diff --git a/Makefile b/Makefile index f7d5498..a0cc14f 100644 --- a/Makefile +++ b/Makefile @@ -32,4 +32,23 @@ clean: install: vagrant box add --force cilium/$(DISTRIBUTION) $(BOX_FILE) -.PHONY = build validate clean install +# Sane defaults for a VM used for development +VM_CPUS ?= 8 +VM_MEMORY ?= 16G +VM_DISK ?= 100G +VM_NAME ?= dev + +multipass: + VM_CPUS=$(VM_CPUS) VM_MEMORY=$(VM_MEMORY) VM_DISK=$(VM_DISK) provision/multipass.sh ${VM_NAME} + +# VM_NAME must exists as an env variable +multipass-reinstall: + VM_CPUS=$(VM_CPUS) VM_MEMORY=$(VM_MEMORY) VM_DISK=$(VM_DISK) provision/multipass.sh -f ${VM_NAME} + +multipass-netnext: + NETNEXT=true VM_CPUS=$(VM_CPUS) VM_MEMORY=$(VM_MEMORY) VM_DISK=$(VM_DISK) provision/multipass.sh netnext + +multipass-netnext-reinstall: + NETNEXT=true VM_CPUS=$(VM_CPUS) VM_MEMORY=$(VM_MEMORY) VM_DISK=$(VM_DISK) provision/multipass.sh -f netnext + +.PHONY = build validate clean install multipass multipass-reinstall multipass-netnext multipass-netnext-reinstall diff --git a/cilium-ubuntu-4.19.json b/cilium-ubuntu-4.19.json index e48025f..18d9094 100644 --- a/cilium-ubuntu-4.19.json +++ b/cilium-ubuntu-4.19.json @@ -66,6 +66,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, "scripts": [ @@ -73,6 +76,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}' 0419190 202105070933", "expect_disconnect": true, "scripts": [ @@ -85,9 +91,11 @@ },{ "type": "shell", "environment_vars": [ - "ENV_FILEPATH=/tmp/env.bash", - "CILIUM_BRANCH={{ user `CILIUM_BRANCH` }}", - "NAME_PREFIX={{ user `NAME_PREFIX` }}" + "VM_ARCH=amd64", + "USERNAME=vagrant", + "ENV_FILEPATH=/tmp/env.bash", + "CILIUM_BRANCH={{ user `CILIUM_BRANCH` }}", + "NAME_PREFIX={{ user `NAME_PREFIX` }}" ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, diff --git a/cilium-ubuntu-5.4.json b/cilium-ubuntu-5.4.json index 9d19c87..b706b37 100644 --- a/cilium-ubuntu-5.4.json +++ b/cilium-ubuntu-5.4.json @@ -67,6 +67,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, "scripts": [ @@ -74,6 +77,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}' 0504220 202210261259", "expect_disconnect": true, "scripts": [ @@ -86,9 +92,11 @@ },{ "type": "shell", "environment_vars": [ - "ENV_FILEPATH=/tmp/env.bash", - "CILIUM_BRANCH={{ user `CILIUM_BRANCH` }}", - "NAME_PREFIX={{ user `NAME_PREFIX` }}" + "VM_ARCH=amd64", + "USERNAME=vagrant", + "ENV_FILEPATH=/tmp/env.bash", + "CILIUM_BRANCH={{ user `CILIUM_BRANCH` }}", + "NAME_PREFIX={{ user `NAME_PREFIX` }}" ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, diff --git a/cilium-ubuntu-next.json b/cilium-ubuntu-next.json index ea6e7bd..6da8886 100644 --- a/cilium-ubuntu-next.json +++ b/cilium-ubuntu-next.json @@ -67,6 +67,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, "scripts": [ @@ -76,6 +79,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, "scripts": [ @@ -88,8 +94,10 @@ },{ "type": "shell", "environment_vars": [ - "ENV_FILEPATH=/tmp/env.bash", - "NETNEXT=true" + "VM_ARCH=amd64", + "USERNAME=vagrant", + "ENV_FILEPATH=/tmp/env.bash", + "NETNEXT=true" ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, diff --git a/cilium-ubuntu.json b/cilium-ubuntu.json index a363451..2d70652 100644 --- a/cilium-ubuntu.json +++ b/cilium-ubuntu.json @@ -66,6 +66,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, "scripts": [ @@ -73,6 +76,9 @@ ] },{ "type": "shell", + "environment_vars": [ + "VM_ARCH=amd64" + ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, "scripts": [ @@ -85,9 +91,11 @@ },{ "type": "shell", "environment_vars": [ - "ENV_FILEPATH=/tmp/env.bash", - "CILIUM_BRANCH={{ user `CILIUM_BRANCH` }}", - "NAME_PREFIX={{ user `NAME_PREFIX` }}" + "VM_ARCH=amd64", + "USERNAME=vagrant", + "ENV_FILEPATH=/tmp/env.bash", + "CILIUM_BRANCH={{ user `CILIUM_BRANCH` }}", + "NAME_PREFIX={{ user `NAME_PREFIX` }}" ], "execute_command": "echo 'vagrant' | {{ .Vars }} sudo -E -S bash '{{ .Path }}'", "expect_disconnect": true, diff --git a/provision/env.bash b/provision/env.bash old mode 100644 new mode 100755 index 319f976..f9ecb21 --- a/provision/env.bash +++ b/provision/env.bash @@ -1,12 +1,11 @@ #!