From b907327bb383a53581677cd8c0d34b7df40182ee Mon Sep 17 00:00:00 2001 From: Honigeintopf Date: Fri, 22 Nov 2024 13:24:44 +0100 Subject: [PATCH 1/6] Makefile --- Makefile | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/Makefile b/Makefile index 4a27c033..97302113 100644 --- a/Makefile +++ b/Makefile @@ -106,6 +106,31 @@ external_network: env: @./env.sh +configure-bgp: + @docker exec -it $$(docker ps -qf "name=inet") bash -c "\ + vtysh -c 'configure terminal' \ + -c 'router bgp 4200000021' \ + -c 'network 172.17.0.0/16' \ + -c 'end' \ + -c 'write memory' \ + -c 'show run'" + + +create-firewall-image: + @metalctl image create \ + --id firewall-ubuntu-4.0 \ + --url http://172.19.154.155:8000/firewall/3.0-ubuntu/img.tar.lz4 \ + --features "firewall" + +generate-insecure-kubeconfig: + @echo "Generating .kubeconfig_insecure..." + @sed -e 's/certificate-authority-data: .*/insecure-skip-tls-verify: true/' \ + -e 's/server: https:\/\/0.0.0.0:6443/server: https:\/\/172.17.0.1:6443/' \ + .kubeconfig > .kubeconfig_insecure + @echo ".kubeconfig_insecure has been created with the desired modifications." + + + .PHONY: cleanup cleanup: cleanup-control-plane cleanup-partition From d0a140e3dfd7855fb6334f576977b685892f4389 Mon Sep 17 00:00:00 2001 From: Honigeintopf Date: Fri, 22 Nov 2024 15:18:09 +0100 Subject: [PATCH 2/6] Update readme. --- .kubeconfig_insecure | 20 +++++++ Makefile | 10 ++-- README.md | 137 ++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 154 insertions(+), 13 deletions(-) create mode 100644 .kubeconfig_insecure diff --git a/.kubeconfig_insecure b/.kubeconfig_insecure new file mode 100644 index 00000000..1d558d6f --- /dev/null +++ b/.kubeconfig_insecure @@ -0,0 +1,20 @@ +apiVersion: v1 +clusters: + - cluster: + insecure-skip-tls-verify: true + server: https://172.17.0.1:6443 + name: kind-metal-control-plane +contexts: + - context: + cluster: kind-metal-control-plane + user: kind-metal-control-plane + namespace: firewall + name: kind-metal-control-plane +current-context: kind-metal-control-plane +kind: Config +preferences: {} +users: + - name: kind-metal-control-plane + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lJVklDbjlCRUpXSjh3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRFeE1qSXhNakl3TlRCYUZ3MHlOVEV4TWpJeE1qSTFOVEJhTUR3eApIekFkQmdOVkJBb1RGbXQxWW1WaFpHMDZZMngxYzNSbGNpMWhaRzFwYm5NeEdUQVhCZ05WQkFNVEVHdDFZbVZ5CmJtVjBaWE10WVdSdGFXNHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEWEw3RVkKVjJ1dW8wWFppZmcvcHNxajlGTGREZXBaQ1M1RktpdzQ2U0EvSmhZdEZHRkc2a1l0NTlPaTUrcnBIY0ZJb29PTwpFYjBPUllmY1RDQmllOGRzaFZGWVFnRGZvSUJOcEJWTUVmdTZzWVVTbHRKSVV0ZXpYT0hUQUVrdk9UZTJPcDFFCmhFbG9aanpudXlHQlppRjlBZG0vVmxTbEJWSUs5WG45SmFvbFhRYzdhK0liK1Y0eE9EWC9jaFpoczVYeTJ4azkKbVlHc2lLMkErc3lNYitlK2hXTURDUythNzlsVmRVYm1JVnhLYWlxcW00VnNBZlBtdEpGc1Rpam9XdlgyaGNSYgovZ1U4aDR4V2FKT3REMDQwaEY2L1VQOGhhOFM1K3M1NDFoRk82eXlTTVowNHZBVFhud3gwN3ZuZkxrRHZId3ljCit0QTk5QzhOZHpsaFByVHpBZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUsKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkJmY1Z2VjlFR0pDV3NGTwpESlNzZ3hBaFRsbG9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNDOGt1RHhrYnNxVHZhQjJmc01iS1VNSFQ3Ck9YZkhZUTVMNmtHNG45OU82eUplZHIwUG0xbmFZZmVDb1c4TlFOSmptSHYyaWdOeFVhSnd1M2VmU2hJajh2eVkKa3BUQ1F1eDVEcHNhVndiWWlySVJHSldkVlZKVitiZFl2Y24ySitqbW5mL3R4akQ5MnhIMjFNSzk0UlNpSlJWWQprbXpiNkdzWURMOWNPbkRmRG43R0xyNWwrZ1kxLzU0d2phOUZ0S01tdnhpMXQ1QWZTMjY0ekp3bDZXc0ZWVG9ZCjR0UUJ3V2tleFdLREFuWkUxQVBTL25NZEtmOFBDQ0RFdEYwSEJ2RlRqeGFCYnIrOGNPMVJIN1VNcS9SZ0doaDEKeU1SUHhPeHZyUlh2UUo5KzgrOWx1Tm85TTg1RDBuME5qcTVxSmEya1ZMT1JzckVHeGF4S3JUaDVWbm84Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMXkreEdGZHJycU5GMlluNFA2YktvL1JTM1EzcVdRa3VSU29zT09rZ1B5WVdMUlJoClJ1cEdMZWZUb3VmcTZSM0JTS0tEamhHOURrV0gzRXdnWW52SGJJVlJXRUlBMzZDQVRhUVZUQkg3dXJHRkVwYlMKU0ZMWHMxemgwd0JKTHprM3RqcWRSSVJKYUdZODU3c2hnV1loZlFIWnYxWlVwUVZTQ3ZWNS9TV3FKVjBITzJ2aQpHL2xlTVRnMS8zSVdZYk9WOHRzWlBabUJySWl0Z1ByTWpHL252b1ZqQXdrdm11L1pWWFZHNWlGY1Ntb3FxcHVGCmJBSHo1clNSYkU0bzZGcjE5b1hFVy80RlBJZU1WbWlUclE5T05JUmV2MUQvSVd2RXVmck9lTllSVHVzc2tqR2QKT0x3RTE1OE1kTzc1M3k1QTd4OE1uUHJRUGZRdkRYYzVZVDYwOHdJREFRQUJBb0lCQVFDQWdwL3QzSStYblRTaQo1UzNYdmFGNVp2bHh3TlM2MWF2SGJKYzZhYWR6YnlpQlJaR095MnljRDc0cHBQMTZ1T1Zzbm5tWWgrbHpNMzBlCnlHdnl4TjlsWlAwZWkxU0FPUmRHeHY1ZERzUmFTNWdnY09nbWZ5c0ltQ2paWFd0WGc0Rk5HQlpDREFyWENXL0kKS002cXU3YTJORHU1ZERKYTF5R1hIK0Q1bU52VE1YSWlNSFUvdXk3M2NobkdRRi8zMmJZb0lyZTRtMUVrT1RKRQpGM1NxNGQxMy9yYzNWUEFGTnZQWk51S3ljODlUOXVQc2VBNmdNbThUSGZmZEkwZ3U0UDNUanRvYzJjM2RXRGlQCjFhUUY0S0lwMGU3bVdwTHI4bGNVLzk5Vnc4ZncvTjRMOVQ5NktRM21JZnVDT1pUeG9jZkk1WVhSQmtVcHRtQkwKWWltRTZYU0pBb0dCQVBHT2IyZDRYeCtqSFNreWFhMzV4ZkVxQ2ZOaTBDcm9VYlUzb0w3QTVFZDdsbjVaMUVBMwpsdGNveXp1alJ4NTlQWnUwK1d0SDlEUk1WeWhrK08xWEE1aWNWL0I1eFJXbFNRcWNZaUZwOGdsU1FOTEN1QWdpCkprZ1BrakllMS9nZWJQcDN0THhOVjN2TUh2L2ZFZkN3WlpFOFlqVFd0TmN4SmxEQU80alVZaFBGQW9HQkFPUU4KbWxucnVaaXAyRDlhTlZKdkdWNXJhLzdYM25sUHR1azcra2tEWVhMZWlaR0ZTbENNN3lpUlhJZVh3d0RnSHcxcwpYL1lGVzMyUjhsVER1NkJzK1N3emY3YkhjNVVlRzdEVGw0Q2IrU1RleUpUd2JiVnkwQkt6MzVycjViQ3BuZGIvCmVQQXRMdHg0c3hBcGI2Y3pSMzFxS21QUTE3b0Nqc24zeTF2WENObFhBb0dBR1duaDRLSHlhQkt5SzdacEZldTAKWHBZTXEvV1dieDA0RTNmQnlxL2lsSDYxSzUvcHk4UE5jOStQMmp0b2JSWENHSkttdHhtLzRJeXprc1ZreHh1agpmamZjcktrekNmNzB1MUFPcHZOTmlwdUR4R2pHRWR6OTZCRHpVYUNiR2ppaFFJeTlrQjRXK1NoVmpwZjZmRGNpCnlHL3c2Unc1dEhZd1VNaVl1dUdWVy8wQ2dZRUFsZUIydzRnUFJzekE2UW5oSjFjS3Bpb1ZKTHc4WXgvSGgwczYKdDBkNGdPVE9Kb3dpQmdSSm5URERUZjJvVStmM29Idk1LVVRtRndXVzdLeGlvQkZlUlBWbmh2bFg5ZlYrbjF6QQpJZTdmODZKUzBzZWNZbmFkVnQxT0pHUEtaYXRqcDR2b3NIZ1JaeVlRRUp3YTNCandiL1VZL05haElJZFR6bHFECkZNMmk3Q3NDZ1lBTFluaWErSDNRRXRPKzFHdUZkK05VdFZib0RUTTlWbVpUdWpYWUlUVktjTVIrSUFGU0t6Ym8KeTRmQnRQekd2VS9reDZ5WWdTVWd5bFNzdFVuU3ZRZ2htalpoZU1VVVNWWHJnOGVrUEUycmVjcEVrOWxvdFIxVgpGL2trTW5rK1lXQzNDb1gzc0E4NEZ2UDgvWit6M3hrbDlFVjN0dHE5NlJ5M0hNbjBHT1JFbGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/Makefile b/Makefile index 97302113..575bbc30 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,9 @@ MINI_LAB_SONIC_IMAGE := $(or $(MINI_LAB_SONIC_IMAGE),ghcr.io/metal-stack/mini-la MACHINE_OS=ubuntu-24.04 MAX_RETRIES := 30 + +HOSTNAME_IP ?= $(shell hostname -I | awk '{print $1}'') + # Machine flavors ifeq ($(MINI_LAB_FLAVOR),cumulus) LAB_MACHINES=machine01,machine02 @@ -119,15 +122,14 @@ configure-bgp: create-firewall-image: @metalctl image create \ --id firewall-ubuntu-4.0 \ - --url http://172.19.154.155:8000/firewall/3.0-ubuntu/img.tar.lz4 \ + --url http://$(HOSTNAME_IP):8000/firewall/3.0-ubuntu/img.tar.lz4 \ --features "firewall" -generate-insecure-kubeconfig: - @echo "Generating .kubeconfig_insecure..." +.PHONY: insecure_kubeconfig +insecure-kubeconfig: @sed -e 's/certificate-authority-data: .*/insecure-skip-tls-verify: true/' \ -e 's/server: https:\/\/0.0.0.0:6443/server: https:\/\/172.17.0.1:6443/' \ .kubeconfig > .kubeconfig_insecure - @echo ".kubeconfig_insecure has been created with the desired modifications." diff --git a/README.md b/README.md index 24e76bd3..8e556dd4 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,8 @@ The mini-lab is a small, virtual setup to locally run the metal-stack. It deploy - [Requirements](#requirements) - [Known Limitations](#known-limitations) - [Try it out](#try-it-out) - - [Reinstall machine](#reinstall-machine) - - [Free machine](#free-machine) + - [Reinstall machine](#reinstall-machine) + - [Free machine](#free-machine) - [Flavors](#flavors) @@ -29,7 +29,7 @@ The mini-lab is a small, virtual setup to locally run the metal-stack. It deploy Here is some code that should help you to set up most of the requirements: - ```bash +```bash # If UFW enabled. # Disable the firewall or allow traffic through Docker network IP range. sudo ufw status @@ -58,11 +58,11 @@ sudo chmod +x /usr/local/bin/kind The following ports are used statically on your host machine: | Port | Bind Address | Description | -|:----:|:------------ |:---------------------------------- | -| 6443 | 0.0.0.0 | kube-apiserver of the kind cluster | -| 4443 | 0.0.0.0 | HTTPS ingress | -| 4150 | 0.0.0.0 | nsqd | -| 8080 | 0.0.0.0 | HTTP ingress | +| :--: | :----------- | :--------------------------------- | +| 6443 | 0.0.0.0 | kube-apiserver of the kind cluster | +| 4443 | 0.0.0.0 | HTTPS ingress | +| 4150 | 0.0.0.0 | nsqd | +| 8080 | 0.0.0.0 | HTTP ingress | ## Known Limitations @@ -111,7 +111,7 @@ make firewall make machine ``` -__Alternatively__, you may want to issue the `metalctl` commands on your own: +**Alternatively**, you may want to issue the `metalctl` commands on your own: ```bash docker compose run --rm metalctl network allocate \ @@ -204,3 +204,122 @@ In order to start specific flavor, you can define the flavor as follows: export MINI_LAB_FLAVOR=sonic make ``` + +# Connect Firewall Controller to Kind Cluster + +We need a few different repositories, if you see a 💿 icon you need to change the to the repository that is written after the icon. Using tmux or any terminal multiplexer is recommended. 