Add wasmCloud recipe

README.md

@@ -135,6 +135,80 @@ systemd:
 This also configures systemd-sysupdate for auto-updates. The `noop.conf` is a workaround for systemd-sysupdate to run without error messages.
 Since the configuration sets up a custom Docker version, it also disables Torcx and the future `docker-flatcar` and `containerd-flatcar` extensions to prevent conflicts.
 
+For another example of how you can further customize the recipes provided in this repository, the following recipe uses the image built with `create_wasmcloud_sysext.sh`:
+```yaml
+variant: flatcar
+version: 1.0.0
+storage:
+  files:
+    - path: /opt/extensions/wasmcloud/wasmcloud-0.82.0-x86-64.raw
+      contents:
+        source: https://github.com/flatcar/sysext-bakery/releases/download/latest/wasmcloud-0.82.0-x86-64.raw
+    - path: /etc/sysupdate.d/noop.conf
+      contents:
+        source: https://github.com/flatcar/sysext-bakery/releases/download/latest/noop.conf
+    - path: /etc/sysupdate.wasmcloud.d/wasmcloud.conf
+      contents:
+        source: https://github.com/flatcar/sysext-bakery/releases/download/latest/wasmcloud.conf
+    - path: /etc/nats-server.conf
+      contents:
+        inline: |
+          jetstream {
+            domain: default
+          }
+          leafnodes {
+              remotes = [
+                  {
+                      url: "tls://connect.cosmonic.sh"
+                      credentials: "/etc/nats.creds"
+                  }
+              ]
+          }
+    - path: /etc/nats.creds
+      contents:
+        inline: |
+          <redacted>
+  links:
+    - target: /opt/extensions/wasmcloud/wasmcloud-0.82.0-x86-64.raw
+      path: /etc/extensions/wasmcloud.raw
+      hard: false
+systemd:
+  units:
+    - name: nats.service
+      enabled: true
+      dropins:
+        - name: 10-nats-env-override.conf
+          contents: |
+            [Service]
+            Environment=NATS_CONFIG=/etc/nats-server.conf
+    - name: wasmcloud.service
+      enabled: true
+      dropins:
+        - name: 10-wasmcloud-env-override.conf
+          contents: |
+            [Service]
+            Environment=WASMCLOUD_LATTICE=<redacted>
+    - name: systemd-sysupdate.timer
+      enabled: true
+    - name: systemd-sysupdate.service
+      dropins:
+        - name: wasmcloud.conf
+          contents: |
+            [Service]
+            ExecStartPre=/usr/lib/systemd/systemd-sysupdate -C wasmcloud update
+        - name: sysext.conf
+          contents: |
+            [Service]
+            ExecStartPost=systemctl restart systemd-sysext
+```
+
+This example uses Butane/Ignition configuration do the following customizations beyond simply including the image:
+
+1. Provide a different configuration to setup the nats-server to act as a leaf node to a pre-existing wasmCloud deployment (`/etc/nats-server.conf`).
+2. Provide a set of credentials for the nats-server leaf node to connect with (`/etc/nats.creds`).
+3. Override the bundled `NATS_CONFIG` environment variable to point it to the newly created configuration (`NATS_CONFIG=/etc/nats-server.conf`).
+4. Override the lattice the wasmCloud host is configured to connect (`WASMCLOUD_LATTICE=<redacted>`).
+
 In the [Flatcar docs](https://www.flatcar.org/docs/latest/provisioning/sysext/) you can find an Ignition configuration that explicitly sets the update configurations instead of downloading them.
 
 The updates works by [`systemd-sysupdate`](https://www.freedesktop.org/software/systemd/man/sysupdate.d.html) fetching the `SHA256SUMS` file of the generated artifacts, which holds the list of built images with their respective SHA256 digest.