/usr/bin/env bash export GOLANG_VERSION="1.19.5" -export ETCD_VERSION="v3.1.0" +export ETCD_VERSION="v3.2.32" export CONTAINERD_VERSION="1.6.4" export HUBBLE_VERSION="0.9.0" -export SONOBUOY_VERSION="0.14.2" +export SONOBUOY_VERSION="0.16.5" export PROTOC_VERSION="3.12.4" -export HOME_DIR=/home/vagrant -export HOME=/home/vagrant -export GOPATH="${HOME}/go" +export HOME_DIR=/home/${USERNAME} +export GOPATH="${HOME_DIR}/go" export PATH="${GOPATH}/bin:$PATH" diff --git a/provision/fix-home-ownership.sh b/provision/fix-home-ownership.sh old mode 100644 new mode 100755 index f6e3bf4..7ca5db9 --- a/provision/fix-home-ownership.sh +++ b/provision/fix-home-ownership.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env bash source "${ENV_FILEPATH}" @@ -7,4 +7,4 @@ set -e # Provisioning scripts run as root, causing files in the vagrant user's home # directory to be owned by root, not vagrant. As a last step, fix the ownership # of all files. -chown -R vagrant:vagrant "${HOME_DIR}" +chown -R ${USERNAME}:${USERNAME} "${HOME_DIR}" diff --git a/provision/golang.sh b/provision/golang.sh index a30c89a..4b546c1 100755 --- a/provision/golang.sh +++ b/provision/golang.sh @@ -4,11 +4,14 @@ source "${ENV_FILEPATH}" set -e -sudo -u vagrant -E bash -c "mkdir -p ${GOPATH} && \ +sudo -E chown ${USERNAME}:${USERNAME} ${HOME_DIR} +sudo -u ${USERNAME} -E bash -c "mkdir -p ${GOPATH} && \ go install github.com/google/gops@latest && \ go install github.com/subfuzion/envtpl/cmd/envtpl@latest && \ go install github.com/mfridman/tparse@latest" curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sudo sh -s -- -b ${GOPATH}/bin/ v1.48.0 -sudo -E ln -s "${GOPATH}/bin/"* /usr/bin +sudo -E ln -sf "${GOPATH}/bin/"* /usr/bin + +if ! grep "export GOPATH=" ${HOME_DIR}/.profile ; then echo "export GOPATH=${GOPATH}" >>${HOME_DIR}/.profile; fi diff --git a/provision/kind.sh b/provision/kind.sh new file mode 100755 index 0000000..09205df --- /dev/null +++ b/provision/kind.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +# source "${ENV_FILEPATH}" + +set -e + +# +# Install kubectl +# +curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/$VM_ARCH/kubectl" +chmod +x kubectl +sudo mv kubectl /usr/local/bin/ +# +# Install Kind +# +go install sigs.k8s.io/kind@latest +if ! grep -i -e "PATH.*go.*/bin" ~/.profile ; then + echo "PATH=\"\$GOPATH/bin:\$PATH\"" >> ~/.profile +fi diff --git a/provision/multipass.sh b/provision/multipass.sh new file mode 100755 index 0000000..4b03768 --- /dev/null +++ b/provision/multipass.sh @@ -0,0 +1,162 @@ +#!