init

2022-09-14 12:56:21 +02:00
commit b7fc6a248f
9 changed files with 1293 additions and 0 deletions
--- a/opack/defines.mk
+++ b/opack/defines.mk
@@ -0,0 +1,186 @@
+define newline
+
+
+endef
+
+define OPACK_PACKER_CONTENT =
+{
+	"description": "OpenBSD ${OPACK_SYS_VERSION} ${OPACK_SYS_ARCHITECTURE}",
+		"variables": {
+			"box_tag": "${OPACK_SYS_HOSTNAME}-${OPACK_TARGET}-{{ timestamp }}",
+			"disk_size": "${OPACK_SYS_DISK_SIZE}",
+			"memory": "${OPACK_SYS_MEMORY}",
+			"cpus": "${OPACK_SYS_CPU}",
+			"version": "${OPACK_BOX_VERSION}" },
+		"builders": [ {
+			"type": "qemu",
+			"vm_name": "${OPACK_SYS_HOSTNAME}-${OPACK_TARGET}",
+			"cpus": "{{user `cpus`}}",
+			"memory": "{{user `memory`}}",
+			"headless": ${OPACK_SYS_HEADLESS},
+			"boot_key_interval": "10ms",
+			"disk_size": "{{user `disk_size`}}",
+			"disk_interface": "virtio",
+			"disk_compression": true,
+			"http_directory": "./http",
+			"iso_urls": "${OPACK_SYS_ISO_URL}",
+			"iso_checksum": "sha256:${OPACK_SYS_ISO_SHA256SUM}",
+			"net_device": "virtio-net",
+			"communicator": "ssh",
+			"ssh_username": "root",
+			"ssh_private_key_file": "vagrant.key",
+			"ssh_wait_timeout": "60m",
+			"shutdown_command": "shutdown -p now",
+			"boot_wait": "30s",
+			"boot_command": [ "S<enter><wait>",
+				"# ~~~ OPACK - OpenBSD Packing ~~~~<enter>",
+				"# ${OPACK_COMMIT} <enter>",
+				$(if $(filter-out snapshots 7.0 7.1, ${OPACK_SYS_VERSION}),"dhclient vio0 ","ifconfig vio0 inet autoconf "),
+				"& sleep 1 && wait && ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && install -af install.conf && echo permit nopass :wheel > /mnt/etc/doas.conf && ",
+				$(if $(filter-out snapshots 7.0 7.1, ${OPACK_SYS_VERSION}),"echo dhcp > /mnt/etc/hostname.vio0 && echo http://${OPACK_SYS_SERVER}/pub/OpenBSD/ > /mnt/etc/installurl ","echo inet autoconf > /mnt/etc/hostname.vio0 && echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config "),
+				"&& reboot<enter>" ]
+		} ],
+		"provisioners": [ 
+		{
+			"type": "shell",
+			"scripts": ["../../provision-openbsd.sh"]
+    		}
+		],
+		"post-processors": [ [
+				{	"name": "vagrant",
+					"type": "vagrant",
+					"compression_level": 9,
+					"output": "../${OPACK_BOX_FILE}" }
+		] ]
+}
+endef
+
+define OPACK_PACKER_CLOUD_CONTENT =
+{
+	"description": "OpenBSD ${OPACK_SYS_VERSION} ${OPACK_SYS_ARCHITECTURE} cloud",
+		"variables": {
+			"box_tag": "${OPACK_SYS_HOSTNAME}-${OPACK_TARGET}-{{ timestamp }}",
+			"disk_size": "${OPACK_SYS_DISK_SIZE}",
+			"memory": "${OPACK_SYS_MEMORY}",
+			"cpus": "${OPACK_SYS_CPU}",
+			"gcloud_account_json": "../../${GCE_JSON_KEY}",
+			"gcloud_project_id": "${GCE_PROJECT}",
+			"version": "${OPACK_BOX_VERSION}" },
+		"builders": [ {
+			"type": "qemu",
+			"format": "raw",
+			"vm_name": "disk.raw",
+			"cpus": "{{user `cpus`}}",
+			"memory": "{{user `memory`}}",
+			"headless": ${OPACK_SYS_HEADLESS},
+			"boot_key_interval": "10ms",
+			"disk_size": "{{user `disk_size`}}",
+			"disk_interface": "virtio",
+			"disk_compression": true,
+			"http_directory": "./http",
+			"iso_urls": "${OPACK_SYS_ISO_URL}",
+			"iso_checksum": "sha256:${OPACK_SYS_ISO_SHA256SUM}",
+			"net_device": "virtio-net",
+			"communicator": "ssh",
+			"ssh_username": "root",
