wip

Author: 0x416e746f6e

kernel/kernel-yocto.config

@@ -1920,7 +1920,8 @@ CONFIG_DL2K=m
 # CONFIG_NET_VENDOR_ENGLEDER is not set
 # CONFIG_NET_VENDOR_EZCHIP is not set
 # CONFIG_NET_VENDOR_FUNGIBLE is not set
-# CONFIG_NET_VENDOR_GOOGLE is not set
+CONFIG_NET_VENDOR_GOOGLE=y
+CONFIG_GVE=y
 # CONFIG_NET_VENDOR_HUAWEI is not set
 # CONFIG_NET_VENDOR_I825XX is not set
 CONFIG_NET_VENDOR_INTEL=y
@@ -3895,7 +3896,7 @@ CONFIG_JBD2=y
 CONFIG_FS_MBCACHE=y
 # CONFIG_REISERFS_FS is not set
 # CONFIG_JFS_FS is not set
-# CONFIG_XFS_FS is not set
+CONFIG_XFS_FS=y
 # CONFIG_GFS2_FS is not set
 # CONFIG_BTRFS_FS is not set
 # CONFIG_NILFS2_FS is not set

l2-builder.conf

@@ -0,0 +1,6 @@
+[Include]
+Include=base/base.conf
+Include=l2-builder/l2-builder.conf
+
+[Config]
+Profiles=gcp

l2-builder/.gitignore

@@ -0,0 +1,2 @@
+mkosi.extra/usr/bin/*
+!mkosi.extra/usr/bin/.gitkeep

l2-builder/kernel.config

@@ -0,0 +1,2 @@
+CONFIG_NET_VENDOR_GOOGLE=y
+CONFIG_GVE=y

l2-builder/l2-builder.conf

@@ -0,0 +1,24 @@
+[Build]
+Environment=KERNEL_CONFIG_SNIPPETS=kernel/snippets/ubuntu.config,l2-builder/kernel.config
+WithNetwork=true
+
+[Content]
+BuildScripts=l2-builder/mkosi.build
+ExtraTrees=l2-builder/mkosi.extra
+PostInstallationScripts=l2-builder/mkosi.postinst
+
+Packages=ethtool
+         libtss2-dev
+         prometheus-node-exporter
+         prometheus-process-exporter
+         sudo
+         usrmerge
+         xfsprogs
+         xxd
+         zip
+
+BuildPackages=golang
+              libssl-dev
+              rustup
+              unzip
+              yq