/usr/bin/env bash + +set -eux + +continue=false +purge=false +while getopts cf flag +do + case "${flag}" in + c) continue=true;; + f) purge=true;; + esac +done +shift $(($OPTIND - 1)) + +# check that VM name is given as a positional argument +if [ -z "${1-}" ]; then + echo "Usage: $0 [-f] [-c] " + echo "following environment variables are honored: MOUNT, KERNEL, KERNEL_DATE, NETNEXT, PULL_IMAGES, UBUNTU, VM_CPUS, VM_MEMORY, VM_DISK, VM_USERNAME, HOST_IP, HOST_NETWORK, HOST_MASK, LOG" + exit 1 +fi +VM_NAME=$1 + +# Mount using NFS by default since it is the fastest mount option on macOS, +# other options are 'native' (p9 on multipass 1.11 on macOS) and 'default' (sshfs) +MOUNT=${MOUNT:-NFS} +case "$MOUNT" in + NFS) ;; + native) ;; + default) ;; + *) + echo "unsupported MOUNT type, use NFS, native, or default" + exit 1 + ;; +esac + +KERNEL=${KERNEL:-} +KERNEL_DATE=${KERNEL_DATE:-} +NETNEXT=${NETNEXT:-} +PULL_IMAGES=${PULL_IMAGES:-} + +UBUNTU=${UBUNTU:-22.04} +VM_CPUS=${VM_CPUS:-4} +VM_MEMORY=${VM_MEMORY:-4G} +VM_DISK=${VM_DISK:-40G} +VM_ARCH=$(uname -m) +VM_ARCH=${VM_ARCH/x86_64/amd64} +VM_ARCH=${VM_ARCH/aarch64/arm64} +VM_USERNAME=${VM_USERNAME:-ubuntu} +HOST_IP=${HOST_IP:-192.168.64.1} + +HOST_NETWORK=${HOST_NETWORK:-${HOST_IP%.*}.0} +HOST_MASK=${HOST_MASK:-255.255.255.0} + +LOG=/tmp/$VM_NAME-provision.log + +# Share parent if it is named "cilium", so that it can be correctly mounted +# as ~/go/src/github.com/cilium" +parent=$(cd "$(dirname $PWD)"; pwd -P) +if [ "$(basename $parent)" = "cilium" ]; then + SHARE_SOURCE=$(dirname $parent) + SHARE_TARGET=/home/$VM_USERNAME/go/src/github.com +else + SHARE_SOURCE=$parent + SHARE_TARGET=/home/$VM_USERNAME/go/src/github.com/cilium +fi + +function copy_provision { + multipass transfer --recursive --parents provision $VM_NAME:/tmp/provision + multipass exec $VM_NAME -- bash -c "chmod +x /tmp/provision/*.sh /tmp/provision/ubuntu/*.sh" +} + +function nfs_export { + ETC_EXPORTS="$SHARE_SOURCE -mapall=$(whoami) -alldirs -network $HOST_NETWORK -mask $HOST_MASK" + + if ! grep "$ETC_EXPORTS" /etc/exports; then + echo "Adding entry to /etc/exports, sudo password may be needed." + sudo sh -c "echo >> /etc/exports \"$ETC_EXPORTS\"" + if [ -f `which nfsd` ]; then + sudo nfsd restart + fi + else + echo /etc/exports already has line with "$ETC_EXPORTS" + fi +} + +if [ $purge == "true" ]; then + multipass delete $VM_NAME --purge +fi + +if ! multipass info $VM_NAME 2>&1 >/dev/null; then + echo "Launching $VM_NAME" + rm -f $LOG + + cp user-data.yaml /tmp + if [ -f ~/.ssh/id_rsa.pub ]; then + printf "\nssh_authorized_keys:\n - " >> /tmp/user-data.yaml + cat ~/.ssh/id_rsa.pub >> /tmp/user-data.yaml + fi + multipass launch -vvvv --disk $VM_DISK --cloud-init /tmp/user-data.yaml --cpus $VM_CPUS --memory $VM_MEMORY --name $VM_NAME $UBUNTU + echo "Launched multipass VM \"$VM_NAME\", use \"multipass delete $VM_NAME --purge\" to delete it." +elif [ $continue == "false" ]; then + echo "$VM_NAME already exists, specify -c to use it or -f to delete it." + exit 1 +fi + +# +# Configure kernel if not already done +# +if ! tail $LOG | grep -e "Rebooting kernel" -e "KEEPING KERNEL"; then + copy_provision + multipass exec $VM_NAME -- bash -c "VM_ARCH=$VM_ARCH KERNEL=$KERNEL KERNEL_DATE=$KERNEL_DATE NETNEXT=$NETNEXT /tmp/provision/provision-kernel.sh 2>&1 || true" | tee $LOG + if tail $LOG | grep "Rebooting kernel"; then + echo "Waiting until kernel reboots" + until multipass exec $VM_NAME -- uname -a; do + sleep 5 + done + echo "Resuming provisioning..." + elif ! tail $LOG | grep "KEEPING KERNEL"; then + echo "*** Kernel provisioning failed, see $LOG ***" + exit 1 + fi +fi + +# +# Continue provisioning if not already done +# +if ! tail $LOG | grep "PROVISIONING SUCCESSFULLY COMPLETED"; then + copy_provision + multipass exec $VM_NAME -- bash -c "NETNEXT=$NETNEXT VM_ARCH=$VM_ARCH USERNAME=$VM_USERNAME PULL_IMAGES=$PULL_IMAGES /tmp/provision/provision.sh 2>&1" | tee -a $LOG + # + # Fail if not successfully completed + # + tail $LOG | grep "PROVISIONING SUCCESSFULLY COMPLETED" +fi + +# +# Add mount to Cilium directory. +# +if [ "$MOUNT" = "NFS" ]; then + nfs_export + multipass exec $VM_NAME -- mkdir -p $SHARE_TARGET + multipass exec $VM_NAME -- sudo bash -c "echo \"$HOST_IP:$SHARE_SOURCE $SHARE_TARGET nfs defaults 0 0\" >>/etc/fstab && mount -a" +elif [ "$MOUNT" = "native" ]; then + multipass stop $VM_NAME + multipass mount -t native $SHARE_SOURCE $VM_NAME:$SHARE_TARGET + multipass start $VM_NAME +else # the default case + multipass mount $SHARE_SOURCE $VM_NAME:$SHARE_TARGET +fi + +# +# Verify that the mount works +# +multipass exec $VM_NAME -- cat /home/$VM_USERNAME/go/src/github.com/cilium/cilium/VERSION + +# +# Remove provisioning artifacts last so that we keep them when provisioning fails +# +rm -f /tmp/user-data.yaml || true +rm -f $LOG || true +multipass exec $VM_NAME -- rm -rf /tmp/provision || true diff --git a/provision/provision-kernel.sh b/provision/provision-kernel.sh new file mode 100755 index 0000000..ae11eac --- /dev/null +++ b/provision/provision-kernel.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) + +export VM_ARCH=${VM_ARCH:-amd64} + +set -e + +sudo -E ${dir}/ubuntu/netperf.sh +sudo -E ${dir}/ubuntu/kernel-next-download.sh +if [ -n "${NETNEXT}" ]; then + sudo -E ${dir}/ubuntu/kernel-next-tools.sh + sudo -E ${dir}/ubuntu/kernel-next.sh +elif [ -n "${KERNEL}" ]; then + sudo -E ${dir}/ubuntu/kernel.sh ${KERNEL} ${KERNEL_DATE} +else + echo "*** KEEPING KERNEL $(uname -r) ***" +fi diff --git a/provision/provision.sh b/provision/provision.sh new file mode 100755 index 0000000..162c3ff --- /dev/null +++ b/provision/provision.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) + +export ENV_FILEPATH=${ENV_FILEPATH:-"${dir}/env.bash"} +export VM_ARCH=${VM_ARCH:-amd64} +export USERNAME=${USERNAME:-vagrant} +export NETNEXT=${NETNEXT:-false} +source "${ENV_FILEPATH}" + +set -e + +sudo -E ${dir}/ubuntu/kernel-next-clean.sh +sudo -E ${dir}/vagrant.sh +sudo -E ${dir}/ubuntu/install.sh +sudo -E ${dir}/golang.sh +sudo -E ${dir}/swap.sh +sudo -E ${dir}/registry.sh +sudo -E ${dir}/ubuntu/crio.sh +sudo -E ${dir}/ubuntu/containerd.sh +sudo -E ${dir}/kind.sh +if [ -n "$PULL_IMAGES" ]; then + sudo -E ${dir}/pull-images.sh +fi +sudo -E ${dir}/fix-home-ownership.sh + +echo "*******************************************" +echo "*** PROVISIONING SUCCESSFULLY COMPLETED ***" +echo "*******************************************" diff --git a/provision/registry.sh b/provision/registry.sh index 2346593..59c13b3 100755 --- a/provision/registry.sh +++ b/provision/registry.sh @@ -10,7 +10,7 @@ CERTS_DIR=/certs/ sudo mkdir -p $CERTS_DIR sudo chmod 777 $CERTS_DIR -cd $HOME +cd $HOME_DIR rm -rfv certs mkdir certs diff --git a/provision/swap.sh b/provision/swap.sh old mode 100644 new mode 100755 diff --git a/provision/ubuntu/containerd.sh b/provision/ubuntu/containerd.sh old mode 100644 new mode 100755 index d74acbc..63e8afe --- a/provision/ubuntu/containerd.sh +++ b/provision/ubuntu/containerd.sh @@ -4,7 +4,7 @@ source "${ENV_FILEPATH}" set -e -CONTAINERD_TARGZ=cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz +CONTAINERD_TARGZ=cri-containerd-cni-${CONTAINERD_VERSION}-linux-${VM_ARCH}.tar.gz wget https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/${CONTAINERD_TARGZ} sudo tar -C / -xzf ${CONTAINERD_TARGZ} diff --git a/provision/ubuntu/install.sh b/provision/ubuntu/install.sh index bb0acf9..881e4f4 100755 --- a/provision/ubuntu/install.sh +++ b/provision/ubuntu/install.sh @@ -10,32 +10,32 @@ export 'BPFTOOL_GIT'=${BPFTOOL_GIT:-https://github.com/libbpf/bpftool} export 'GUESTADDITIONS'=${GUESTADDITIONS:-""} export 