🌞 + +To establish a connection between the Firewall Controller (FC) and the Kind cluster, you need to configure routing between the FC and the Kind cluster. Follow the steps below to set this up: + +## 1. Configure BGP + +### 💿 MINI-LAB + +Run the following command to configure BGP: + +```bash +make configure-bgp +``` + +```bash +make _privatenet +``` + +## 2. Deploy FC to Connect to the Kind Cluster + +### 💿 FIREWALL-CONTROLLER-MANAGER + +Before executing replace the args of the config/examples/deployment.yaml with: + +```yaml +args: + - -metal-api-url=http://metal-api.metal-control-plane.svc.cluster.local:8080/metal + - -cert-dir=/certs + - -log-level=info + - -seed-api-url=http://172.17.0.1 + - -enable-leader-election + - -namespace=firewall + - -shoot-kubeconfig-secret-name=generic-token-kubeconfig ## Need to create this urself bc usually gardener creates this + - -shoot-token-secret-name=firewall-controller-shoot-access-firewall + - -ssh-key-secret-name=ssh-secret +``` + +Now run: + +```bash +make deploy +``` + +## 3. Update .seed-kubeconfig + +You also need to update the .seed-kubeconfig file on the machine. Follow these steps: + + Connect to the machine. + Replace the existing /etc/firewall-controller/.seed-kubeconfig with the output of the following command: + +### 💿 MINI-LAB + +```bash +make generate-insecure-kubeconfig +``` + +## Running Your Local Firewall Controller in Mini-Lab + +To run your own local Firewall Controller (FC) in the mini-lab, follow these steps: + +### 1. Clone the Metal-Images Repository + +Pull the metal-images repository. 2. Build Your Local Firewall Controller + +### 💿 FIREWALL-CONTROLLER + +```bash +make docker +``` + +### 3. Modify the Firewall/Dockerfile + +### 💿 METAL-IMAGES + +Replace: + +```bash +FROM ghcr.io/metal-stack/firewall-controller:${FIREWALL_CONTROLLER_VERSION} AS firewall-controller-artifacts +``` + +With: + +```bash +FROM my-local-firewall-controller:latest AS firewall-controller-artifacts +``` + +### 4. Build the Firewall Image + +```bash +make firewall +``` + +Sometimes the test.sh line in the **builds.after** fail Just remove that whole line in all the docker-make files. + +### 5. Serve the Built Images + +Start a local HTTP server to serve the images. From within the metal-images repository: + +```bash +cd images +python3 -m http.server 8000 --bind 0.0.0.0 +``` + +### 6. Create Firewall Image in Mini-Lab + +### 💿 MINI-LAB + +```bash +make create-firewall-image +``` + +**Make sure that spec.template.spec.image is firewall-ubuntu-4.0.❗** + +Now create the firewalldeployment.yaml inside the config/examples directory inside the fcm repository. + +Now your local Firewall Controller should be running in the mini-lab environment and also has connection to your cluster! Great job! 💪 From cde9990fcc5b0a048c81d8950f6b4b5c837ce0c3 Mon Sep 17 00:00:00 2001 From: Honigeintopf Date: Fri, 22 Nov 2024 16:47:19 +0100 Subject: [PATCH 3/6] Update Makefile, add new external vm to containerlab --- Makefile | 14 +++++++++----- mini-lab.sonic.yaml | 26 +++++++++++++++++--------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 575bbc30..a6d9b9dc 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,10 @@ MACHINE_OS=ubuntu-24.04 MAX_RETRIES := 30 -HOSTNAME_IP ?= $(shell hostname -I | awk '{print $1}'') +HOSTNAME_IP := $(shell hostname -I | awk '{print $$1}') + + + # Machine flavors ifeq ($(MINI_LAB_FLAVOR),cumulus) @@ -120,16 +123,17 @@ configure-bgp: create-firewall-image: + @echo "Using URL: http://$(HOSTNAME_IP):8000/firewall/3.0-ubuntu/img.tar.lz4" @metalctl image create \ - --id firewall-ubuntu-4.0 \ - --url http://$(HOSTNAME_IP):8000/firewall/3.0-ubuntu/img.tar.lz4 \ - --features "firewall" + --id firewall-ubuntu-4.0 \ + --url http://$(HOSTNAME_IP):8000/firewall/3.0-ubuntu/img.tar.lz4 \ + --features "firewall" -.PHONY: insecure_kubeconfig insecure-kubeconfig: @sed -e 's/certificate-authority-data: .