suse-edge · jiwonhu · Nov 19, 2024
diff --git a/examples/README.md b/examples/README.md
@@ -110,3 +110,16 @@ podman run --rm --privileged -it \
 Examples in this section require more setup than a simple image definition file and base image. This
 section will describe the necessary image configuration directory structure and supplemental files 
 in order to run each definition.
+
+### rancher-2-nodes
+
+| Option       | Default Value                                                      |
+|--------------|--------------------------------------------------------------------|
+| Base Image   | `base-images/SL-Micro.aarch64-6.0-Base-SelfInstall-GM.install.iso` |
+| Output Image | `out/rancher-2node-aarch64-6.0.iso`                                |
+
+* A multi node configuration that runs Rancher Prime. 1st node functions as server node, 2nd node functions as agent node. This can be used to spin up only 1 node too.
+* This definition is used to run VMs on Apple Silicon Mac, by defaulting installation device to `/dev/vda`. 
+* 1st node uses 192.168.64.1 ip and 2nd node uses 192.168.64.2 ip. Update the MAC address in `network/node1.suse.com.yaml` and `network/node2.suse.com.yaml` accordingly so the interface can pick up the intended ip. The cluster uses 192.168.64.11 VIP and you may want to update the IPs for your subnet configuration.
+* Update `sccRegistrationCode` with a proper code for SLE Micro 6.0.
+* Configures the `root` password to be `eib`.
diff --git a/examples/rancher-on-2nodes/custom/files/basic-setup.sh b/examples/rancher-on-2nodes/custom/files/basic-setup.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# Pre-requisites. Cluster already running
+export KUBECTL="/var/lib/rancher/rke2/bin/kubectl"
+export KUBECONFIG="/etc/rancher/rke2/rke2.yaml"
+
+###########
+# RANCHER #
+###########
+export RANCHER_CHART_TARGETNAMESPACE="cattle-system"
+export RANCHER_FINALPASSWORD="adminadminadmin"
+
+die(){
+  echo ${1} 1>&2
+  exit ${2}
+}
diff --git a/examples/rancher-on-2nodes/custom/files/rancher.sh b/examples/rancher-on-2nodes/custom/files/rancher.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+set -euo pipefail
+
+BASEDIR="$(dirname "$0")"
+source ${BASEDIR}/basic-setup.sh
+
+RANCHERLOCKNAMESPACE="default"
+RANCHERLOCKCMNAME="rancher-lock"
+
+if [ -z "${RANCHER_FINALPASSWORD}" ]; then
+  # If there is no final password, then finish the setup right away
+  exit 0
+fi
+
+trap 'catch $? $LINENO' EXIT
+
+catch() {
+  if [ "$1" != "0" ]; then
+    echo "Error $1 occurred on $2"
+    ${KUBECTL} delete configmap ${RANCHERLOCKCMNAME} -n ${RANCHERLOCKNAMESPACE}
+  fi
+}
+
+# Get or create the lock to run all those steps just in a single node
+# As the first node is created WAY before the others, this should be enough
+# TODO: Investigate if leases is better
+if [ $(${KUBECTL} get cm -n ${RANCHERLOCKNAMESPACE} ${RANCHERLOCKCMNAME} -o name | wc -l) -lt 1 ]; then
+  ${KUBECTL} create configmap ${RANCHERLOCKCMNAME} -n ${RANCHERLOCKNAMESPACE} --from-literal foo=bar