'NETNEXT'="${NETNEXT:-false}" -ARCH="amd64" - # VBoxguestAdditions installation -VER="`cat /home/vagrant/.vbox_version`"; -ISO="VBoxGuestAdditions_$VER.iso"; - -# Validate that custom GuestAdditions are needed -if [[ -n "${GUESTADDITIONS}" ]]; then - cd $HOME_DIR - ISO="VBoxGuestAdditions.iso" - wget $GUESTADDITIONS -O $ISO -fi - -mkdir -p /tmp/vbox; -mount -o loop ${HOME_DIR}/$ISO /tmp/vbox; -modprobe -r vboxguest || [[ "$NETNEXT" == "false" ]] -sh /tmp/vbox/VBoxLinuxAdditions.run -umount /tmp/vbox; -rm -rf /tmp/vbox; -rm -f ${HOME_DIR}/*.iso; - -if [ "${NETNEXT}" == "true" ]; then - # Remove the binary from GuestAdditions to avoid clashing with the vboxsf - # kernel module - sudo rm $(which mount.vboxsf) +if [ -f ${HOME_DIR}/.vbox_version ]; then + VER="`cat ${HOME_DIR}/.vbox_version`"; + ISO="VBoxGuestAdditions_$VER.iso"; + + # Validate if custom GuestAdditions are needed + if [[ -n "${GUESTADDITIONS}" ]]; then + cd ${HOME_DIR} + ISO="VBoxGuestAdditions.iso" + wget $GUESTADDITIONS -O $ISO + fi + + mkdir -p /tmp/vbox; + mount -o loop ${HOME_DIR}/$ISO /tmp/vbox; + modprobe -r vboxguest || [[ "$NETNEXT" == "false" ]] + sh /tmp/vbox/VBoxLinuxAdditions.run + umount /tmp/vbox; + rm -rf /tmp/vbox; + rm -f ${HOME_DIR}/*.iso; + + if [ "${NETNEXT}" == "true" ]; then + # Remove the binary from GuestAdditions to avoid clashing with the vboxsf + # kernel module + sudo rm $(which mount.vboxsf) + fi fi # Remove unattended-upgrades to prevent it from holding the dpkg frontend lock @@ -47,8 +47,23 @@ sudo systemctl disable apt-daily-upgrade.timer sudo systemctl disable apt-daily.timer echo "Provision a new server" +if [ "`lsb_release --short --release | cut -d. -f1`" = "22" ]; then + VERSION_SPECIFIC_PACKAGES="python3 python-is-python3 libenchant-2-dev" +else + VERSION_SPECIFIC_PACKAGES="dh-systemd python libenchant1c2a" + # assume older release, e.g., 20.04 + # Ubuntu 20.04 has too old nodejs, add repo for a newer one + # Install nodejs and npm, needed for the cilium rtd sphinx theme + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo apt-key add - + sudo add-apt-repository \ + "deb [arch=${VM_ARCH}] https://deb.nodesource.com/node_12.x \ + $(lsb_release -cs) \ + main" +fi + sudo apt-get update sudo apt-get install -y --allow-downgrades \ + ${VERSION_SPECIFIC_PACKAGES} \ curl jq apt-transport-https htop bmon \ linux-tools-common linux-tools-generic \ ca-certificates libelf-dev \ @@ -56,38 +71,35 @@ sudo apt-get install -y --allow-downgrades \ dh-golang devscripts fakeroot \ dh-make libmnl-dev git \ libdistro-info-perl libssl-dev \ - dh-systemd build-essential \ + build-essential \ gcc make git-buildpackage \ pkg-config bison flex \ - zip g++ zlib1g-dev unzip python \ + zip g++ zlib1g-dev unzip \ libtool cmake coreutils m4 automake \ libprotobuf-dev libyaml-cpp-dev \ - socat pv tmux bc gcc-multilib binutils-dev \ + socat pv tmux bc binutils-dev \ binutils wget rsync ifupdown \ python3-sphinx python3-pip \ libncurses5-dev libslang2-dev gettext \ libselinux1-dev debhelper lsb-release \ po-debconf autoconf autopoint moreutils \ - libseccomp2 libenchant1c2a ninja-build \ + libseccomp2 ninja-build \ golang-cfssl ntp \ - wireguard ipset - -# Install nodejs and npm, needed for the cilium rtd sphinx theme -curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo apt-key add - -sudo add-apt-repository \ - "deb [arch=${ARCH}] https://deb.nodesource.com/node_12.x \ - $(lsb_release -cs) \ - main" -sudo apt-get update -sudo apt-get install -y nodejs + wireguard ipset \ + nodejs # Install protoc from github release, as protobuf-compiler version in apt is quite