*/insecure-skip-tls-verify: true/' \ -e 's/server: https:\/\/0.0.0.0:6443/server: https:\/\/172.17.0.1:6443/' \ .kubeconfig > .kubeconfig_insecure + @echo "Exporting insecure kubeconfig into .kubeconfig_insecure" diff --git a/mini-lab.sonic.yaml b/mini-lab.sonic.yaml index cc0f1498..a364d20f 100644 --- a/mini-lab.sonic.yaml +++ b/mini-lab.sonic.yaml @@ -1,5 +1,5 @@ name: mini-lab -prefix: "" +prefix: '' mgmt: network: bridge @@ -40,6 +40,12 @@ topology: binds: - /dev:/dev - scripts:/mini-lab + test_vm: + kind: linux + image: ${MINI_LAB_VM_IMAGE} + binds: + - /dev:/dev + - scripts:/mini-lab www: kind: linux image: docker.io/library/nginx:alpine-slim @@ -48,12 +54,14 @@ topology: - ip addr add 203.0.113.3/24 dev ext - ip route add 203.0.113.128/25 via 203.0.113.2 dev ext links: - - endpoints: ["inet:ext", "mini_lab_ext:inet"] + - endpoints: ['inet:ext', 'mini_lab_ext:inet'] mtu: 9000 - - endpoints: ["www:ext", "mini_lab_ext:www"] - - endpoints: ["leaf01:eth1", "vms:lan0"] - - endpoints: ["leaf02:eth1", "vms:lan1"] - - endpoints: ["leaf01:eth2", "vms:lan2"] - - endpoints: ["leaf02:eth2", "vms:lan3"] - - endpoints: ["leaf01:eth3", "inet:eth1"] - - endpoints: ["leaf02:eth3", "inet:eth2"] + - endpoints: ['www:ext', 'mini_lab_ext:www'] + - endpoints: ['leaf01:eth1', 'vms:lan0'] + - endpoints: ['leaf02:eth1', 'vms:lan1'] + - endpoints: ['leaf01:eth2', 'vms:lan2'] + - endpoints: ['leaf02:eth2', 'vms:lan3'] + - endpoints: ['test_vm:lan0', 'vms:lan4'] + - endpoints: ['test_vm:lan1', 'vms:lan5'] + - endpoints: ['leaf01:eth3', 'inet:eth1'] + - endpoints: ['leaf02:eth3', 'inet:eth2'] From d72885037f9fd1c4ce2471e9b43fd3d99d39422a Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 25 Nov 2024 10:35:34 +0100 Subject: [PATCH 4/6] Add flavor for CAPI. --- Makefile | 44 ++++++++++----- README.md | 18 +++---- images/sonic/config_db.json | 12 ++++- .../group_vars/control-plane/metal.yml | 2 +- mini-lab.capms.yaml | 54 +++++++++++++++++++ scripts/manage_vms.py | 29 +++++++--- 6 files changed, 126 insertions(+), 33 deletions(-) create mode 100644 mini-lab.capms.yaml diff --git a/Makefile b/Makefile index 4a27c033..7412d453 100644 --- a/Makefile +++ b/Makefile @@ -26,10 +26,17 @@ ifeq ($(MINI_LAB_FLAVOR),cumulus) LAB_MACHINES=machine01,machine02 LAB_TOPOLOGY=mini-lab.cumulus.yaml VRF=vrf20 +VM_ARGS= else ifeq ($(MINI_LAB_FLAVOR),sonic) LAB_MACHINES=machine01,machine02 LAB_TOPOLOGY=mini-lab.sonic.yaml VRF=Vrf20 +VM_ARGS= +else ifeq ($(MINI_LAB_FLAVOR),capms) +LAB_MACHINES=machine01,machine02,machine03 +LAB_TOPOLOGY=mini-lab.capms.yaml +VRF=Vrf20 +VM_ARGS=-e QEMU_MACHINE_CPU_CORES=2 -e QEMU_MACHINE_DISK_SIZE=20G else $(error Unknown flavor $(MINI_LAB_FLAVOR)) endif @@ -50,12 +57,6 @@ up: env control-plane-bake partition-bake @chmod 600 files/ssh/id_rsa docker compose up --remove-orphans --force-recreate control-plane partition @$(MAKE) --no-print-directory start-machines -# for some reason an allocated machine will not be able to phone home -# without restarting the metal-core -# TODO: should be investigated and fixed if possible - sleep 10 - ssh -F files/ssh/config leaf01 'systemctl restart metal-core' - ssh -F files/ssh/config leaf02 'systemctl restart metal-core' .PHONY: restart restart: down up @@ -120,6 +121,7 @@ cleanup-partition: mkdir -p clab-mini-lab sudo --preserve-env $(CONTAINERLAB) destroy --topo mini-lab.cumulus.yaml sudo --preserve-env $(CONTAINERLAB) destroy --topo mini-lab.sonic.yaml + sudo --preserve-env $(CONTAINERLAB) destroy --topo mini-lab.capms.yaml docker network rm --force mini_lab_ext .PHONY: _privatenet @@ -169,7 +171,11 @@ ssh-leaf02: .PHONY: start-machines start-machines: - docker exec vms /mini-lab/manage_vms.py --names $(LAB_MACHINES) create + docker exec $(VM_ARGS) vms /mini-lab/manage_vms.py --names $(LAB_MACHINES) create + +.PHONY: kill-machines +kill-machines: + docker exec $(VM_ARGS) vms /mini-lab/manage_vms.py --names $(LAB_MACHINES) kill .PHONY: _password _password: env @@ -177,11 +183,15 @@ _password: env .PHONY: password-machine01 password-machine01: - @$(MAKE) --no-print-directory _password