Azure
/
aks-engine
зеркало из https://github.com/Azure/aks-engine.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

add 20.04-LTS VHD image pipeline job (#4967)

This commit is contained in:
Jack Francis 2023-01-09 12:45:28 -08:00 коммит произвёл GitHub
Родитель c8e3e1e3dc
Коммит cc34cb99eb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
6 изменённых файлов: 364 добавлений и 74 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

208
.pipelines/vhd-builder.yaml
Просмотреть файл

@ -6,72 +6,142 @@ trigger: none
# - generate SAS link from azure CLI
# - POST a new SKU to azure marketplace
variables:
CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.34.7'
pool:
vmImage: 'Ubuntu 18.04'
steps:
- script: |
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e AZURE_VM_SIZE=${AZURE_VM_SIZE} \
-e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \
-e AZURE_LOCATION=${AZURE_LOCATION} \
-e FEATURE_FLAGS=${FEATURE_FLAGS} \
-e GIT_VERSION=$(Build.SourceVersion) \
-e BUILD_ID=$(Build.BuildId) \
-e BUILD_NUMBER=$(Build.BuildNumber) \
-e UBUNTU_SKU=18.04 \
${CONTAINER_IMAGE} make run-packer
displayName: Building VHD
- task: PublishPipelineArtifact@0
inputs:
artifactName: 'vhd-release-notes'
targetPath: 'release-notes.txt'
- script: |
OS_DISK_SAS="$(cat packer-output | grep "OSDiskUriReadOnlySas:" | cut -d " " -f 2)" && \
VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)" && \
printf "COPY ME ----> ${CLASSIC_BLOB}/${VHD_NAME}?" | tee -a vhd-sas && \
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e CLASSIC_BLOB=${CLASSIC_BLOB} \
-e CLASSIC_SAS_TOKEN="$(SAS_TOKEN)" \
-e OS_DISK_SAS=${OS_DISK_SAS} \
-e VHD_NAME=${VHD_NAME} \
${CONTAINER_IMAGE} make az-copy
displayName: Copying resource to Classic Storage Account
condition: eq(variables.DRY_RUN, 'False')
- script: |
SA_NAME="$(cat packer-output | grep "storage name:" | cut -d " " -f 3)" && \
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e SA_NAME=${SA_NAME} \
-e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \
${CONTAINER_IMAGE} make delete-sa
displayName: Clean-up Storage Account
condition: always()
- script: |
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e CLASSIC_SA_CONNECTION_STRING="$(CLASSIC_SA_CONNECTION_STRING)" \
-e START_DATE=${START_DATE} \
-e EXPIRY_DATE=${EXPIRY_DATE} \
${CONTAINER_IMAGE} make generate-sas
displayName: Getting Shared Access Signature URI
jobs:
- job: create_ubuntu_18_04_vhd
variables:
CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.34.7'
pool:
vmImage: 'Ubuntu 18.04'
steps:
- script: |
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e AZURE_VM_SIZE=${AZURE_VM_SIZE} \
-e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \
-e AZURE_LOCATION=${AZURE_LOCATION} \
-e FEATURE_FLAGS=${FEATURE_FLAGS} \
-e GIT_VERSION=$(Build.SourceVersion) \
-e BUILD_ID=$(Build.BuildId) \
-e BUILD_NUMBER=$(Build.BuildNumber) \
-e UBUNTU_SKU=18.04 \
${CONTAINER_IMAGE} make run-packer
displayName: Building VHD
- task: PublishPipelineArtifact@0
inputs:
artifactName: 'vhd-release-notes-18-04'
targetPath: 'release-notes-18.04.txt'
- script: |
