1.29 support and fixes:

- fix enabling password auth on newer ssh/cloud-config/ubuntu
- ensure that the images are valid before writing to boot and image partitions
- fix README

Author: ivanfitenko

README.md

@@ -22,9 +22,9 @@ reinitialized to its initial state with just a single command.
 ## Requirements
 
 ### Build Platform
-Linux or MacOS in arm64 or x86_64
-docker
-15G free space to contain initial, intermediate, and final images
+- Linux or MacOS on arm64 or x86_64
+- docker
+- 15G free space to contain initial, intermediate, and final images
 
 ### Nodes
 - Raspberri Pi 4b
@@ -36,9 +36,11 @@ docker
 Download a bootable Ubuntu image to be used as a base image for nodes. Latest
 LTS build for Raspberry Pi is the primary testing target here, so it shoud work
 best.
+
 Write your build configuration to variables.cfg file. Use variables.cfg.example
 file and "Settings" section for referrence. Minimum required settings are IMAGE
 and K8S_VERSION.
+
 While these two will allow you to build an image "just to give it a try", there
 is at least one more thing to configure if you plan to use your cluster for
 longer period of time. The cluster's certificates include IP address of master
@@ -47,34 +49,44 @@ address of master node changes, you might have to rebuild all the cluster certs
 and re-join the nodes. So it is strongly recommended that you create a static
 IP-to-MAC bidning in your DHCP server, and/or create a DNS name for your master
 node, and configure CONTROL_PLANE_ENDPOINT variable with this name.
+
 More useful settings to improve the cluster maintainability, like setting a
 non-default password for login user, can be found under "Settings" section.
 
 ### Bootstrapping master node
 After you configured your variables.cfg, it is time to bootstrap your master
 node as the fist node in your cluster. If you are reusing variables.cfg from 
 another cluster, make sure that KUBEADM_JOIN_STRING is absent or set to empty.
+
 This is what tells the scripts that this is the first boot, and the SD card
 has to be partitioned for master-style layout, i.e. it should have an additional
 partition for master data.
+
 Build the image with
+```
 bash ./build.sh
+```
+
 Check the logs to make sure that all went well. There will be some errors caused
 by building it in docker+chroot - these will be followed by a message that the
 error can be safely ignored. Errors that do not have an explanation coming right
 after them may be a sign of a broken build. Please report them, or, even better,
 open a PR with a fix. Builds having such errors should not be used to update or
 install the nodes unless you know what you do.
+
 After a successful build, an image at `images/bootable_image.img` is ready to
 be flashed on an SD card and used to boot your master node.
 Bootup and initialization would take 5-15 minutes depending on the speed of
 your SD card and internet connection (you will be downloading images for control
 panel).
+
 After successfull boot, you will be able to log in to your new master node with
 the default user for your distriution (most likely "ubuntu"), and the default
 password (usually ubuntu), or your custom password if you set it.
+
 Check /var/log/kubeadm.log to make sure the installation went well and grab the
 admin context from /etd/kubernetes/admin.conf.
+
 A command to join new nodes to the cluster is stored at /usr/lib/k8r/join_string
 Update your variables.cfg file and set this command as a value of parameter
 KUBEADM_JOIN_STRING.
@@ -83,11 +95,13 @@ KUBEADM_JOIN_STRING.
 With KUBEADM_JOIN_STRING in variables.cfg file set to the value from previous
 step, re-run the build process by executing 
 bash ./build.sh
+
 This will build the image again with the new variables file (just injecting it
 is not implemented yet), creating a new images/bootable_image.img which you can
 use for initial bootstrap of the worker nodes, along with two more images, 
 `images/boot.img.xz` and `images/image.img.xz` which can be used to upgrade, as
 well as to downgrade the nodes.
+
 Now you can write bootable-image.img to SD cards of as many new nodes as you
 need, boot them, and have them joined your new cluster. Enjoy! :-)
 