+			"ssh_private_key_file": "${OPACK_SYS_SSH_PRIVATE_KEY}",
+			"ssh_wait_timeout": "60m",
+			"shutdown_command": "shutdown -p now",
+			"boot_wait": "30s",
+			"boot_command": [ "S<enter><wait>",
+				"# ~~~ OPACK - OpenBSD Packing ~~~~<enter>",
+				"# ${OPACK_COMMIT} <enter>",
+				$(if $(filter-out snapshots 7.0 7.1, ${OPACK_SYS_VERSION}),"dhclient vio0 ","ifconfig vio0 inet autoconf "),
+				"& sleep 1 && wait && ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && install -af install.conf && echo permit nopass :wheel > /mnt/etc/doas.conf && ",
+				$(if $(filter-out snapshots 7.0 7.1, ${OPACK_SYS_VERSION}),"echo dhcp > /mnt/etc/hostname.vio0 && echo http://${OPACK_SYS_SERVER}/pub/OpenBSD/ > /mnt/etc/installurl ","echo inet autoconf > /mnt/etc/hostname.vio0 && echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config "),
+				"&& reboot<enter>" ]
+		} ],
+		"provisioners": [ 
+			{
+				"type": "file",
+				"source": "$(PROTECME_TOP_DIR)/src",
+				"destination": "/root/magma"
+			},
+			{
+				"type": "file",
+				"source": "$(PROTECME_SPEC_DIR)/openbsd",
+				"destination": "/var/spec2006src"
+			},
+			{
+				"type": "shell",
+				"scripts": ["../../provision-openbsd.sh"]
+    			}
+		],
+		"post-processors": [ [
+				{	"name": "Compress",
+					"type": "compress",
+					"compression_level": 9,
+					"output": "disk.raw.tar.gz"
+				},
+				{	"name": "GCP Import",
+					"type": "googlecompute-import",
+					"project_id": "{{user `gcloud_project_id`}}",
+					"account_file": "{{user `gcloud_account_json`}}",
+					"bucket": "${GCE_BUCKET}",
+					"image_name": "${OPACK_TARGET}",
+					"image_description": "${OPACK_COMMIT}",
+					"image_family": "openbsd",
+					"keep_input_artifact": true
+				}
+		] ]
+}
+endef
+
+
+define OPACK_INSTALL_CONTENT =
+Choose your keyboard layout = fr
+System hostname = ${OPACK_SYS_HOSTNAME}-${OPACK_TARGET}
+Which network interface = vio0
+IPv4 address for vio0 = dhcp
+IPv6 address for vio0 = none
+Password for root account = ${OPACK_SYS_PASSWORD}
+Public ssh key for root account = ${OPACK_SYS_SSH_KEY}
+Allow root ssh login = prohibit-password
+Do you expect to run the X Window System = ${OPACK_SYS_XENOCARA}
+Setup a user = ${OPACK_SYS_USER}
+Password for user ${OPACK_SYS_USER} = ${OPACK_SYS_PASSWORD}
+Public ssh key for ${OPACK_SYS_USER} = ${OPACK_SYS_SSH_KEY}
+Allow root ssh login = prohibit-password
+What timezone = ${OPACK_SYS_TIMEZONE}
+Which disk = sd0
+Use (W)hole disk or (E)dit the MBR = whole
+URL to autopartitioning template for disklabel = file:/autodisklabel
+Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = A
+Location of sets = ${OPACK_SYS_SETS_LOCATION}
+HTTP Server = ${OPACK_SYS_SERVER}
+Server directory = pub/OpenBSD/${OPACK_SYS_VERSION}/${OPACK_SYS_ARCHITECTURE}
+Unable to connect using https. Use http instead = yes
+#Pathname to the sets = ${OPACK_SYS_VERSION_NUMBER}/amd64
+Set name(s) = ${OPACK_SYS_SETS} done
+Directory does not contain SHA256.sig. Continue without verification = ${OPACK_NO_SIGCHK}
+Signature check of SHA256.sig failed. Continue without verification = no
+Cannot determine prefetch area. Continue without verification = yes
+Location of sets? = done
+
+endef
+
+define OPACK_METADATA_CONTENT =
+{
+  "name": "${OPACK_BOX_TAG}",
