micahhausler/Makefile.diff

## README.md

      
    Raw
  

              README.md
            
          
    Hook builds for an Intel NUC on an Intel NUC

I'm running ubuntu 20.04. If you're not, its up to you to figure it out :)
Setup

On a freshly installed Ubuntu 20.04 system:
cat << EOF >> ~/.bashrc
export VISUAL=vim
export EDITOR="$VISUAL"
export PATH=$PATH:~/go/bin
set -o vi
EOF
sudo apt-get update -y
sudo apt-get upgrade -y
sudo reboot
And after a reboot, install build tooling:
sudo snap install go --classic

# Install/configure docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
sudo usermod -a -G docker $USER

# exit and relog in to get a session with your user in the docker group

sudo curl -L \
"https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

sudo apt-get install -y make
docker buildx create --use

# Install linuxkit v0.8
mkdir -p ~/go/{src,pkg,bin}
go get -u golang.org/x/lint/golint
go get -u github.com/gordonklaus/ineffassign
mkdir -p ~/go/src/github.com/linuxkit
cd ~/go/src/github.com/linuxkit
git clone https://github.com/linuxkit/linuxkit.git
cd linuxkit
git checkout v0.8
make
cp bin/linuxkit ~/go/bin/linuxkit

# for hook & sandbox
mkdir -p ~/go/src/github.com/tinkerbell/
cd ~/go/src/github.com/tinkerbell/
git clone https://github.com/tinkerbell/sandbox.git
git clone https://github.com/tinkerbell/hook.git

## Hook
# We don't need to push images
sed -i 's,--push,--output=local,g' hook/Makefile
# make linuxkit happy, don't pull images every time
sed -i 's,-disable-content-trust -pull,,g' hook/Makefile
# Enable intel ethernet controller https://github.com/torvalds/linux/blob/master/drivers/net/ethernet/intel/Kconfig#L331
sed -i 's,# CONFIG_IGC is not set,CONFIG_IGC=m,g' ./hook/kernel/config-*
# Seems to hang forever, set a timeout?
timeout 120 make -C hook/kernel -j 16 kconfig_amd64 KCONFIG_TAG=hack
# takes ~60m with 32GB/4core i3
make -C hook/kernel  -j 16 devbuild_5.10.x

# !!! IMPORTANT !!!
# Now edit your `Makefile` with the diff I included above
# Now edit your `hook.yaml` similar to mine above

# Takes ~2min with 32GB/4core i3
# linuxkit seems to copy the `.ssh/authorized_keys` and not rewrite the gid/uid even if set in hook.yaml
# The only way I could figure out to get the file ownership correct was to `make dist` as root
sudo make -C hook dist

# We don't want to download OSIE later, so we set TB_OSIE_TAR to the build output
export TB_OSIE_TAR=$HOME/go/src/github.com/tinkerbell/hook/hook-$(git -C hook log -1 --format="%h")-dirty.tar.gz

## Sandbox
cd sandbox
sed -i 's,dl-cdn,dl-2,g' deploy/tls/Dockerfile
sed -i 's,setup_networking ,#setup_networking ,g' setup.sh
# replace enp88s0 with your primary interface name
generate-env.sh enp88s0 > .env
# replace "10.1.1.11" with your primary interface address
sed -i 's/192.168.1.1/10.1.1.11/g' .env
# replace "24" with your primary interface network cidr
sed -i 's/TINKERBELL_CIDR=29/TINKERBELL_CIDR=24/g' .env
source .env

# Run setup
# This should use your hook tarball you set as TB_OSIE_TAR above instead of downloading OSIE.
# After subsequient tweaks to `hook.yaml`, you can re-run `make dist` in the hook directory
# and untar that tarball into ~/go/src/github.com/tinkerbell/sandbox/deploy/state/webroot/misc/osie/current
./setup.sh

# Setup the tink server
cd deploy
docker-compose up -d
docker-compose ps

# install tink-cli
go get github.com/tinkerbell/tink/cmd/tink-cli
cp ~/go/bin/tink-cli ~/go/bin/tink
export TINKERBELL_GRPC_AUTHORITY=127.0.0.1:42113
export TINKERBELL_CERT_URL=http://127.0.0.1:42114/cert
Now you can follow the Vagrant guide where you set the Worker Wardware data. You can use tink instead of the tink-cli in the docker container

