diff --git a/.github/actions/build-deb/action.yaml b/.github/actions/build-deb/action.yaml new file mode 100644 index 00000000..16a75e15 --- /dev/null +++ b/.github/actions/build-deb/action.yaml @@ -0,0 +1,114 @@ +name: build-deb-packages +description: Reusable action to build MicroShift Debian packages + +inputs: + ushift-branch: + description: MicroShift branch from https://github.com/openshift/microshift/branches + required: true + type: string + okd-version-tag: + description: OKD version tag from https://quay.io/repository/okd/scos-release?tab=tags + required: true + type: string + +runs: + using: "composite" + steps: + - name: Detect the CPU architecture + id: detect-cpu-arch + uses: ./.github/actions/arch + + - name: Collect debug information before the build + if: always() + uses: ./.github/actions/debug-info + + - name: Prepare the build and run environment + uses: ./.github/actions/prebuild + + - name: Build MicroShift RPMs + shell: bash + run: | + # See https://github.com/microshift-io/microshift/blob/main/docs/build.md + # for more information about the build process. + + # Run the RPM build process. + cd ${GITHUB_WORKSPACE}/ + make rpm \ + USHIFT_BRANCH=${{ inputs.ushift-branch }} \ + OKD_VERSION_TAG=${{ inputs.okd-version-tag }} \ + RPM_OUTDIR=/mnt/rpms + + - name: Convert the MicroShift RPMs to Debian packages + shell: bash + run: | + make rpm-to-deb RPM_OUTDIR=/mnt/rpms + + - name: Install the MicroShift Debian packages + shell: bash + run: | + sudo ./src/deb/install.sh /mnt/rpms/deb + + - name: Start the MicroShift service + shell: bash + run: | + make _topolvm_create + sudo systemctl start --no-block microshift.service + + - name: Run a test to verify that MicroShift is functioning properly + shell: bash + run: | + echo "Waiting 5m for the MicroShift service to be ready" + for _ in $(seq 60); do + if sudo systemctl -q is-active microshift.service ; then + printf "\nOK\n" + break + fi + echo -n "." && sleep 5 + done + if ! sudo systemctl -q is-active microshift.service ; then + printf "\nFAILED\n" && exit 1 + fi + + # Storage deployments and daemonsets are last to become ready, so it is + # a good indicator of the MicroShift service being healthy + echo "Waiting 15m for the MicroShift service to be healthy" + if ! sudo microshift healthcheck -v=2 --timeout="900s" --custom \ + '{"topolvm-system":{"deployments": ["topolvm-controller"], "daemonsets": ["topolvm-node"]}}'; then + echo "ERROR: Failed to verify that the MicroShift service is healthy" + exit 1 + fi + + # Uncomment this to enable tmate-debug on failure + # - name: Pause and open tmate debug session + # if: failure() + # uses: ./.github/actions/tmate-debug + + - name: Collect debug information after the build + if: always() + uses: ./.github/actions/debug-info + + - name: Collect sos report for MicroShift + if: failure() + shell: bash + run: | + # Change the default profiles and plugins to adapt to the Debian environment + # Profiles: + # - Remove non-existent microshift + # - Add storage + # Plugins: + # - Remove unused firewalld and rpm + # - Remove non-existent rpmostree + # - Add ufw, apt + sudo microshift-sos-report \ + --profiles network,security,storage \ + --plugins container_log,crio,logs,ufw,apt \ + --tmp-dir /mnt/tmp + sudo chmod 644 /mnt/tmp/sosreport-* + + - name: Upload sos report to the GitHub Actions artifact + if: failure() + uses: actions/upload-artifact@v4 + with: + name: sosreport-microshift-okd-${{ github.job }}-${{ steps.detect-cpu-arch.outputs.arch }}-${{ github.run_id }} + path: /mnt/tmp/sosreport-* + compression-level: 0 diff --git a/.github/actions/build/action.yaml b/.github/actions/build/action.yaml index a989f078..81c5ed61 100644 --- a/.github/actions/build/action.yaml +++ b/.github/actions/build/action.yaml @@ -51,26 +51,7 @@ runs: uses: ./.github/actions/debug-info - name: Prepare the build and run environment - shell: bash - run: | - set -euo pipefail - set -x - - # The /dev/sdb1 partition is mounted as /mnt. - sudo mkdir -p /mnt/tmp /mnt/rpms /mnt/release - sudo chmod 1777 /mnt/tmp - - sudo apt-get install -y make lvm2 podman - - # Redirect the container build directories to /mnt/ to avoid running out of disk space. - sudo mv /var/tmp /var/tmp.orig - sudo mv /var/lib/containers /mnt/containers - sudo ln -s /mnt/tmp /var/tmp - sudo ln -s /mnt/containers /var/lib/containers - - # Raise open file limits to avoid "too many open files" errors - echo '* soft nofile 524288' | sudo tee -a /etc/security/limits.conf &>/dev/null - echo '* hard nofile 524288' | sudo tee -a /etc/security/limits.conf &>/dev/null + uses: ./.github/actions/prebuild - name: Build MicroShift RPMs shell: bash @@ -124,7 +105,7 @@ runs: if [ "${{ inputs.isolated-network }}" = "1" ]; then for cmd in "ping -c1 8.8.8.8" "curl -I quay.io" "curl -I ghcr.io"; do if sudo podman exec -i microshift-okd ${cmd} ; then - echo "Error: Internet access is available in the isolated network container" + echo "ERROR: Internet access is available in the isolated network container" exit 1 fi done @@ -137,6 +118,11 @@ runs: # Stop the MicroShift container make stop + # Uncomment this to enable tmate-debug on failure + # - name: Pause and open tmate debug session + # if: failure() + # uses: ./.github/actions/tmate-debug + - name: Collect debug information after the build if: always() uses: ./.github/actions/debug-info @@ -150,7 +136,7 @@ runs: # Check if the MicroShift container is running if ! sudo podman ps --format "{{.Names}}" | grep -q '^microshift-okd$' ; then - echo "Warning: MicroShift container is not running - cannot collect sos report" + echo "WARNING: MicroShift container is not running - cannot collect sos report" exit 0 fi diff --git a/.github/actions/okd-version/action.yaml b/.github/actions/okd-version/action.yaml index f0c71998..fc4a7cba 100644 --- a/.github/actions/okd-version/action.yaml +++ b/.github/actions/okd-version/action.yaml @@ -17,7 +17,7 @@ runs: # Get the latest OKD version tag okd_version_tag="$(curl -s https://quay.io/api/v1/repository/okd/scos-release/tag/ | jq -r ".tags[].name" | sort | tail -1)" if [ -z "${okd_version_tag}" ]; then - echo "Error: No OKD version tag found" + echo "ERROR: No OKD version tag found" exit 1 fi echo "okd_version_tag=${okd_version_tag}" >> $GITHUB_OUTPUT diff --git a/.github/actions/prebuild/action.yaml b/.github/actions/prebuild/action.yaml new file mode 100644 index 00000000..96320b83 --- /dev/null +++ b/.github/actions/prebuild/action.yaml @@ -0,0 +1,24 @@ +name: prebuild-environment-setup +description: Reusable action to configure the build environment for MicroShift + +runs: + using: "composite" + steps: + - name: Prepare the build and run environment + shell: bash + run: | + set -euo pipefail + set -x + + # The /dev/sdb1 partition is mounted as /mnt. + sudo mkdir -p /mnt/tmp /mnt/rpms /mnt/release + sudo chmod 1777 /mnt/tmp + + sudo apt-get update -y -q + sudo apt-get install -y -q make lvm2 podman jq curl + + # Redirect the container build directories to /mnt/ to avoid running out of disk space. + sudo mv /var/tmp /var/tmp.orig + sudo mv /var/lib/containers /mnt/containers + sudo ln -s /mnt/tmp /var/tmp + sudo ln -s /mnt/containers /var/lib/containers diff --git a/.github/actions/tmate-debug/action.yaml b/.github/actions/tmate-debug/action.yaml new file mode 100644 index 00000000..f831748a --- /dev/null +++ b/.github/actions/tmate-debug/action.yaml @@ -0,0 +1,19 @@ +# +# Copy the following code to an action or a workflow to open a tmate debug +# session on failure. +# Change the if condition to 'always()' to open the session unconditionally. +# +# - name: Pause and open tmate debug session +# if: failure() +# uses: ./.github/actions/tmate-debug +# +name: tmate-debug +description: Reusable action to open a tmate debug session + +runs: + using: "composite" + steps: + - name: Pause and open tmate debug session + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: false diff --git a/.github/workflows/builders.yaml b/.github/workflows/builders.yaml index 4be4e174..98472be0 100644 --- a/.github/workflows/builders.yaml +++ b/.github/workflows/builders.yaml @@ -6,7 +6,7 @@ on: jobs: centos9-bootc: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 @@ -25,7 +25,7 @@ jobs: build: bootc-image centos10-bootc: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 @@ -44,7 +44,7 @@ jobs: build: bootc-image fedora-bootc: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 @@ -62,8 +62,24 @@ jobs: bootc-image-tag: latest build: bootc-image + ubuntu-rpm2deb: + runs-on: ubuntu-24.04 + steps: + - name: Check out MicroShift upstream repository + uses: actions/checkout@v4 + + - name: Detect OKD version tag + id: detect-okd-version + uses: ./.github/actions/okd-version + + - name: Run the build action + uses: ./.github/actions/build-deb + with: + ushift-branch: main + okd-version-tag: ${{ steps.detect-okd-version.outputs.okd-version-tag }} + isolated-network-kindnet: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 @@ -82,7 +98,7 @@ jobs: build: bootc-image isolated-network-ovnk: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 diff --git a/.github/workflows/installers.yaml b/.github/workflows/installers.yaml index a5a6737e..fcc960f6 100644 --- a/.github/workflows/installers.yaml +++ b/.github/workflows/installers.yaml @@ -6,7 +6,7 @@ on: jobs: quick-start-and-clean: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml index 169c3ec0..8b4fbba0 100644 --- a/.github/workflows/linters.yaml +++ b/.github/workflows/linters.yaml @@ -6,7 +6,7 @@ on: jobs: shellcheck: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 @@ -16,7 +16,7 @@ jobs: make _shellcheck hadolint: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Check out MicroShift upstream repository uses: actions/checkout@v4 diff --git a/Makefile b/Makefile index 900f480f..cd1952b0 100644 --- a/Makefile +++ b/Makefile @@ -40,6 +40,7 @@ all: @echo " check: run the presubmit checks" @echo "" @echo "Sub-targets:" + @echo " rpm-to-deb: convert the MicroShift RPMs to Debian packages" @echo " run-ready: wait until the MicroShift service is ready" @echo " run-healthy: wait until the MicroShift service is healthy" @echo " clean-all: perform a full cleanup, including the container images" @@ -64,16 +65,28 @@ rpm: echo "Build completed successfully" && \ echo "RPMs are available in '$${outdir}'" +.PHONY: rpm-to-deb +rpm-to-deb: + if [ -z "${RPM_OUTDIR}" ] ; then \ + echo "ERROR: RPM_OUTDIR is not set" ; \ + exit 1 ; \ + fi && \ + sudo ./src/deb/convert.sh "${RPM_OUTDIR}" && \ + echo "" && \ + echo "Conversion completed successfully" && \ + echo "Debian packages are available in '${RPM_OUTDIR}/deb'" + .PHONY: image image: @if ! sudo podman image exists microshift-okd-builder ; then \ - echo "Error: Run 'make rpm' to build the MicroShift RPMs"; \ - exit 1; \ + echo "ERROR: Run 'make rpm' to build the MicroShift RPMs" ; \ + exit 1 ; \ fi @echo "Building the MicroShift bootc container image" sudo podman build \ -t "${USHIFT_IMAGE}" \ + --ulimit nofile=524288:524288 \ --label microshift.branch="${USHIFT_BRANCH}" \ --label okd.version="${OKD_VERSION_TAG}" \ --build-arg