MACHINE_UUID=e0ab02d2-27cd-5a5e-8efc-080ba80cf258 + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine01 MACHINE_UUID=00000000-0000-0000-0000-000000000001 .PHONY: password-machine02 password-machine02: - @$(MAKE) --no-print-directory _password MACHINE_UUID=2294c949-88f6-5390-8154-fa53d93a3313 + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine02 MACHINE_UUID=00000000-0000-0000-0000-000000000002 + +.PHONY: password-machine0% +password-machine0%: + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine0$* MACHINE_UUID=00000000-0000-0000-0000-00000000000$* .PHONY: _free-machine _free-machine: env @@ -191,11 +201,15 @@ _free-machine: env .PHONY: free-machine01 free-machine01: - @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine01 MACHINE_UUID=e0ab02d2-27cd-5a5e-8efc-080ba80cf258 + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine01 MACHINE_UUID=00000000-0000-0000-0000-000000000001 .PHONY: free-machine02 free-machine02: - @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine02 MACHINE_UUID=2294c949-88f6-5390-8154-fa53d93a3313 + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine02 MACHINE_UUID=00000000-0000-0000-0000-000000000002 + +.PHONY: free-machine0% +free-machine0%: + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine0$* MACHINE_UUID=00000000-0000-0000-0000-00000000000$* .PHONY: _console-machine _console-machine: @@ -204,11 +218,15 @@ _console-machine: .PHONY: console-machine01 console-machine01: - @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4000 + @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4001 .PHONY: console-machine02 console-machine02: - @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4001 + @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4002 + +.PHONY: console-machine0% +console-machine0%: + @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=400$* ## SSH TARGETS FOR MACHINES ## # Python code could be replaced by jq, but it is not preinstalled on Cumulus diff --git a/README.md b/README.md index 24e76bd3..6e54680b 100644 --- a/README.md +++ b/README.md @@ -90,8 +90,8 @@ After the deployment and waiting for a short amount of time, two machines in sta docker compose run --rm metalctl machine ls ID LAST EVENT WHEN AGE HOSTNAME PROJECT SIZE IMAGE PARTITION -e0ab02d2-27cd-5a5e-8efc-080ba80cf258   PXE Booting 3s -2294c949-88f6-5390-8154-fa53d93a3313 PXE Booting 5s +00000000-0000-0000-0000-000000000001   PXE Booting 3s +00000000-0000-0000-0000-000000000002 PXE Booting 5s ``` Wait until the machines reach the waiting state: @@ -100,8 +100,8 @@ Wait until the machines reach the waiting state: docker compose run --rm metalctl machine ls ID LAST EVENT WHEN AGE HOSTNAME PROJECT SIZE IMAGE PARTITION -e0ab02d2-27cd-5a5e-8efc-080ba80cf258   Waiting 8s v1-small-x86 mini-lab -2294c949-88f6-5390-8154-fa53d93a3313   Waiting 8s v1-small-x86 mini-lab +00000000-0000-0000-0000-000000000001   Waiting 8s v1-small-x86 mini-lab +00000000-0000-0000-0000-000000000002   Waiting 8s v1-small-x86 mini-lab ``` Create a firewall and a machine with: @@ -157,14 +157,14 @@ Two machines are now installed and have status "Phoned Home" ```bash docker compose run --rm metalctl machine ls ID LAST EVENT WHEN AGE HOSTNAME PROJECT SIZE IMAGE PARTITION -e0ab02d2-27cd-5a5e-8efc-080ba80cf258   Phoned Home 2s 21s machine 00000000-0000-0000-0000-000000000000 v1-small-x86 Ubuntu 20.04 20200331 mini-lab -2294c949-88f6-5390-8154-fa53d93a3313   Phoned Home 8s 18s fw 00000000-0000-0000-0000-000000000000 v1-small-x86 Firewall 2 Ubuntu 20200730 mini-lab +00000000-0000-0000-0000-000000000001   Phoned Home 2s 21s machine 00000000-0000-0000-0000-000000000000 v1-small-x86 Ubuntu 20.04 20200331 mini-lab +00000000-0000-0000-0000-000000000002   Phoned Home 8s 18s fw 00000000-0000-0000-0000-000000000000 v1-small-x86 Firewall 2 Ubuntu 20200730 mini-lab ``` Login with user name metal and the console password from ```bash -docker compose run --rm metalctl machine consolepassword e0ab02d2-27cd-5a5e-8efc-080ba80cf258 +docker compose run --rm metalctl machine consolepassword 00000000-0000-0000-0000-000000000001 ``` To remove the kind cluster, the switches and machines, run: @@ -180,7 +180,7 @@ Reinstall a machine with ```bash docker compose