From 6569fde34efe19ebadcff389c066549498497695 Mon Sep 17 00:00:00 2001
From: Johannes Kastl <git@johannes-kastl.de>
Date: Fri, 26 Apr 2024 21:24:40 +0200
Subject: [PATCH 1/4] ADD create_rke2_sysext.sh

---
 create_rke2_sysext.sh | 50 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100755 create_rke2_sysext.sh

diff --git a/create_rke2_sysext.sh b/create_rke2_sysext.sh
new file mode 100755
index 0000000..6045247
--- /dev/null
+++ b/create_rke2_sysext.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+export ARCH="${ARCH-x86-64}"
+SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")"
+
+if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+  echo "Usage: $0 VERSION SYSEXTNAME"
+  echo "The script will download the rke2 binary (e.g., for v1.29.2+rke2r1) and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder."
+  echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again."
+  echo "All files in the sysext image will be owned by root."
+  echo "To use arm64 pass 'ARCH=arm64' as environment variable (current value is '${ARCH}')."
+  "${SCRIPTFOLDER}"/bake.sh --help
+  exit 1
+fi
+
+VERSION="$1"
+SYSEXTNAME="$2"
+
+# The github release uses different arch identifiers, we map them here
+# and rely on bake.sh to map them back to what systemd expects
+if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
+  URL="https://github.com/rancher/rke2/releases/download/${VERSION}/rke2.linux-amd64.tar.gz"
+  SHA256SUMS="https://github.com/rancher/rke2/releases/download/${VERSION}/sha256sum-amd64.txt"
+elif [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "aarch64" ]; then
+  URL="https://github.com/rancher/rke2/releases/download/${VERSION}/rke2.linux-arm64.tar.gz"
+  SHA256SUMS="https://github.com/rancher/rke2/releases/download/${VERSION}/sha256sum-arm64.txt"
+fi
+
+rm -rf "${SYSEXTNAME}"
+mkdir -p "${SYSEXTNAME}/usr/local/"
+
+TMP_DIR="${SYSEXTNAME}/tmp/"
+mkdir -p "${TMP_DIR}"
+curl -o "${TMP_DIR}/rke2.linux-amd64.tar.gz"  -fsSL "${URL}"
+curl -o "${TMP_DIR}/sha256sums"  -fsSL "${SHA256SUMS}"
+pushd "${TMP_DIR}" > /dev/null
+grep rke2.linux-amd64.tar.gz ./sha256sums | sha256sum -c -
+popd  > /dev/null
+
+tar xf "${TMP_DIR}/rke2.linux-amd64.tar.gz" -C "${SYSEXTNAME}/usr/local/"
+rm "${SYSEXTNAME}/usr/local/bin/rke2-uninstall.sh"
+
+# remove TMP_DIR before building the sysext
+rm -rf "${TMP_DIR}"
+
+"${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}"
+
+# cleanup
+rm -rf "${SYSEXTNAME}"

From 1ab472ce1cceb6d3cfa17a661c05ed70fb92eccb Mon Sep 17 00:00:00 2001
From: Johannes Kastl <git@johannes-kastl.de>
Date: Mon, 29 Apr 2024 12:41:57 +0200
Subject: [PATCH 2/4] create_rke2_sysext.sh: change ARCH usage

---
 create_rke2_sysext.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/create_rke2_sysext.sh b/create_rke2_sysext.sh
index 6045247..8423e53 100755
--- a/create_rke2_sysext.sh
+++ b/create_rke2_sysext.sh
@@ -20,12 +20,12 @@ SYSEXTNAME="$2"
 # The github release uses different arch identifiers, we map them here
 # and rely on bake.sh to map them back to what systemd expects
 if [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "x86-64" ]; then
-  URL="https://github.com/rancher/rke2/releases/download/${VERSION}/rke2.linux-amd64.tar.gz"
-  SHA256SUMS="https://github.com/rancher/rke2/releases/download/${VERSION}/sha256sum-amd64.txt"
+        export ARCH="amd64"
 elif [ "${ARCH}" = "arm64" ] || [ "${ARCH}" = "aarch64" ]; then
-  URL="https://github.com/rancher/rke2/releases/download/${VERSION}/rke2.linux-arm64.tar.gz"
-  SHA256SUMS="https://github.com/rancher/rke2/releases/download/${VERSION}/sha256sum-arm64.txt"
+        export ARCH="arm64"
 fi
+URL="https://github.com/rancher/rke2/releases/download/${VERSION}/rke2.linux-${ARCH}.tar.gz"
+SHA256SUMS="https://github.com/rancher/rke2/releases/download/${VERSION}/sha256sum-${ARCH}.txt"
 
 rm -rf "${SYSEXTNAME}"
 mkdir -p "${SYSEXTNAME}/usr/local/"