  
## hook.yaml
# This is my modified hook.yaml
kernel:
  # Image produced from running
  #     sed -i 's,# CONFIG_IGC is not set,CONFIG_IGC=m,g' ./kernel/config-*
  #     make -C kernel  -j 16 devbuild_5.10.x
  image: quay.io/tinkerbell/hook-kernel:5.10.11-db87ac36ad015726dc268e7c77b5670dc8297685-dirty
  cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
  - linuxkit/init:v0.8
  - linuxkit/runc:v0.8
  - linuxkit/containerd:v0.8
  - linuxkit/ca-certificates:v0.8
onboot:
  - name: sysctl
    image: linuxkit/sysctl:v0.8
  - name: sysfs
    image: linuxkit/sysfs:v0.8
  - name: dhcpcd
    image: linuxkit/dhcpcd:v0.8
    # Give dhcpcd access to host resolv.conf and ability to write lockfile
    # TODO: individually test each bind and `net:host` and `pid: host` to see what all is required
    # I just tried a bunch of things I thought might help, but not sure which one is required
    binds:
     - /etc/resolv.conf:/etc/resolv.conf
     - /run:/run
    net: host
    pid: host
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services:
  - name: getty
    image: linuxkit/getty:v0.8
    env:
     - INSECURE=true
    # Debug to let you run `nsenter -a -t1` for host debugging
    capabilities:
     - all
  - name: rngd
    image: linuxkit/rngd:v0.8
  - name: dhcpcd
    image: linuxkit/dhcpcd:v0.8
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"]
    net: host
    pid: host
    binds:
     - /etc/resolv.conf:/etc/resolv.conf
     - /run:/run
     - /var/lib/dhcpcd:/var/lib/dhcpcd
  - name: ntpd
    image: linuxkit/openntpd:v0.8
    binds:
    - /var/run:/var/run
  - name: docker
    image: quay.io/tinkerbell/hook-docker:0.0
    capabilities:
     - all
    net: host
    pid: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
    binds:
     - /etc/resolv.conf:/etc/resolv.conf
     - /lib/modules:/lib/modules
     - /etc/docker/daemon.json:/etc/docker/daemon.json
     - /var/run/docker:/var/run
     - /var/run/worker:/worker
     - /dev/console:/dev/console
     - /dev:/dev
     - /var/run/images:/var/lib/docker
    runtime:
      mkdir:
        - /var/run/images
        - /var/run/docker
        - /var/run/worker
  - name: bootkit
    image: quay.io/tinkerbell/hook-bootkit:0.0
    capabilities:
     - all
    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
    binds:
     - /var/run/docker:/var/run
    runtime:
      mkdir:
        - /var/run/docker
  - name: sshd
    image: linuxkit/sshd:v0.8
    net: host
    runtime:
      mkdir:
        - /var/empty
    binds:
    - /root/.ssh:/root/.ssh
    - /etc/resolv.conf:/etc/resolv.conf
    - /run:/run
    - /tmp:/tmp
    - /usr/bin/ctr:/usr/bin/ctr
    - /usr/bin/runc:/usr/bin/runc
    - /containers:/containers
    - /var/empty:/var/empty
    - /var/log:/var/log
    - /var/lib/containerd:/var/lib/containerd
    - /dev:/dev
    - /sys:/sys
files:
  - path: etc/docker/daemon.json
    contents: '{"debug": true}'
  - path: /root/.ssh/authorized_keys
    source: ~/.ssh/authorized_keys
    mode: "0600"
    uid: 0
    gid: 0
    optional: true
trust:
  org:
    - linuxkit
    - library

## Makefile.diff
diff --git a/Makefile b/Makefile
index 253d32b..7329f04 100644
--- a/Makefile
+++ b/Makefile
@@ -22,11 +22,11 @@ export DOCKER_CLI_EXPERIMENTAL := enabled

 image-amd64:
        mkdir -p out
-       linuxkit build -docker -disable-content-trust -pull -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)
+       linuxkit build -docker -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)

 image-arm64:
        mkdir -p out
-       linuxkit build -docker -disable-content-trust -pull -arch arm64 -format kernel+initrd -name hook-aarch64 -dir out $(LINUXKIT_CONFIG)
+       linuxkit build -docker -arch arm64 -format kernel+initrd -name hook-aarch64 -dir out $(LINUXKIT_CONFIG)

 image: image-amd64 image-arm64

@@ -53,13 +53,13 @@ dev-bootkitBuild:
        cd bootkit; docker buildx build -load -t $(ORG)/hook-bootkit:0.0 .

 bootkitBuild:
-       cd bootkit; docker buildx build --platform linux/amd64,linux/arm64 --push -t $(ORG)/hook-bootkit:0.0 .
+       cd bootkit; docker buildx build --platform linux/amd64,linux/arm64 --output local -t $(ORG)/hook-bootkit:0.0 .

 dev-tink-dockerBuild:
        cd tink-docker; docker buildx build -load -t $(ORG)/hook-docker:0.0 .

 tink-dockerBuild:
-       cd tink-docker; docker buildx build --platform linux/amd64,linux/arm64 --push -t $(ORG)/hook-docker:0.0 .
+       cd tink-docker; docker buildx build --platform linux/amd64,linux/arm64 --output local -t $(ORG)/hook-docker:0.0 .