OS_DISK_SAS="$(cat packer-output | grep "OSDiskUriReadOnlySas:" | cut -d " " -f 2)" && \
VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)" && \
printf "COPY ME ----> ${CLASSIC_BLOB}/${VHD_NAME}?" | tee -a vhd-sas && \
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e CLASSIC_BLOB=${CLASSIC_BLOB} \
-e CLASSIC_SAS_TOKEN="$(SAS_TOKEN)" \
-e OS_DISK_SAS=${OS_DISK_SAS} \
-e VHD_NAME=${VHD_NAME} \
${CONTAINER_IMAGE} make az-copy
displayName: Copying resource to Classic Storage Account
condition: eq(variables.DRY_RUN, 'False')
- script: |
SA_NAME="$(cat packer-output | grep "storage name:" | cut -d " " -f 3)" && \
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e SA_NAME=${SA_NAME} \
-e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \
${CONTAINER_IMAGE} make delete-sa
displayName: Clean-up Storage Account
condition: always()
- script: |
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e CLASSIC_SA_CONNECTION_STRING="$(CLASSIC_SA_CONNECTION_STRING)" \
-e START_DATE=${START_DATE} \
-e EXPIRY_DATE=${EXPIRY_DATE} \
${CONTAINER_IMAGE} make generate-sas
displayName: Getting Shared Access Signature URI
- job: create_ubuntu_20_04_vhd
variables:
CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.34.7'
pool:
vmImage: 'Ubuntu 20.04'
steps:
- script: |
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e AZURE_VM_SIZE=${AZURE_VM_SIZE} \
-e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \
-e AZURE_LOCATION=${AZURE_LOCATION} \
-e FEATURE_FLAGS=${FEATURE_FLAGS} \
-e GIT_VERSION=$(Build.SourceVersion) \
-e BUILD_ID=$(Build.BuildId) \
-e BUILD_NUMBER=$(Build.BuildNumber) \
-e UBUNTU_SKU=20.04 \
${CONTAINER_IMAGE} make run-packer-20-04
displayName: Building VHD
- task: PublishPipelineArtifact@0
inputs:
artifactName: 'vhd-release-notes-20-04'
targetPath: 'release-notes-20.04.txt'
- script: |
OS_DISK_SAS="$(cat packer-output-20-04 | grep "OSDiskUriReadOnlySas:" | cut -d " " -f 2)" && \
VHD_NAME="$(echo $OS_DISK_SAS | cut -d "/" -f 8 | cut -d "?" -f 1)" && \
printf "COPY ME ----> ${CLASSIC_BLOB}/${VHD_NAME}?" | tee -a vhd-sas && \
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e CLASSIC_BLOB=${CLASSIC_BLOB} \
-e CLASSIC_SAS_TOKEN="$(SAS_TOKEN)" \
-e OS_DISK_SAS=${OS_DISK_SAS} \
-e VHD_NAME=${VHD_NAME} \
${CONTAINER_IMAGE} make az-copy
displayName: Copying resource to Classic Storage Account
condition: eq(variables.DRY_RUN, 'False')
- script: |
SA_NAME="$(cat packer-output-20-04 | grep "storage name:" | cut -d " " -f 3)" && \
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e SA_NAME=${SA_NAME} \
-e AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME} \
${CONTAINER_IMAGE} make delete-sa
displayName: Clean-up Storage Account
condition: always()
- script: |
docker run --rm \
-v ${PWD}:/go/src/github.com/Azure/aks-engine \
-w /go/src/github.com/Azure/aks-engine \
-e CLIENT_ID=${CLIENT_ID} \
-e CLIENT_SECRET="$(CLIENT_SECRET)" \
-e TENANT_ID=${TENANT_ID} \
-e CLASSIC_SA_CONNECTION_STRING="$(CLASSIC_SA_CONNECTION_STRING)" \
-e START_DATE=${START_DATE} \
-e EXPIRY_DATE=${EXPIRY_DATE} \
${CONTAINER_IMAGE} make generate-sas
displayName: Getting Shared Access Signature URI