From 8942eae7e72f45939d6af787d77637c85b88eb9c Mon Sep 17 00:00:00 2001
From: Johannes Kastl <git@johannes-kastl.de>
Date: Mon, 29 Apr 2024 14:26:13 +0200
Subject: [PATCH 3/4] create_rke2_sysext.sh: add RELOAD=1 to bake.sh call to
 make sure we get a daemon-reload

---
 create_rke2_sysext.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/create_rke2_sysext.sh b/create_rke2_sysext.sh
index 8423e53..98d7519 100755
--- a/create_rke2_sysext.sh
+++ b/create_rke2_sysext.sh
@@ -44,7 +44,7 @@ rm "${SYSEXTNAME}/usr/local/bin/rke2-uninstall.sh"
 # remove TMP_DIR before building the sysext
 rm -rf "${TMP_DIR}"
 
-"${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}"
+RELOAD=1 "${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}"
 
 # cleanup
 rm -rf "${SYSEXTNAME}"

From 1bc36a6880ccfc0b3bc0be4786f5df801cf49bd6 Mon Sep 17 00:00:00 2001
From: Johannes Kastl <git@johannes-kastl.de>
Date: Tue, 30 Apr 2024 10:05:17 +0200
Subject: [PATCH 4/4] README.md: add headings for wasmcloud and k3s, add
 section for rke2

---
 README.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/README.md b/README.md
index da26e97..85248f9 100644
--- a/README.md
+++ b/README.md
@@ -135,6 +135,8 @@ systemd:
 This also configures systemd-sysupdate for auto-updates. The `noop.conf` is a workaround for systemd-sysupdate to run without error messages.
 Since the configuration sets up a custom Docker version, it also disables Torcx and the future `docker-flatcar` and `containerd-flatcar` extensions to prevent conflicts.
 
+#### wasmcloud
+
 For another example of how you can further customize the recipes provided in this repository, the following recipe uses the image built with `create_wasmcloud_sysext.sh`:
 ```yaml
 variant: flatcar
@@ -213,6 +215,8 @@ In the [Flatcar docs](https://www.flatcar.org/docs/latest/provisioning/sysext/)
 
 The updates works by [`systemd-sysupdate`](https://www.freedesktop.org/software/systemd/man/sysupdate.d.html) fetching the `SHA256SUMS` file of the generated artifacts, which holds the list of built images with their respective SHA256 digest.
 
+#### k3s
+
 The k3s sysext can be configured by using the following snippet, in case you
 want this to be a k3s server (controlplane):
 
@@ -242,6 +246,37 @@ Of course, any configuration you need should be prepared before starting the
 services, like providing a token for an agent or server to join or creating a
 `config.yaml` file.
 
+#### rke2
+
+The rke2 sysext can be configured by using the following snippet, in case you
+want this to be a rke2 server (controlplane):
+
+```yaml
+variant: flatcar
+version: 1.0.0
+storage:
+  links:
+    - path: /etc/systemd/system/multi-user.target.wants/rke2-server.service
+      target: /usr/local/lib/systemd/rke2-server.service
+      overwrite: true
+```
+
+For a rke2 agent (worker node) you would use something like this snippet:
+
+```yaml
+variant: flatcar
+version: 1.0.0
+storage:
+  links:
+    - path: /etc/systemd/system/multi-user.target.wants/rke2-agent.service
+      target: /usr/local/lib/systemd/rke2-agent.service
+      overwrite: true
+```
+
+Of course, any configuration you need should be prepared before starting the
+services, like providing a token for an agent or server to join or creating a
+`config.yaml` file.
+
 ### Creating a custom Docker sysext image
 
 The Docker releases publish static binaries including containerd and the only missing piece are the systemd units.