kyle
/
bladerunner
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

packer: update build system 

Adding TPM tooling, dnsmasq.
This commit is contained in:
Kyle Isom 2023-04-13 22:14:39 -07:00
parent 581b3972d1
commit 2528abf8c6
13 changed files with 147 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/index.rst
View File

@ -12,7 +12,7 @@ bladerunner
intro intro
dev dev
provisioning node-provisioning
packer packer
tools tools

19
packer/boards/cm4-cdev-ubuntu-22.04.2.json
View File

@ -45,12 +45,27 @@
"provisioners": [ "provisioners": [
{ {
"destination": "/boot/firmware/user-data", "destination": "/boot/firmware/user-data",
"source": "files/user-data", "source": "files/user-data_cdev",
"type": "file"
},
{
"destination": "/etc/hosts",
"source": "files/hosts",
"type": "file"
},
{
"destination": "/etc/dnsmasq.conf",
"source": "files/dnsmasq.conf",
"type": "file"
},
{
"destination": "/etc/systemd/system/tailscale.service",
"source": "files/tailscale.service",
"type": "file" "type": "file"
}, },
{ {
"scripts": [ "scripts": [
"scripts/install-base.sh", "scripts/setup-base.sh",
"scripts/setup-ssh.sh", "scripts/setup-ssh.sh",
"scripts/setup-cdev.sh" "scripts/setup-cdev.sh"
], ],

6
packer/boards/cm4-cluster-ubuntu-22.04.2.json → packer/boards/cm4-cnode-ubuntu-22.04.2.json
View File

@ -16,7 +16,7 @@
"$ARCHIVE_PATH" "$ARCHIVE_PATH"
], ],
"image_build_method": "reuse", "image_build_method": "reuse",
"image_path": "build/cm4-cluster-ubuntu-22.04.2.img", "image_path": "build/cm4-cnode-ubuntu-22.04.2.img",
"image_size": "32G", "image_size": "32G",
"image_type": "dos", "image_type": "dos",
"image_partitions": [ "image_partitions": [
@ -45,12 +45,12 @@
"provisioners": [ "provisioners": [
{ {
"destination": "/boot/firmware/user-data", "destination": "/boot/firmware/user-data",
"source": "files/user-data", "source": "files/user-data_cnode",
"type": "file" "type": "file"
}, },
{ {
"scripts": [ "scripts": [
"scripts/install-base.sh", "scripts/setup-base.sh",
"scripts/setup-ssh.sh" "scripts/setup-ssh.sh"
], ],
"type": "shell" "type": "shell"

60
packer/boards/rp4-cdev-ubuntu-22.04.2.json
View File

@ -1,60 +0,0 @@
{
"variables": {},
"builders": [
{
"type": "arm",
"file_urls": [
"build/ubuntu-22.04.2-preinstalled-server-arm64+raspi.img.xz",
"https://cdimage.ubuntu.com/releases/22.04.2/release/ubuntu-22.04.2-preinstalled-server-arm64+raspi.img.xz"
],
"file_checksum_url": "http://cdimage.ubuntu.com/releases/22.04.2/release/SHA256SUMS",
"file_checksum_type": "sha256",
"file_target_extension": "xz",
"file_unarchive_cmd": [
"xz",
"--decompress",
"$ARCHIVE_PATH"
],
"image_build_method": "reuse",
"image_path": "build/rp4-cdev-ubuntu-22.04.2.img",
"image_size": "32G",
"image_type": "dos",
"image_partitions": [
{
"name": "boot",
"type": "c",
"start_sector": 2048,
"size": "256M",
"mountpoint": "/boot/firmware"
},
{
"name": "root",
"type": "83",
"start_sector": 526336,
"size": "31.7G",
"mountpoint": "/"
}
],
"image_chroot_env": [
"PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"
],
"qemu_binary_source_path": "/usr/bin/qemu-aarch64-static",
"qemu_binary_destination_path": "/usr/bin/qemu-aarch64-static"
}
],
"provisioners": [
{
"destination": "/boot/firmware/user-data",
"source": "files/user-data",
"type": "file"
},
{
"scripts": [
"scripts/install-base.sh",
"scripts/setup-ssh.sh"
],
"type": "shell"
}
],
"post-processors": null
}

