From 2528abf8c6ab1843c49b25984ea717c42e3c5bfb Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Thu, 13 Apr 2023 22:14:39 -0700 Subject: [PATCH] packer: update build system Adding TPM tooling, dnsmasq. --- docs/index.rst | 2 +- packer/boards/cm4-cdev-ubuntu-22.04.2.json | 19 +++++- ...4.2.json => cm4-cnode-ubuntu-22.04.2.json} | 6 +- packer/boards/rp4-cdev-ubuntu-22.04.2.json | 60 ------------------- packer/build-image.sh | 2 +- packer/files/dnsmasq.conf | 7 +++ packer/files/hosts | 32 ++++++++++ packer/files/tailscale.service | 18 ++++++ packer/files/user-data_cdev | 40 +++++++++++++ packer/files/{user-data => user-data_cnode} | 26 +------- .../{install-base.sh => setup-base.sh} | 11 +++- packer/scripts/setup-cdev.sh | 8 ++- packer/ubuntu-boards.yml | 16 +++-- 13 files changed, 147 insertions(+), 100 deletions(-) rename packer/boards/{cm4-cluster-ubuntu-22.04.2.json => cm4-cnode-ubuntu-22.04.2.json} (92%) delete mode 100644 packer/boards/rp4-cdev-ubuntu-22.04.2.json create mode 100644 packer/files/dnsmasq.conf create mode 100644 packer/files/hosts create mode 100644 packer/files/tailscale.service create mode 100644 packer/files/user-data_cdev rename packer/files/{user-data => user-data_cnode} (61%) rename packer/scripts/{install-base.sh => setup-base.sh} (55%) diff --git a/docs/index.rst b/docs/index.rst index 143359a..dce70b6 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -12,7 +12,7 @@ bladerunner intro dev - provisioning + node-provisioning packer tools diff --git a/packer/boards/cm4-cdev-ubuntu-22.04.2.json b/packer/boards/cm4-cdev-ubuntu-22.04.2.json index a96ebd8..67553aa 100644 --- a/packer/boards/cm4-cdev-ubuntu-22.04.2.json +++ b/packer/boards/cm4-cdev-ubuntu-22.04.2.json @@ -45,12 +45,27 @@ "provisioners": [ { "destination": "/boot/firmware/user-data", - "source": "files/user-data", + "source": "files/user-data_cdev", + "type": "file" + }, + { + "destination": "/etc/hosts", + "source": "files/hosts", + "type": "file" + }, + { + "destination": "/etc/dnsmasq.conf", + "source": "files/dnsmasq.conf", + "type": "file" + }, + { + "destination": "/etc/systemd/system/tailscale.service", + "source": "files/tailscale.service", "type": "file" }, { "scripts": [ - "scripts/install-base.sh", + "scripts/setup-base.sh", "scripts/setup-ssh.sh", "scripts/setup-cdev.sh" ], diff --git a/packer/boards/cm4-cluster-ubuntu-22.04.2.json b/packer/boards/cm4-cnode-ubuntu-22.04.2.json similarity index 92% rename from packer/boards/cm4-cluster-ubuntu-22.04.2.json rename to packer/boards/cm4-cnode-ubuntu-22.04.2.json index 77c0276..411e299 100644 --- a/packer/boards/cm4-cluster-ubuntu-22.04.2.json +++ b/packer/boards/cm4-cnode-ubuntu-22.04.2.json @@ -16,7 +16,7 @@ "$ARCHIVE_PATH" ], "image_build_method": "reuse", - "image_path": "build/cm4-cluster-ubuntu-22.04.2.img", + "image_path": "build/cm4-cnode-ubuntu-22.04.2.img", "image_size": "32G", "image_type": "dos", "image_partitions": [ @@ -45,12 +45,12 @@ "provisioners": [ { "destination": "/boot/firmware/user-data", - "source": "files/user-data", + "source": "files/user-data_cnode", "type": "file" }, { "scripts": [ - "scripts/install-base.sh", + "scripts/setup-base.sh", "scripts/setup-ssh.sh" ], "type": "shell" diff --git a/packer/boards/rp4-cdev-ubuntu-22.04.2.json b/packer/boards/rp4-cdev-ubuntu-22.04.2.json deleted file mode 100644 index 3e8993f..0000000 --- a/packer/boards/rp4-cdev-ubuntu-22.04.2.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "variables": {}, - "builders": [ - { - "type": "arm", - "file_urls": [ - "build/ubuntu-22.04.2-preinstalled-server-arm64+raspi.img.xz", - "https://cdimage.ubuntu.com/releases/22.04.2/release/ubuntu-22.04.2-preinstalled-server-arm64+raspi.img.xz" - ], - "file_checksum_url": "http://cdimage.ubuntu.com/releases/22.04.2/release/SHA256SUMS", - "file_checksum_type": "sha256", - "file_target_extension": "xz", - "file_unarchive_cmd": [ - "xz", - "--decompress", - "$ARCHIVE_PATH" - ], - "image_build_method": "reuse", - "image_path": "build/rp4-cdev-ubuntu-22.04.2.img", - "image_size": "32G", - "image_type": "dos", - "image_partitions": [ - { - "name": "boot", - "type": "c", - "start_sector": 2048, - "size": "256M", - "mountpoint": "/boot/firmware" - }, - { - "name": "root", - "type": "83", - "start_sector": 526336, - "size": "31.7G", - "mountpoint": "/" - } - ], - "image_chroot_env": [ - "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin" - ], - "qemu_binary_source_path": "/usr/bin/qemu-aarch64-static", - "qemu_binary_destination_path": "/usr/bin/qemu-aarch64-static" - } - ], - "provisioners": [ - { - "destination": "/boot/firmware/user-data", - "source": "files/user-data", - "type": "file" - }, - { - "scripts": [ - "scripts/install-base.sh", - "scripts/setup-ssh.sh" - ], - "type": "shell" - } - ], - "post-processors": null -} \ No newline at end of file diff --git a/packer/build-image.sh b/packer/build-image.sh index 8195e52..d11a117 100755 --- a/packer/build-image.sh +++ b/packer/build-image.sh @@ -23,7 +23,7 @@ IMAGE_TYPE="${1:-cnode}" preflight () { case "${IMAGE_TYPE}" in cdev) PACKER_BUILD_FILE="boards/cm4-cdev-ubuntu-22.04.2.json" ;; - cnode) PACKER_BUILD_FILE="cm4-cluster-ubuntu-22.04.2.img" ;; + cnode) PACKER_BUILD_FILE="boards/cm4-cnode-ubuntu-22.04.2.json" ;; custom) if [ -z "${PACKER_BUILD_FILE}" ] then diff --git a/packer/files/dnsmasq.conf b/packer/files/dnsmasq.conf new file mode 100644 index 0000000..fc70656 --- /dev/null +++ b/packer/files/dnsmasq.conf @@ -0,0 +1,7 @@ +listen-address=::1,127.0.0.1,192.168.4.64 +interface=eth0 +domain=wntrmute.lan +expand-hosts +server=8.8.8.8 +server=8.8.4.4 +address=/wntrmute.lan/192.168.4.64 diff --git a/packer/files/hosts b/packer/files/hosts new file mode 100644 index 0000000..52ce565 --- /dev/null +++ b/packer/files/hosts @@ -0,0 +1,32 @@ +127.0.0.1 localhost + +########################## +# cluster compute nodes # +########################## + +192.168.4.1 node01 # compute-blade +192.168.4.2 node02 # compute-blade +192.168.4.3 node03 # compute-blade +192.168.4.4 node04 # compute-blade +192.168.4.5 node05 # compute-blade +192.168.4.6 node06 # compute-blade +192.168.4.7 node07 # compute-blade +192.168.4.8 node08 # compute-blade +192.168.4.9 node09 # compute-blade +192.168.4.10 node10 # compute-blade +192.168.4.11 node11 # pi4 +192.168.4.12 node12 # pi4 +192.168.4.13 node13 # pi4 +192.168.4.14 node14 # pi4 +192.168.4.15 node15 # reserved +192.168.4.16 node16 # reserved + +########################## +# infrastructure systems # +########################## + +192.168.4.32 chaven01 # Zymbit D35 secure services system +192.168.4.33 cbuild01 # build server + +192.168.4.64 control # cluster controller and router +192.168.4.65 cdev # cluster dev machine diff --git a/packer/files/tailscale.service b/packer/files/tailscale.service new file mode 100644 index 0000000..9522262 --- /dev/null +++ b/packer/files/tailscale.service @@ -0,0 +1,18 @@ +[Unit] +Description=Tailscale +Documentation=https://tailscale.com/kb/ +Wants=network-online.target +After=network-online.target +AssertFileIsExecutable=/usr/bin/tailscaled + +[Service] +User=root +Group=root +ExecStart=/usr/bin/tailscale up --advertise-routes=192.168.4.1/24 +ExecStop= + +# Let systemd restart this service always +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/packer/files/user-data_cdev b/packer/files/user-data_cdev new file mode 100644 index 0000000..e6c6c3b --- /dev/null +++ b/packer/files/user-data_cdev @@ -0,0 +1,40 @@ +#cloud-config + +# NOTE: this is a dev-environment fixture where I want a known user:pass to +# login on the serial console if things go sideways. +chpasswd: + expire: false + list: + - name: ubuntu + password: ubuntu + type: text + +hostname: cluster-cdev +ssh_pwauth: true +ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM47gCbb0BQOm6H4Ol8DEKD+CXTNYDJxe7QvJhdLZR/F kyle@petrichor + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGea83yMIdCi0QUUPgmhRgIrii7lS1dYxZ6LSxSsDOph kyle@europa + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbkHs8zGZ3L6tRILjX7Cph8kXSpuw665mxe4ak2dwIx kyle@hermes + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOCXJx+3ynRraM0JIsUy6Cin9JByPW/EUV9ggtuUCbC kyle@freeside + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfRxWmx30LhGnsXpauLrj3GPvBWLhAKs0EznA9cNT5q kyle@deimos +ssh_deletekeys: true +ssh_genkeytypes: [rsa, ecdsa, ed25519] +disable_root: true + +resize_rootfs: true + +network: + Version: 2 + Renderer: networkd + ethernets: + eth0: + dhcp4: no + dhcp6: no + addresses: + "192.168.4.64/24" + label: "cluster" + lifetime: forever + eth1: + dhcp4: yes + dhcp6: yes + diff --git a/packer/files/user-data b/packer/files/user-data_cnode similarity index 61% rename from packer/files/user-data rename to packer/files/user-data_cnode index 6574f18..4126651 100644 --- a/packer/files/user-data +++ b/packer/files/user-data_cnode @@ -9,7 +9,7 @@ chpasswd: password: ubuntu type: text -hostname: rp3b-cdev +hostname: node16 ssh_pwauth: true ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM47gCbb0BQOm6H4Ol8DEKD+CXTNYDJxe7QvJhdLZR/F kyle@petrichor @@ -23,23 +23,6 @@ disable_root: true resize_rootfs: true -## Update apt database and upgrade packages on first boot -#package_update: true -#package_upgrade: true - -## Install additional packages on first boot -#packages: -#- avahi-daemon -#- rng-tools -#- python3-gpiozero -#- [python3-serial, 3.5-1] - -## Run arbitrary commands at rc.local like time -#runcmd: -#- [ ls, -l, / ] -#- [ sh, -xc, "echo $(date) ': hello world!'" ] -#- [ wget, "http://ubuntu.com", -O, /run/mydir/index.html ] - network: Version: 2 Renderer: networkd @@ -47,10 +30,3 @@ network: eth0: dhcp4: yes dhcp6: yes - eth1: - dhcp4: no - dhcp6: no - addresses: - "192.168.4.64/24" - label: "cluster" - lifetime: forever diff --git a/packer/scripts/install-base.sh b/packer/scripts/setup-base.sh similarity index 55% rename from packer/scripts/install-base.sh rename to packer/scripts/setup-base.sh index 42a0718..37ba4c0 100755 --- a/packer/scripts/install-base.sh +++ b/packer/scripts/setup-base.sh @@ -2,13 +2,20 @@ set -euxo pipefail -echo "==> Setting nameserver" +echo "[+] setting nameserver" rm /etc/resolv.conf echo 'nameserver 8.8.8.8' > /etc/resolv.conf -echo "==> installing base updates" +echo "[+] installing base packages" apt-get -y update apt-get -y install ansible apt-transport-https ca-certificates rng-tools + +echo "[+] installing TPM tooling" +apt-get -y install libtpms-dev tpm2-tools tss2 + +echo "[+] removing unused packages" apt-get -y remove fake-hwclock snapd + +echo "[+] cleaning apt install" apt-get -y clean apt-get -y autoremove diff --git a/packer/scripts/setup-cdev.sh b/packer/scripts/setup-cdev.sh index f536478..ac0ab03 100755 --- a/packer/scripts/setup-cdev.sh +++ b/packer/scripts/setup-cdev.sh @@ -2,4 +2,10 @@ set -euxo pipefail -apt-get -y install picocom wpasupplicant \ No newline at end of file +export DEBIAN_FRONTEND=noninteractive + +echo "[+] installing cdev node packages" +apt-get --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y install dnsmasq picocom wpasupplicant + +echo "[+] installing tailscale" +curl -fsSL https://tailscale.com/install.sh | sh \ No newline at end of file diff --git a/packer/ubuntu-boards.yml b/packer/ubuntu-boards.yml index c85c5f1..431db9a 100644 --- a/packer/ubuntu-boards.yml +++ b/packer/ubuntu-boards.yml @@ -1,20 +1,26 @@ boards: - version: 22.04.2 size: 32G - name: cm4-cluster-ubuntu-22.04.2.img + name: cm4-cnode-ubuntu-22.04.2.img files: - - source: files/user-data + - source: files/user-data_cnode destination: /boot/firmware/user-data scripts: - - scripts/install-base.sh + - scripts/setup-base.sh - scripts/setup-ssh.sh - version: 22.04.2 size: 32G name: cm4-cdev-ubuntu-22.04.2.img files: - - source: files/user-data + - source: files/user-data_cdev destination: /boot/firmware/user-data + - source: files/hosts + destination: /etc/hosts + - source: files/dnsmasq.conf + destination: /etc/dnsmasq.conf + - source: files/tailscale.service + destination: /etc/systemd/system/tailscale.service scripts: - - scripts/install-base.sh + - scripts/setup-base.sh - scripts/setup-ssh.sh - scripts/setup-cdev.sh