6
packer.mk
Просмотреть файл

@ -1,6 +1,9 @@
build-packer:
@packer build -var-file=vhd/packer/settings.json vhd/packer/vhd-image-builder.json
build-packer-20-04:
@packer build -var-file=vhd/packer/settings.json vhd/packer/vhd-image-builder-20.04.json
build-packer-ubuntu-gen2:
@packer build -var-file=vhd/packer/settings.json vhd/packer/vhd-image-builder-ubuntu-gen2.json
@ -16,6 +19,9 @@ az-login:
run-packer: az-login
@packer version && set -o pipefail && ($(MAKE) init-packer | tee packer-output) && ($(MAKE) build-packer | tee -a packer-output)
run-packer-20-04: az-login
@packer version && set -o pipefail && ($(MAKE) init-packer | tee packer-output-20-04) && ($(MAKE) build-packer-20-04 | tee -a packer-output-20-04)
run-packer-ubuntu-gen2: az-login
@packer version && set -o pipefail && ($(MAKE) init-packer | tee packer-output) && ($(MAKE) build-packer-ubuntu-gen2 | tee -a packer-output)

11
parts/k8s/cloud-init/artifacts/cis.sh
Просмотреть файл

@ -4,8 +4,15 @@ assignRootPW() {
if grep '^root:[!*]:' /etc/shadow; then
SALT=$(openssl rand -base64 5)
SECRET=$(openssl rand -base64 37)
CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')"
HASH=$(python -c "$CMD")
if command -v python; then
CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')"
HASH=$(python -c "$CMD")
elif command -v python3; then
CMD="import crypt, getpass, pwd; print(crypt.crypt('$SECRET', '\$6\$$SALT\$'))"
HASH=$(python3 -c "$CMD")
else
exit 112
fi
echo 'root:'$HASH | /usr/sbin/chpasswd -e || exit 112
fi

11
pkg/engine/templates_generated.go
Просмотреть файл

@ -16166,8 +16166,15 @@ assignRootPW() {
if grep '^root:[!*]:' /etc/shadow; then
SALT=$(openssl rand -base64 5)
SECRET=$(openssl rand -base64 37)
CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')"
HASH=$(python -c "$CMD")
if command -v python; then
CMD="import crypt, getpass, pwd; print crypt.crypt('$SECRET', '\$6\$$SALT\$')"
HASH=$(python -c "$CMD")
elif command -v python3; then
CMD="import crypt, getpass, pwd; print(crypt.crypt('$SECRET', '\$6\$$SALT\$'))"
HASH=$(python3 -c "$CMD")
else
exit 112
fi
echo 'root:'$HASH | /usr/sbin/chpasswd -e || exit 112
fi

