From ec7a7ef7323f40e2fbb2668e69776241de981a19 Mon Sep 17 00:00:00 2001 From: Joonas Bergius Date: Mon, 8 Apr 2024 21:03:01 -0500 Subject: [PATCH 1/4] Add wasmCloud sysext image Signed-off-by: Joonas Bergius --- create_wasmcloud_sysext.sh | 102 +++++++++++++++++++++++++++++++++++++ release_build_versions.txt | 2 + 2 files changed, 104 insertions(+) create mode 100755 create_wasmcloud_sysext.sh diff --git a/create_wasmcloud_sysext.sh b/create_wasmcloud_sysext.sh new file mode 100755 index 0000000..03fada4 --- /dev/null +++ b/create_wasmcloud_sysext.sh @@ -0,0 +1,102 @@ +#!/usr/bin/env bash +set -euo pipefail + +export ARCH="${ARCH-x86-64}" +SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")" + +if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 VERSION SYSEXTNAME [NATS_VERSION]" + echo "The script will download the wasmcloud release (e.g. 0.82.0) and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder." + echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again." + echo "All files in the sysext image will be owned by root." + echo "To use arm64 pass 'ARCH=arm64' as environment variable (current value is '${ARCH}')." + "${SCRIPTFOLDER}"/bake.sh --help + exit 1 +fi + +VERSION="$1" +SYSEXTNAME="$2" +NATS_VERSION="${3-latest}" + +# The github release uses different arch identifiers, we map them here +# and rely on bake.sh to map them back to what systemd expects +if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then + ARCH="x86_64" + GOARCH="amd64" +elif [ "${ARCH}" = "arm64" ]; then + ARCH="aarch64" + GOARCH="arm64" +else + echo "Unknown architecture ('${ARCH}') provided, supported values are 'amd64', 'arm64'." + exit 1 +fi + +rm -rf "${SYSEXTNAME}" +mkdir -p "${SYSEXTNAME}"/usr/bin + +VERSION="v${VERSION#v}" +curl -o "${SYSEXTNAME}"/usr/bin/wasmcloud -fvSL "https://github.com/wasmcloud/wasmcloud/releases/download/${VERSION}/wasmcloud-${ARCH}-unknown-linux-musl" +chmod +x "${SYSEXTNAME}"/usr/bin/wasmcloud + +# Install NATS +version="${NATS_VERSION}" +if [[ "${NATS_VERSION}" == "latest" ]]; then + version=$(curl -fvSL https://api.github.com/repos/nats-io/nats-server/releases/latest | jq -r .tag_name) + echo "Using latest version: ${version} for NATS Server" +fi +version="v${version#v}" + +rm -f "nats-server.tar.gz" +curl -o nats-server.tar.gz -fvSL "https://github.com/nats-io/nats-server/releases/download/${version}/nats-server-${version}-linux-${GOARCH}.tar.gz" +tar -xf "nats-server.tar.gz" -C "${SYSEXTNAME}" +mv "${SYSEXTNAME}/nats-server-${version}-linux-${GOARCH}/nats-server" "${SYSEXTNAME}/usr/bin/" +rm -r "${SYSEXTNAME}/nats-server-${version}-linux-${GOARCH}" +rm "nats-server.tar.gz" + +mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system" +cat > "${SYSEXTNAME}/usr/lib/systemd/system/wasmcloud.service" <<-'EOF' +[Unit] +Description=wasmCloud Host +Documentation=https://wasmcloud.com/docs/ +After=nats.service network-online.target +Wants=network-online.target +Requires=nats.service +[Service] +ExecStart=/usr/bin/wasmcloud +Restart=always +StartLimitInterval=0 +RestartSec=5 +[Install] +WantedBy=multi-user.target +EOF + +cat > "${SYSEXTNAME}/usr/lib/systemd/system/nats.service" <<-'EOF' +[Unit] +Description=NATS Server +After=network-online.target systemd-timesyncd.service +[Service] +PrivateTmp=true +Type=simple +Environment=NATS_CONFIG=/usr/share/nats/nats.conf +ExecStart=/usr/bin/nats-server --jetstream --config ${NATS_CONFIG} +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s SIGINT $MAINPID +# The nats-server uses SIGUSR2 to trigger using Lame Duck Mode (LDM) shutdown +KillSignal=SIGUSR2 +# You might want to adjust TimeoutStopSec too. +[Install] +WantedBy=multi-user.target +EOF + +mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d" +{ echo "[Unit]"; echo "Upholds=wasmcloud.