@@ -99,7 +113,8 @@ nodes, of by having the nodes download the updated image from HTTP location.
 To upgrade the nodes using local images, transfer updated  images/boot.img.xz
 and images/image.img.xz so some location on the node, and write it to image
 partition with `update_image_partition.sh` script from `/usr/lib/k8r/tasks`
-directory, passing a directory where the images can be found as a parameter. 
+directory, passing a directory where the images can be found as a parameter.
+
 For example, if image.img.xz (boot.img.xz should be stored under the same
 location) can be found at `/home/ubuntu/new_images/image.img.xz` on the target
 node, then the command would look like this:
@@ -109,6 +124,7 @@ bash /usr/lib/k8r/tasks/update_image_partition.sh /home/ubuntu/new_images/
 
 To upgrade the node from images from an HTTP, location, you need to have a
 variable HTTP_IMAGE_URL set to proper location in your `variables.cfg` file.
+
 This can be preconfigured during the build step, and you can change it or set
 it on the target node anytime by editing `/usr/lib/k8s/variables.cfg` file.
 As an example, if you have your image.img.xz (same for boot.img.xz) available
@@ -211,19 +227,25 @@ various scripts
 without parameters, will try to download an image from HTTP_IMAGE_URL. To use
 an image from a local FS, use directory path as a parameter. The directory must
 contain both image.img.xz and boot.img.xz files.
+
 `set_reinstall_mode.sh` - restart and reinstall the node. Boot and root
 filesystems will be rewritten using an initial image, resulting in a fresh node.
 
 #### NOT intended for use by an operator:
 `install-docker.sh`: convenience script to install docker into build containers.
 Runs on build host.
+
 `bootstrap_image.sh`: runs basic software installation and configuration during
 build process. Runs on build host.
+
 `setup_partitions.sh`: creates required partitions inside image file. Runs on
 build host.
+
 `reboot.sh`: utility wrapper used by task_runner's scripts to reboot the node.
+
 `setup_node.sh`: run minimal preparations on the node during install process and
 trigger an appropriate next phase
+
 `bootstrap_master.sh`: if node is expected to be a master, configure and start
 k8s control plane
 

build.sh

@@ -145,7 +145,18 @@ else
 fi
 sed -i 's#ubuntu:!#ubuntu:'$PASSWD_HASH'#g' $K8R_IMAGE_MOUNT_DIR/etc/shadow
 echo "Enabling password authentication via ssh"
-sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' $K8R_IMAGE_MOUNT_DIR/etc/ssh/sshd_config
+sed -i 's/^PasswordAuthentication no\ *$/PasswordAuthentication yes /g' $K8R_IMAGE_MOUNT_DIR/etc/ssh/sshd_config
+if [ "`grep -E '^PasswordAuthentication' $K8R_IMAGE_MOUNT_DIR/etc/ssh/sshd_config`" = "" ] ; then
+  echo "No previous setting for Password Authentication was found. Adding now."
+  echo >> $K8R_IMAGE_MOUNT_DIR/etc/ssh/sshd_config
+  echo 'PasswordAuthentication yes' >> $K8R_IMAGE_MOUNT_DIR/etc/ssh/sshd_config
+fi
+ADDITIONAL_SSH_PASSWORD_CONFIG="`grep -ElR PasswordAuthentication $K8R_IMAGE_MOUNT_DIR/etc/ssh/sshd_config.d/`"
+if [ "$ADDITIONAL_SSH_PASSWORD_CONFIG" != "" ] ; then
+  echo "Additional ssh password login config found in $ADDITIONAL_SSH_PASSWORD_CONFIG"
+  echo "Removing the directive."
+  sed -i 's/^PasswordAuthentication.*//g' $ADDITIONAL_SSH_PASSWORD_CONFIG
+fi
 
 # FIXME: if the kernel gets updated by the script below (it shouldn't), then
 # FIXME: firmware updates will NOT be included into bootable_image.img

tasks/update_image_partition.sh

@@ -16,15 +16,6 @@ if [ "$HTTP_IMAGE_URL" = "" -a "$LOCAL_IMAGE_PATH" = "" ] ; then
   exit 1
 fi
 
