From e534b31c74d5715fcc925b9c34bd76c779a2551f Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Mon, 11 Mar 2024 13:32:20 +0000
Subject: [PATCH] feat: latest 3.18 release, first working bare-metal-nocloud
 image

---
 Makefile                                      | 13 ++++---
 cleanup_amis.sh                               |  5 ++-
 list_running_amis.py                          | 25 +++++++++++++
 .../zdt/configs/edition/common-packages.conf  |  4 +--
 .../zdt/configs/edition/common-services.conf  |  1 -
 overlay/zdt/configs/edition/common.conf       |  9 ++---
 .../edition/kubezero-packages-x86_64.conf     |  2 --
 .../configs/edition/kubezero-packages.conf    |  4 +--
 .../configs/edition/kubezero-services.conf    |  2 ++
 overlay/zdt/configs/edition/kubezero.conf     | 11 +++---
 .../zdt/configs/edition/minimal-packages.conf |  1 +
 overlay/zdt/configs/edition/minimal.conf      |  2 ++
 overlay/zdt/configs/machine/metal.conf        | 32 +++++++++++++----
 overlay/zdt/configs/machine/vm.conf           |  4 ++-
 overlay/zdt/configs/zdt.conf                  | 35 ++++++++++---------
 15 files changed, 101 insertions(+), 49 deletions(-)
 create mode 100755 list_running_amis.py
 delete mode 100644 overlay/zdt/configs/edition/kubezero-packages-x86_64.conf
 create mode 100644 overlay/zdt/configs/edition/minimal-packages.conf

diff --git a/Makefile b/Makefile
index fd08026..fd3224e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,7 @@
 OVERLAY := $(shell pwd)/overlay
 ONLY :=
-FILTER := --only 3.17 $(ONLY) --skip aarch64 metal
+SKIP :=
+FILTER := --only 3.18 $(ONLY) --skip aarch64 $(SKIP)
 STEP := publish
 
 all: build
@@ -34,10 +35,12 @@ age-seal:
 
 # Just a reference how it could work, requires root though
 scan-image:
-	modprobe nbd
-	qemu-nbd -c /dev/nbd0 --read-only alpine-cloud-images/work/images/aws/3.15.4-x86_64-bios-cloudinit-aws-kubezero/image.qcow2
-	mount /dev/nbd0 /mnt/temp/
-	trivy rootfs /mnt/temp
+	doas modprobe nbd
+	doas qemu-nbd -c /dev/nbd0 --read-only alpine-cloud-images/work/images/aws/*/image.qcow2
+	doas mount /dev/nbd0p2 /mnt/temp/
+	doas trivy rootfs /mnt/temp
+	doas umount /mnt/temp
+	doas qemu-nbd -d /dev/nbd0
 
 pull-upstream: ## pull latest shared alpine-cloud-images
 	git stash && git subtree pull --prefix alpine-cloud-images git@gitlab.alpinelinux.org:alpine/cloud/alpine-cloud-images.git main --squash && git stash pop
diff --git a/cleanup_amis.sh b/cleanup_amis.sh
index de8c81e..7cd22cf 100755
--- a/cleanup_amis.sh
+++ b/cleanup_amis.sh
@@ -1,9 +1,8 @@
 #!/bin/bash
 # set -x
 
-TAG_FILTER="Name=tag:Name,Values=*-uefi-*minimal*r1"
-# TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-kubezero-1.23.10-r0"
-# TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.16.2-x86_64-bios-tiny-minimal-r2"
+TAG_FILTER="Name=tag:Name,Values=zdt-alpine-3.18*dev*" #-dev" #kubezero*"
+#TAG_FILTER="Name=tag:Name,Values=zdt-alpine-*kubezero*1.26*"
 