2
packer/build-image.sh
View File

@ -23,7 +23,7 @@ IMAGE_TYPE="${1:-cnode}"
preflight () { preflight () {
case "${IMAGE_TYPE}" in case "${IMAGE_TYPE}" in
cdev) PACKER_BUILD_FILE="boards/cm4-cdev-ubuntu-22.04.2.json" ;; cdev) PACKER_BUILD_FILE="boards/cm4-cdev-ubuntu-22.04.2.json" ;;
cnode) PACKER_BUILD_FILE="cm4-cluster-ubuntu-22.04.2.img" ;; cnode) PACKER_BUILD_FILE="boards/cm4-cnode-ubuntu-22.04.2.json" ;;
custom) custom)
if [ -z "${PACKER_BUILD_FILE}" ] if [ -z "${PACKER_BUILD_FILE}" ]
then then

7
packer/files/dnsmasq.conf Normal file
View File

@ -0,0 +1,7 @@
listen-address=::1,127.0.0.1,192.168.4.64
interface=eth0
domain=wntrmute.lan
expand-hosts
server=8.8.8.8
server=8.8.4.4
address=/wntrmute.lan/192.168.4.64

32
packer/files/hosts Normal file
View File

@ -0,0 +1,32 @@
127.0.0.1 localhost
##########################
# cluster compute nodes #
##########################
192.168.4.1 node01 # compute-blade
192.168.4.2 node02 # compute-blade
192.168.4.3 node03 # compute-blade
192.168.4.4 node04 # compute-blade
192.168.4.5 node05 # compute-blade
192.168.4.6 node06 # compute-blade
192.168.4.7 node07 # compute-blade
192.168.4.8 node08 # compute-blade
192.168.4.9 node09 # compute-blade
192.168.4.10 node10 # compute-blade
192.168.4.11 node11 # pi4
192.168.4.12 node12 # pi4
192.168.4.13 node13 # pi4
192.168.4.14 node14 # pi4
192.168.4.15 node15 # reserved
192.168.4.16 node16 # reserved
##########################
# infrastructure systems #
##########################
192.168.4.32 chaven01 # Zymbit D35 secure services system
192.168.4.33 cbuild01 # build server
192.168.4.64 control # cluster controller and router
192.168.4.65 cdev # cluster dev machine

18
packer/files/tailscale.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=Tailscale
Documentation=https://tailscale.com/kb/
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/bin/tailscaled
[Service]
User=root
Group=root
ExecStart=/usr/bin/tailscale up --advertise-routes=192.168.4.1/24
ExecStop=
# Let systemd restart this service always
Restart=always
[Install]
WantedBy=multi-user.target

40
packer/files/user-data_cdev Normal file
View File

@ -0,0 +1,40 @@
#cloud-config
# NOTE: this is a dev-environment fixture where I want a known user:pass to
# login on the serial console if things go sideways.
chpasswd:
expire: false
list:
- name: ubuntu
password: ubuntu
type: text
hostname: cluster-cdev
ssh_pwauth: true
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM47gCbb0BQOm6H4Ol8DEKD+CXTNYDJxe7QvJhdLZR/F kyle@petrichor
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGea83yMIdCi0QUUPgmhRgIrii7lS1dYxZ6LSxSsDOph kyle@europa
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbkHs8zGZ3L6tRILjX7Cph8kXSpuw665mxe4ak2dwIx kyle@hermes
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOCXJx+3ynRraM0JIsUy6Cin9JByPW/EUV9ggtuUCbC kyle@freeside
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfRxWmx30LhGnsXpauLrj3GPvBWLhAKs0EznA9cNT5q kyle@deimos
ssh_deletekeys: true
ssh_genkeytypes: [rsa, ecdsa, ed25519]
disable_root: true
resize_rootfs: true
network:
Version: 2
Renderer: networkd
ethernets:
eth0:
dhcp4: no
dhcp6: no
addresses:
"192.168.4.64/24"
label: "cluster"
lifetime: forever
eth1:
dhcp4: yes
dhcp6: yes

