Revert "Remove gardlinux support in 1.24/1.26 template"

This reverts commit 6cce709.
sapcc · Sep 12, 2023 · e123af9 · e123af9
1 parent 6cce709
commit e123af9
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 12 deletions.
diff --git a/pkg/templates/node_1.24.go b/pkg/templates/node_1.24.go
@@ -3,9 +3,16 @@
 package templates
 
 var Node_1_24 = `
+variant: flatcar
+version: 1.0.0
 passwd:
   users:
-    - name:          core
+    - name: core
+{{- if .Gardenlinux }}
+      shell: /bin/bash
+      groups:
+        - sudo
+{{- end }}
       password_hash: {{ .LoginPassword }}
 {{- if .LoginPublicKey }}
       ssh_authorized_keys:
@@ -14,7 +21,7 @@ passwd:
 systemd:
   units:
     - name: ccloud-metadata-hostname.service
-      enable: true
+      enabled: true
       contents: |
         [Unit]
         Description=Workaround for coreos-metadata hostname bug
@@ -27,23 +34,25 @@ systemd:
         RemainAfterExit=yes
         [Install]
         WantedBy=multi-user.target
+{{- if .Flatcar }}
     - name: containerd.service
-      enable: true
+      enabled: true
       dropins:
         - name: 10-custom-config.conf
           contents: |
             [Service]
             ExecStart=
             ExecStart=/usr/bin/env PATH=${TORCX_BINDIR}:${PATH} ${TORCX_BINDIR}/containerd
+{{- end }}
     - name: docker.service
-      enable: true
+      enabled: true
       dropins:
         - name: 20-docker-opts.conf
           contents: |
             [Service]
             Environment="DOCKER_OPTS=--iptables=false --bridge=none"
     - name: kubelet.service
-      enable: true
+      enabled: true
       contents: |
         [Unit]
         Description=Kubelet
@@ -81,7 +90,7 @@ systemd:
         WantedBy=multi-user.target
     - name: updatecertificates.service
       command: start
-      enable: true
+      enabled: true
       contents: |
         [Unit]
         Description=Update the certificates w/ self-signed root CAs
@@ -95,6 +104,20 @@ systemd:
         WantedBy=multi-user.target
 storage:
   files:
+{{- if .Gardenlinux }}
+    - path: /etc/sudoers.d/core
+      filesystem: root
+      mode: 0644
+      contents:
+        inline: |
+          core ALL=(ALL) NOPASSWD:ALL
+    - path: /etc/ssh/sshd_config.d/20-enable-passwords.conf
+      filesystem: root
+      mode: 0644
+      contents:
+        inline: |
+          PasswordAuthentication yes
+{{- end }}
     - path: /etc/crictl.yaml
       filesystem: root
       mode: 0644
@@ -153,6 +176,7 @@ storage:
     - path: /etc/systemd/resolved.conf
       filesystem: root
       mode: 0644
+      overwrite: true
       contents:
         inline: |
           [Resolve]
@@ -329,12 +353,14 @@ storage:
             CSIMigrationOpenStack: true
             ExpandCSIVolumes: true
 {{- end }}
+{{- if .Flatcar }}
     - path: /etc/flatcar/update.conf
       filesystem: root
       mode: 0644
       contents:
         inline: |-
           REBOOT_STRATEGY="off"
+{{- end }}
     - path: /etc/modules-load.d/br_netfilter.conf
       filesystem: root
       mode: 0644

diff --git a/pkg/templates/node_1.26.go b/pkg/templates/node_1.26.go
@@ -3,9 +3,16 @@
 package templates
 
 var Node_1_26 = `
+variant: flatcar
+version: 1.0.0
 passwd:
   users:
-    - name:          core
+    - name: core
+{{- if .Gardenlinux }}
+      shell: /bin/bash
+      groups:
+        - sudo
+{{- end }}
       password_hash: {{ .LoginPassword }}
 {{- if .LoginPublicKey }}
       ssh_authorized_keys:
@@ -14,7 +21,7 @@ passwd:
 systemd:
   units:
     - name: ccloud-metadata-hostname.service
-      enable: true
+      enabled: true
       contents: |
         [Unit]
         Description=Workaround for coreos-metadata hostname bug
@@ -27,23 +34,25 @@ systemd:
         RemainAfterExit=yes
         [Install]
         WantedBy=multi-user.target
+{{- if .Flatcar }}
     - name: containerd.service
-      enable: true
+      enabled: true
       dropins:
         - name: 10-custom-config.conf
           contents: |
             [Service]
             ExecStart=
             ExecStart=/usr/bin/env PATH=${TORCX_BINDIR}:${PATH} ${TORCX_BINDIR}/containerd
+{{- end }}
     - name: docker.service
-      enable: true
+      enabled: true
       dropins:
         - name: 20-docker-opts.conf
           contents: |
             [Service]
             Environment="DOCKER_OPTS=--iptables=false --bridge=none"
     - name: kubelet.service
-      enable: true
+      enabled: true
       contents: |
         [Unit]
         Description=Kubelet
@@ -81,7 +90,7 @@ systemd:
         WantedBy=multi-user.target
     - name: updatecertificates.service
       command: start
-      enable: true
+      enabled: true
       contents: |
         [Unit]
         Description=Update the certificates w/ self-signed root CAs
@@ -95,6 +104,20 @@ systemd:
         WantedBy=multi-user.target
 storage:
   files:
+{{- if .Gardenlinux }}
+    - path: /etc/sudoers.d/core
+      filesystem: root
+      mode: 0644
+      contents:
+        inline: |
+          core ALL=(ALL) NOPASSWD:ALL
+    - path: /etc/ssh/sshd_config.d/20-enable-passwords.conf
+      filesystem: root
+      mode: 0644
+      contents:
+        inline: |
+          PasswordAuthentication yes
+{{- end }}
     - path: /etc/crictl.yaml
       filesystem: root
       mode: 0644
@@ -153,6 +176,7 @@ storage:
     - path: /etc/systemd/resolved.conf
       filesystem: root
       mode: 0644
+      overwrite: true
       contents:
         inline: |
           [Resolve]
@@ -324,12 +348,14 @@ storage:
           nodeLeaseDurationSeconds: 20
           cgroupDriver: systemd
           featureGates:
+{{- if .Flatcar }}
     - path: /etc/flatcar/update.conf
       filesystem: root
       mode: 0644
       contents:
         inline: |-
           REBOOT_STRATEGY="off"
+{{- end }}
     - path: /etc/modules-load.d/br_netfilter.conf
       filesystem: root
       mode: 0644