run --rm metalctl machine reinstall \ --image ubuntu-20.04 \ - e0ab02d2-27cd-5a5e-8efc-080ba80cf258 + 00000000-0000-0000-0000-000000000001 ``` ### Free machine @@ -188,7 +188,7 @@ docker compose run --rm metalctl machine reinstall \ Free a machine with `make free-machine01` or ```bash -docker compose run --rm metalctl machine rm e0ab02d2-27cd-5a5e-8efc-080ba80cf258 +docker compose run --rm metalctl machine rm 00000000-0000-0000-0000-000000000001 ``` ## Flavors diff --git a/images/sonic/config_db.json b/images/sonic/config_db.json index 56f47426..0960b4c2 100644 --- a/images/sonic/config_db.json +++ b/images/sonic/config_db.json @@ -52,13 +52,21 @@ "admin_status": "up", "mtu": "9100" }, - "Ethernet120": { + "Ethernet8": { "lanes": "33,34,35,36", "alias": "fortyGigE0/8", "index": "2", "speed": "40000", "admin_status": "up", "mtu": "9100" + }, + "Ethernet120": { + "lanes": "37,38,39,40", + "alias": "fortyGigE0/12", + "index": "3", + "speed": "40000", + "admin_status": "up", + "mtu": "9100" } }, "VERSIONS": { @@ -66,4 +74,4 @@ "VERSION": "version_202311_03" } } -} \ No newline at end of file +} diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index 8a36552b..86673bc1 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -40,7 +40,7 @@ metal_api_sizes: max: "{{ '4GB' | humanfriendly }}" - type: storage min: "{{ '1GB' | humanfriendly }}" - max: "{{ '10GB' | humanfriendly }}" + max: "{{ '100GB' | humanfriendly }}" metal_api_partitions: - id: mini-lab diff --git a/mini-lab.capms.yaml b/mini-lab.capms.yaml new file mode 100644 index 00000000..e0e5f55e --- /dev/null +++ b/mini-lab.capms.yaml @@ -0,0 +1,54 @@ +# flavor for mini-lab cluster-api-provider-metal-stack +name: mini-lab +prefix: "" + +mgmt: + network: bridge + +topology: + nodes: + mini_lab_ext: + kind: bridge + leaf01: + kind: linux + image: ${MINI_LAB_SONIC_IMAGE} + labels: + ansible-group: sonic + binds: + - /dev:/dev + - files/ssh/id_rsa.pub:/authorized_keys + leaf02: + kind: linux + image: ${MINI_LAB_SONIC_IMAGE} + labels: + ansible-group: sonic + binds: + - /dev:/dev + - files/ssh/id_rsa.pub:/authorized_keys + inet: + kind: linux + image: quay.io/frrouting/frr:10.0.1 + binds: + - files/inet/daemons:/etc/frr/daemons + - files/inet/frr.conf:/etc/frr/frr.conf + - files/inet/vtysh.conf:/etc/frr/vtysh.conf + - files/inet/network.sh:/root/network.sh + exec: + - sh /root/network.sh + vms: + kind: linux + image: ${MINI_LAB_VM_IMAGE} + binds: + - /dev:/dev + - scripts:/mini-lab + links: + - endpoints: ["inet:ext", "mini_lab_ext:inet"] + mtu: 9000 + - endpoints: ["leaf01:eth1", "vms:lan0"] + - endpoints: ["leaf02:eth1", "vms:lan1"] + - endpoints: ["leaf01:eth2", "vms:lan2"] + - endpoints: ["leaf02:eth2", "vms:lan3"] + - endpoints: ["leaf01:eth3", "vms:lan4"] + - endpoints: ["leaf02:eth3", "vms:lan5"] + - endpoints: ["leaf01:eth4", "inet:eth1"] + - endpoints: ["leaf02:eth4", "inet:eth2"] diff --git a/scripts/manage_vms.py b/scripts/manage_vms.py index c94ca561..087fc526 100755 --- a/scripts/manage_vms.py +++ b/scripts/manage_vms.py @@ -9,21 +9,33 @@ VMS = { "machine01": { "name": "machine01", - "uuid": "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", + "uuid": "00000000-0000-0000-0000-000000000001", "disk-path": "/machine01.img", - "disk-size": "5G", - "memory": "2G", + "disk-size": os.getenv("QEMU_MACHINE_DISK_SIZE", default="5G"), + "memory": os.getenv("QEMU_MACHINE_MEMORY", default="2G"), + "cores": os.getenv("QEMU_MACHINE_CPU_CORES", default="1"), "lan_indices": [0, 1], - "serial-port": 4000, + "serial-port": 4001, }, "machine02": { "name": "machine02", - "uuid": "2294c949-88f6-5390-8154-fa53d93a3313", + "uuid": "00000000-0000-0000-0000-000000000002", "disk-path": "/machine02.img", - "disk-size": "5G", - "memory": "2G", + "disk-size": os.getenv("QEMU_MACHINE_DISK_SIZE", default="5G"), + "memory": os.getenv("QEMU_MACHINE_MEMORY", default="2G"), + "cores": os.getenv("QEMU_MACHINE_CPU_CORES", default="1"), "lan_indices": [2, 3], - "serial-port": 4001, + "serial-port": 4002, + }, + "machine03": { + "name": "machine03", + "uuid": "00000000-0000-0000-0000-000000000003", + "disk-path": "/machine03.img", + "disk-size": os.getenv("QEMU_MACHINE_DISK_SIZE", default="5G"), + "memory": os.getenv("QEMU_MACHINE_MEMORY", default="2G"), + "cores": os.getenv("QEMU_MACHINE_CPU_CORES", default="1"), + "lan_indices": [4, 