BOOTC_IMAGE_URL="${BOOTC_IMAGE_URL}" \ @@ -141,7 +154,7 @@ run-healthy: .PHONY: login login: @echo "Logging into the MicroShift container" - sudo podman exec -it "${USHIFT_IMAGE}" bash + sudo podman exec -it "${USHIFT_IMAGE}" bash -l .PHONY: stop stop: diff --git a/README.md b/README.md index f987dd90..03dcc48f 100644 --- a/README.md +++ b/README.md @@ -18,14 +18,15 @@ outside the downstream Red Hat payloads. # Operating System Support MicroShift and its main components are available on the `x86_64` architecture. -RPM packages built in a CentOS Stream 9 Bootc container can be installed and -run on the following operating systems. - -| OS | Bootc| OVN-K | Kindnet | TopoLVM | Comments | -|-----------|------|-------|---------|---------|----------| -| CentOS 9 | Y | Y | Y | Y | Latest version in Stream 9 -| CentOS 10 | Y | Y | Y | Y | Latest version in Stream 10 -| Fedora | Y | N | Y | Y | Latest released version (e.g. 42) +RPM and DEB packages built in a container can be installed and run on the +following operating systems. + +| OS |Package|Bootc|OVN-K|Kindnet|TopoLVM|Greenboot|Comments| +|-----------|-------|-----|-----|-------|-------|---------|--------| +| CentOS 9 | RPM | Y | Y | Y | Y | Y | Latest version in Stream 9 | +| CentOS 10 | RPM | Y | Y | Y | Y | Y | Latest version in Stream 10 | +| Fedora | RPM | Y | N | Y | Y | Y | Latest released version (e.g. 42) | +| Ubuntu | DEB | N | N | Y | Y | N | Latest LTS version (e.g. 24.04) | Notes: - MicroShift Bootc container images can be run on any operating system supported diff --git a/docs/build.md b/docs/build.md index d6bcfc21..0198a2ea 100644 --- a/docs/build.md +++ b/docs/build.md @@ -16,23 +16,23 @@ Install the software necessary for running the build process: sudo dnf install -y make podman ``` -### Build MicroShift RPMs +### Create RPM Packages -Building MicroShift RPMs is performed by running the `make rpm` command. +Create the MicroShift RPM packages by running the `make rpm` command. The following options can be specified in the make command line using the `NAME=VAL` format. -| Name | Required | Default | Comments -|-----------------|----------|----------|--------- -| USHIFT_BRANCH | no | main | [MicroShift repository branches](https://github.com/openshift/microshift/branches) -| OKD_VERSION_TAG | no | latest | [OKD version tags](https://quay.io/repository/okd/scos-release?tab=tags) -| RPM_OUTDIR | no | /tmp/... | RPM repository output directory +| Name | Required | Default | Comments | +|-----------------|----------|----------|----------| +| USHIFT_BRANCH | no | main | [MicroShift repository branches](https://github.com/openshift/microshift/branches) | +| OKD_VERSION_TAG | no | latest | [OKD version tags](https://quay.io/repository/okd/scos-release?tab=tags) | +| RPM_OUTDIR | no | /tmp/... | RPM repository output directory | -Run `make rpm` to build MicroShift RPMs based on CentOS Stream 9 operating system. -The `main` MicroShift repository branch and the latest OKD version tag are used by -default if unspecified. +The `make rpm` command builds MicroShift RPMs based on CentOS Stream 9 operating +system. The `main` MicroShift repository branch and the latest OKD version tag +are used by default if unspecified. -``` +```bash make rpm ``` @@ -55,9 +55,39 @@ Notes: - The path to the `RPM_OUTDIR` directory (either temporary or specified in the `make rpm` command line) is displayed in the end of the build procedure. -### Build MicroShift Bootc Image +### Create DEB Packages + +Create the MicroShift DEB packages by running the `make rpm-to-deb` command. + +The following options can be specified in the make command line using the `NAME=VAL` format. + +| Name | Required | Default | Comments | +|------------|----------|----------|----------| +| RPM_OUTDIR | yes | none | RPM repository directory to convert | + +The `make rpm-to-deb` command converts MicroShift RPMs to Debian packages. +The path to an existing RPM repository must be specified using the mandatory +`RPM_OUTDIR` make command line. + +```bash +RPM_OUTDIR=/tmp/microshift-rpms +make rpm-to-deb RPM_OUTDIR="${RPM_OUTDIR}" +``` + +If the conversion completes successfully, the Debian packages are copied to the +`${RPM_OUTDIR}/deb` directory on the host. The packages from this directory can +be used to install MicroShift on the supported operating systems. + +``` +... +... +Conversion completed successfully" +Debian packages are available in '/tmp/microshift-rpms/deb'" +``` + +### Create Bootc Image -Building a MicroShift Bootc image is performed by running the `make image` command. +Create the MicroShift Bootc image by running the `make image` command. The following options can be specified in the make command line using the `NAME=VAL` format. @@ -70,9 +100,9 @@ The following options can be specified in the make command line using the `NAME= | WITH_OLM | no | 0 | Enable OLM support | EMBED_CONTAINER_IMAGES | no | 0 | Embed all component container dependencies in Bootc images -Run `make image` to build a MicroShift Bootc image based on CentOS Stream 9 -operating system with the default options. The command uses artifacts from -the `microshift-okd-builder` container image created by `make rpm`. +The `make image` command builds a MicroShift Bootc image based on CentOS Stream 9 +operating system with the default options. The command uses artifacts from the +`microshift-okd-builder` container image created by `make rpm`. ```bash make image diff --git a/docs/run.md b/docs/run.md index 3fa5487a..06040925 100644 --- a/docs/run.md +++ b/docs/run.md @@ -2,20 +2,20 @@ MicroShift can be run on the host or inside a Bootc container. -## MicroShift RPMs +## MicroShift RPM Packages -### Install RPM Packages +### Install RPM -Run the following command to install MicroShift RPM package from the local +Run the following command to install MicroShift RPM packages from the local repository copied from the build container image. -See [Build MicroShift RPMs](../docs/build.md#build-microshift-rpms) for more information. +See [Create RPM Packages](../docs/build.md#create-rpm-packages) for more information. ```bash RPM_REPO_DIR=/tmp/microshift-rpms -sudo ./src/create_repos.sh -create "${RPM_REPO_DIR}" +sudo ./src/rpm/create_repos.sh -create "${RPM_REPO_DIR}" sudo dnf install -y microshift microshift-kindnet -sudo ./src/create_repos.sh -delete +sudo ./src/rpm/create_repos.sh -delete ``` The following optional RPM packages are available in the repository. It is @@ -24,10 +24,10 @@ to enable the Kindnet or OVN-K networking support. | Package | Description | Comments | |-----------------------|----------------------------|----------| -| microshift-kindnet | Kindnet CNI | Overrides OVN-K -| microshift-networking | OVN-K CNI | Uninstall Kindnet to enable OVN-K -| microshift-topolvm | TopoLVM CSI | -| microshift-olm | Operator Lifecycle Manager | See [Operator Hub Catalogs](https://okd.io/docs/operators/) +| microshift-kindnet | Kindnet CNI | Overrides OVN-K | +| microshift-networking | OVN-K CNI | Uninstall Kindnet to enable OVN-K | +| microshift-topolvm | TopoLVM CSI | Install to enable storage support | +| microshift-olm | Operator Lifecycle Manager | See [Operator Hub Catalogs](https://okd.io/docs/operators/) | ### Start MicroShift Service @@ -35,16 +35,48 @@ Run the following commands to configure the minimum required firewall rules, disable LVMS, and start the MicroShift service. ```bash -sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 -sudo firewall-cmd --permanent --zone=trusted --add-source=169.254.169.1 -sudo firewall-cmd --reload +sudo ./src/rpm/postinstall.sh +sudo systemctl start microshift.service +``` + +Verify that all the MicroShift pods are up and running successfully. + +```bash +mkdir -p ~/.kube +sudo cat /var/lib/microshift/resources/kubeadmin/kubeconfig > ~/.kube/config + +oc get pods -A +``` + +## MicroShift DEB Packages -cat << EOF | sudo tee -a /etc/microshift/config.yaml >/dev/null -storage: - driver: "none" -EOF +### Install DEB -sudo systemctl enable --now microshift.service +Run the following command to install MicroShift DEB packages from the local +repository copied from the build container image. +See [Create DEB Packages](../docs/build.md#create-deb-packages) for more information. + +```bash +DEB_REPO_DIR=/tmp/microshift-rpms/deb +sudo ./src/deb/install.sh "${DEB_REPO_DIR}" +``` + +The following optional DEB packages are available in the repository. + +| Package | Description | Comments | +|--------------------|----------------------------|----------| +| microshift-topolvm | TopoLVM CSI | Install to enable storage support | +| microshift-olm | Operator Lifecycle Manager | See [Operator Hub Catalogs](https://okd.io/docs/operators/) | + +> Note: All of the optional packages are installed by default. + +### Start MicroShift Service + +Run the following command to start the MicroShift service. All the necessary system +configuration was performed during the installation step. + +```bash +sudo systemctl start microshift.service ``` Verify that all the MicroShift pods are up and running successfully. diff --git a/packaging/microshift-builder.Containerfile b/packaging/microshift-builder.Containerfile index 2350e7fa..21a338b6 100644 --- a/packaging/microshift-builder.Containerfile +++ b/packaging/microshift-builder.Containerfile @@ -15,7 +15,7 @@ ARG USHIFT_POSTBUILD_SCRIPT=/tmp/postbuild.sh # Verify mandatory build arguments RUN if [ -z "${OKD_VERSION_TAG}" ]; then \ - echo "Error: OKD_VERSION_TAG is not set"; \ + echo "ERROR: OKD_VERSION_TAG is not set"; \ echo "See quay.io/okd/scos-release for a list of tags"; \ exit 1; \ fi diff --git a/packaging/microshift-runner.Containerfile b/packaging/microshift-runner.Containerfile index 2bd4fd90..f5c5b3a3 100644 --- a/packaging/microshift-runner.Containerfile +++ b/packaging/microshift-runner.Containerfile @@ -21,7 +21,7 @@ ENV WITH_OLM=${WITH_OLM:-0} ENV EMBED_CONTAINER_IMAGES=${EMBED_CONTAINER_IMAGES:-0} # Run repository configuration script, install MicroShift and cleanup -COPY --chmod=755 ./src/create_repos.sh ${REPO_CONFIG_SCRIPT} +COPY --chmod=755 ./src/rpm/create_repos.sh ${REPO_CONFIG_SCRIPT} COPY --from=builder ${BUILDER_RPM_REPO_PATH} ${USHIFT_RPM_REPO_PATH} RUN ${REPO_CONFIG_SCRIPT} -create ${USHIFT_RPM_REPO_PATH} && \ dnf install -y microshift microshift-release-info && \ @@ -40,7 +40,7 @@ RUN ${REPO_CONFIG_SCRIPT} -create ${USHIFT_RPM_REPO_PATH} && \ dnf clean all # Post-install MicroShift configuration -COPY --chmod=755 ./src/image/postinstall.sh ${USHIFT_POSTINSTALL_SCRIPT} +COPY --chmod=755 ./src/rpm/postinstall.sh ${USHIFT_POSTINSTALL_SCRIPT} RUN ${USHIFT_POSTINSTALL_SCRIPT} && rm -vf "${USHIFT_POSTINSTALL_SCRIPT}" # If the EMBED_CONTAINER_IMAGES environment variable is set to 1, temporarily diff --git a/src/config_isolated_net.sh b/src/config_isolated_net.sh index dfcf7961..39ae2b56 100755 --- a/src/config_isolated_net.sh +++ b/src/config_isolated_net.sh @@ -33,7 +33,7 @@ wait_for_network_manager() { sleep 1 done if ! systemctl is-active --quiet NetworkManager; then - echo "Error: NetworkManager is not running" + echo "ERROR: NetworkManager is not running" exit 1 fi } diff --git a/src/deb/convert.sh b/src/deb/convert.sh new file mode 100755 index 00000000..7dfa737a --- /dev/null +++ b/src/deb/convert.sh @@ -0,0 +1,56 @@ +#!