diff --git a/images/capi/Makefile b/images/capi/Makefile index b494c4c22b..3dbf39a1a1 100644 --- a/images/capi/Makefile +++ b/images/capi/Makefile @@ -1015,6 +1015,6 @@ json-sort: ## Sort all JSON files alphabetically ## -------------------------------------- ##@ Ignition .PHONY: gen-ignition -ignition_files = bootstrap bootstrap-pass-auth bootstrap-cloud +ignition_files = bootstrap-pass-auth bootstrap-cloud gen-ignition: deps-ignition ## Generates Ignition files from CLC for f in $(ignition_files); do (ct < packer/files/flatcar/clc/$$f.yaml | jq '.' > packer/files/flatcar/ignition/$$f.json) || exit 1; done diff --git a/images/capi/packer/ami/flatcar.json b/images/capi/packer/ami/flatcar.json index cb73125c06..25f747734f 100644 --- a/images/capi/packer/ami/flatcar.json +++ b/images/capi/packer/ami/flatcar.json @@ -13,5 +13,6 @@ "systemd_prefix": "/etc/systemd", "sysusr_prefix": "/opt", "sysusrlocal_prefix": "/opt", - "user_data": "" + "user_data": "", + "user_data_file": "packer/files/flatcar/ignition/bootstrap-cloud.json" } diff --git a/images/capi/packer/ami/packer.json b/images/capi/packer/ami/packer.json index 6d1d8ddd09..b6c5775397 100644 --- a/images/capi/packer/ami/packer.json +++ b/images/capi/packer/ami/packer.json @@ -62,6 +62,7 @@ "token": "{{ user `aws_session_token` }}", "type": "amazon-ebs", "user_data": "{{ user `user_data` }}", + "user_data_file": "{{ user `user_data_file` }}", "vpc_id": "{{ user `vpc_id` }}" } ], @@ -206,6 +207,7 @@ "temporary_security_group_source_cidrs": "", "throughput": "125", "user_data": "#cloud-config\nrepo_upgrade: none", + "user_data_file": "", "volume_size": "8", "volume_type": "gp3", "vpc_id": "" diff --git a/images/capi/packer/azure/flatcar-gen2.json b/images/capi/packer/azure/flatcar-gen2.json index 6141216043..5e0eb74fe2 100644 --- a/images/capi/packer/azure/flatcar-gen2.json +++ b/images/capi/packer/azure/flatcar-gen2.json @@ -2,6 +2,7 @@ "ansible_extra_vars": "ansible_python_interpreter=/opt/pypy/bin/pypy", "build_name": "flatcar-gen2", "crictl_source_type": "http", + "custom_data_file": "packer/files/flatcar/ignition/bootstrap-cloud.json", "distribution": "flatcar", "distribution_release": "{{env `FLATCAR_CHANNEL`}}", "distribution_version": "{{env `FLATCAR_CHANNEL`}}-{{env `FLATCAR_VERSION`}}", diff --git a/images/capi/packer/azure/flatcar.json b/images/capi/packer/azure/flatcar.json index 4b755261a2..392e43f647 100644 --- a/images/capi/packer/azure/flatcar.json +++ b/images/capi/packer/azure/flatcar.json @@ -2,6 +2,7 @@ "ansible_extra_vars": "ansible_python_interpreter=/opt/pypy/bin/pypy", "build_name": "flatcar", "crictl_source_type": "http", + "custom_data_file": "packer/files/flatcar/ignition/bootstrap-cloud.json", "distribution": "flatcar", "distribution_release": "{{env `FLATCAR_CHANNEL`}}", "distribution_version": "{{env `FLATCAR_CHANNEL`}}-{{env `FLATCAR_VERSION`}}", diff --git a/images/capi/packer/azure/packer.json b/images/capi/packer/azure/packer.json index 678c071dde..68b0821113 100644 --- a/images/capi/packer/azure/packer.json +++ b/images/capi/packer/azure/packer.json @@ -47,6 +47,7 @@ }, "client_id": "{{user `client_id`}}", "client_secret": "{{user `client_secret`}}", + "custom_data_file": "{{user `custom_data_file`}}", "image_offer": "{{user `image_offer` }}", "image_publisher": "{{user `image_publisher` }}", "image_sku": "{{user `image_sku`}}", @@ -225,6 +226,7 @@ "containerd_wasm_shims_runtimes": null, "crictl_url": "https://github.com/kubernetes-sigs/cri-tools/releases/download/v{{user `crictl_version`}}/crictl-v{{user `crictl_version`}}-linux-amd64.tar.gz", "crictl_version": null, + "custom_data_file": "", "direct_shared_gallery_image_id": "", "distribution": null, "distribution_release": null, diff --git a/images/capi/packer/files/flatcar/clc/bootstrap.yaml b/images/capi/packer/files/flatcar/clc/bootstrap.yaml deleted file mode 100644 index 9727034925..0000000000 --- a/images/capi/packer/files/flatcar/clc/bootstrap.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# This file is used for initial provisioning of a Flatcar machine, before Packer provisioners (e.g. -# Ansible) are executed. -passwd: - users: - - name: builder - # "BUILDERPASSWORDHASH" gets overwritten by Packer on platforms where SSH password auth is used. - password_hash: BUILDERPASSWORDHASH - # "BUILDERSSHAUTHKEY" gets overwritten by Packer on platforms where SSH key auth is used. - # TODO: Once https://github.com/kubernetes-sigs/image-builder/pull/882 is merged we can remove - # the ssh_authorized_keys key altogether since the QEMU and raw targets would be using password - # auth and the rest of the targets have provider-specific authorization mechanisms, meaning SSH - # keys don't have to be specified in this CLC file. - ssh_authorized_keys: ["BUILDERSSHAUTHKEY"] - groups: - - wheel - - sudo - - docker -systemd: - units: - - name: docker.service - enable: true - # Mask update-engine and locksmithd to disable automatic updates during image creation. - - name: update-engine.service - mask: true - - name: locksmithd.service - mask: true diff --git a/images/capi/packer/files/flatcar/ignition/bootstrap.json b/images/capi/packer/files/flatcar/ignition/bootstrap.json deleted file mode 100644 index bb2a84820f..0000000000 --- a/images/capi/packer/files/flatcar/ignition/bootstrap.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "ignition": { - "config": {}, - "security": { - "tls": {} - }, - "timeouts": {}, - "version": "2.3.0" - }, - "networkd": {}, - "passwd": { - "users": [ - { - "groups": [ - "wheel", - "sudo", - "docker" - ], - "name": "builder", - "passwordHash": "BUILDERPASSWORDHASH", - "sshAuthorizedKeys": [ - "BUILDERSSHAUTHKEY" - ] - } - ] - }, - "storage": {}, - "systemd": { - "units": [ - { - "enable": true, - "name": "docker.service" - }, - { - "mask": true, - "name": "update-engine.service" - }, - { - "mask": true, - "name": "locksmithd.service" - } - ] - } -} diff --git a/images/capi/packer/ova/flatcar.json b/images/capi/packer/ova/flatcar.json index 60ad61729c..01534a7687 100644 --- a/images/capi/packer/ova/flatcar.json +++ b/images/capi/packer/ova/flatcar.json @@ -1,6 +1,6 @@ { "ansible_extra_vars": "guestinfo_datasource_slug={{user `guestinfo_datasource_slug`}} guestinfo_datasource_ref={{user `guestinfo_datasource_ref`}} guestinfo_datasource_script={{user `guestinfo_datasource_script`}} ansible_python_interpreter=/opt/bin/python", - "boot_command_prefix": "sudo systemctl mask sshd.socket --nowcurl -sLo /tmp/ignition.json https://raw.githubusercontent.com/kubernetes-sigs/image-builder/0bb5cd6db390516c75daeeaf27f19b1aa958428b/images/capi/packer/files/flatcar/ignition/bootstrap.jsonsed -i \"s|BUILDERPASSWORDHASH|$(mkpasswd -5 {{user `ssh_password`}})|\" /tmp/ignition.jsonsudo flatcar-install -d /dev/sda -o vmware_raw -C {{user `channel_name`}} -V {{user `release_version`}} -i /tmp/ignition.jsonsudo reboot", + "boot_command_prefix": "sudo systemctl mask sshd.socket --nowcurl -sLo /tmp/ignition.json https://raw.githubusercontent.com/kubernetes-sigs/image-builder/21f6a77a9a46a217949579d52f7b671568521678/images/capi/packer/files/flatcar/ignition/bootstrap-pass-auth.jsonsed -i \"s|BUILDERPASSWORDHASH|$(mkpasswd -5 {{user `ssh_password`}})|\" /tmp/ignition.jsonsudo flatcar-install -d /dev/sda -o vmware_raw -C {{user `channel_name`}} -V {{user `release_version`}} -i /tmp/ignition.jsonsudo reboot", "boot_wait": "60s", "build_name": "flatcar-{{env `FLATCAR_CHANNEL`}}-{{env `FLATCAR_VERSION`}}", "channel_name": "{{env `FLATCAR_CHANNEL`}}", diff --git a/images/capi/packer/qemu/qemu-flatcar.json b/images/capi/packer/qemu/qemu-flatcar.json index 3bec5778ad..358e9a9e0f 100644 --- a/images/capi/packer/qemu/qemu-flatcar.json +++ b/images/capi/packer/qemu/qemu-flatcar.json @@ -1,7 +1,7 @@ { "ansible_extra_vars": "ansible_python_interpreter=/opt/bin/python oem_id={{user `oem_id`}}", "boot_command_prefix": "sudo systemctl mask sshd.socket --nowcurl -sLo /tmp/ignition.json ", - "boot_command_suffix": "/bootstrap.jsonsed -i \"s|BUILDERPASSWORDHASH|$(mkpasswd -5 {{user `ssh_password`}})|\" /tmp/ignition.jsonsudo flatcar-install -d /dev/sda -C {{user `channel_name`}} -V {{user `release_version`}} -i /tmp/ignition.jsonsudo reboot", + "boot_command_suffix": "/bootstrap-pass-auth.jsonsed -i \"s|BUILDERPASSWORDHASH|$(mkpasswd -5 {{user `ssh_password`}})|\" /tmp/ignition.jsonsudo flatcar-install -d /dev/sda -C {{user `channel_name`}} -V {{user `release_version`}} -i /tmp/ignition.jsonsudo reboot", "boot_wait": "120s", "build_name": "flatcar-{{env `FLATCAR_CHANNEL`}}-{{env `FLATCAR_VERSION`}}", "channel_name": "{{env `FLATCAR_CHANNEL`}}", diff --git a/images/capi/packer/raw/raw-flatcar.json b/images/capi/packer/raw/raw-flatcar.json index a517a9efc7..7f5e7c3db4 100644 --- a/images/capi/packer/raw/raw-flatcar.json +++ b/images/capi/packer/raw/raw-flatcar.json @@ -1,7 +1,7 @@ { "ansible_extra_vars": "ansible_python_interpreter=/opt/bin/python", "boot_command_prefix": "sudo systemctl mask sshd.socket --nowcurl -sLo /tmp/ignition.json ", - "boot_command_suffix": "/bootstrap.jsonsed -i \"s|BUILDERPASSWORDHASH|$(mkpasswd -5 {{user `ssh_password`}})|\" /tmp/ignition.jsonsudo flatcar-install -d /dev/sda -C {{user `channel_name`}} -V {{user `release_version`}} -i /tmp/ignition.jsonsudo reboot", + "boot_command_suffix": "/bootstrap-pass-auth.jsonsed -i \"s|BUILDERPASSWORDHASH|$(mkpasswd -5 {{user `ssh_password`}})|\" /tmp/ignition.jsonsudo flatcar-install -d /dev/sda -C {{user `channel_name`}} -V {{user `release_version`}} -i /tmp/ignition.jsonsudo reboot", "boot_wait": "120s", "build_name": "flatcar-{{env `FLATCAR_CHANNEL`}}-{{env `FLATCAR_VERSION`}}", "channel_name": "{{env `FLATCAR_CHANNEL`}}",