5], + "serial-port": 4003, }, } @@ -123,6 +135,7 @@ def _start_vm(machine): "-uuid", machine.get("uuid"), "-m", machine.get("memory"), "-cpu", "host", + "-smp", "cores=" + machine.get("cores"), "-display", "none", "-enable-kvm", "-machine", "q35", From 5f05bf4ea440c77f6bb2ce64714f265da2b9473c Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 25 Nov 2024 10:56:36 +0100 Subject: [PATCH 5/6] Put back metal-core restart. --- Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile b/Makefile index 7412d453..745dc780 100644 --- a/Makefile +++ b/Makefile @@ -57,6 +57,12 @@ up: env control-plane-bake partition-bake @chmod 600 files/ssh/id_rsa docker compose up --remove-orphans --force-recreate control-plane partition @$(MAKE) --no-print-directory start-machines +# for some reason an allocated machine will not be able to phone home +# without restarting the metal-core +# TODO: should be investigated and fixed if possible + sleep 10 + ssh -F files/ssh/config leaf01 'systemctl restart metal-core' + ssh -F files/ssh/config leaf02 'systemctl restart metal-core' .PHONY: restart restart: down up From 674cc7685f7bbe03426ac73237b58f515d76d25b Mon Sep 17 00:00:00 2001 From: Honigeintopf Date: Tue, 26 Nov 2024 15:59:01 +0100 Subject: [PATCH 6/6] Update Makefile to automate FCM and FC Deployment --- .gitignore | 2 ++ .kubeconfig_insecure | 20 ----------------- Makefile | 52 ++++++++++++++++++++++++++++++++++++++------ 3 files changed, 47 insertions(+), 27 deletions(-) delete mode 100644 .kubeconfig_insecure diff --git a/.gitignore b/.gitignore index 1e29a47b..ad1d3abe 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,5 @@ requirements.yaml .extra_vars.yaml sonic-vs.img *.bak +server_pid.txt +.kubeconfig_insecure \ No newline at end of file diff --git a/.kubeconfig_insecure b/.kubeconfig_insecure deleted file mode 100644 index 1d558d6f..00000000 --- a/.kubeconfig_insecure +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -clusters: - - cluster: - insecure-skip-tls-verify: true - server: https://172.17.0.1:6443 - name: kind-metal-control-plane -contexts: - - context: - cluster: kind-metal-control-plane - user: kind-metal-control-plane - namespace: firewall - name: kind-metal-control-plane -current-context: kind-metal-control-plane -kind: Config -preferences: {} -users: - - name: kind-metal-control-plane - user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lJVklDbjlCRUpXSjh3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRFeE1qSXhNakl3TlRCYUZ3MHlOVEV4TWpJeE1qSTFOVEJhTUR3eApIekFkQmdOVkJBb1RGbXQxWW1WaFpHMDZZMngxYzNSbGNpMWhaRzFwYm5NeEdUQVhCZ05WQkFNVEVHdDFZbVZ5CmJtVjBaWE10WVdSdGFXNHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEWEw3RVkKVjJ1dW8wWFppZmcvcHNxajlGTGREZXBaQ1M1RktpdzQ2U0EvSmhZdEZHRkc2a1l0NTlPaTUrcnBIY0ZJb29PTwpFYjBPUllmY1RDQmllOGRzaFZGWVFnRGZvSUJOcEJWTUVmdTZzWVVTbHRKSVV0ZXpYT0hUQUVrdk9UZTJPcDFFCmhFbG9aanpudXlHQlppRjlBZG0vVmxTbEJWSUs5WG45SmFvbFhRYzdhK0liK1Y0eE9EWC9jaFpoczVYeTJ4azkKbVlHc2lLMkErc3lNYitlK2hXTURDUythNzlsVmRVYm1JVnhLYWlxcW00VnNBZlBtdEpGc1Rpam9XdlgyaGNSYgovZ1U4aDR4V2FKT3REMDQwaEY2L1VQOGhhOFM1K3M1NDFoRk82eXlTTVowNHZBVFhud3gwN3ZuZkxrRHZId3ljCit0QTk5QzhOZHpsaFByVHpBZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUsKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkJmY1Z2VjlFR0pDV3NGTwpESlNzZ3hBaFRsbG9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNDOGt1RHhrYnNxVHZhQjJmc01iS1VNSFQ3Ck9YZkhZUTVMNmtHNG45OU82eUplZHIwUG0xbmFZZmVDb1c4TlFOSmptSHYyaWdOeFVhSnd1M2VmU2hJajh2eVkKa3BUQ1F1eDVEcHNhVndiWWlySVJHSldkVlZKVitiZFl2Y24ySitqbW5mL3R4akQ5MnhIMjFNSzk0UlNpSlJWWQprbXpiNkdzWURMOWNPbkRmRG43R0xyNWwrZ1kxLzU0d2phOUZ0S01tdnhpMXQ1QWZTMjY0ekp3bDZXc0ZWVG9ZCjR0UUJ3V2tleFdLREFuWkUxQVBTL25NZEtmOFBDQ0RFdEYwSEJ2RlRqeGFCYnIrOGNPMVJIN1VNcS9SZ0doaDEKeU1SUHhPeHZyUlh2UUo5KzgrOWx1Tm85TTg1RDBuME5qcTVxSmEya1ZMT1JzckVHeGF4S3JUaDVWbm84Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMXkreEdGZHJycU5GMlluNFA2YktvL1JTM1EzcVdRa3VSU29zT09rZ1B5WVdMUlJoClJ1cEdMZWZUb3VmcTZSM0JTS0tEamhHOURrV0gzRXdnWW52SGJJVlJXRUlBMzZDQVRhUVZUQkg3dXJHRkVwYlMKU0ZMWHMxemgwd0JKTHprM3RqcWRSSVJKYUdZODU3c2hnV1loZlFIWnYxWlVwUVZTQ3ZWNS9TV3FKVjBITzJ2aQpHL2xlTVRnMS8zSVdZYk9WOHRzWlBabUJySWl0Z1ByTWpHL252b1ZqQXdrdm11L1pWWFZHNWlGY1Ntb3FxcHVGCmJBSHo1clNSYkU0bzZGcjE5b1hFVy80RlBJZU1WbWlUclE5T05JUmV2MUQvSVd2RXVmck9lTllSVHVzc2tqR2QKT0x3RTE1OE1kTzc1M3k1QTd4OE1uUHJRUGZRdkRYYzVZVDYwOHdJREFRQUJBb0lCQVFDQWdwL3QzSStYblRTaQo1UzNYdmFGNVp2bHh3TlM2MWF2SGJKYzZhYWR6YnlpQlJaR095MnljRDc0cHBQMTZ1T1Zzbm5tWWgrbHpNMzBlCnlHdnl4TjlsWlAwZWkxU0FPUmRHeHY1ZERzUmFTNWdnY09nbWZ5c0ltQ2paWFd0WGc0Rk5HQlpDREFyWENXL0kKS002cXU3YTJORHU1ZERKYTF5R1hIK0Q1bU52VE1YSWlNSFUvdXk3M2NobkdRRi8zMmJZb0lyZTRtMUVrT1RKRQpGM1NxNGQxMy9yYzNWUEFGTnZQWk51S3ljODlUOXVQc2VBNmdNbThUSGZmZEkwZ3U0UDNUanRvYzJjM2RXRGlQCjFhUUY0S0lwMGU3bVdwTHI4bGNVLzk5Vnc4ZncvTjRMOVQ5NktRM21JZnVDT1pUeG9jZkk1WVhSQmtVcHRtQkwKWWltRTZYU0pBb0dCQVBHT2IyZDRYeCtqSFNreWFhMzV4ZkVxQ2ZOaTBDcm9VYlUzb0w3QTVFZDdsbjVaMUVBMwpsdGNveXp1alJ4NTlQWnUwK1d0SDlEUk1WeWhrK08xWEE1aWNWL0I1eFJXbFNRcWNZaUZwOGdsU1FOTEN1QWdpCkprZ1BrakllMS9nZWJQcDN0THhOVjN2TUh2L2ZFZkN3WlpFOFlqVFd0TmN4SmxEQU80alVZaFBGQW9HQkFPUU4KbWxucnVaaXAyRDlhTlZKdkdWNXJhLzdYM25sUHR1azcra2tEWVhMZWlaR0ZTbENNN3lpUlhJZVh3d0RnSHcxcwpYL1lGVzMyUjhsVER1NkJzK1N3emY3YkhjNVVlRzdEVGw0Q2IrU1RleUpUd2JiVnkwQkt6MzVycjViQ3BuZGIvCmVQQXRMdHg0c3hBcGI2Y3pSMzFxS21QUTE3b0Nqc24zeTF2WENObFhBb0dBR1duaDRLSHlhQkt5SzdacEZldTAKWHBZTXEvV1dieDA0RTNmQnlxL2lsSDYxSzUvcHk4UE5jOStQMmp0b2JSWENHSkttdHhtLzRJeXprc1ZreHh1agpmamZjcktrekNmNzB1MUFPcHZOTmlwdUR4R2pHRWR6OTZCRHpVYUNiR2ppaFFJeTlrQjRXK1NoVmpwZjZmRGNpCnlHL3c2Unc1dEhZd1VNaVl1dUdWVy8wQ2dZRUFsZUIydzRnUFJzekE2UW5oSjFjS3Bpb1ZKTHc4WXgvSGgwczYKdDBkNGdPVE9Kb3dpQmdSSm5URERUZjJvVStmM29Idk1LVVRtRndXVzdLeGlvQkZlUlBWbmh2bFg5ZlYrbjF6QQpJZTdmODZKUzBzZWNZbmFkVnQxT0pHUEtaYXRqcDR2b3NIZ1JaeVlRRUp3YTNCandiL1VZL05haElJZFR6bHFECkZNMmk3Q3NDZ1lBTFluaWErSDNRRXRPKzFHdUZkK05VdFZib0RUTTlWbVpUdWpYWUlUVktjTVIrSUFGU0t6Ym8KeTRmQnRQekd2VS9reDZ5WWdTVWd5bFNzdFVuU3ZRZ2htalpoZU1VVVNWWHJnOGVrUEUycmVjcEVrOWxvdFIxVgpGL2trTW5rK1lXQzNDb1gzc0E4NEZ2UDgvWit6M3hrbDlFVjN0dHE5NlJ5M0hNbjBHT1JFbGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/Makefile b/Makefile index a6d9b9dc..b288d8b8 100644 --- a/Makefile +++ b/Makefile @@ -122,12 +122,52 @@ configure-bgp: -c 'show run'" -create-firewall-image: - @echo "Using URL: http://$(HOSTNAME_IP):8000/firewall/3.0-ubuntu/img.tar.lz4" + +deploy-fc: configure-bgp _privatenet insecure-kubeconfig deploy-firewall-controller-manager build-firewall-controller create-firewall-image + +deploy-firewall-controller-manager: + @echo "Deploying firewall-controller-manager" + $(MAKE) -C ../firewall-controller-manager deploy + +build-firewall-controller: + @echo "Building firewall-controller docker image" + $(MAKE) -C ../firewall-controller docker + +firewall-metal-images: + @echo "Building firewall image in ../metal-images" + $(MAKE) -C ../metal-images firewall + +create-firewall-image: firewall-metal-images + @echo "Starting HTTP server in ../metal-images on port 8000" + @cd ../metal-images && python3 -m http.server 8000 & + @echo $$! > server_pid.txt + @sleep 5 # Wait for the server to start + @echo "Using URL: http://$(HOSTNAME_IP):8000/images/firewall/3.0-ubuntu/img.tar.lz4" @metalctl image create \ - --id firewall-ubuntu-4.0 \ - --url http://$(HOSTNAME_IP):8000/firewall/3.0-ubuntu/img.tar.lz4 \ - --features "firewall" + --id firewall-ubuntu-4.0 \ + --url http://$(HOSTNAME_IP):8000/images/firewall/3.0-ubuntu/img.tar.lz4 \ + --features "firewall" + +start-server: + @echo "Starting HTTP server on port 8000" + @cd ../metal-images && python3 -m http.server 8000 & echo $$! > server_pid.txt + @echo "HTTP server started with PID: $$(cat server_pid.txt)" + +shut-down-server: + @if [ -f server_pid.txt ]; then \ + PID=$$(cat server_pid.txt); \ + if [ -n "$$PID" ] && ps -p $$PID > /dev/null 2>&1; then \ + echo "Shutting down HTTP server with PID: $$PID"; \ + kill $$PID && rm server_pid.txt; \ + else \ + echo "No running process found for PID: $$PID. Cleaning up."; \ + rm -f server_pid.txt; \ + fi; \ + else \ + echo "Error: server_pid.txt not found."; \ + fi + + insecure-kubeconfig: @sed -e 's/certificate-authority-data: .*/insecure-skip-tls-verify: true/' \ @@ -135,8 +175,6 @@ insecure-kubeconfig: .kubeconfig > .kubeconfig_insecure @echo "Exporting insecure kubeconfig into .kubeconfig_insecure" - - .PHONY: cleanup cleanup: cleanup-control-plane cleanup-partition