old (e.g 3.0.0-9.1ubuntu1) +PROTOC_ARCH="x86_64" +if [ "${VM_ARCH}" == "arm64" ]; then + PROTOC_ARCH="aarch_64" +fi + cd /tmp -wget -nv https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip -unzip -p protoc-${PROTOC_VERSION}-linux-x86_64.zip bin/protoc > protoc +wget -nv https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip +unzip -p protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip bin/protoc > protoc sudo chmod +x protoc sudo cp protoc /usr/bin -rm -rf protoc-${PROTOC_VERSION}-linux-x86_64.zip protoc +rm -rf protoc-${PROTOC_VERSION}-linux-${PROTOC_ARCH}.zip protoc # Install nsenter for kubernetes cd /tmp @@ -109,6 +121,11 @@ sudo apt-get install -y conntrack sudo -H pip3 install -r https://raw.githubusercontent.com/cilium/cilium/master/Documentation/requirements.txt # libbpf, bpftool, and iproute2 +LINUX_ARCH="x86_64" +if [ "${VM_ARCH}" == "arm64" ]; then + LINUX_ARCH="aarch64" +fi + cd /tmp git clone --depth=1 ${LIBBPF_GIT} cd /tmp/libbpf/src @@ -116,8 +133,9 @@ make -j "$(getconf _NPROCESSORS_ONLN)" # By default, libbpf.so is installed to /usr/lib64 which isn't in LD_LIBRARY_PATH on Ubuntu. # Overriding LIBDIR in addition to setting PREFIX seems to be needed due to the structure of # libbpf's Makefile. -sudo PREFIX="/usr" LIBDIR="/usr/lib/x86_64-linux-gnu" make install +sudo PREFIX="/usr" LIBDIR="/usr/lib/${LINUX_ARCH}-linux-gnu" make install sudo ldconfig +rm -rf /tmp/libbpf sudo apt-get install -y libbfd-dev libcap-dev libelf-dev cd /tmp @@ -125,6 +143,7 @@ git clone --depth=1 --recurse-submodules ${BPFTOOL_GIT} cd /tmp/bpftool/src make -j "$(getconf _NPROCESSORS_ONLN)" sudo make install +rm -rf /tmp/bpftool cd /tmp git clone -b ${IPROUTE_BRANCH} ${IPROUTE_GIT} @@ -134,34 +153,37 @@ PKG_CONFIG_PATH="/usr/lib64/pkgconfig" \ PKG_CONFIG="pkg-config --define-prefix" \ ./configure make -j `getconf _NPROCESSORS_ONLN` -rm -r /usr/bin/ip +rm -r /usr/bin/ip || true make install rm -rf /tmp/iproute2 -#clean -sudo apt-get remove docker docker.io +# Install docker if not already installed +if ! which docker > /dev/null; then + + #clean + sudo apt-get remove docker docker.io -#Add repos + #Add repos -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - -curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - -sudo add-apt-repository \ - "deb [arch=${ARCH}] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" + sudo add-apt-repository \ + "deb [arch=${VM_ARCH}] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" -cat < /etc/apt/sources.list.d/kubernetes.list + cat < /etc/apt/sources.list.d/kubernetes.list deb http://apt.kubernetes.io/ kubernetes-xenial main EOF -# wget https://packages.cloud.google.com/apt/doc/apt-key.gpg -# apt-key add apt-key.gpg + # wget https://packages.cloud.google.com/apt/doc/apt-key.gpg + # apt-key add apt-key.gpg -#Install packages -sudo apt-get update -sudo apt-get install -y docker-ce -sudo usermod -aG docker vagrant + sudo apt-get update + sudo apt-get install -y docker-ce + sudo usermod -aG docker ${USERNAME} +fi # Install clang/llvm # This should always converge to use the same LLVM version as in @@ -174,16 +196,18 @@ docker stop cilium-llvm #Install Golang cd /tmp/ sudo curl -Sslk -o go.tar.gz \ - "https://storage.googleapis.com/golang/go${GOLANG_VERSION}.linux-${ARCH}.tar.gz" + "https://storage.googleapis.com/golang/go${GOLANG_VERSION}.linux-${VM_ARCH}.tar.gz" sudo tar -C /usr/local -xzf go.tar.gz sudo rm go.tar.gz -sudo ln -s /usr/local/go/bin/* /usr/local/bin/ +sudo ln -sf /usr/local/go/bin/* /usr/local/bin/ go version #ETCD installation -wget -nv "https://github.com/coreos/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${ARCH}.tar.gz" -tar -xf "etcd-${ETCD_VERSION}-linux-${ARCH}.tar.gz" -sudo mv "etcd-${ETCD_VERSION}-linux-${ARCH}/etcd"* /usr/bin/ +ETCD=etcd-${ETCD_VERSION}-linux-${VM_ARCH} +wget -nv "https://github.com/coreos/etcd/releases/download/${ETCD_VERSION}/${ETCD}.tar.gz" +tar -xf "${ETCD}.tar.gz" +sudo mv "${ETCD}/etcd"* /usr/bin/ +rm -rf "${ETCD}"* sudo tee /etc/systemd/system/etcd.service <> /etc/environment" # Clean all downloaded packages @@ -247,4 +275,9 @@ sudo sh -c 'echo "kernel.randomize_va_space=0" > /etc/sysctl.d/67-randomize_va_s # Add an exception for the cilium repo for the root user to fix the # "fatal: unsafe repository ('/home/vagrant/go/src/github.com/cilium/cilium' is owned by someone else)" # error condition when running `sudo make install` -sudo git config --global --add safe.directory /home/vagrant/go/src/github.com/cilium/cilium +sudo git config --global --add safe.directory ${HOME_DIR}/go/src/github.com/cilium/cilium + +# Add an exception for the cilium repo for to fix the +# "fatal: detected dubious ownership in repository at '/home/ubuntu/go/src/github.com/cilium/packer-ci-build'" +# error condition when using the repo via an NFS mount as a normal user +git config --global --add safe.directory ${HOME_DIR}/go/src/github.com/cilium/cilium diff --git a/provision/ubuntu/kernel-next-clean.sh b/provision/ubuntu/kernel-next-clean.sh index a21d5c0..d9dadab 100755 --- a/provision/ubuntu/kernel-next-clean.sh +++ b/provision/ubuntu/kernel-next-clean.sh @@ -2,5 +2,5 @@ set -xe -rm -r $HOME/k +rm -rf $HOME/k || true rm $HOME/linux-* || true diff --git a/provision/ubuntu/kernel-next-tools.sh b/provision/ubuntu/kernel-next-tools.sh old mode 100644 new mode 100755 diff --git a/provision/ubuntu/kernel-next.sh b/provision/ubuntu/kernel-next.sh index 4ce0aee..d53b5ac 100755 --- a/provision/ubuntu/kernel-next.sh +++ b/provision/ubuntu/kernel-next.sh @@ -23,6 +23,15 @@ rm -rf pahole export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib/ +# Apply local patches, if any +git config --global user.email "maintainer@cilium.io" +git config --global user.name "Cilium Maintainers" +if [ -d /tmp/provision/kernel-patches ]; then + for patch in /tmp/provision/kernel-patches/*.patch; do + git am $patch + done +fi + # Build kernel cp /boot/config-`uname -r` .config yes "" | make localyesconfig && make prepare @@ -161,4 +170,5 @@ rm linux-*.deb rm $HOME/linux-* sudo ln -sf /boot/System.map-$(uname -r) /boot/System.map +echo "Rebooting kernel" sudo reboot diff --git a/provision/ubuntu/kernel.sh b/provision/ubuntu/kernel.sh index fd115ca..8baaab5 100755 --- a/provision/ubuntu/kernel.sh +++ b/provision/ubuntu/kernel.sh @@ -10,7 +10,8 @@ cd /tmp/deb canonicalString=${1:-0409330} timestamp=${2:-202209280940} -subdir="amd64/" +subdir="${VM_ARCH}/" +headers_all_subdir="amd64/" major=$(echo ${canonicalString:0:2} | sed 's/^0*//') minor=$(echo ${canonicalString:2:2} | sed 's/^0*//') @@ -18,18 +19,19 @@ micro=$(echo ${canonicalString:4} | sed 's/^0*//') echo $major.$minor.$micro -if [[ "$major" == "4" && "$minor" == "19" ]] || [[ "$major" == "5" && "$minor" == "4" ]] ; then +if [[ "$major" == "4" && "$minor" == "19" ]] || [[ "$major" > "4" ]] ; then # kernel debs have the -unsigned suffix imgsuffix="-unsigned" # module deb is provided for those kernels - wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${subdir}linux-modules-$major.$minor.$micro-$canonicalString-generic_$major.$minor.$micro-$canonicalString.