diff --git a/create_crio_sysext.sh b/create_crio_sysext.sh new file mode 100644 index 0000000..8b98132 --- /dev/null +++ b/create_crio_sysext.sh @@ -0,0 +1,75 @@ +#!/usr/bin/env bash +set -euo pipefail + +export ARCH="${ARCH-x86-64}" +SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")" + +if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 VERSION SYSEXTNAME" + echo "The script will download the cri-o release binaries (e.g., for 1.28.4) and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder." + echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again." + echo "All files in the sysext image will be owned by root." + echo "To use arm64 pass 'ARCH=arm64' as environment variable (current value is '${ARCH}')." + echo "CNI files are not automatically installed systemwide, but are present in /usr/share/crio/cni" + "${SCRIPTFOLDER}"/bake.sh --help + exit 1 +fi + +VERSION="$1" +SYSEXTNAME="$2" + +# The github release uses different arch identifiers (not the same as in the other scripts here), +# we map them here and rely on bake.sh to map them back to what systemd expects +if [ "${ARCH}" = "x86_64" ] || [ "${ARCH}" = "x86-64" ]; then + ARCH="amd64" +elif [ "${ARCH}" = "aarch64" ]; then + ARCH="arm64" +fi + +curl -o "cri-o.${ARCH}.v${VERSION}.tar.gz" -fsSL "https://storage.googleapis.com/cri-o/artifacts/cri-o.${ARCH}.v${VERSION}.tar.gz" +rm -rf "${SYSEXTNAME}" +mkdir -p "${SYSEXTNAME}" "${SYSEXTNAME}/tmp" +tar --force-local -xf "cri-o.${ARCH}.v${VERSION}.tar.gz" -C "${SYSEXTNAME}/tmp" +cd "${SYSEXTNAME}/tmp/cri-o/" +sed -i '/^sed -i.*DESTDIR/d' install # removes sed replacements from install script to keep the default location (/usr) in the base config file +DESTDIR="${PWD}/${SYSEXTNAME}" PREFIX=/usr ETCDIR=$PREFIX/share/crio/etc OCIDIR=$PREFIX/share/oci-umount/oci-umount.d \ + CNIDIR=$PREFIX/share/crio/cni/etc/net.d/ OPT_CNI_BIN_DIR=$PREFIX/share/crio/cni/bin/ BASHINSTALLDIR=/tmp FISHINSTALLDIR=/tmp ZSHINSTALLDIR=/tmp MANDIR=/tmp ./install +cd "${SCRIPTFOLDER}" +rm -rf "${SYSEXTNAME}/tmp" + + +cat > "${SYSEXTNAME}/usr/share/crio/etc/crio/crio.conf" <<'EOF' +# /etc/crio/crio.conf - Configuration file for crio +# See /etc/crio/crio.conf.d/ for additional config files +# +EOF + +cat > "${SYSEXTNAME}/usr/share/crio/README-flatcar" <<'EOF' +To use kubernetes with crio in flatcar, you will need to pass the criSocket to kubeadm. +Eg: kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version v1.29.2 --cri-socket=unix:///var/run/crio/crio.sock' +EOF + + +mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/crio.service.d" +cat > "${SYSEXTNAME}/usr/lib/systemd/system/crio.service.d/10-crio.conf" <<-'EOF' +[Service] +Environment="CONTAINER_CNI_PLUGIN_DIR=/opt/cni/bin" +Environment="CONTAINER_CONFIG=/etc/crio/crio.conf" +Environment="CONTAINER_CNI_CONFIG_DIR=/etc/cni/net.d" +ExecStartPre=/usr/bin/mkdir -p /opt/cni/bin /etc/crio/crio.conf.d/ /etc/cni/net.d/ /var/log/crio +ExecStartPre=/usr/bin/rsync -ur /usr/share/crio/etc/ /etc/ +ExecStart= +ExecStart=/usr/bin/crio --config-dir /etc/crio/crio.conf.d/ \ + $CRIO_CONFIG_OPTIONS \ + $CRIO_RUNTIME_OPTIONS \ + $CRIO_STORAGE_OPTIONS \ + $CRIO_NETWORK_OPTIONS \ + $CRIO_METRICS_OPTIONS +EOF + +mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d" +{ echo "[Unit]"; echo "Upholds=crio.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-crio.conf" + +RELOAD=1 "${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}" +rm -f "cri-o.${ARCH}.v${VERSION}.tar.gz" +rm -rf "${SYSEXTNAME}" diff --git a/create_keepalived_sysext.sh b/create_keepalived_sysext.sh new file mode 100644 index 0000000..10b1868 --- /dev/null +++ b/create_keepalived_sysext.sh @@ -0,0 +1,130 @@ + +#!