+else
+  exit 0
+fi
+
+# Wait for rancher to be deployed
+while ! ${KUBECTL} wait --for condition=ready -n ${RANCHER_CHART_TARGETNAMESPACE} $(${KUBECTL} get pods -n ${RANCHER_CHART_TARGETNAMESPACE} -l app=rancher -o name) --timeout=10s; do sleep 2 ; done
+
+RANCHERBOOTSTRAPPASSWORD=$(${KUBECTL} get secret -n ${RANCHER_CHART_TARGETNAMESPACE} bootstrap-secret -o jsonpath='{.data.bootstrapPassword}' | base64 -d)
+RANCHERHOSTNAME=$(${KUBECTL} get ingress -n ${RANCHER_CHART_TARGETNAMESPACE} rancher -o jsonpath='{.spec.rules[0].host}')
+
+# Skip the whole process if things have been set already
+if [ -z $(${KUBECTL} get settings.management.cattle.io first-login -ojsonpath='{.value}') ]; then
+  # Add the protocol
+  RANCHERHOSTNAME="https://${RANCHERHOSTNAME}"
+  TOKEN=""
+  while [ -z "${TOKEN}" ]; do
+    # Get token
+    sleep 2
+    TOKEN=$(curl -sk -X POST ${RANCHERHOSTNAME}/v3-public/localProviders/local?action=login -H 'content-type: application/json' -d "{\"username\":\"admin\",\"password\":\"${RANCHERBOOTSTRAPPASSWORD}\"}" | jq -r .token)
+  done
+
+  # Set password
+  curl -sk ${RANCHERHOSTNAME}/v3/users?action=changepassword -H 'content-type: application/json' -H "Authorization: Bearer $TOKEN" -d "{\"currentPassword\":\"${RANCHERBOOTSTRAPPASSWORD}\",\"newPassword\":\"${RANCHER_FINALPASSWORD}\"}"
+
+  # Create a temporary API token (ttl=60 minutes)
+  APITOKEN=$(curl -sk ${RANCHERHOSTNAME}/v3/token -H 'content-type: application/json' -H "Authorization: Bearer ${TOKEN}" -d '{"type":"token","description":"automation","ttl":3600000}' | jq -r .token)
+
+  curl -sk ${RANCHERHOSTNAME}/v3/settings/server-url -H 'content-type: application/json' -H "Authorization: Bearer ${APITOKEN}" -X PUT -d "{\"name\":\"server-url\",\"value\":\"${RANCHERHOSTNAME}\"}"
+  curl -sk ${RANCHERHOSTNAME}/v3/settings/telemetry-opt -X PUT -H 'content-type: application/json' -H 'accept: application/json' -H "Authorization: Bearer ${APITOKEN}" -d '{"value":"out"}'
+fi
+
+# Clean up the lock cm
+${KUBECTL} delete configmap ${RANCHERLOCKCMNAME} -n ${RANCHERLOCKNAMESPACE}
diff --git a/examples/rancher-on-2nodes/custom/scripts/99-alias.sh b/examples/rancher-on-2nodes/custom/scripts/99-alias.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+echo "alias k=kubectl" >> /etc/profile.local
+echo "alias ku=kubectl" >> /etc/profile.local
+echo "alias kubectl=/var/lib/rancher/rke2/bin/kubectl" >> /etc/profile.local
+echo "export KUBECONFIG=/etc/rancher/rke2/rke2.yaml" >> /etc/profile.local
diff --git a/examples/rancher-on-2nodes/eib-config.yaml b/examples/rancher-on-2nodes/eib-config.yaml
@@ -0,0 +1,51 @@
+apiVersion: 1.1
+image:
+  imageType: iso 
+  arch: aarch64
+  baseImage: SL-Micro.aarch64-6.0-Base-SelfInstall-GM.install.iso
+  outputImageName: rancher-2node-aarch64-6.0.iso
+operatingSystem:
+  isoConfiguration:
+    installDevice: /dev/vda
+  users:
+  - username: root
+    encryptedPassword: "$6$DIL3SYTayoaM13GP$zAfXEofZd154Wuuj.fMqJXKd2p8fieu75zLgta6dWz7rCHsxw0x4CcFjLH3V5Dy4sQKN9/VotNS9E37RYRTeD."