-if [ "$LOCAL_IMAGE_PATH" != "" ] ; then 
-  if [ ! -r "$LOCAL_IMAGE_PATH"/image.img.xz ] ; then
-    echo "ERROR: cannot read local image $LOCAL_IMAGE_PATH/image.img.xz. Exiting."
-  elif [ ! -r "$LOCAL_IMAGE_PATH"/boot.img.xz ] ; then
-    echo "ERROR: cannot read local boot image $LOCAL_IMAGE_PATH/boot.img.xz. Exiting."
-    exit 1
-  fi
-fi
-
 ALL_DEV="`blkid`"
 BOOT_DEV=`echo "$ALL_DEV" | grep 'LABEL="system-boot"'| head -n 1  | awk -F':' {'print $1'} `
 IMAGE_DEV=`echo "$ALL_DEV" | grep 'LABEL="image"'| head -n 1  | awk -F':' {'print $1'} `
@@ -36,19 +27,32 @@ if [ "$LOCAL_IMAGE_PATH" = "" ] ; then
   curl -Lo /boot.img.xz $HTTP_IMAGE_URL/boot.img.xz
   echo "Downloading image from $HTTP_IMAGE_URL"
   curl -Lo /image.img.xz $HTTP_IMAGE_URL/image.img.xz
-  #FIXME: The below writing options are duplicate: with empty $LOCAL_IMAGE_PATH
-  #FIXME: they would be the same. Join these operations.
-  echo "Writing boot image to boot partition $BOOT_DEV"
-  unxz -v --stdout /boot.img.xz | dd of=$BOOT_DEV bs=100M
-  echo "Writing image to image partition $IMAGE_DEV"
-  unxz -v --stdout /image.img.xz | dd of=$IMAGE_DEV bs=100M
-else
-  echo "Writing image $LOCAL_IMAGE_PATH/boot.img.xz to image partition $BOOT_DEV"
-  unxz -v --stdout $LOCAL_IMAGE_PATH/boot.img.xz | dd of=$BOOT_DEV bs=100M
-  echo "Writing image $LOCAL_IMAGE_PATH/image.img.xz to image partition $IMAGE_DEV"
-  unxz -v --stdout $LOCAL_IMAGE_PATH/image.img.xz | dd of=$IMAGE_DEV bs=100M
 fi
 
+if [ ! -r "$LOCAL_IMAGE_PATH"/image.img.xz ] ; then
+  echo "ERROR: cannot read local installation image $LOCAL_IMAGE_PATH/image.img.xz. Exiting."
+  exit 1
+fi
+if  ! xz -t $LOCAL_IMAGE_PATH/image.img.xz ; then
+  echo "ERROR: local installation image $LOCAL_IMAGE_PATH/image.img.xz is not an xz archive. Exiting."
+  exit 1
+fi
+if [ ! -r "$LOCAL_IMAGE_PATH"/boot.img.xz ] ; then
+  echo "ERROR: cannot read local boot image $LOCAL_IMAGE_PATH/boot.img.xz. Exiting."
+exit 1
+fi
+if  ! xz -t $LOCAL_IMAGE_PATH/boot.img.xz  ; then
+  echo "ERROR: local boot image $LOCAL_IMAGE_PATH/boot.img.xz is not an xz archive. Exiting."
+  exit 1
+fi
+
+# Remote images are downloaded to / when LOCAL_IMAGE_PATH is empty, so the
+# following extraction procedure works for both local and remote cases.
+echo "Writing image $LOCAL_IMAGE_PATH/boot.img.xz to image partition $BOOT_DEV"
+unxz -v --stdout $LOCAL_IMAGE_PATH/boot.img.xz | dd of=$BOOT_DEV bs=100M
+echo "Writing image $LOCAL_IMAGE_PATH/image.img.xz to image partition $IMAGE_DEV"
+unxz -v --stdout $LOCAL_IMAGE_PATH/image.img.xz | dd of=$IMAGE_DEV bs=100M
+
 echo "Verifying FS at target partitions $BOOT_DEV"
 fsck.vfat -a $BOOT_DEV || true
 echo "Verifying FS at target partition $IMAGE_DEV"

variables.cfg.example

@@ -2,11 +2,11 @@
 # MUST be present under current directory, must be an uncompressed image (not
 # img.xz).
 # Example:
-#IMAGE=ubuntu-22.04.2-preinstalled-server-arm64+raspi.img
+#IMAGE=ubuntu-22.04.4-preinstalled-server-arm64+raspi.img
 IMAGE=
 
 #K8S version to use
-K8S_VERSION=1.28.1
+K8S_VERSION=1.29.1
 
 #While not mandatory, it is a good idea to have a DNS name or at least a fixed
 #IP-address associated with your master's MAC address. Otherwise, when your