/bin/bash +set -euo pipefail + +RPM2DEB_IMAGE="docker.io/library/ubuntu:24.04" + +function usage() { + echo "Usage: $(basename "$0") " + exit 1 +} + +# +# Main +# +if [ $# -ne 1 ]; then + usage +fi + +# Check if the script is running as root +if [ "$(id -u)" -ne 0 ]; then + echo "ERROR: This script must be run as root (use sudo)" + exit 1 +fi + +RPM_DIR="$1" +if ! find "${RPM_DIR}" -type f -iname "microshift*.rpm" | grep -q "." ; then + echo "ERROR: No MicroShift RPMs found in '${RPM_DIR}' directory" + exit 1 +fi + +# Note that: +# - The OVN-K and Greenboot packages are not supported on Ubuntu +# - The MicroShift source RPM is ignored to avoid overwriting the binary RPM +echo "Converting the MicroShift RPMs to Debian packages" +podman run --rm -i \ + --volume "${RPM_DIR}:/mnt:Z" \ + "${RPM2DEB_IMAGE}" bash <<'EOF' +set -euo pipefail + +apt-get update -y -q && apt-get install -y -qq alien + +rm -rf /mnt/deb && mkdir -p /mnt/deb && cd /mnt/deb +for rpm in $(find /mnt -type f -iname "*.rpm" -not -iname "*.src.rpm" | sort -u) ; do + echo "Converting '${rpm}' to Debian package..." + # Omit the --scripts option because some of them do not work on Ubuntu + if ! alien --to-deb --keep-version "${rpm}" ; then + echo "ERROR: Failed to convert '${rpm}' to Debian package" + exit 1 + fi + # Save cri-o dependency to a file + crio_ver="$(rpm -qpR "${rpm}" | awk '/cri-o/ {print $3}' | sort -u | head -1 | cut -d. -f1,2)" + [ -n "${crio_ver}" ] && echo "CRIO_VERSION=${crio_ver}" >> "dependencies.txt" +done + +rm -f /mnt/deb/microshift-networking*.deb +rm -f /mnt/deb/microshift-greenboot*.deb +EOF diff --git a/src/deb/install.sh b/src/deb/install.sh new file mode 100755 index 00000000..75f88c40 --- /dev/null +++ b/src/deb/install.sh @@ -0,0 +1,178 @@ +#!/bin/bash +set -euo pipefail + +function usage() { + echo "Usage: $(basename "$0") " + exit 1 +} + +function install_prereqs() { + # Pre-install the required packages + export DEBIAN_FRONTEND=noninteractive + export TZ=Etc/UTC + + apt-get update -y -q + apt-get install -y -q tzdata curl gnupg1 policycoreutils sosreport +} + +function install_firewall() { + apt-get install -y -q ufw + + ufw allow from 10.42.0.0/16 + ufw allow from 169.254.169.1 + ufw allow ssh + + # The 'enable' command may prompt for a confirmation + echo y | ufw enable + ufw reload +} + +# Instructions for installing CRI-O: +# https://kubernetes.io/blog/2023/10/10/cri-o-community-package-infrastructure/#deb-based-distributions +function install_crio() { + # shellcheck source=/dev/null + source "${DEB_DIR}/dependencies.txt" + local criver="${CRIO_VERSION}" + local relkey + + # Find the desired CRI-O package in the repository. + # Fall back to the previous version if not found. + local crio_found=false + for _ in 1 2 3 ; do + relkey="https://pkgs.k8s.io/addons:/cri-o:/stable:/v${criver}/deb/Release.key" + if ! curl -fsSL "${relkey}" -o /dev/null 2>/dev/null ; then + echo "WARNING: The CRI-O package version '${criver}' not found in the repository. Trying the previous version." + criver="$(awk -F. '{printf "%d.