From 3549a54fc213d9a60c1dda0f2dc271629a036406 Mon Sep 17 00:00:00 2001
From: Michal Opala <mopala@opennebula.io>
Date: Thu, 21 Nov 2024 18:36:36 +0100
Subject: [PATCH] M #-: Improve capone131 image (cloud provider research)

- Use the k8s.io namespace with ctr (fix)
- Correctly escape dollar sign in kube-vip wrapper (fix)
- Add env vars required by crictl (deprecation)
- Add insecure registry.dev for development use
- Update one-apps submodule
- Use ubuntu2404 image built in one-apps submodule
- Use one-context instead of cloud-init
- Cleanup makefiles
---
 apps-code/community-apps/Makefile             |  6 ++--
 apps-code/community-apps/Makefile.config      | 10 +++---
 .../packer/capone/40-containerd.sh.131        | 22 ++++++++++++-
 .../packer/capone/41-kubernetes.sh.131        | 11 +++++--
 .../packer/capone/capone.pkr.hcl              | 13 +++++---
 .../community-apps/packer/capone/gen_context  | 33 +++++++++++++++++++
 .../packer/capone/variables.pkr.hcl           | 13 +-------
 apps-code/one-apps                            |  2 +-
 8 files changed, 81 insertions(+), 29 deletions(-)
 create mode 100755 apps-code/community-apps/packer/capone/gen_context

diff --git a/apps-code/community-apps/Makefile b/apps-code/community-apps/Makefile
index 29bfaf5..a818ae3 100644
--- a/apps-code/community-apps/Makefile
+++ b/apps-code/community-apps/Makefile
@@ -5,17 +5,17 @@ include Makefile.config
 -include Makefile.local
 
 # services
-services: $(patsubst %, packer-%, $(SERVICES))
+services: $(patsubst %,packer-%,$(SERVICES))
 
 # allow individual services targets (e.g., "make service_Lithops")
-$(SERVICES):  %: packer-% ;
+$(SERVICES): %: packer-%
 
 # aliases + dependency
 packer-%: ${DIR_EXPORT}/%.qcow2
 	@${INFO} "Packer ${*} done"
 
 # run packer build for given distro or service
-${DIR_EXPORT}/%.qcow2: $(patsubst %, ${DIR_ONEAPPS}/context-linux/out/%, $(LINUX_CONTEXT_PACKAGES))
+${DIR_EXPORT}/%.qcow2:
 	$(eval DISTRO_NAME := $(shell echo ${*} | sed 's/[0-9].*//'))
 	$(eval DISTRO_VER  := $(shell echo ${*} | sed 's/^.[^0-9]*\(.*\)/\1/'))
 	packer/build.sh "${DISTRO_NAME}" "${DISTRO_VER}" ${@}
diff --git a/apps-code/community-apps/Makefile.config b/apps-code/community-apps/Makefile.config
index 5f4c8d9..1fd91ad 100644
--- a/apps-code/community-apps/Makefile.config
+++ b/apps-code/community-apps/Makefile.config
@@ -1,6 +1,6 @@
 # context version definition
 VERSION := 6.10.0
-RELEASE := 1
+RELEASE := 2
 
 # log
 VERBOSE         := 1
@@ -13,15 +13,15 @@ SERVICES := service_Lithops service_UERANSIM capone131
 
 # default directories
 DIR_ONEAPPS := ../one-apps
-DIR_BUILD  := build
-DIR_EXPORT := export
+DIR_BUILD   := build
+DIR_EXPORT  := export
 $(shell mkdir -p ${DIR_BUILD} ${DIR_EXPORT})
 
 # don't delete exported
-.SECONDARY: $(patsubst %, $(DIR_EXPORT)/%.qcow2, $(SERVICES))
+.SECONDARY: $(patsubst %,$(DIR_EXPORT)/%.qcow2,$(SERVICES))
 
 # logging func
-INFO=sh -c 'if [ $(VERBOSE) = 1 ]; then  echo [INFO] $$1; fi' INFO
+INFO=sh -c 'if [ $(VERBOSE) = 1 ]; then echo [INFO] $$1; fi' INFO
 
