'alias rs="doas bash"' > /etc/profile.d/alias.sh
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user