feat: prepare MicroOS packer build

2025-04-01 19:53:05 +00:00 · 2025-04-01 19:53:05 +00:00 · 90cc4605fb
commit 90cc4605fb
parent 043d98d992
3 changed files with 186 additions and 15 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@ -6,3 +6,7 @@ RUN wget -O - https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/sha
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list && \
    apt update && \
    apt install packer
+
+RUN curl -L https://go.dev/dl/go1.24.2.linux-$(dpkg --print-architecture).tar.gz | tar -C /usr/local/go -xz && \
+    ln -s /usr/local/go/bin/go /usr/local/bin/ && \
+    go install github.com/apricote/hcloud-upload-image@latest
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,22 +1,25 @@
 {
-  "$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json",
-  "name": "Cluster",
-  "build": {
-    "dockerfile": "Dockerfile"
-  }
+    "$schema": "https://raw.githubusercontent.com/devcontainers/spec/refs/heads/main/schemas/devContainer.schema.json",
+    "name": "Cluster",
+    "build": {
+        "dockerfile": "Dockerfile"
+    },
+    "remoteEnv": {
+        "PATH": "${localEnv:HOME}/go/bin:${localEnv:PATH}"
+    }

-  // Features to add to the dev container. More info: https://containers.dev/features.
-  // "features": {},
+    // Features to add to the dev container. More info: https://containers.dev/features.
+    // "features": {},

-  // Use 'forwardPorts' to make a list of ports inside the container available locally.
-  // "forwardPorts": [],
+    // Use 'forwardPorts' to make a list of ports inside the container available locally.
+    // "forwardPorts": [],

-  // Use 'postCreateCommand' to run commands after the container is created.
-  // "postCreateCommand": "uname -a",
+    // Use 'postCreateCommand' to run commands after the container is created.
+    // "postCreateCommand": "uname -a",

-  // Configure tool-specific properties.
-  // "customizations": {},
+    // Configure tool-specific properties.
+    // "customizations": {},

