diff --git a/src/cloud-api-adaptor/azure/build-image.md b/src/cloud-api-adaptor/azure/build-image.md index f1a3ea1c9..900b7ea55 100644 --- a/src/cloud-api-adaptor/azure/build-image.md +++ b/src/cloud-api-adaptor/azure/build-image.md @@ -2,292 +2,112 @@ This documentation will walk you through building the pod VM image for Azure. -> [!NOTE] -> Run the following commands from the directory `azure/image`. - ## Pre-requisites ### Install required tools -- Install tools like `git`, `make` and `curl`. -- Install Azure CLI by following instructions [here](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli). - -### Azure login - -The image build will use your local credentials, so make sure you have logged into your account via `az login`. Retrieve your Subscription ID and set your preferred region: - -```bash -export AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv) -export AZURE_REGION="eastus" -``` - -### Resource group - -> [!NOTE] -> Skip this step if you already have a resource group you want to use. Please, export the resource group name in the `AZURE_RESOURCE_GROUP` environment variable. - -Create an Azure resource group by running the following command: - -```bash -export AZURE_RESOURCE_GROUP="caa-rg-$(date '+%Y%m%b%d%H%M%S')" - -az group create \ - --name "${AZURE_RESOURCE_GROUP}" \ - --location "${AZURE_REGION}" -``` - -### Shared image gallery - -Create a shared image gallery: - -```bash -export GALLERY_NAME="caaubntcvmsGallery" -az sig create \ - --gallery-name "${GALLERY_NAME}" \ - --resource-group "${AZURE_RESOURCE_GROUP}" \ - --location "${AZURE_REGION}" -``` - -Create the "Image Definition" by running the following command: - -> [!NOTE] -> The flag `--features SecurityType=ConfidentialVmSupported` allows you to a upload custom image and boot it up as a Confidential Virtual Machine (CVM). - -```bash -export GALLERY_IMAGE_DEF_NAME="cc-image" -az sig image-definition create \ - --resource-group "${AZURE_RESOURCE_GROUP}" \ - --gallery-name "${GALLERY_NAME}" \ - --gallery-image-definition "${GALLERY_IMAGE_DEF_NAME}" \ - --publisher GreatPublisher \ - --offer GreatOffer \ - --sku GreatSku \ - --os-type "Linux" \ - --os-state "Generalized" \ - --hyper-v-generation "V2" \ - --location "${AZURE_REGION}" \ - --architecture "x64" \ - --features SecurityType=ConfidentialVmSupported -``` - -## Build pod-VM image - -The Pod-VM image can be built in three ways: - -- Customize an existing marketplace image -- Customize an existing marketplace image with pre-built binaries -- Convert and upload a pre-built QCOW2 image - -### Option 1: Modifying an existing marketplace image - -**Install necessary tools** - -- Install the following packages (on Ubuntu): - -```bash -sudo apt install \ - libdevmapper-dev libgpgme-dev gcc clang pkg-config \ - libssl-dev libtss2-dev protobuf-compiler -``` - -- Install `yq` by following instructions [here](https://mikefarah.gitbook.io/yq/#install). -- Install Golang by following instructions [here](https://go.dev/doc/install). -- Install packer by following [these instructions](https://learn.hashicorp.com/tutorials/packer/get-started-install-cli). - -**Build** - -- Create a custom Azure VM image based on Ubuntu 22.04 adding kata-agent, agent-protocol-forwarder and other dependencies for Cloud API Adaptor (CAA): - -```bash -export PKR_VAR_resource_group="${AZURE_RESOURCE_GROUP}" -export PKR_VAR_location="${AZURE_REGION}" -export PKR_VAR_subscription_id="${AZURE_SUBSCRIPTION_ID}" -export PKR_VAR_use_azure_cli_auth=true -export PKR_VAR_az_gallery_name="${GALLERY_NAME}" -export PKR_VAR_az_gallery_image_name="${GALLERY_IMAGE_DEF_NAME}" -export PKR_VAR_az_gallery_image_version="0.0.1" -export PKR_VAR_offer=0001-com-ubuntu-confidential-vm-jammy -export PKR_VAR_sku=22_04-lts-cvm - -export TEE_PLATFORM="az-cvm-vtpm" -export LIBC=gnu -export CLOUD_PROVIDER=azure -PODVM_DISTRO=ubuntu make image -``` - -Use the `ManagedImageSharedImageGalleryId` field from output of the above command to populate the following environment variable. It's used while deploying cloud-api-adaptor: +This assumes an Ubuntu 24.04 environment for building. When using a different distribution, adjust accordingly: ```bash -# e.g. format: /subscriptions/.../resourceGroups/.../providers/Microsoft.Compute/galleries/.../images/.../versions/../ -export AZURE_IMAGE_ID="/subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${AZURE_RESOURCE_GROUP}/providers/Microsoft.Compute/galleries/${GALLERY_NAME}/images/${GALLERY_IMAGE_DEF_NAME}/versions/${PKR_VAR_az_gallery_image_version}" +sudo apt-get update -y +sudo apt-get install -y \ + alien \ + bubblewrap \ + build-essential \ + dnf \ + mtools \ + qemu-utils \ + systemd-ukify \ + uidmap +sudo snap install yq ``` -### Option 2: Customize an image using prebuilt binaries via Docker +### Install mkosi -```bash -docker build -t azure-podvm-builder . -``` +Clone mkosi and add the bin folder to the PATH: ```bash -docker run --rm \ - -v "$HOME/.azure:/root/.azure" \ - -e AZURE_SUBSCRIPTION_ID \ - -e AZURE_RESOURCE_GROUP \ - -e GALLERY_NAME \ - -e GALLERY_IMAGE_DEF_NAME \ - azure-podvm-builder +MKOSI_VERSION=$(yq -e '.tools.mkosi' versions.yaml)" +git clone -b "$MKOSI_VERSION" https://github.com/systemd/mkosi +export PATH="$PWD/mkosi/bin:$PATH" +mkosi --version ``` -If you want to use a different base image, then you'll need to export environment variables: `PUBLISHER`, `OFFER` and `SKU`. - -Sometimes using the marketplace image requires accepting a licensing agreement and also using a published plan. -Following [link](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage) provides more detail. - -For example using the CentOS 8.5 image from "eurolinux" publisher requires a plan and license agreement. +### Install uplosi -You'll need to first get the Uniform Resource Name (URN): +The tool is required to publish images to an image gallery. ```bash -az vm image list \ - --location ${AZURE_REGION} \ - --publisher eurolinuxspzoo1620639373013 \ - --offer centos-8-5-free \ - --sku centos-8-5-free \ - --all \ - --output table +wget "https://github.com/edgelesssys/uplosi/releases/download/v0.3.0/uplosi_0.3.0_linux_amd64.tar.gz" +tar xzf uplosi_0.3.0_linux_amd64.tar.gz uplosi +sudo mv uplosi mkosi/bin/ ``` -Then you'll need to accept the agreement: - -```bash -az vm image terms accept \ - --urn eurolinuxspzoo1620639373013:centos-8-5-free:centos-8-5-free:8.5.5 -``` - -Then you can use the following command line to build the image: - -```bash -docker run --rm \ - -v "$HOME/.azure:/root/.azure" \ - -e AZURE_SUBSCRIPTION_ID \ - -e AZURE_RESOURCE_GROUP \ - -e PUBLISHER=eurolinuxspzoo1620639373013 \ - -e SKU=centos-8-5-free \ - -e OFFER=centos-8-5-free \ - -e PLAN_NAME=centos-8-5-free \ - -e PLAN_PRODUCT=centos-8-5-free \ - -e PLAN_PUBLISHER=eurolinuxspzoo1620639373013 \ - -e PODVM_DISTRO=centos \ - azure-podvm-builder -``` - -Another example of building Red Hat Enterprise Linux (RHEL) based image: - -```bash -docker run --rm \ - -v "$HOME/.azure:/root/.azure" \ - -e