+  "description": "OPACK - $(OPACK_COMMIT)",
+  "versions": [
+    {
+      "version": "${OPACK_BOX_VERSION}",
+      "providers": [
+        {
+          "name": "libvirt",
+          "url": "${OPACK_BOX_FILE}",
+          "checksum_type": "sha256",
+          "checksum": "${OPACK_BOX_FILE_SHA256}"
+        }
+      ]
+    }
+  ]
+}
+
+endef
--- a/opack/include.mk
+++ b/opack/include.mk
@@ -0,0 +1,72 @@
+.PHONY: clean cleancache cleanall build
+.DEFAULT_GOAL := build
+include ../opack/options.mk
+include ../opack/defines.mk
+
+$(OPACK_PACKER_HTTP_DIR) $(OPACK_PACKER_DIR) ../$(OPACK_CACHE_DIR): 
+	@mkdir -p $@
+
+$(OPACK_PACKER_DIR)/vagrant.key: | $(OPACK_PACKER_DIR)
+	@curl -s -o $@ https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant
+
+$(OPACK_PACKER_DIR)/opack.json: | $(OPACK_PACKER_DIR)
+	@printf '$(subst $(newline),\n,${OPACK_PACKER_CONTENT})' > $@
+
+$(OPACK_PACKER_DIR)/bucket.json:
+	@printf '{ "name": "$(GCE_BUCKET)", "location": "$(GCE_BUCKET_LOCATION)", "storageClass": "STANDARD", "iamConfiguration": {"uniformBucketLevelAccess": { "enabled": true }, } }' > $@
+
+$(OPACK_PACKER_DIR)/opack-cloud.json: | $(OPACK_PACKER_DIR) $(OPACK_PACKER_DIR)/bucket.json
+	@printf '$(subst $(newline),\n,${OPACK_PACKER_CLOUD_CONTENT})' > $@
+	@curl -X POST -s -o /dev/null \
+		--data-binary @$(OPACK_PACKER_DIR)/bucket.json \
+		-H "Authorization: Bearer $(STORAGE_TOKEN)" \
+		-H "Content-Type: application/json" \
+		"https://storage.googleapis.com/storage/v1/b?project=$(GCE_PROJECT)"
+	@curl -X DELETE -s -o /dev/null \
+		-H "Authorization: Bearer $(IMAGE_TOKEN)" \
+		"https://compute.googleapis.com/compute/v1/projects/$(GCE_PROJECT)/global/images/$(OPACK_TARGET)"
+
+$(OPACK_PACKER_HTTP_DIR)/install.conf: | $(OPACK_PACKER_HTTP_DIR)
+	@printf '$(subst $(newline),\n,${OPACK_INSTALL_CONTENT})' > $@
+
+$(OPACK_PACKER_HTTP_DIR)/autodisklabel: | $(OPACK_PACKER_HTTP_DIR)
+	@cp autodisklabel $@
+
+../provision-openbsd.sh:
+	@echo you need to write $@ && exit 1
+
+../id_ed25519:
+	@echo you need to generate the ssh key with 'make sshkey' && exit 1
+
+$(OPACK_BOX_FILE): | $(OPACK_PACKER_DIR)/opack.json $(OPACK_PACKER_DIR)/vagrant.key ../provision-openbsd.sh $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
+	@cd $(OPACK_PACKER_DIR) &&\
+		CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\
+		packer build\
+		-timestamp-ui opack.json &&\
+		rm -rf $(OPACK_PACKER_DIR)
+
+$(OPACK_CLOUD): | $(OPACK_PACKER_DIR)/opack-cloud.json ../id_ed25519 ../provision-openbsd.sh $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
+	@cd $(OPACK_PACKER_DIR) &&\
+		CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\
+		packer build\
+		-timestamp-ui opack-cloud.json | tee -a ../$@ &&\
+		rm -rf $(OPACK_PACKER_DIR)
+
+
+$(OPACK_META_FILE): $(OPACK_BOX_FILE)
+	@printf '$(subst $(OPACK_BOX_FILE_SHA256),$(shell sha256sum $(OPACK_BOX_FILE) | awk '{print $$1}'),$(subst $(newline),\n,${OPACK_METADATA_CONTENT}))' > $@
+	@vagrant box add -f --name $(OPACK_BOX_TAG) $(OPACK_META_FILE)
+
+build: $(OPACK_META_FILE)
+	@export VAGRANT_CLOUD_TOKEN=$$(cat ../up.secret) && vagrant up 
+
+clean: 
+	@-vagrant destroy -f 
+	@-cd terraform_??????? 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf terraform_???????