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-wasmcloud-service.conf" +{ echo "[Unit]"; echo "Upholds=nats.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-nats-service.conf" + +mkdir -p "${SYSEXTNAME}/usr/share/nats" +cat > "${SYSEXTNAME}/usr/share/nats/nats.conf" <<-'EOF' +port: 4222 +monitor_port: 8222 +EOF + +RELOAD=1 "${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}" +rm -rf "${SYSEXTNAME}" diff --git a/release_build_versions.txt b/release_build_versions.txt index b95e362..222109b 100644 --- a/release_build_versions.txt +++ b/release_build_versions.txt @@ -17,3 +17,5 @@ wasmtime-12.0.0 wasmtime-13.0.0 # Used in Flatcar wasm OS demo wasmtime-17.0.1 # Used in README.md. Update readme when version changes. wasmtime-18.0.1 + +wasmcloud-0.82.0 \ No newline at end of file From 9df90cbdcdce24719636ddbbe19c3d8b52230ae6 Mon Sep 17 00:00:00 2001 From: Joonas Bergius Date: Tue, 9 Apr 2024 21:24:56 -0500 Subject: [PATCH 2/4] Silence curl downloads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Kai Lüke --- create_wasmcloud_sysext.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/create_wasmcloud_sysext.sh b/create_wasmcloud_sysext.sh index 03fada4..4121a54 100755 --- a/create_wasmcloud_sysext.sh +++ b/create_wasmcloud_sysext.sh @@ -35,13 +35,13 @@ rm -rf "${SYSEXTNAME}" mkdir -p "${SYSEXTNAME}"/usr/bin VERSION="v${VERSION#v}" -curl -o "${SYSEXTNAME}"/usr/bin/wasmcloud -fvSL "https://github.com/wasmcloud/wasmcloud/releases/download/${VERSION}/wasmcloud-${ARCH}-unknown-linux-musl" +curl -o "${SYSEXTNAME}"/usr/bin/wasmcloud -fsSL "https://github.com/wasmcloud/wasmcloud/releases/download/${VERSION}/wasmcloud-${ARCH}-unknown-linux-musl" chmod +x "${SYSEXTNAME}"/usr/bin/wasmcloud # Install NATS version="${NATS_VERSION}" if [[ "${NATS_VERSION}" == "latest" ]]; then - version=$(curl -fvSL https://api.github.com/repos/nats-io/nats-server/releases/latest | jq -r .tag_name) + version=$(curl -fsSL https://api.github.com/repos/nats-io/nats-server/releases/latest | jq -r .tag_name) echo "Using latest version: ${version} for NATS Server" fi version="v${version#v}" From 99820e8b712d984947cf3c3b6ad1d06c2a6da7d0 Mon Sep 17 00:00:00 2001 From: Joonas Bergius Date: Mon, 8 Apr 2024 21:20:15 -0500 Subject: [PATCH 3/4] Add a README example for the wasmCloud recipe Signed-off-by: Joonas Bergius --- README.md | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/README.md b/README.md index 3cde494..1ad684c 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,80 @@ systemd: This also configures systemd-sysupdate for auto-updates. The `noop.conf` is a workaround for systemd-sysupdate to run without error messages. Since the configuration sets up a custom Docker version, it also disables Torcx and the future `docker-flatcar` and `containerd-flatcar` extensions to prevent conflicts. +For another example of how you can further customize the recipes provided in this repository, the following