AZURE_SUBSCRIPTION_ID \ - -e AZURE_RESOURCE_GROUP \ - -e PUBLISHER=RedHat \ - -e SKU=9-lvm \ - -e OFFER=RHEL \ - -e PODVM_DISTRO=rhel \ - azure-podvm-builder -``` - -### Option 3: Using a pre-created QCOW2 image - -`quay.io/confidential-containers` hosts pre-created pod-vm images as container images. +### Azure login -- Download QCOW2 image +The image build will use your local credentials, so make sure you have logged into your account via `az login`. ```bash -mkdir -p qcow2-img && cd qcow2-img - -export QCOW2_IMAGE="quay.io/confidential-containers/podvm-generic-ubuntu-amd64:latest" -curl -LO https://raw.githubusercontent.com/confidential-containers/cloud-api-adaptor/staging/podvm/hack/download-image.sh - -bash download-image.sh $QCOW2_IMAGE . -o podvm.qcow2 +export AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv) +export AZURE_REGION="eastus" ``` -- Convert QCOW2 image to Virtual Hard Disk (VHD) format - -You'll need the `qemu-img` tool for conversion. - -```bash -qemu-img convert -O vpc -o subformat=fixed,force_size podvm.qcow2 podvm.vhd -``` +## Build -- Create Storage Account +### Binaries -Create a storage account if none exists. Otherwise you can use the existing storage account. +Build binaries with support for the Azure CVM TEEs and verify the provenance attestation for the binaries consumed from upstream: ```bash -export AZURE_STORAGE_ACCOUNT=cocosa - -az storage account create \ ---name $AZURE_STORAGE_ACCOUNT \ - --resource-group $AZURE_RESOURCE_GROUP \ - --location $AZURE_REGION \ - --sku Standard_ZRS \ - --encryption-services blob +cd ../podvm-mkosi +TEE_PLATFORM=az-cvm-vtpm VERIFY_PROVENANCE=yes make binaries ``` -- Create storage container +### Image -Create a storage container if none exists. Otherwise you can use the existing storage account +You can build a debug image in which you can login as root by providing an SSH key as a build asset, the debug-image will also auto-login on the serial console, and contain some extraneous packages for debugging: ```bash -export AZURE_STORAGE_CONTAINER=vhd -az storage container create \ - --account-name $AZURE_STORAGE_ACCOUNT \ - --name $AZURE_STORAGE_CONTAINER \ - --auth-mode login +cp ~/.ssh/id_rsa.pub podvm-mkosi/resources/authorized_keys +make image-debug ``` -- Get storage key +Otherwise, you can build a release image: ```bash -AZURE_STORAGE_KEY=$(az storage account keys list --resource-group $AZURE_RESOURCE_GROUP --account-name $AZURE_STORAGE_ACCOUNT --query "[?keyName=='key1'].{Value:value}" --output tsv) - -echo $AZURE_STORAGE_KEY -``` +make image +``` -- Upload VHD file to Azure Storage +## Publish -```bash -az storage blob upload --container-name $AZURE_STORAGE_CONTAINER --name podvm.vhd --file podvm.vhd -``` - -- Get the VHD URI +We can upload the built image to an Azure Image Gallery. The resulting image id can be used as `AZURE_IMAGE_ID` param in the [../install/overlays/azure/kustomization.yaml](../install/azure/kustomization.yaml) file. ```bash -AZURE_STORAGE_EP=$(az storage account list -g $AZURE_RESOURCE_GROUP --query "[].