${timestamp}_amd64.deb + wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${subdir}linux-modules-$major.$minor.$micro-$canonicalString-generic_$major.$minor.$micro-$canonicalString.${timestamp}_${VM_ARCH}.deb dpkg -i *modules*.deb fi -wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${subdir}linux-headers-$major.$minor.$micro-$canonicalString-generic_$major.$minor.$micro-$canonicalString.${timestamp}_amd64.deb -wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${subdir}linux-headers-$major.$minor.$micro-${canonicalString}_$major.$minor.$micro-${canonicalString}.${timestamp}_all.deb -wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${subdir}linux-image${imgsuffix}-$major.$minor.$micro-$canonicalString-generic_$major.$minor.$micro-$canonicalString.${timestamp}_amd64.deb +wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${subdir}linux-headers-$major.$minor.$micro-$canonicalString-generic_$major.$minor.$micro-$canonicalString.${timestamp}_${VM_ARCH}.deb +# _all.deb is only available in amd64 +wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${headers_all_subdir}linux-headers-$major.$minor.$micro-${canonicalString}_$major.$minor.$micro-${canonicalString}.${timestamp}_all.deb +wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v$major.$minor.$micro/${subdir}linux-image${imgsuffix}-$major.$minor.$micro-$canonicalString-generic_$major.$minor.$micro-$canonicalString.${timestamp}_${VM_ARCH}.deb dpkg -i *.deb @@ -88,4 +90,5 @@ echo "Default grub entry is '$grub_entry'" grub-set-default "$grub_entry" sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT=saved/g' /etc/default/grub update-grub +echo "Rebooting kernel" reboot diff --git a/provision/ubuntu/netperf.sh b/provision/ubuntu/netperf.sh index cd8f915..88a8bb0 100755 --- a/provision/ubuntu/netperf.sh +++ b/provision/ubuntu/netperf.sh @@ -6,11 +6,11 @@ sudo apt-get update sudo apt-get install -y --allow-downgrades \ automake build-essential gcc -git clone --depth 1 https://github.com/HewlettPackard/netperf.git $HOME/n +git clone --depth 1 https://github.com/sayboras/netperf.git $HOME/n cd $HOME/n/ ./autogen.sh ./configure --prefix=/usr -ln -s /bin/true /usr/bin/makeinfo +ln -sf /bin/true /usr/bin/makeinfo make make install cd - diff --git a/provision/vagrant.sh b/provision/vagrant.sh index 7b53a52..e152066 100755 --- a/provision/vagrant.sh +++ b/provision/vagrant.sh @@ -9,16 +9,18 @@ source "${ENV_FILEPATH}" pubkey_url="https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub"; mkdir -p "${HOME_DIR}/.ssh"; if command -v wget >/dev/null 2>&1; then - wget --no-check-certificate "${pubkey_url}" -O "${HOME_DIR}/.ssh/authorized_keys"; + wget --no-check-certificate "${pubkey_url}" -O vagrant.pub; + cat vagrant.pub >> "${HOME_DIR}/.ssh/authorized_keys"; + rm vagrant.pub; elif command -v curl >/dev/null 2>&1; then - curl --insecure --location "${pubkey_url}" > "${HOME_DIR}/.ssh/authorized_keys"; + curl --insecure --location "${pubkey_url}" >> "${HOME_DIR}/.ssh/authorized_keys"; else echo "Cannot download vagrant public key"; exit 1; fi chmod -R go-rwsx "${HOME_DIR}/.ssh"; -echo 'vagrant ALL=(ALL) NOPASSWD:ALL' >/etc/sudoers.d/99_vagrant +echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/99_vagrant sudo chmod 440 /etc/sudoers.d/99_vagrant sudo sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=sudo' /etc/sudoers diff --git a/user-data.yaml b/user-data.yaml new file mode 100644 index 0000000..790df3d --- /dev/null +++ b/user-data.yaml @@ -0,0 +1,7 @@ +#cloud-config +packages: + - nfs-common + +runcmd: + - '\curl -fsSL https://get.docker.com | sh' + - '\sudo usermod -a -G docker ubuntu'