create_wasmcloud_sysext.sh

@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+export ARCH="${ARCH-x86-64}"
+SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")"
+
+if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+  echo "Usage: $0 VERSION SYSEXTNAME [NATS_VERSION]"
+  echo "The script will download the wasmcloud release (e.g. 0.82.0) and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder."
+  echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again."
+  echo "All files in the sysext image will be owned by root."
+  echo "To use arm64 pass 'ARCH=arm64' as environment variable (current value is '${ARCH}')."
+  "${SCRIPTFOLDER}"/bake.sh --help
+  exit 1
+fi
+
+VERSION="$1"
+SYSEXTNAME="$2"
+NATS_VERSION="${3-latest}"
+
+# The github release uses different arch identifiers, we map them here
+# and rely on bake.sh to map them back to what systemd expects
+if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
+  ARCH="x86_64"
+  GOARCH="amd64"
+elif [ "${ARCH}" = "arm64" ]; then
+  ARCH="aarch64"
+  GOARCH="arm64"
+else
+  echo "Unknown architecture ('${ARCH}') provided, supported values are 'amd64', 'arm64'."
+  exit 1
+fi
+
+rm -rf "${SYSEXTNAME}"
+mkdir -p "${SYSEXTNAME}"/usr/bin
+
+VERSION="v${VERSION#v}"
+curl -o "${SYSEXTNAME}"/usr/bin/wasmcloud -fsSL "https://github.com/wasmcloud/wasmcloud/releases/download/${VERSION}/wasmcloud-${ARCH}-unknown-linux-musl"
+chmod +x "${SYSEXTNAME}"/usr/bin/wasmcloud
+
+# Install NATS
+version="${NATS_VERSION}"
+if [[ "${NATS_VERSION}" == "latest" ]]; then
+  version=$(curl -fsSL https://api.github.com/repos/nats-io/nats-server/releases/latest | jq -r .tag_name)
+  echo "Using latest version: ${version} for NATS Server"
+fi
+version="v${version#v}"
+
+rm -f "nats-server.tar.gz"
+curl -o nats-server.tar.gz -fvSL "https://github.com/nats-io/nats-server/releases/download/${version}/nats-server-${version}-linux-${GOARCH}.tar.gz"
+tar -xf "nats-server.tar.gz" -C "${SYSEXTNAME}"
+mv "${SYSEXTNAME}/nats-server-${version}-linux-${GOARCH}/nats-server" "${SYSEXTNAME}/usr/bin/"
+rm -r "${SYSEXTNAME}/nats-server-${version}-linux-${GOARCH}"
+rm "nats-server.tar.gz"
+
+mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system"
+cat > "${SYSEXTNAME}/usr/lib/systemd/system/wasmcloud.service" <<-'EOF'
+[Unit]
+Description=wasmCloud Host
+Documentation=https://wasmcloud.com/docs/
+After=nats.service network-online.target
+Wants=network-online.target
+Requires=nats.service
+[Service]
+ExecStart=/usr/bin/wasmcloud
+Restart=always
+StartLimitInterval=0
+RestartSec=5
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Based on https://github.com/nats-io/nats-server/blob/main/util/nats-server.service
+cat > "${SYSEXTNAME}/usr/lib/systemd/system/nats.service" <<-'EOF'
+[Unit]
+Description=NATS Server
+After=network-online.target systemd-timesyncd.service
+[Service]
+PrivateTmp=true
+Type=simple
+Environment=NATS_CONFIG=/usr/share/nats/nats.conf
+ExecStart=/usr/bin/nats-server --jetstream --config ${NATS_CONFIG}
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s SIGINT $MAINPID
+# The nats-server uses SIGUSR2 to trigger using Lame Duck Mode (LDM) shutdown
+KillSignal=SIGUSR2
+# You might want to adjust TimeoutStopSec too.
+[Install]
+WantedBy=multi-user.target
+EOF
+
+mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d"
+{ echo "[Unit]"; echo "Upholds=wasmcloud.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-wasmcloud-service.conf"
+{ echo "[Unit]"; echo "Upholds=nats.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-nats-service.conf"
+
+mkdir -p "${SYSEXTNAME}/usr/share/nats"
+cat > "${SYSEXTNAME}/usr/share/nats/nats.conf" <<-'EOF'
+port: 4222
+monitor_port: 8222
+EOF
+
+RELOAD=1 "${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}"
+rm -rf "${SYSEXTNAME}"

release_build_versions.txt

@@ -17,3 +17,5 @@ wasmtime-12.0.0
 wasmtime-13.0.0 # Used in Flatcar wasm OS demo
 wasmtime-17.0.1 # Used in README.md. Update readme when version changes.
 wasmtime-18.0.1
+
+wasmcloud-0.82.0