+  packages:
+    packageList:
+    - jq
+    - wget
+    - openssh-server-config-rootlogin
+    sccRegistrationCode: REPLACE-ME-WITH-SCC-CODE
+    #additionalRepos:
+    #- url: https://dl.suse.com/SLE16
+kubernetes:
+  version: v1.28.8+rke2r1
+  network:
+    apiVIP: 192.168.64.11
+  nodes:
+    - hostname: node1.suse.com
+      type: server
+      initializer: true
+    - hostname: node2.suse.com
+      type: agent 
+  helm:
+    charts:
+      - name: cert-manager
+        repositoryName: jetstack
+        version: 1.14.2
+        targetNamespace: cert-manager
+        valuesFile: certmanager.yaml
+        createNamespace: true
+        installationNamespace: kube-system
+      - name: rancher
+        version: 2.9.1
+        repositoryName: rancher-prime
+        targetNamespace: cattle-system
+        createNamespace: true
+        installationNamespace: kube-system
+        valuesFile: rancher.yaml
+    repositories:
+      - name: jetstack
+        url: https://charts.jetstack.io
+      - name: rancher-prime
+        url: https://charts.rancher.com/server-charts/prime
diff --git a/examples/rancher-on-2nodes/kubernetes/config/server.yaml b/examples/rancher-on-2nodes/kubernetes/config/server.yaml
@@ -0,0 +1,6 @@
+cni:
+  - multus
+  - cilium
+write-kubeconfig-mode: '0644'
+selinux: true
+token: foobar
diff --git a/examples/rancher-on-2nodes/kubernetes/helm/values/certmanager.yaml b/examples/rancher-on-2nodes/kubernetes/helm/values/certmanager.yaml
@@ -0,0 +1 @@
+installCRDs: "true"
diff --git a/examples/rancher-on-2nodes/kubernetes/helm/values/rancher.yaml b/examples/rancher-on-2nodes/kubernetes/helm/values/rancher.yaml
@@ -0,0 +1,4 @@
+hostname: rancher-192.168.64.11.sslip.io
+bootstrapPassword: "foobar"
+replicas: 1
+global.cattle.psp.enabled: "false"
diff --git a/examples/rancher-on-2nodes/network/node1.suse.com.yaml b/examples/rancher-on-2nodes/network/node1.suse.com.yaml
@@ -0,0 +1,31 @@
+routes:
+  config:
+  - destination: 0.0.0.0/0
+    metric: 100
+    next-hop-address: 192.168.64.1
+    next-hop-interface: eth0
+    table-id: 254
+  - destination: 192.168.100.0/24
+    metric: 100
+    next-hop-address:
+    next-hop-interface: eth0
+    table-id: 254
+dns-resolver:
+  config:
+    server:
+    - 192.168.64.1
+    - 8.8.8.8
+interfaces:
+- name: eth0
+  type: ethernet
+  state: up
+  mac-address: 34:8A:B1:4B:16:E1
+  ipv4:
+    address:
+    - ip: 192.168.64.21
+      prefix-length: 24
+    dhcp: false
+    enabled: true
+  ipv6:
+    enabled: false
+
diff --git a/examples/rancher-on-2nodes/network/node2.suse.com.yaml b/examples/rancher-on-2nodes/network/node2.suse.com.yaml
@@ -0,0 +1,30 @@
+routes:
+  config:
+  - destination: 0.0.0.0/0
+    metric: 100
+    next-hop-address: 192.168.64.1
+    next-hop-interface: eth0
+    table-id: 254
+  - destination: 192.168.100.0/24
+    metric: 100
+    next-hop-address:
+    next-hop-interface: eth0
+    table-id: 254