-  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-  // "remoteUser": "root"
+    // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+    // "remoteUser": "root"
 }
--- a/images/k3s/packer.pkr.hcl
+++ b/images/k3s/packer.pkr.hcl
@ -0,0 +1,164 @@
+/*
+ * Creates a MicroOS snapshot for Kube-Hetzner
+ */
+packer {
+  required_plugins {
+    hcloud = {
+      source  = "github.com/hetznercloud/hcloud"
+      version = ">= 1.6.0"
+    }
+  }
+}
+
+variable "hcloud_token" {
+  type      = string
+  default   = env("HCLOUD_TOKEN")
+  sensitive = true
+}
+
+# We download the OpenSUSE MicroOS x86 image from an automatically selected mirror.
+variable "opensuse_microos_x86_mirror_link" {
+  type    = string
+  default = "https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-ContainerHost-OpenStack-Cloud.qcow2"
+}
+
+# We download the OpenSUSE MicroOS ARM image from an automatically selected mirror.
+variable "opensuse_microos_arm_mirror_link" {
+  type    = string
+  default = "https://download.opensuse.org/ports/aarch64/tumbleweed/appliances/openSUSE-MicroOS.aarch64-ContainerHost-OpenStack-Cloud.qcow2"
+}
+
+# If you need to add other packages to the OS, do it here in the default value, like ["vim", "curl", "wget"]
+# When looking for packages, you need to search for OpenSUSE Tumbleweed packages, as MicroOS is based on Tumbleweed.
+variable "packages_to_install" {
+  type    = list(string)
+  default = []
+}
+
+locals {
+  needed_packages = join(" ", concat(["restorecond policycoreutils policycoreutils-python-utils setools-console audit bind-utils wireguard-tools fuse open-iscsi nfs-client xfsprogs cryptsetup lvm2 git cifs-utils bash-completion mtr tcpdump udica"], var.packages_to_install))
+
+  # Add local variables for inline shell commands
+  download_image = "wget --timeout=5 --waitretry=5 --tries=5 --retry-connrefused --inet4-only "
+
+  write_image = <<-EOT
+    set -ex
+    echo 'MicroOS image loaded, writing to disk... '
+    qemu-img convert -p -f qcow2 -O host_device $(ls -a | grep -ie '^opensuse.*microos.*qcow2$') /dev/sda
+    echo 'done. Rebooting...'
+    sleep 1 && udevadm settle && reboot
+  EOT
+
+  install_packages = <<-EOT
+    set -ex
+    echo "First reboot successful, installing needed packages..."
+    transactional-update --continue pkg install -y ${local.needed_packages}
+    transactional-update --continue shell <<- EOF
+    setenforce 0
+    rpm --import https://rpm.rancher.io/public.key
+    zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v1.6.stable.1/k3s-selinux-1.6-1.sle.noarch.rpm
+    zypper addlock k3s-selinux
+    restorecon -Rv /etc/selinux/targeted/policy
+    restorecon -Rv /var/lib
+    setenforce 1
+    EOF
+    sleep 1 && udevadm settle && reboot
+  EOT
+
+  clean_up = <<-EOT
+    set -ex
+    echo "Second reboot successful, cleaning-up..."
+    rm -rf /etc/ssh/ssh_host_*
+    echo "Make sure to use NetworkManager"
+    touch /etc/NetworkManager/NetworkManager.conf
+    sleep 1 && udevadm settle
+  EOT
+}
+
+# Source for the MicroOS x86 snapshot
+source "hcloud" "microos-x86-snapshot" {
+  image       = "ubuntu-24.04"
+  rescue      = "linux64"
+  location    = "fsn1"
+  server_type = "cx22" # disk size of >= 40GiB is needed to install the MicroOS image
+  snapshot_labels = {
+    microos-snapshot = "yes"
+    creator          = "kube-hetzner"
+  }
+  snapshot_name = "OpenSUSE MicroOS x86 by Kube-Hetzner"
+  ssh_username  = "root"
+  token         = var.hcloud_token
+}
+
+# Source for the MicroOS ARM snapshot
+source "hcloud" "microos-arm-snapshot" {
+  image       = "ubuntu-24.04"
+  rescue      = "linux64"
+  location    = "fsn1"
+  server_type = "cax11" # disk size of >= 40GiB is needed to install the MicroOS image
+  snapshot_labels = {
+    microos-snapshot = "yes"
+    creator          = "kube-hetzner"
+  }
+  snapshot_name = "OpenSUSE MicroOS ARM by Kube-Hetzner"
+  ssh_username  = "root"
+  token         = var.hcloud_token
+}
+
+# Build the MicroOS x86 snapshot
+build {
+  sources = ["source.hcloud.microos-x86-snapshot"]
+
+  # Download the MicroOS x86 image
+  provisioner "shell" {
+    inline = ["${local.download_image}${var.opensuse_microos_x86_mirror_link}"]
+  }
+
+  # Write the MicroOS x86 image to disk
+  provisioner "shell" {
+    inline            = [local.write_image]
+    expect_disconnect = true
+  }
+
+  # Ensure connection to MicroOS x86 and do house-keeping
+  provisioner "shell" {
+    pause_before      = "5s"
+    inline            = [local.install_packages]
+    expect_disconnect = true
+  }
+
+  # Ensure connection to MicroOS x86 and do house-keeping
+  provisioner "shell" {
+    pause_before = "5s"
+    inline       = [local.clean_up]
+  }
+}
+
+# Build the MicroOS ARM snapshot
+build {
+  sources = ["source.hcloud.microos-arm-snapshot"]
+
+  # Download the MicroOS ARM image
+  provisioner "shell" {
+    inline = ["${local.download_image}${var.opensuse_microos_arm_mirror_link}"]
+  }
+
+  # Write the MicroOS ARM image to disk
+  provisioner "shell" {
+    inline            = [local.write_image]
+    expect_disconnect = true
+  }
+
+  # Ensure connection to MicroOS ARM and do house-keeping
+  provisioner "shell" {
+    pause_before      = "5s"
+    inline            = [local.install_packages]
+    expect_disconnect = true
+  }
+
+  # Ensure connection to MicroOS ARM and do house-keeping
+  provisioner "shell" {
+    pause_before = "5s"
+    inline       = [local.clean_up]
+  }
+}