26
packer/files/user-data → packer/files/user-data_cnode
View File

@ -9,7 +9,7 @@ chpasswd:
password: ubuntu password: ubuntu
type: text type: text
hostname: rp3b-cdev hostname: node16
ssh_pwauth: true ssh_pwauth: true
ssh_authorized_keys: ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM47gCbb0BQOm6H4Ol8DEKD+CXTNYDJxe7QvJhdLZR/F kyle@petrichor - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM47gCbb0BQOm6H4Ol8DEKD+CXTNYDJxe7QvJhdLZR/F kyle@petrichor
@ -23,23 +23,6 @@ disable_root: true
resize_rootfs: true resize_rootfs: true
## Update apt database and upgrade packages on first boot
#package_update: true
#package_upgrade: true
## Install additional packages on first boot
#packages:
#- avahi-daemon
#- rng-tools
#- python3-gpiozero
#- [python3-serial, 3.5-1]
## Run arbitrary commands at rc.local like time
#runcmd:
#- [ ls, -l, / ]
#- [ sh, -xc, "echo $(date) ': hello world!'" ]
#- [ wget, "http://ubuntu.com", -O, /run/mydir/index.html ]
network: network:
Version: 2 Version: 2
Renderer: networkd Renderer: networkd
@ -47,10 +30,3 @@ network:
eth0: eth0:
dhcp4: yes dhcp4: yes
dhcp6: yes dhcp6: yes
eth1:
dhcp4: no
dhcp6: no
addresses:
"192.168.4.64/24"
label: "cluster"
lifetime: forever

11
packer/scripts/install-base.sh → packer/scripts/setup-base.sh
View File

@ -2,13 +2,20 @@
set -euxo pipefail set -euxo pipefail
echo "==> Setting nameserver" echo "[+] setting nameserver"
rm /etc/resolv.conf rm /etc/resolv.conf
echo 'nameserver 8.8.8.8' > /etc/resolv.conf echo 'nameserver 8.8.8.8' > /etc/resolv.conf
echo "==> installing base updates" echo "[+] installing base packages"
apt-get -y update apt-get -y update
apt-get -y install ansible apt-transport-https ca-certificates rng-tools apt-get -y install ansible apt-transport-https ca-certificates rng-tools
echo "[+] installing TPM tooling"
apt-get -y install libtpms-dev tpm2-tools tss2
echo "[+] removing unused packages"
apt-get -y remove fake-hwclock snapd apt-get -y remove fake-hwclock snapd
echo "[+] cleaning apt install"
apt-get -y clean apt-get -y clean
apt-get -y autoremove apt-get -y autoremove

8
packer/scripts/setup-cdev.sh
View File

@ -2,4 +2,10 @@
set -euxo pipefail set -euxo pipefail
apt-get -y install picocom wpasupplicant export DEBIAN_FRONTEND=noninteractive
echo "[+] installing cdev node packages"
apt-get --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y install dnsmasq picocom wpasupplicant
echo "[+] installing tailscale"
curl -fsSL https://tailscale.com/install.sh | sh

16
packer/ubuntu-boards.yml
View File

@ -1,20 +1,26 @@
boards: boards:
- version: 22.04.2 - version: 22.04.2
size: 32G size: 32G
name: cm4-cluster-ubuntu-22.04.2.img name: cm4-cnode-ubuntu-22.04.2.img
files: files:
- source: files/user-data - source: files/user-data_cnode
destination: /boot/firmware/user-data destination: /boot/firmware/user-data
scripts: scripts:
- scripts/install-base.sh - scripts/setup-base.sh
- scripts/setup-ssh.sh - scripts/setup-ssh.sh
- version: 22.04.2 - version: 22.04.2
size: 32G size: 32G
name: cm4-cdev-ubuntu-22.04.2.img name: cm4-cdev-ubuntu-22.04.2.img
files: files:
- source: files/user-data - source: files/user-data_cdev
destination: /boot/firmware/user-data destination: /boot/firmware/user-data
- source: files/hosts
destination: /etc/hosts
- source: files/dnsmasq.conf
destination: /etc/dnsmasq.conf
- source: files/tailscale.service
destination: /etc/systemd/system/tailscale.service
scripts: scripts:
- scripts/install-base.sh - scripts/setup-base.sh
- scripts/setup-ssh.sh - scripts/setup-ssh.sh
- scripts/setup-cdev.sh - scripts/setup-cdev.sh