+dns-resolver:
+  config:
+    server:
+    - 192.168.64.1
+    - 8.8.8.8
+interfaces:
+- name: eth0
+  type: ethernet
+  state: up
+  mac-address: 34:8A:B1:4B:16:E2
+  ipv4:
+    address:
+    - ip: 192.168.64.22
+      prefix-length: 24
+    dhcp: false
+    enabled: true
+  ipv6:
+    enabled: false
diff --git a/examples/rancher-on-2nodes/rpms/gpg-keys/rancher-public.key b/examples/rancher-on-2nodes/rpms/gpg-keys/rancher-public.key
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBF5oF/oBDADo7r/dYVfDbsWDmVf1Ma/SbvXPIiS0nEZ1xiDuxYyoMJ0VqKM1
+9HJ/G3yzubqhlmtMM3UqqB00YZ8J7DCoC1QAb+3hzXyLLWZXV+6OaKqKxjZeQZyL
+Q1WzFMxCF/Ugc9g0Qnyt5lHgbar5/Lfb2nTs5+9RPYOwqIMKmRThYqjqmRksXqHJ
+tMMcRTkmI8r2hh65vcRG6G7EKDQymdFY9B9zXCVNyujHatnqV5Jiqw7Qa3s/VRyJ
+dfaI66Q0QtRgtiVve0rlsgtRsbaZYPUsL7WIx8mgTxvLXsHrBlOWljDSTXjq9OyF
+k67OFO8BFYuh86pIgg5UCoWm4GnhdiPkQyTGWXY1eC58KJShoA2YzR5ZBNHiuFfz
+CStWfAQNCQ75lBU43dqrs6QBSElwqx6JBNv7LqE1vWkHpxA3+oEYgOanAcq2QH8b
+ALd69E3L1y5lderc5YODbu3jMlEq2ybTe8Al3iiuWNPcUcz9KL5r4wFLeD1JZgW1
++L3AMyEyrijF1oUAEQEAAbQdUmFuY2hlciAoQ0kpIDxjaUByYW5jaGVyLmNvbT6J
+Ac4EEwEKADgWIQTIz/IWRVEm6bnJGL6SXqKa4leBSgUCXmgX+gIbAwULCQgHAgYV
+CgkICwIEFgIDAQIeAQIXgAAKCRCSXqKa4leBSo7nDAC0YgyUEh4FbudvkEBWYEeS
+/cLMTUzSU4Qz+eYMQA9GwrCv+cKRojzfN3uQxw1UwoEX51c/HDG15vnDqvEn7CqJ
+Tuc2PaLkgCTACO73wjgNEne/1QD2pA9WHglsh2iO5i7PCX0s3WCeMjINwFFyym6l
+WRGgn/erQjtuQafqrPsPa++iaLw9XEYCSHnA2YjqKLTABC6R8RqwDba20hw0ADjk
+IA2zGOaIbMbzC/eFKuVx++H4cTdNPL/TXikPm9xKHR9g+DyxvOrYh3c4Lqc2ex4v
+GhY8eFslkaqGADpOOSHN7p7+Ve6H4qnIP/WLTjyzioXKgQP/FuVa4BhCmr0C/l8i
+weBPGy5ZJtgT7ymQhW2FQ5C5JlkJczeX7XkJXxXO9uX58ihZaxJs+PpC+TPLc5u+
+kpie1CKg2wEYwhi9ChEKF138k8fZI15LMgFQBHxTdqvh8BezqHh7f/DgJICXq2Wh
+0THJIQhLN/RXK1D/86bSdM1QAS88/+QIzeSufCxmLG+5AY0EXmgX+gEMAL5lWBK8
+Wr5dtvtZrCp3iB/MbVGm0Kv8TS1xWjKCbcY+kCmFg2tZ70MPWTCIa82+rz8fz575
+ksODo5ah+1eDr4R5tcM/vidD+8h4947H6oV496P403fiUr6pA3JOmBBgq6cNnPP/
+HolmLNkq4wE0MAL9lib2nt6lccKcPgoHORqiYo0RyJv2OUpIK607A3Rl4J4/i2EY
+NPhCwsicnuHkRuMgVVnbKn1vx7sAs4O2qWWMJ3xFPsDRcxXBvwUPdanFcUoQedIk
+HAMoxPpVJDhLq6DWCX3evCYLH1ihZJ4x172/mZY20ldvjXTyi9uvtNsQ3zHvIZy4
+mBtDgd0Gl6Kj/rkZoxaxS9LZ7+LIhqbNXAX0bY7PQBAJYh4OpjbRBgpJCgplP84g
+c8ZhcWekl277W4AWeyT30rw8C9QjKWR0KRua1LENn1POjtmVdzIim8UCIEVi/Ew8
+RzERpe0gGC8pG1P1aaq8eDC1jY/WzuNBXoDGciL7yca1loRJd3jt4VGMswARAQAB
+iQG2BBgBCgAgFiEEyM/yFkVRJum5yRi+kl6imuJXgUoFAl5oF/oCGwwACgkQkl6i
+muJXgUoXIQwA3b6Ek6ZwVOhmpcc2TbXjjnwjpRl3zNFCjZrfHk4irYA2G7l4OGRC
+joTskMRjyqN64krSf3pbH5nTIJeN7fKpHadvONO1gYLQmozfxFwKARssIRkiYIEA
+5kqt9WBFUaw/fTJAcdDuP9vcQe+UpbnU1VXeFtsUU59D05mhWBmWG+KQUAcohODc
+VqiAPvdlSOdu8UPLFFOz9T5AcCJFC2IbFPNVKctbxlQcdRaI2DZrd+alMeUTEzDV
+ReeIT1BMBS3VGtgSaV8Vr7ockyTTxTrkG8RZIetzuTOiJCtAwV4M34qjAlAe9vxI
+8+XaU5r5ZyzxvHCoT5aXrYO+fxv5sPyEvUclJ7ff5KoVtQZe71xI+YyyWvAdMK+S
+OVyXqO/n6GBfl8Cl6v6X+zTbou5nwqwbA4lrefYqkeOMzpSgtY1m8TQqROqI14sD
+yWrq15QoHxcyTS8upUNmEwXxy7EUI98cDIzf7ugyQWH7QyyZ/h92RC2t2Z6bWNjn
+51EaKIT6lPXy
+=08O8
+-----END PGP PUBLIC KEY BLOCK-----