 echo "Are you really sure to delete AMIs matching \"$TAG_FILTER\" ?"
 read
diff --git a/list_running_amis.py b/list_running_amis.py
new file mode 100755
index 0000000..0cd55ac
--- /dev/null
+++ b/list_running_amis.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+import os
+import boto3
+
+regions = ["eu-central-1", "us-west-2", "ap-southeast-2", "ca-central-1", "us-east-1", "us-west-1"]
+#regions = ["us-west-2"]
+
+for r in regions:
+    session = boto3.Session(region_name=r)
+    ec2 = session.client('ec2')
+
+    amis = set()
+    try:
+        for reservations in ec2.describe_instances(Filters=[])["Reservations"]:
+            for instance in reservations["Instances"]:
+                amis.add(instance["ImageId"])
+    except KeyError:
+        pass
+
+    if amis:
+        print(f'Region: {r}')
+        images = ec2.describe_images(Filters=[{"Name":"image-id", "Values":list(amis)}])["Images"]
+        for image in images:
+            print(f'imageId: {image["ImageId"]} Name: {image["Name"]}')
+
diff --git a/overlay/zdt/configs/edition/common-packages.conf b/overlay/zdt/configs/edition/common-packages.conf
index e4e5b12..054c211 100644
--- a/overlay/zdt/configs/edition/common-packages.conf
+++ b/overlay/zdt/configs/edition/common-packages.conf
@@ -1,4 +1,5 @@
 bash            = true
+coreutils       = true
 eudev           = true
 jq              = true
 yq              = true
@@ -12,7 +13,6 @@ socat           = true
 ethtool         = true
 nvme-cli        = true
 xfsprogs        = true
-dhclient        = true
 busybox-extras  = true
 tcpdump         = true
 uuidgen         = true
@@ -21,8 +21,6 @@ apparmor-utils  = true
 apparmor-profiles   = true
 tiny-cloud          = true
 tiny-cloud-openrc   = true
-tiny-cloud-network  = true
-tiny-cloud-aws      = true
 conmon              = true
 prometheus-node-exporter       = true
 prometheus-wireguard-exporter  = true
diff --git a/overlay/zdt/configs/edition/common-services.conf b/overlay/zdt/configs/edition/common-services.conf
index 745063f..ecd2991 100644
--- a/overlay/zdt/configs/edition/common-services.conf
+++ b/overlay/zdt/configs/edition/common-services.conf
@@ -15,6 +15,5 @@ default {
   cloudbender = true
   local = true
   crond = true
-  node-exporter = true
   # monit = true # We use inittab
 }
diff --git a/overlay/zdt/configs/edition/common.conf b/overlay/zdt/configs/edition/common.conf
index 1b64845..4baee45 100644
--- a/overlay/zdt/configs/edition/common.conf
+++ b/overlay/zdt/configs/edition/common.conf
@@ -3,10 +3,10 @@
 packages { include required("common-packages.conf") }
 services { include required("common-services.conf") }
 
-repos {
-  "https://dl-cdn.alpinelinux.org/alpine/edge/main" = edge-main
-  "https://dl-cdn.alpinelinux.org/alpine/edge/community" = edge-community
-}
+#repos {
+#  "https://dl-cdn.alpinelinux.org/alpine/edge/main" = edge-main
+#  "https://dl-cdn.alpinelinux.org/alpine/edge/community" = edge-community
+#}
 
 repo_keys = [ "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" ]
 
@@ -21,6 +21,7 @@ WHEN {
       aws-cli   = true
       py3-boto3 = true
       zdt-base-aws = kubezero
+      tiny-cloud-aws  = true
     }
   }
 
diff --git a/overlay/zdt/configs/edition/kubezero-packages-x86_64.conf b/overlay/zdt/configs/edition/kubezero-packages-x86_64.conf
deleted file mode 100644
index 105018e..0000000
--- a/overlay/zdt/configs/edition/kubezero-packages-x86_64.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-aws-neuron-driver = kubezero
-nvidia-open-gpu   = kubezero
diff --git a/overlay/zdt/configs/edition/kubezero-packages.conf b/overlay/zdt/configs/edition/kubezero-packages.conf
index 22ad747..dcabb3d 100644
--- a/overlay/zdt/configs/edition/kubezero-packages.conf
+++ b/overlay/zdt/configs/edition/kubezero-packages.conf
@@ -1,3 +1,3 @@
 curl                = true
-kubezero            = "kubezero=~1.25"
-kubezero-imagecache = "kubezero=~1.25"
+kubezero            = "kubezero=~1.27"
+kubezero-imagecache = "kubezero=~1.27"
diff --git a/overlay/zdt/configs/edition/kubezero-services.conf b/overlay/zdt/configs/edition/kubezero-services.conf
index 241f19a..fdb7eda 100644
--- a/overlay/zdt/configs/edition/kubezero-services.conf
+++ b/overlay/zdt/configs/edition/kubezero-services.conf
@@ -1,4 +1,6 @@
 default {
   # Until we migrate away from DS
   node-exporter = null
+  crio = true
+  kubelet = true
 }
diff --git a/overlay/zdt/configs/edition/kubezero.conf b/overlay/zdt/configs/edition/kubezero.conf
index 6dcb82d..2bdfd24 100644
--- a/overlay/zdt/configs/edition/kubezero.conf
+++ b/overlay/zdt/configs/edition/kubezero.conf
@@ -6,11 +6,14 @@ packages { include required("kubezero-packages.conf") }
 services { include required("kubezero-services.conf") }
 
 description = [ "- https://kubezero.com" ]
-name = [ kubezero-1.25.8 ]
-size = 2G
+name = [ kubezero-1.27.8 ]
+disk_size = [1024]
 