 dev-convert:
        rm -rf ./convert
	# This is my modified hook.yaml
	kernel:
	# Image produced from running
	# sed -i 's,# CONFIG_IGC is not set,CONFIG_IGC=m,g' ./kernel/config-*
	# make -C kernel -j 16 devbuild_5.10.x
	image: quay.io/tinkerbell/hook-kernel:5.10.11-db87ac36ad015726dc268e7c77b5670dc8297685-dirty
	cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
	init:
	- linuxkit/init:v0.8
	- linuxkit/runc:v0.8
	- linuxkit/containerd:v0.8
	- linuxkit/ca-certificates:v0.8
	onboot:
	- name: sysctl
	image: linuxkit/sysctl:v0.8
	- name: sysfs
	image: linuxkit/sysfs:v0.8
	- name: dhcpcd
	image: linuxkit/dhcpcd:v0.8
	# Give dhcpcd access to host resolv.conf and ability to write lockfile
	# TODO: individually test each bind and `net:host` and `pid: host` to see what all is required
	# I just tried a bunch of things I thought might help, but not sure which one is required
	binds:
	- /etc/resolv.conf:/etc/resolv.conf
	- /run:/run
	net: host
	pid: host
	command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
	services:
	- name: getty
	image: linuxkit/getty:v0.8
	env:
	- INSECURE=true
	# Debug to let you run `nsenter -a -t1` for host debugging
	capabilities:
	- all
	- name: rngd
	image: linuxkit/rngd:v0.8
	- name: dhcpcd
	image: linuxkit/dhcpcd:v0.8
	command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf"]
	net: host
	pid: host
	binds:
	- /etc/resolv.conf:/etc/resolv.conf
	- /run:/run
	- /var/lib/dhcpcd:/var/lib/dhcpcd
	- name: ntpd
	image: linuxkit/openntpd:v0.8
	binds:
	- /var/run:/var/run
	- name: docker
	image: quay.io/tinkerbell/hook-docker:0.0
	capabilities:
	- all
	net: host
	pid: host
	mounts:
	- type: cgroup
	options: ["rw","nosuid","noexec","nodev","relatime"]
	binds:
	- /etc/resolv.conf:/etc/resolv.conf
	- /lib/modules:/lib/modules
	- /etc/docker/daemon.json:/etc/docker/daemon.json
	- /var/run/docker:/var/run
	- /var/run/worker:/worker
	- /dev/console:/dev/console
	- /dev:/dev
	- /var/run/images:/var/lib/docker
	runtime:
	mkdir:
	- /var/run/images
	- /var/run/docker
	- /var/run/worker
	- name: bootkit
	image: quay.io/tinkerbell/hook-bootkit:0.0
	capabilities:
	- all
	net: host
	mounts:
	- type: cgroup
	options: ["rw","nosuid","noexec","nodev","relatime"]
	binds:
	- /var/run/docker:/var/run
	runtime:
	mkdir:
	- /var/run/docker
	- name: sshd
	image: linuxkit/sshd:v0.8
	net: host
	runtime:
	mkdir:
	- /var/empty
	binds:
	- /root/.ssh:/root/.ssh
	- /etc/resolv.conf:/etc/resolv.conf
	- /run:/run
	- /tmp:/tmp
	- /usr/bin/ctr:/usr/bin/ctr
	- /usr/bin/runc:/usr/bin/runc
	- /containers:/containers
	- /var/empty:/var/empty
	- /var/log:/var/log
	- /var/lib/containerd:/var/lib/containerd
	- /dev:/dev
	- /sys:/sys
	files:
	- path: etc/docker/daemon.json
	contents: '{"debug": true}'
	- path: /root/.ssh/authorized_keys
	source: ~/.ssh/authorized_keys
	mode: "0600"
	uid: 0
	gid: 0
	optional: true
	trust:
	org:
	- linuxkit
	- library
	diff --git a/Makefile b/Makefile
	index 253d32b..7329f04 100644
	--- a/Makefile
	+++ b/Makefile
	@@ -22,11 +22,11 @@ export DOCKER_CLI_EXPERIMENTAL := enabled

	image-amd64:
	mkdir -p out
	- linuxkit build -docker -disable-content-trust -pull -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)
	+ linuxkit build -docker -format kernel+initrd -name hook-x86_64 -dir out $(LINUXKIT_CONFIG)

	image-arm64:
	mkdir -p out
	- linuxkit build -docker -disable-content-trust -pull -arch arm64 -format kernel+initrd -name hook-aarch64 -dir out $(LINUXKIT_CONFIG)
	+ linuxkit build -docker -arch arm64 -format kernel+initrd -name hook-aarch64 -dir out $(LINUXKIT_CONFIG)

	image: image-amd64 image-arm64

	@@ -53,13 +53,13 @@ dev-bootkitBuild:
	cd bootkit; docker buildx build -load -t $(ORG)/hook-bootkit:0.0 .

	bootkitBuild:
	- cd bootkit; docker buildx build --platform linux/amd64,linux/arm64 --push -t $(ORG)/hook-bootkit:0.0 .
	+ cd bootkit; docker buildx build --platform linux/amd64,linux/arm64 --output local -t $(ORG)/hook-bootkit:0.0 .

	dev-tink-dockerBuild:
	cd tink-docker; docker buildx build -load -t $(ORG)/hook-docker:0.0 .

	tink-dockerBuild:
	- cd tink-docker; docker buildx build --platform linux/amd64,linux/arm64 --push -t $(ORG)/hook-docker:0.0 .
	+ cd tink-docker; docker buildx build --platform linux/amd64,linux/arm64 --output local -t $(ORG)/hook-docker:0.0 .

	dev-convert:
	rm -rf ./convert