{uri:primaryEndpoints.blob} | [? contains(uri, '$AZURE_STORAGE_ACCOUNT')]" --output tsv) - -echo $AZURE_STORAGE_EP - -export VHD_URI="${AZURE_STORAGE_EP}${AZURE_STORAGE_CONTAINER}/podvm.vhd" -``` +SHARING_NAME_PREFIX=sharedcocopodvms # set for a community gallery +IMAGE_VERSION=0.1.0 +IMAGE_DEFINITION=podvm +IMAGE_GALLERY=coco +RESOURCE_GROUP=myrg +SUBSCRIPTION_ID=mysub -- Create Azure VM Image Version +cat < uplosi.conf +[base] +imageVersion = \"$IMAGE_VERSION\" +name = \"$IMAGE_DEFINITION\" -```bash -az sig image-version create \ - --resource-group $AZURE_RESOURCE_GROUP \ - --gallery-name $GALLERY_NAME \ - --gallery-image-definition $GALLERY_IMAGE_DEF_NAME \ - --gallery-image-version 0.0.1 \ - --target-regions $AZURE_REGION \ - --os-vhd-uri "$VHD_URI" \ - --os-vhd-storage-account $AZURE_STORAGE_ACCOUNT -``` +[base.azure] +subscriptionID = \"$SUBSCRIPTION_ID\" +location = "eastus" +resourceGroup = \"$RESOURCE_GROUP\" +sharedImageGallery = \"$IMAGE_GALLERY\" +${SHARING_NAME_PREFIX:+sharingNamePrefix = \"$SHARING_NAME_PREFIX\"} -On success, the command will generate the image id. Set this image id as a value of `AZURE_IMAGE_ID` in `peer-pods-cm` Configmap. +[variant.default] +provider = "azure" -You can also use the following command to retrieve the image id: - -```bash -AZURE_IMAGE_ID=$(az sig image-version list --resource-group $AZURE_RESOURCE_GROUP --gallery-name $GALLERY_NAME --gallery-image-definition $GALLERY_IMAGE_DEF_NAME --query "[].{Id: id}" --output tsv) +[variant.default.azure] +replicationRegions = ["eastus","eastus2","westeurope","northeurope"] +EOF -echo $AZURE_IMAGE_ID +uplosi upload build/system.raw ``` diff --git a/src/cloud-api-adaptor/azure/image/.gitignore b/src/cloud-api-adaptor/azure/image/.gitignore deleted file mode 100644 index 08211c67f..000000000 --- a/src/cloud-api-adaptor/azure/image/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -agent-protocol-forwarder -kata-agent -skopeo -umoci diff --git a/src/cloud-api-adaptor/azure/image/Dockerfile b/src/cloud-api-adaptor/azure/image/Dockerfile deleted file mode 100644 index 728f0fc8d..000000000 --- a/src/cloud-api-adaptor/azure/image/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright Confidential Containers Contributors -# -# SPDX-License-Identifier: Apache-2.0 -# -# Builds pod vm image inside container -# -# syntax=docker/dockerfile:1.3 -ARG BUILDER_IMG="quay.io/confidential-containers/podvm-builder-ubuntu" -ARG BINARIES_IMG="quay.io/confidential-containers/podvm-binaries-ubuntu-amd64" - -FROM ${BINARIES_IMG} AS podvm_binaries -FROM ${BUILDER_IMG} AS podvm_builder - -ARG CLOUD_PROVIDER=azure -ARG PODVM_DISTRO=ubuntu -# If not provided, uses system architecture -ARG ARCH=x86_64 -ARG CAA_SRC="" -ARG CAA_SRC_REF="" - -ENV CLOUD_PROVIDER=${CLOUD_PROVIDER} -ENV PODVM_DISTRO=${PODVM_DISTRO} - -RUN if [ -n "${CAA_SRC}" ]; then \ - rm -rf cloud-api-adaptor && \ - git clone ${CAA_SRC} cloud-api-adaptor;\ - fi && \ - if [ -n "${CAA_SRC_REF}" ]; then \ - cd cloud-api-adaptor && \ - git fetch origin ${CAA_SRC_REF} && \ - git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\ - fi - -# Copy the binaries to podvm/files folder -COPY --from=podvm_binaries /podvm-binaries.tar.gz /src/cloud-api-adaptor/podvm/files -RUN tar xvf /src/cloud-api-adaptor/podvm/files/podvm-binaries.tar.gz -C /src/cloud-api-adaptor/podvm/files - -# Copy the pause_bundle to podvm/files folder -COPY --from=podvm_binaries /pause-bundle.tar.gz /src/cloud-api-adaptor/podvm/files -RUN tar xvf /src/cloud-api-adaptor/podvm/files/pause-bundle.tar.gz -C /src/cloud-api-adaptor/podvm/files - -ENV VM_SIZE=Standard_D2as_v5 -ENV IMAGE_NAME=peer-pod-vmimage -ENV SSH_USERNAME=peerpod -ENV PUBLISHER=Canonical -ENV OFFER=0001-com-ubuntu-confidential-vm-jammy -ENV SKU=22_04-lts-cvm - -RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash - -WORKDIR /src/cloud-api-adaptor/azure/image - -CMD export PKR_VAR_subscription_id=${AZURE_SUBSCRIPTION_ID} && \ - export