 WHEN {
-  x86_64 {
-    packages { include required("kubezero-packages-x86_64.conf") }
+  aws {
+    packages {
+      aws-neuron-driver = kubezero
+      nvidia-open-gpu   = kubezero
+    }
   }
 }
diff --git a/overlay/zdt/configs/edition/minimal-packages.conf b/overlay/zdt/configs/edition/minimal-packages.conf
new file mode 100644
index 0000000..7c400ee
--- /dev/null
+++ b/overlay/zdt/configs/edition/minimal-packages.conf
@@ -0,0 +1 @@
+falco               = kubezero
diff --git a/overlay/zdt/configs/edition/minimal.conf b/overlay/zdt/configs/edition/minimal.conf
index 105ee9b..a4f8807 100644
--- a/overlay/zdt/configs/edition/minimal.conf
+++ b/overlay/zdt/configs/edition/minimal.conf
@@ -2,5 +2,7 @@
 
 include required("common.conf")
 
+packages { include required("minimal-packages.conf") }
+
 description = [ "- https://zero-downtime.net/cloud" ]
 name = [ minimal ]
diff --git a/overlay/zdt/configs/machine/metal.conf b/overlay/zdt/configs/machine/metal.conf
index d64441d..a361c35 100644
--- a/overlay/zdt/configs/machine/metal.conf
+++ b/overlay/zdt/configs/machine/metal.conf
@@ -3,13 +3,31 @@
 name         = ["metal"]
 machine_name = "Bare Metal"
 
-# Kernel and firmware are 900M !
-size  = 2G
+# disk_size  = [1024]
 
-# TODO: for now use AWS as nocloud is not merged yet
-#EXCLUDE = ["aws"]
+EXCLUDE = ["aws"]
 
-packages.linux-virt = null
-packages.linux-lts  = true
+packages {
+  linux-virt = null
 
-# TODO: other kernel_modules, kernel_options, or initfs_features?
+  linux-lts  = true
+  falco-kernel-lts = kubezero
+
+  # Keep the image minimal, add firmware as needed
+  linux-firmware-none = true
+
+  mdadm      = true
+  pciutils   = true
+}
+
+
+
+initfs_features {
+  xfs   = true
+  nvme  = true
+  raid  = true
+}
+
+kernel_modules {
+  xfs = true
+}
diff --git a/overlay/zdt/configs/machine/vm.conf b/overlay/zdt/configs/machine/vm.conf
index 6f1690c..b4cce28 100644
--- a/overlay/zdt/configs/machine/vm.conf
+++ b/overlay/zdt/configs/machine/vm.conf
@@ -1,4 +1,6 @@
 name           = [vm]      # we need a name to be able to skip
 machine_name    = "Virtual"
 
-# all image defaults are for virutal machines
+packages {
+  falco-kernel-virt    = kubezero
+}
diff --git a/overlay/zdt/configs/zdt.conf b/overlay/zdt/configs/zdt.conf
index 425fe5b..eed7fa7 100644
--- a/overlay/zdt/configs/zdt.conf
+++ b/overlay/zdt/configs/zdt.conf
@@ -14,7 +14,8 @@ Default {
   scripts     = [ setup ]
   script_dirs = [ setup.d ]
 
-  size  = 1G
+  # This addds up to exact 1GB overall images by default
+  disk_size  = [1008]
   login = alpine
 
   image_format  = vhd
@@ -33,13 +34,13 @@ Default {
 # atm we only support:
 # - tiny-cloud 
 # - uefi boot
-# - latest stable Alpine 3.17
+# - latest stable Alpine 3.18
 
 Dimensions {
   version {
-    "3.17" { include required("version/3.17.conf")
+    "3.18" { include required("version/3.18.conf")
              repos {
-               "https://cdn.zero-downtime.net/alpine/v3.17/kubezero" = kubezero
+               "https://cdn.zero-downtime.net/alpine/v3.18/kubezero" = kubezero
              }
           }
     # edge { include required("version/edge.conf") }
@@ -59,33 +60,35 @@ Dimensions {
     tiny { include required("bootstrap/tiny.conf") }
   }
 
-  machine {
-    vm      { include required("machine/vm.conf") }
-    metal   { include required("machine/metal.conf") }
-  }
-
   cloud {
     aws { include required("cloud/aws.conf") }
     aws.regions {
       ALL = false
-      ap-southeast-2 = true
-      ca-central-1 = true
+      #ap-southeast-2 = true
+      #ca-central-1 = true
       eu-central-1 = true
-      us-east-1 = true
-      us-west-1 = true
-      us-west-2 = true
+      #us-east-1 = true
+      #us-west-1 = true
+      #us-west-2 = true
     }
+    nocloud { include required("cloud/nocloud.conf") }
   }
 
   edition {
     minimal { include required("edition/minimal.conf") }
     kubezero { include required("edition/kubezero.conf") }
   }
+
+  machine {
+    vm      { include required("machine/vm.conf") }
+    metal   { include required("machine/metal.conf") }
+  }
+
 }
 
 # all build configs merge these at the very end
 Mandatory {
-  name = [ "r{revision}" ]
+  name = [ "dev", "r{revision}" ]
   encrypted = "alias/zdt/amis"
 
   # We use neofetch custom branding
@@ -96,5 +99,3 @@ Mandatory {
 
   access { include required("access.conf") }
 }
-
-