recipe uses the image built with `create_wasmcloud_sysext.sh`: +```yaml +variant: flatcar +version: 1.0.0 +storage: + files: + - path: /opt/extensions/wasmcloud/wasmcloud-0.82.0-x86-64.raw + contents: + source: https://github.com/flatcar/sysext-bakery/releases/download/latest/wasmcloud-0.82.0-x86-64.raw + - path: /etc/sysupdate.d/noop.conf + contents: + source: https://github.com/flatcar/sysext-bakery/releases/download/latest/noop.conf + - path: /etc/sysupdate.wasmcloud.d/wasmcloud.conf + contents: + source: https://github.com/flatcar/sysext-bakery/releases/download/latest/wasmcloud.conf + - path: /etc/nats-server.conf + contents: + inline: | + jetstream { + domain: default + } + leafnodes { + remotes = [ + { + url: "tls://connect.cosmonic.sh" + credentials: "/etc/nats.creds" + } + ] + } + - path: /etc/nats.creds + contents: + inline: | + + links: + - target: /opt/extensions/wasmcloud/wasmcloud-0.82.0-x86-64.raw + path: /etc/extensions/wasmcloud.raw + hard: false +systemd: + units: + - name: nats.service + enabled: true + dropins: + - name: 10-nats-env-override.conf + contents: | + [Service] + Environment=NATS_CONFIG=/etc/nats-server.conf + - name: wasmcloud.service + enabled: true + dropins: + - name: 10-wasmcloud-env-override.conf + contents: | + [Service] + Environment=WASMCLOUD_LATTICE= + - name: systemd-sysupdate.timer + enabled: true + - name: systemd-sysupdate.service + dropins: + - name: wasmcloud.conf + contents: | + [Service] + ExecStartPre=/usr/lib/systemd/systemd-sysupdate -C wasmcloud update + - name: sysext.conf + contents: | + [Service] + ExecStartPost=systemctl restart systemd-sysext +``` + +This example uses Butane/Ignition configuration do the following customizations beyond simply including the image: + +1. Provide a different configuration to setup the nats-server to act as a leaf node to a pre-existing wasmCloud deployment (`/etc/nats-server.conf`). +2. Provide a set of credentials for the nats-server leaf node to connect with (`/etc/nats.creds`). +3. Override the bundled `NATS_CONFIG` environment variable to point it to the newly created configuration (`NATS_CONFIG=/etc/nats-server.conf`). +4. Override the lattice the wasmCloud host is configured to connect (`WASMCLOUD_LATTICE=`). + In the [Flatcar docs](https://www.flatcar.org/docs/latest/provisioning/sysext/) you can find an Ignition configuration that explicitly sets the update configurations instead of downloading them. The updates works by [`systemd-sysupdate`](https://www.freedesktop.org/software/systemd/man/sysupdate.d.html) fetching the `SHA256SUMS` file of the generated artifacts, which holds the list of built images with their respective SHA256 digest. From ef310437a8615d682e76ed37d008fd7340738594 Mon Sep 17 00:00:00 2001 From: Joonas Bergius Date: Mon, 8 Apr 2024 21:20:15 -0500 Subject: [PATCH 4/4] Link to upstream bnats-server systemd service file --- create_wasmcloud_sysext.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/create_wasmcloud_sysext.sh b/create_wasmcloud_sysext.sh index 4121a54..0ec1c54 100755 --- a/create_wasmcloud_sysext.sh +++ b/create_wasmcloud_sysext.sh @@ -70,6 +70,7 @@ RestartSec=5 WantedBy=multi-user.target EOF +# Based on https://github.com/nats-io/nats-server/blob/main/util/nats-server.service cat > "${SYSEXTNAME}/usr/lib/systemd/system/nats.service" <<-'EOF' [Unit] Description=NATS Server