 # export all variables
 export
diff --git a/apps-code/community-apps/packer/capone/40-containerd.sh.131 b/apps-code/community-apps/packer/capone/40-containerd.sh.131
index a0e3a87..44a1f57 100644
--- a/apps-code/community-apps/packer/capone/40-containerd.sh.131
+++ b/apps-code/community-apps/packer/capone/40-containerd.sh.131
@@ -48,9 +48,29 @@ curl -fsSL "https://raw.githubusercontent.com/containerd/containerd/v$CONTAINERD
 systemctl daemon-reload
 
 (containerd config default | gawk -f /dev/fd/3 | install -m u=rw,go=r /dev/fd/0 /etc/containerd/config.toml) 3<<'AWK'
-{ print gensub("^(\\s*SystemdCgroup\\s*)=.*$", "\\1= true", 1) }
+$1 == "[plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]" {
+    update_SystemdCgroup = 1
+}
+update_SystemdCgroup && $1 == "SystemdCgroup" {
+    update_SystemdCgroup = 0
+    $0 = gensub("^(\\s*SystemdCgroup\\s*)=.*$", "\\1= true", 1)
+}
+$1 == "[plugins.\"io.containerd.grpc.v1.cri\".registry]" {
+    update_config_path = 1
+}
+update_config_path && $1 == "config_path" {
+    update_config_path = 0
+    $0 = gensub("^(\\s*config_path\\s*)=.*$", "\\1= \"/etc/containerd/certs.d/\"", 1)
+}
+{ print }
 AWK
 
+install -m u=rw,go=r -D /dev/fd/0 /etc/containerd/certs.d/registry.dev:5005/hosts.toml <<'EOF'
+[host."http://registry.dev:5005"]
+  capabilities = ["pull", "resolve"]
+  skip_verify = true
+EOF
+
 systemctl enable containerd --now # must be started to pre-pull images in later stages
 
 sync
diff --git a/apps-code/community-apps/packer/capone/41-kubernetes.sh.131 b/apps-code/community-apps/packer/capone/41-kubernetes.sh.131
index 9c8384c..5688cec 100644
--- a/apps-code/community-apps/packer/capone/41-kubernetes.sh.131
+++ b/apps-code/community-apps/packer/capone/41-kubernetes.sh.131
@@ -56,12 +56,17 @@ systemctl daemon-reload
 
 kubeadm config images pull "--kubernetes-version=v$KUBERNETES_VERSION"
 
-ctr image pull "ghcr.io/kube-vip/kube-vip:v$KUBEVIP_VERSION"
-ctr image pull "ghcr.io/kube-vip/kube-vip-cloud-provider:v$KUBEVIP_CLOUD_PROVIDER_VERSION"
+ctr --namespace=k8s.io image pull "ghcr.io/kube-vip/kube-vip:v$KUBEVIP_VERSION"
+ctr --namespace=k8s.io image pull "ghcr.io/kube-vip/kube-vip-cloud-provider:v$KUBEVIP_CLOUD_PROVIDER_VERSION"
 
 install -m u=rwx,go=rx /dev/fd/0 /usr/local/bin/kube-vip <<EOF
 #!/usr/bin/env bash
-exec ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:v$KUBEVIP_VERSION vip /kube-vip "$$@"
+exec ctr --namespace=k8s.io run --rm --net-host ghcr.io/kube-vip/kube-vip:v$KUBEVIP_VERSION vip /kube-vip "\$@"
+EOF
+
+install -m u=rw,go=r /dev/fd/0 /etc/profile.d/crictl.sh <<'EOF'
+export CONTAINER_RUNTIME_ENDPOINT=/run/containerd/containerd.sock
+export IMAGE_SERVICE_ENDPOINT=/run/containerd/containerd.sock
 EOF
 
 install -m u=rw,go=r /dev/fd/0 /etc/profile.d/kubeconfig.sh <<'EOF'
diff --git a/apps-code/community-apps/packer/capone/capone.pkr.hcl b/apps-code/community-apps/packer/capone/capone.pkr.hcl
index 137e681..93fff3e 100644
--- a/apps-code/community-apps/packer/capone/capone.pkr.hcl
+++ b/apps-code/community-apps/packer/capone/capone.pkr.hcl
@@ -6,7 +6,9 @@ build {
 
   provisioner "shell-local" {
     inline = [
-      "cloud-localds ${var.input_dir}/${var.appliance_name}-cloud-init.iso ${var.input_dir}/cloud-init.yml",
+      "mkdir -p ${var.input_dir}/context",
+      "${var.input_dir}/gen_context > ${var.input_dir}/context/context.sh",
+      "mkisofs -o ${var.input_dir}/${var.appliance_name}-context.iso -V CONTEXT -J -R ${var.input_dir}/context",
     ]
   }
 }
@@ -17,8 +19,8 @@ source "qemu" "capone" {
   memory      = 2048
   accelerator = "kvm"
 