%d", $1, $2-1}' <<<"$criver")" + else + echo "Installing CRI-O package version '${criver}'" + crio_found=true + break + fi + done + if [ "${crio_found}" != "true" ] ; then + echo "ERROR: Failed to find the CRI-O package in the repository" + exit 1 + fi + + # Set up the CRI-O repository + local -r gpgkey="/etc/apt/keyrings/cri-o-${criver}-apt-keyring.gpg" + rm -f "${gpgkey}" + curl -fsSL "${relkey}" | gpg --batch --dearmor -o "${gpgkey}" + echo "deb [signed-by=${gpgkey}] $(dirname "${relkey}") /" > \ + "/etc/apt/sources.list.d/cri-o-${criver}.list" + + # Install the CRI-O package and dependencies + apt-get update -y -q + apt-get install -y -q cri-o crun containernetworking-plugins + + # Disable all CNI plugin configuration files to allow Kindnet override + find /etc/cni/net.d -name '*.conflist' -print 2>/dev/null | while read -r cl ; do + mv "${cl}" "${cl}.disabled" + done + + # Query the containernetworking-plugins package installation directory + # and update the CRI-O configuration file to use it + local -r cni_dir="$(dpkg -L containernetworking-plugins | grep -E '/portmap$' | tail -1 | xargs dirname)" + cat > /etc/crio/crio.conf.d/14-microshift-cni.conf </dev/null ; then + echo "WARNING: The kubectl package version '${kubever}' not found in the repository. Trying the previous version." + kubever="$(awk -F. '{printf "%d.%d", $1, $2-1}' <<<"$kubever")" + else + echo "Installing kubectl package version '${kubever}'" + kubectl_found=true + break + fi + done + + if [ "${kubectl_found}" != "true" ] ; then + echo "ERROR: Failed to find the kubectl package in the repository" + exit 1 + fi + + # Set up the Kubernetes repository + local -r gpgkey="/etc/apt/keyrings/kubernetes-${kubever}-apt-keyring.gpg" + rm -f "${gpgkey}" + curl -fsSL "${relkey}" | gpg --batch --dearmor -o "${gpgkey}" + echo "deb [signed-by=${gpgkey}] $(dirname "${relkey}") /" > \ + "/etc/apt/sources.list.d/kubernetes-${kubever}.list" + + # Install the Kubectl package and dependencies + apt-get update -y -q + apt-get install -y -q kubectl + + # Create a symlink to the kubectl command as 'oc' + if [ ! -f /usr/bin/oc ] ; then + ln -s "$(which kubectl)" /usr/bin/oc + fi + + # Set the kubectl configuration + if [ ! -f ~/.kube/config ] ; then + mkdir -p ~/.kube + ln -s /var/lib/microshift/resources/kubeadmin/kubeconfig ~/.kube/config + fi +} + +function install_microshift() { + # Install the MicroShift Debian packages and fix the dependencies + find "${DEB_DIR}" -maxdepth 1 -name 'microshift*.deb' -print 2>/dev/null | sort | while read -r deb_package; do + dpkg -i "${deb_package}" + done + apt-get install -y -q -f + + # Enable the MicroShift service + systemctl enable microshift +} + +# +# Main +# +if [ $# -ne 1 ]; then + usage +fi + +# Check if the script is running as root +if [ "$(id -u)" -ne 0 ]; then + echo "ERROR: This script must be run as root (use sudo)" + exit 1 +fi + +DEB_DIR="$1" +if ! find "${DEB_DIR}" -maxdepth 1 -name 'microshift*.deb' -print 2>/dev/null | grep -q . ; then + echo "ERROR: No MicroShift Debian packages found in '${DEB_DIR}' directory" + exit 1 +fi +if ! [ -f "${DEB_DIR}/dependencies.txt" ] ; then + echo "ERROR: No dependencies.txt file found in '${DEB_DIR}' directory" + exit 1 +fi + +# System setup +install_prereqs +install_firewall +# Prerequisites +install_crio +install_kubectl +# MicroShift +install_microshift diff --git a/src/create_repos.sh b/src/rpm/create_repos.sh similarity index 89% rename from src/create_repos.sh rename to src/rpm/create_repos.sh index 0ae7b57d..bac5f175 100755 --- a/src/create_repos.sh +++ b/src/rpm/create_repos.sh @@ -41,6 +41,12 @@ if [ $# -lt 1 ] ; then usage fi +# Check if the script is running as root +if [ "$(id -u)" -ne 0 ]; then + echo "ERROR: This script must be run as root (use sudo)" + exit 1 +fi + case $1 in -create) repo_path="$2" diff --git a/src/image/postinstall.sh b/src/rpm/postinstall.sh similarity index 89% rename from src/image/postinstall.sh rename to src/rpm/postinstall.sh index 4a8c6288..3dbcf0c1 100755 --- a/src/image/postinstall.sh +++ b/src/rpm/postinstall.sh @@ -26,13 +26,6 @@ install_cni_plugins() { rm -f "/tmp/${CNP_PKG}" } -microshift_config() { - cat > "/etc/microshift/config.yaml" <