PKR_VAR_resource_group=${AZURE_RESOURCE_GROUP} && \ - export PKR_VAR_use_azure_cli_auth=true \ - export PKR_VAR_az_image_name=${IMAGE_NAME} && \ - export PKR_VAR_az_gallery_name=${GALLERY_NAME} && \ - export PKR_VAR_az_gallery_image_name=${GALLERY_IMAGE_DEF_NAME} && \ - export PKR_VAR_vm_size=${VM_SIZE} && \ - export PKR_VAR_ssh_username=${SSH_USERNAME} && \ - export PKR_VAR_publisher=${PUBLISHER} && \ - export PKR_VAR_offer=${OFFER} && \ - export PKR_VAR_sku=${SKU} && \ - export PKR_VAR_plan_name=${PLAN_NAME} && \ - export PKR_VAR_plan_product=${PLAN_PRODUCT} && \ - export PKR_VAR_plan_publisher=${PLAN_PUBLISHER} && \ - BINARIES= PAUSE_BUNDLE= CLOUD_PROVIDER=azure PODVM_DISTRO=$PODVM_DISTRO make image diff --git a/src/cloud-api-adaptor/azure/image/Makefile b/src/cloud-api-adaptor/azure/image/Makefile deleted file mode 100644 index 2c9da5c61..000000000 --- a/src/cloud-api-adaptor/azure/image/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# - -ROOT_DIR := $(dir $(lastword $(MAKEFILE_LIST)))../../ -include $(ROOT_DIR)podvm/Makefile.inc - -.PHONY: image clean - -ENABLE_NVIDIA_GPU ?= yes - -image: $(IMAGE_FILE) - -$(IMAGE_FILE): $(BINARIES) $(FILES) - mkdir -p toupload - # export the required packer variables as PKR_VAR_ - # export PKR_VAR_client_id="${AZURE_CLIENT_ID}" - # export PKR_VAR_client_secret="${AZURE_CLIENT_SECRET:%=REDACTED}" - # export PKR_VAR_subscription_id="${AZURE_SUBSCRIPTION_ID}" - # export PKR_VAR_tenant_id="${AZURE_TENANT_ID}" - # export PKR_VAR_resource_group="${AZURE_RESOURCE_GROUP}" - # export PKR_VAR_az_image_name="${IMAGE_NAME}" - # export PKR_VAR_vm_size="${VM_SIZE}" - # export PKR_VAR_ssh_username="${SSH_USERNAME}" - # export PKR_VAR_az_gallery_name="${GALLERY_NAME}" - # export PKR_VAR_az_gallery_image_name="${GALLERY_IMAGE_NAME}" - # export PKR_VAR_az_gallery_image_version="${GALLERY_IMAGE_VERSION}" - - packer init ./${PODVM_DISTRO}/ - packer build \ - -var config_script_src=$(ROOT_DIR)/podvm/qcow2 \ - -var addons_script_src=$(ROOT_DIR)/podvm/addons \ - ./${PODVM_DISTRO}/ - rm -fr toupload - -clean: - rm -f "$(IMAGE_FILE)" "$(UBUNTU_IMAGE_FILE)" $(BINARIES) - rm -fr "$(SKOPEO_SRC)" "$(UMOCI_SRC)" "$(PAUSE_SRC)" "$(FILES_DIR)/$(PAUSE_BUNDLE)" - -.PHONY: force -force: diff --git a/src/cloud-api-adaptor/azure/image/rhel/azure-rhel.pkr.hcl b/src/cloud-api-adaptor/azure/image/rhel/azure-rhel.pkr.hcl deleted file mode 100644 index e83d55c51..000000000 --- a/src/cloud-api-adaptor/azure/image/rhel/azure-rhel.pkr.hcl +++ /dev/null @@ -1,156 +0,0 @@ -packer { - required_plugins { - azure = { - version = "= 2.0.2" - source = "github.com/hashicorp/azure" - } - } -} - -source "azure-arm" "rhel" { - - plan_info { - plan_name = "${var.plan_name}" - plan_product = "${var.plan_product}" - plan_publisher = "${var.plan_publisher}" - } - - use_azure_cli_auth = "${var.use_azure_cli_auth}" - client_id = "${var.client_id}" - client_secret = "${var.client_secret}" - subscription_id = "${var.subscription_id}" - tenant_id = "${var.tenant_id}" - - vm_size = "${var.vm_size}" - os_type = "Linux" - image_publisher = "${var.publisher}" - image_offer = "${var.offer}" - image_sku = "${var.sku}" - managed_image_name = "${var.az_image_name}" - managed_image_resource_group_name = "${var.resource_group}" - build_resource_group_name = "${var.resource_group}" - - shared_image_gallery_destination { - subscription = "${var.subscription_id}" - resource_group = "${var.resource_group}" - gallery_name = "${var.az_gallery_name}" - image_name = "${var.az_gallery_image_name}" - image_version = "${var.az_gallery_image_version}" - } -} - -build { - name = "peer-pod-rhel" - sources = [ - "source.azure-arm.rhel" - ] - - provisioner "shell-local" { - command = "tar cf toupload/files.tar -C ../../podvm files" - } - - provisioner "file" { - source = "toupload" - destination = "/tmp/" - } - - provisioner "shell" { - inline = [ - "cd /tmp && tar xf toupload/files.tar", - "rm toupload/files.tar" - ] - } - - provisioner "file" { - source = "${var.config_script_src}/copy-files.sh" - destination = "~/copy-files.sh" - } - - provisioner "shell" { - remote_folder = "~" - inline = [ - "sudo bash ~/copy-files.sh" - ] - } - - provisioner "shell" { - inline = [ - "sudo useradd -m -s /bin/bash ${var.ssh_username}" - ] - } - - # relabel copied files right after copy-files.sh - # to prevent other commands from failing - provisioner "file" { - source = "${var.config_script_src}/selinux_relabel.sh" - destination = "~/selinux_relabel.sh" - } - - provisioner "shell" { - remote_folder = "~" - inline = [ - "sudo bash ~/selinux_relabel.sh" - ] - } - - provisioner "file" { - source = "${var.config_script_src}/misc-settings.sh" - destination = "~/misc-settings.sh" - } - - provisioner "shell" { - remote_folder = "~" - environment_vars = [ - "CLOUD_PROVIDER=${var.cloud_provider}", - "PODVM_DISTRO=${var.podvm_distro}", - "FORWARDER_PORT=${var.forwarder_port}" - ] - inline = [ - "sudo -E bash ~/misc-settings.sh" - ] - } - - # Addons - # To avoid multiple conditionals, copying the entire addons directory - # Individual addons are installed based on environment_vars by setup_addons.sh - provisioner "shell-local" { - command = "tar cf toupload/addons.tar -C ../../podvm addons" - } - - provisioner "file" { - source = "toupload" - destination = "/tmp/" - } - - provisioner "shell" { - inline = [ - "cd /tmp && tar xf toupload/addons.tar", - "rm toupload/addons.tar" - ] - } - - provisioner "file" { - source = "${var.addons_script_src}/setup_addons.sh" - destination = "~/setup_addons.sh" - } - - provisioner "shell" { - remote_folder = "~" - environment_vars = [ - "CLOUD_PROVIDER=${var.cloud_provider}", - "PODVM_DISTRO=${var.podvm_distro}", - "ENABLE_NVIDIA_GPU=${var.enable_nvidia_gpu}" - ] - inline = [ - "sudo -E bash ~/setup_addons.sh" - ] - } - - provisioner "shell" { - execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" - inline = [ - "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync" - ] - inline_shebang = "/bin/sh -x" - } -} diff --git a/src/cloud-api-adaptor/azure/image/rhel/variables.pkr.hcl b/src/cloud-api-adaptor/azure/image/rhel/variables.pkr.hcl deleted file mode 100644 index 0e08b285f..000000000 --- a/src/cloud-api-adaptor/azure/image/rhel/variables.pkr.hcl +++ /dev/null @@ -1,135 +0,0 @@ -// variables.pkr.hcl - -// For those variables that you don't provide a default for, you must -// set them from the command line, a var-file, or the environment. - -variable "az_image_name" { - type = string - default = "peer-pod-vmimage" -} - -// instance type -variable "vm_size" { - type = string - default = "Standard_D2as_v5" -} - -variable "resource_group" { - type = string -} - -variable "client_id" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "client_secret" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "subscription_id" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "tenant_id" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "use_azure_cli_auth" { - type = bool - default = false -} - -variable "ssh_username" { - type = string - default = "peerpod" -} - -variable "publisher" { - type = string - default = "RedHat" -} - -variable "offer" { - type = string - default = "RHEL" -} - -variable "sku" { - type = string - default = "9-lvm" -} - -variable "podvm_distro" { - type = string - default = env("PODVM_DISTRO") -} - -variable "cloud_provider" { - type = string - default = env("CLOUD_PROVIDER") -} - -variable "plan_name" { - type = string - default = "" -} - -variable "plan_product" { - type = string - default = "" -} - -variable "plan_publisher" { - type = string - default = "" -} - -# shared gallery name -variable "az_gallery_name" { - type = string - default = "" -} - -# shared gallery image name -variable "az_gallery_image_name" { - type = string - default = "" -} - -# shared gallery image version -variable "az_gallery_image_version" { - type = string - default = "" -} - -variable "config_script_src" { - type = string - default = "" -} - -variable "addons_script_src" { - type = string - default = "" -} - -variable "enable_nvidia_gpu" { - type = string - default = env("ENABLE_NVIDIA_GPU") -} - -variable "forwarder_port" { - type = string - default = env("FORWARDER_PORT") -} diff --git a/src/cloud-api-adaptor/azure/image/ubuntu/azure-ubuntu.pkr.hcl b/src/cloud-api-adaptor/azure/image/ubuntu/azure-ubuntu.pkr.hcl deleted file mode 100644 index e74ed34b5..000000000 --- a/src/cloud-api-adaptor/azure/image/ubuntu/azure-ubuntu.pkr.hcl +++ /dev/null @@ -1,138 +0,0 @@ -packer { - required_plugins { - azure = { - version = "= 2.0.2" - source = "github.com/hashicorp/azure" - } - } -} - -source "azure-arm" "ubuntu" { - use_azure_cli_auth = "${var.use_azure_cli_auth}" - client_id = "${var.client_id}" - client_secret = "${var.client_secret}" - subscription_id = "${var.subscription_id}" - tenant_id = "${var.tenant_id}" - - vm_size = "${var.vm_size}" - os_type = "Linux" - image_publisher = "${var.publisher}" - image_offer = "${var.offer}" - image_sku = "${var.sku}" - managed_image_name = "${var.az_image_name}" - managed_image_resource_group_name = "${var.resource_group}" - build_resource_group_name = "${var.resource_group}" - - shared_image_gallery_destination { - subscription = "${var.subscription_id}" - resource_group = "${var.resource_group}" - gallery_name = "${var.az_gallery_name}" - image_name = "${var.az_gallery_image_name}" - image_version = "${var.az_gallery_image_version}" - storage_account_type = "Standard_LRS" - replication_regions = ["eastus2", "northeurope"] - } -} - -build { - name = "peer-pod-ubuntu" - sources = [ - "source.azure-arm.ubuntu" - ] - - provisioner "shell-local" { - command = "tar cf toupload/files.tar -C ../../podvm files" - } - - provisioner "file" { - source = "toupload" - destination = "/tmp/" - } - - provisioner "shell" { - inline = [ - "cd /tmp && tar xf toupload/files.tar", - "rm toupload/files.tar" - ] - } - - provisioner "file" { - source = "${var.config_script_src}/copy-files.sh" - destination = "~/copy-files.sh" - } - - provisioner "shell" { - remote_folder = "~" - inline = [ - "sudo bash ~/copy-files.sh" - ] - } - - provisioner "shell" { - inline = [ - "sudo useradd -m -s /bin/bash ${var.ssh_username}" - ] - } - - provisioner "file" { - source = "${var.config_script_src}/misc-settings.sh" - destination = "~/misc-settings.sh" - } - - provisioner "shell" { - remote_folder = "~" - environment_vars = [ - "CLOUD_PROVIDER=${var.cloud_provider}", - "PODVM_DISTRO=${var.podvm_distro}", - "FORWARDER_PORT=${var.forwarder_port}" - ] - inline = [ - "sudo -E bash ~/misc-settings.sh" - ] - } - - # Addons - # To avoid multiple conditionals, copying the entire addons directory - # Individual addons are installed based on environment_vars by setup_addons.sh - provisioner "shell-local" { - command = "tar cf toupload/addons.tar -C ../../podvm addons" - } - - provisioner "file" { - source = "toupload" - destination = "/tmp/" - } - - provisioner "shell" { - inline = [ - "cd /tmp && tar xf toupload/addons.tar", - "rm toupload/addons.tar" - ] - } - - provisioner "file" { - source = "${var.addons_script_src}/setup_addons.sh" - destination = "~/setup_addons.sh" - } - - provisioner "shell" { - remote_folder = "~" - environment_vars = [ - "CLOUD_PROVIDER=${var.cloud_provider}", - "PODVM_DISTRO=${var.podvm_distro}", - "ENABLE_NVIDIA_GPU=${var.enable_nvidia_gpu}" - ] - inline = [ - "sudo -E bash ~/setup_addons.sh" - ] - } - - - provisioner "shell" { - execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" - inline = [ - "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync" - ] - inline_shebang = "/bin/sh -x" - } -} diff --git a/src/cloud-api-adaptor/azure/image/ubuntu/variables.pkr.hcl b/src/cloud-api-adaptor/azure/image/ubuntu/variables.pkr.hcl deleted file mode 100644 index b5a26c64e..000000000 --- a/src/cloud-api-adaptor/azure/image/ubuntu/variables.pkr.hcl +++ /dev/null @@ -1,135 +0,0 @@ -// variables.pkr.hcl - -// For those variables that you don't provide a default for, you must -// set them from the command line, a var-file, or the environment. - -variable "az_image_name" { - type = string - default = "peer-pod-vmimage" -} - -// shared gallery name -variable "az_gallery_name" { - type = string - default = "caaubntcvmsGallery" -} - -// shared gallery image name -variable "az_gallery_image_name" { - type = string - default = "cc-image" -} - -// shared gallery image version -variable "az_gallery_image_version" { - type = string - default = "0.0.1" -} - -// instance type -variable "vm_size" { - type = string - default = "Standard_D2as_v5" -} - -variable "resource_group" { - type = string -} - -variable "client_id" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "client_secret" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "subscription_id" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "tenant_id" { - type = string - # This can be empty when using local authentication enabled by setting `use_azure_cli_auth` to true. - default = "" - sensitive = true -} - -variable "use_azure_cli_auth" { - type = bool - default = false -} - -variable "ssh_username" { - type = string - default = "peerpod" -} - -variable "publisher" { - type = string - default = "Canonical" -} - -variable "offer" { - type = string - default = "0001-com-ubuntu-confidential-vm-jammy" -} - -variable "sku" { - type = string - default = "22_04-lts-cvm" -} - -variable "podvm_distro" { - type = string - default = env("PODVM_DISTRO") -} - -variable "cloud_provider" { - type = string - default = env("CLOUD_PROVIDER") -} - -variable "plan_name" { - type = string - default = "" -} - -variable "plan_product" { - type = string - default = "" -} - -variable "plan_publisher" { - type = string - default = "" -} - -variable "config_script_src" { - type = string - default = "" -} - -variable "addons_script_src" { - type = string - default = "" -} - -variable "enable_nvidia_gpu" { - type = string - default = env("ENABLE_NVIDIA_GPU") -} - -variable "forwarder_port" { - type = string - default = env("FORWARDER_PORT") -}