-  iso_url      = lookup(lookup(var.kubeadm, var.version, {}), "iso_url", "")
-  iso_checksum = lookup(lookup(var.kubeadm, var.version, {}), "iso_checksum", "")
+  iso_url      = "../one-apps/export/ubuntu2404.qcow2"
+  iso_checksum = "none"
 
   headless = var.headless
 
@@ -35,8 +37,11 @@ source "qemu" "capone" {
 
   qemuargs = [
     ["-cpu", "host"],
-    ["-cdrom", "${var.input_dir}/${var.appliance_name}-cloud-init.iso"],
+    ["-cdrom", "${var.input_dir}/${var.appliance_name}-context.iso"],
     ["-serial", "stdio"],
+    # MAC addr needs to mach ETH0_MAC from context iso
+    ["-netdev", "user,id=net0,hostfwd=tcp::{{ .SSHHostPort }}-:22"],
+    ["-device", "virtio-net-pci,netdev=net0,mac=00:11:22:33:44:55"]
   ]
 
   ssh_username     = "root"
diff --git a/apps-code/community-apps/packer/capone/gen_context b/apps-code/community-apps/packer/capone/gen_context
new file mode 100755
index 0000000..386bdee
--- /dev/null
+++ b/apps-code/community-apps/packer/capone/gen_context
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -eux -o pipefail
+
+SCRIPT=$(cat <<'MAINEND'
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "PasswordAuthentication yes" }
+/^[#\s]*PasswordAuthentication\s/ { $0 = update; found = 1 }
+{ print }
+ENDFILE { if (!found) print update }
+EOF
+
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "PermitRootLogin yes" }
+/^[#\s]*PermitRootLogin\s/ { $0 = update; found = 1 }
+{ print }
+ENDFILE { if (!found) print update }
+EOF
+
+systemctl reload sshd
+
+echo "nameserver 1.1.1.1" > /etc/resolv.conf
+MAINEND
+)
+
+cat<<EOF
+ETH0_METHOD='dhcp'
+NETWORK='YES'
+SET_HOSTNAME='capone'
+PASSWORD='opennebula'
+ETH0_MAC='00:11:22:33:44:55'
+NETCFG_TYPE='nm'
+START_SCRIPT_BASE64="$(echo "$SCRIPT" | base64 -w0)"
+EOF
diff --git a/apps-code/community-apps/packer/capone/variables.pkr.hcl b/apps-code/community-apps/packer/capone/variables.pkr.hcl
index 190ea53..e41adb6 100644
--- a/apps-code/community-apps/packer/capone/variables.pkr.hcl
+++ b/apps-code/community-apps/packer/capone/variables.pkr.hcl
@@ -1,6 +1,6 @@
 variable "appliance_name" {
   type    = string
-  default = "kubeadm"
+  default = "capone"
 }
 
 variable "version" {
@@ -20,14 +20,3 @@ variable "headless" {
   type    = bool
   default = false
 }
-
-variable "kubeadm" {
-  type = map(map(string))
-
-  default = {
-    "131" = {
-      iso_url      = "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"
-      iso_checksum = "file:https://cloud-images.ubuntu.com/noble/current/SHA256SUMS"
-    }
-  }
-}
diff --git a/apps-code/one-apps b/apps-code/one-apps
index 960f88b..ff7bcb6 160000
--- a/apps-code/one-apps
+++ b/apps-code/one-apps
@@ -1 +1 @@
-Subproject commit 960f88b6f1621cd1e7ab517844c032c8e2da2b89
+Subproject commit ff7bcb6b8fedde6c25ae97f885628e2c5338c270