200
vhd/packer/vhd-image-builder-20.04.json Normal file
Просмотреть файл

@ -0,0 +1,200 @@
{
"variables": {
"client_id": "{{env `AZURE_CLIENT_ID`}}",
"client_secret": "{{env `AZURE_CLIENT_SECRET`}}",
"tenant_id": "{{env `AZURE_TENANT_ID`}}",
"subscription_id": "{{env `AZURE_SUBSCRIPTION_ID`}}",
"location": "{{env `AZURE_LOCATION`}}",
"vm_size": "{{env `AZURE_VM_SIZE`}}",
"build_number": "{{env `BUILD_NUMBER`}}",
"build_id": "{{env `BUILD_ID`}}",
"commit": "{{env `GIT_VERSION`}}",
"feature_flags": "{{env `FEATURE_FLAGS`}}",
"ubuntu_sku": "{{env `UBUNTU_SKU`}}"
},
"builders": [
{
"type": "azure-arm",
"client_id": "{{user `client_id`}}",
"client_secret": "{{user `client_secret`}}",
"tenant_id": "{{user `tenant_id`}}",
"subscription_id": "{{user `subscription_id`}}",
"resource_group_name": "{{user `resource_group_name`}}",
"capture_container_name": "aksengine-vhds",
"capture_name_prefix": "aksengine-{{user `create_time`}}",
"storage_account": "{{user `storage_account_name`}}",
"os_type": "Linux",
"os_disk_size_gb": 30,
"image_publisher": "Canonical",
"image_offer": "0001-com-ubuntu-server-focal",
"image_sku": "20_04-lts",
"image_version": "latest",
"azure_tags": {
"os": "Linux",
"now": "{{user `create_time`}}",
"createdBy": "aks-engine-vhd-pipeline"
},
"location": "{{user `location`}}",
"vm_size": "{{user `vm_size`}}"
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"sudo mkdir -p /opt/azure/containers",
"sudo chown -R $USER /opt/azure/containers"
]
},
{
"type": "file",
"source": "vhd/packer/cleanup-vhd.sh",
"destination": "/home/packer/cleanup-vhd.sh"
},
{
"type": "file",
"source": "vhd/packer/packer_source.sh",
"destination": "/home/packer/packer_source.sh"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/cse_install.sh",
"destination": "/home/packer/provision_installs.sh"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/cse_helpers.sh",
"destination": "/home/packer/provision_source.sh"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/cis.sh",
"destination": "/home/packer/cis.sh"
},
{
"type": "file",
"source": "vhd/packer/install-dependencies.sh",
"destination": "/home/packer/install-dependencies.sh"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/sysctl-d-60-CIS.conf",
"destination": "/home/packer/sysctl-d-60-CIS.conf"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/sshd_config",
"destination": "/home/packer/sshd_config"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/sshd_config_1604",
"destination": "/home/packer/sshd_config_1604"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/rsyslog-d-60-CIS.conf",
"destination": "/home/packer/rsyslog-d-60-CIS.conf"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/etc-issue",
"destination": "/home/packer/etc-issue"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/etc-issue.net",
"destination": "/home/packer/etc-issue.net"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/modprobe-CIS.conf",
"destination": "/home/packer/modprobe-CIS.conf"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/pwquality-CIS.conf",
"destination": "/home/packer/pwquality-CIS.conf"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/pam-d-su",
"destination": "/home/packer/pam-d-su"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/pam-d-common-auth",
"destination": "/home/packer/pam-d-common-auth"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/pam-d-common-password",
"destination": "/home/packer/pam-d-common-password"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/profile-d-cis.sh",
"destination": "/home/packer/profile-d-cis.sh"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/label-nodes.sh",
"destination": "/home/packer/label-nodes.sh"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/label-nodes.service",
"destination": "/home/packer/label-nodes.service"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/apt-preferences",
"destination": "/home/packer/apt-preferences"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/health-monitor.sh",
"destination": "/home/packer/health-monitor.sh"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/docker_clear_mount_propagation_flags.conf",
"destination": "/home/packer/docker_clear_mount_propagation_flags.conf"
},
{
"type": "file",
"source": "parts/k8s/cloud-init/artifacts/generateproxycerts.sh",
"destination": "/home/packer/generateproxycerts.sh"
},
{
"type": "file",
"source": "scripts/collect-logs.sh",
"destination": "/home/packer/collect-logs.sh"
},
{
"type": "file",
"source": "vhd/notice/notice.txt",
"destination": "/home/packer/NOTICE.txt"
},
{
"type": "shell",
"inline": [
"sudo FEATURE_FLAGS={{user `feature_flags`}} BUILD_NUMBER={{user `build_number`}} BUILD_ID={{user `build_id`}} COMMIT={{user `commit`}} /bin/bash -ux /home/packer/install-dependencies.sh"
]
},
{
"type": "file",
"direction": "download",
"source": "/opt/azure/vhd-install.complete",
"destination": "release-notes-20.04.txt"
},
{
"type": "shell",
"inline": [
"sudo /bin/bash -eux /home/packer/cis.sh",
"sudo /bin/bash -eux /home/packer/cleanup-vhd.sh",
"sudo /usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync || exit 125"
]
}
]
}

2
vhd/packer/vhd-image-builder.json
Просмотреть файл

@ -186,7 +186,7 @@
"type": "file",
"direction": "download",
"source": "/opt/azure/vhd-install.complete",
"destination": "release-notes.txt"
"destination": "release-notes-18.04.txt"
},
{
"type": "shell",