/usr/bin/env bash +set -euo pipefail + +SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")" + +if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 VERSION SYSEXTNAME" + echo "The script will download the keepalived from git, checkout the tag (e.g., for v2.2.8), build a static binary and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder." + echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again." + echo "All files in the sysext image will be owned by root." + echo "The build process requires docker" + "${SCRIPTFOLDER}"/bake.sh --help + exit 1 +fi + +VERSION="$1" +SYSEXTNAME="$2" + + +if ! which docker &>/dev/null; then + echo Missing docker in path + exit 1 +fi + +export ARCH=x86-64 +mkdir -p "${SYSEXTNAME}" +#docker build -t keepalived-build --build-arg VERSION=$VERSION - < Dockerfile-keepalived +docker build -t keepalived-build --build-arg VERSION=$VERSION - <<-'EOF' + +FROM alpine:3.19 as build +ARG VERSION=not_set_force_fail +RUN apk --no-cache add \ + binutils \ + file \ + file-dev \ + gcc \ + glib \ + glib-dev \ + ipset \ + ipset-dev \ + iptables \ + iptables-dev \ + libmnl-dev \ + libnftnl-dev \ + libnl3 \ + libnl3-dev \ + make \ + musl-dev \ + net-snmp-dev \ + openssl \ + openssl-dev \ + openssl-libs-static \ + pcre2 \ + pcre2-dev \ + autoconf \ + automake zlib-static alpine-sdk linux-headers libmnl-static git +WORKDIR /opt +RUN git clone https://github.com/acassen/keepalived.git +RUN set -ex && \ + cd /opt/keepalived && git checkout $VERSION && \ + ./autogen.sh && \ + CFLAGS='-static -s' LDFLAGS=-static ./configure --disable-dynamic-linking \ + --prefix=/usr \ + --exec-prefix=/usr \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + --sysconfdir=/usr/etc \ + --datadir=/usr/share \ + --localstatedir=/var \ + --mandir=/usr/share/man \ + --enable-bfd \ + --enable-nftables \ + --enable-regex \ + --enable-json --with-init=systemd --enable-vrrp --enable-libnl-dynamic +RUN set -ex && \ + cd /opt/keepalived && \ + make && \ + make DESTDIR=/install_root install && \ + find /install_root && \ + rm -rf /install_root/usr/share /install_root/usr/etc/keepalived/samples + +FROM scratch AS bin +COPY --from=build /install_root / + + + +EOF + + +docker save keepalived-build | tar --no-anchored --strip-components 1 -C "${SYSEXTNAME}" -xvf - layer.tar +tar -C "${SYSEXTNAME}" -xvf "${SYSEXTNAME}"/layer.tar +rm -f "${SYSEXTNAME}"/layer.tar +mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/" +cat > "${SYSEXTNAME}/usr/lib/systemd/system/keepalived.service" <<-'EOF' +[Unit] +Description=LVS and VRRP High Availability Monitor +After=network-online.target syslog.target +Wants=network-online.target + +[Service] +Type=forking +PIDFile=/run/keepalived.pid +KillMode=process +EnvironmentFile=-/usr/etc/sysconfig/keepalived +EnvironmentFile=-/etc/sysconfig/keepalived +ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target +EOF + +mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/keepalived.service.d" +cat > "${SYSEXTNAME}/usr/lib/systemd/system/keepalived.service.d/10-keepalived.conf" <<-'EOF' +[Service] +ExecStartPre=/usr/bin/mkdir -p /etc/keepalived/ +ExecStartPre=-/bin/bash -c '[ ! -f /etc/keepalived/keepalived.conf ] && touch /etc/keepalived/keepalived.conf' +#ExecStartPre=-/usr/bin/rsync -u /usr/etc/keepalived/keepalived.conf.sample /etc/keepalived/keepalived.conf +ExecStart= +ExecStart=/usr/sbin/keepalived --use-file /etc/keepalived/keepalived.conf $KEEPALIVED_OPTIONS +EOF + +mkdir -p "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d" +{ echo "[Unit]"; echo "Upholds=keepalived.service"; } > "${SYSEXTNAME}/usr/lib/systemd/system/multi-user.target.d/10-keepalived.conf" + +RELOAD=1 "${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}" +rm -rf "${SYSEXTNAME}" +docker rmi keepalived-build +