+	@-rm -rf opack_build_??????? *.log ssh-config .vagrant *.json
+
+cleancache:
+	@-vagrant box remove -f --all $(OPACK_BOX_TAG)
+	@-rm -rf ../$(OPACK_CACHE_DIR)
+
+cleanall: clean cleancache
--- a/opack/options.mk
+++ b/opack/options.mk
@@ -0,0 +1,36 @@
+.SILENT:
+OPACK_SYS_HOSTNAME?=	opack
+OPACK_SYS_USER?=	opack	
+OPACK_SYS_PASSWORD?=	opack	
+OPACK_SYS_DISK_SIZE?=	4096
+OPACK_SYS_MEMORY?=	512
+OPACK_SYS_CPU?=		1
+OPACK_SYS_VERSION?=7.1
+OPACK_SYS_VERSION_NUMBER?=7.1
+OPACK_SYS_RELEASE?=OPENBSD_7_1
+OPACK_SYS_CVS_REPO?=anoncvs.fr.openbsd.org
+OPACK_SYS_SERVER?=ftp.fr.openbsd.org
+OPACK_SYS_ARCHITECTURE?=amd64
+OPACK_SYS_XENOCARA?=no
+OPACK_SYS_PORTS?=no
+OPACK_SYS_SETS?=+* -x* +xbase* -game* -comp* -man* -bsd.rd
+OPACK_SYS_TIMEZONE?=Europe/Paris
+OPACK_SYS_SSH_KEY?=$(shell curl -s https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub)
+OPACK_PACKER_VERSION?=$$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | jq -r .current_version)
+OPACK_PACKER_HTTP_DIR?=$(OPACK_PACKER_DIR)/http
+OPACK_SYS_ISO_URL?=https://$(OPACK_SYS_SERVER)/pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)/cd$(shell echo $(OPACK_SYS_VERSION_NUMBER) | sed 's/\.//').iso
+OPACK_SYS_ISO_SHA256SUM?=$(shell curl -s https://$(OPACK_SYS_SERVER)/pub/OpenBSD/$(OPACK_SYS_VERSION)/amd64/SHA256 | grep cd$(shell echo $(OPACK_SYS_VERSION_NUMBER) | sed 's/\.//').iso | cut -d"=" -f2 | tr -d ' ')
+OPACK_COMMIT?=$(shell git log --oneline -n 1 --abbrev-commit --date=short --pretty=format:"%h %ad %s")
+OPACK_SHORT_REV?=$(shell git rev-parse --short HEAD)
+OPACK_SYS_SETS_LOCATION?=http
+OPACK_NO_SIGCHK?=no
+OPACK_SYS_HEADLESS?=true
+OPACK_CACHE_DIR?=opack_cache
+OPACK_BOX_FILE?=../$(OPACK_CACHE_DIR)/$(OPACK_TARGET).box
+OPACK_META_FILE?=$(OPACK_TARGET).json
+OPACK_BOX_VERSION?=1.$(shell date +%s).$(OPACK_SHORT_REV)
+OPACK_BOX_FILE_SHA256?=XXXtoreplaceXXX
+OPACK_BOX_TAG?=opack/$(OPACK_TARGET)
+OPACK_CACHE_DIR?=opack_cache
+OPACK_PACKER_DIR?=opack_build_$(OPACK_SHORT_REV)
+OPACK_CLOUD?=$(OPACK_PACKER_DIR)/created