l2-builder/mkosi.build

@@ -0,0 +1,120 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+ENV_YAML="$SRCDIR/l2-builder/mkosi.extra/usr/flashbots/env.yaml"
+BPROXY_VERSION=$(mkosi-chroot yq -r .bproxy.version < "$ENV_YAML")
+BPROXY_CHECKSUM=$(mkosi-chroot yq -r .bproxy.checksum < "$ENV_YAML")
+NODE_HEALTHCHECKER_VERSION=$(mkosi-chroot yq -r .node_healthchecker.version < "$ENV_YAML")
+NODE_HEALTHCHECKER_CHECKSUM=$(mkosi-chroot yq -r .node_healthchecker.checksum < "$ENV_YAML")
+VAULT_VERSION=$(mkosi-chroot yq -r .vault.version < "$ENV_YAML")
+GOMPLATE_VERSION=$(mkosi-chroot yq -r .deps.gomplate_version < "$ENV_YAML")
+RUST_VERSION=$(mkosi-chroot yq -r .deps.rust_version < "$ENV_YAML")
+OPS_AGENT_VERSION=$(mkosi-chroot yq -r .deps.ops_agent_version < "$ENV_YAML")
+
+export RUSTUP_HOME="/rustup"
+export CARGO_HOME="/cargo"
+mkosi-chroot rustup toolchain install $RUST_VERSION
+mkosi-chroot rustup default $RUST_VERSION
+export PATH="$CARGO_HOME/bin:$PATH"
+
+source scripts/make_git_package.sh
+source scripts/build_rust_package.sh
+
+# build/re-use op-rbuilder
+if [ -f "l2-builder/mkosi.extra/usr/bin/op-rbuilder" ]; then
+    echo "Using pre-built op-rbuilder binary"
+else
+    build_rust_package \
+        "op-rbuilder" \
+        "main" \
+        "https://github.com/flashbots/op-rbuilder.git" \
+        "" "" "-g"
+fi
+
+# build/re-use tdx-quote-provider
+if [ -f "l2-builder/mkosi.extra/usr/bin/tdx-quote-provider" ]; then
+    echo "Using pre-built tdx-quote-provider binary"
+else
+build_rust_package \
+    "tdx-quote-provider" \
+    "main" \
+    "https://github.com/flashbots/op-rbuilder.git" \
+    "" "" "-g"
+fi
+
+# build gomplate
+make_git_package \
+    "gomplate" \
+    "v${GOMPLATE_VERSION}" \
+    "https://github.com/hairyhenderson/gomplate" \
+    'go build -trimpath -ldflags "-s -w -buildid=" -o ./build/gomplate ./cmd/gomplate' \
+    "build/gomplate:/usr/bin/gomplate"
+chmod +x $DESTDIR/usr/bin/gomplate
+
+# build vault
+make_git_package \
+    "vault" \
+    "v${VAULT_VERSION}" \
+    "https://github.com/hashicorp/vault.git" \
+    'go build -trimpath -ldflags "-s -w -buildid=" -o ./bin/vault .' \
+    "bin/vault:/usr/bin/vault"
+chmod +x $DESTDIR/usr/bin/vault
+
+cd "$BUILDROOT"
+
+if [ -f "l2-builder/mkosi.extra/usr/bin/bproxy" ]; then
+    echo "Using pre-built bproxy binary"
+else
+    curl -L -o bproxy.zip "https://github.com/flashbots/bproxy/releases/download/v${BPROXY_VERSION}/bproxy_linux_amd64.zip"
+    echo "${BPROXY_CHECKSUM}  bproxy.zip" | sha256sum -c
+    unzip bproxy.zip
+    install -m 755 bproxy "$DESTDIR/usr/bin/bproxy"
+    rm -f bproxy bproxy.zip
+fi
+
+if [ -f "l2-builder/mkosi.extra/usr/bin/node-healthchecker" ]; then
+    echo "Using pre-built node-healthchecker binary"
+else
+    # Download and install node-healthchecker
+    curl -L -o node-healthchecker.zip "https://github.com/flashbots/node-healthchecker/releases/download/v${NODE_HEALTHCHECKER_VERSION}/node-healthchecker_linux_amd64.zip"
+    echo "${NODE_HEALTHCHECKER_CHECKSUM}  node-healthchecker.zip" | sha256sum -c
+    unzip node-healthchecker.zip
+    install -m 755 node-healthchecker "$DESTDIR/usr/bin/node-healthchecker"
+    rm -f node-healthchecker node-healthchecker.zip
+fi
+
+# Build Google Cloud Ops Agent
+IMPORT_PATH="github.com/GoogleCloudPlatform/ops-agent"
+BUILD_CMD="
+    # Fluentbit
+    export SOURCE_DATE_EPOCH=0 PATH=/usr/local/go/bin:\$PATH
+    export CFLAGS='-fno-ident -Wno-date-time' CXXFLAGS='-fno-ident -Wno-date-time'
+    git submodule update --init --depth 1 submodules/fluent-bit
+    ./builds/fluent_bit.sh \$(pwd)/out
+
+    # Main gcs agent binaries
+    mkdir -p out/libexec
+    LDFLAGS='-s -w -buildid='
+    go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS \\
+        -X $IMPORT_PATH/internal/version.BuildDistro=debian13 \\
+        -X $IMPORT_PATH/internal/version.Version=$OPS_AGENT_VERSION\" \\
+        -o out/libexec/google_cloud_ops_agent_engine \\
+        $IMPORT_PATH/cmd/google_cloud_ops_agent_engine
+
+    go build -buildvcs=false -trimpath -ldflags \"\$LDFLAGS\" \\
+        -o out/libexec/google_cloud_ops_agent_wrapper \\
+        $IMPORT_PATH/cmd/agent_wrapper
+"
+
+make_git_package \
+    "google-cloud-ops-agent" \
+    "$OPS_AGENT_VERSION" \
+    "https://github.com/GoogleCloudPlatform/ops-agent" \
+    "$BUILD_CMD" \
+    "out/libexec:/opt/google-cloud-ops-agent/libexec" \
+    "out/opt/google-cloud-ops-agent/subagents/fluent-bit:/opt/google-cloud-ops-agent/subagents/fluent-bit" \
+    "systemd/google-cloud-ops-agent-fluent-bit.service:/usr/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service" \
+    "systemd/google-cloud-ops-agent.service:/usr/lib/systemd/system/google-cloud-ops-agent.service"
+
+sed -i 's|@PREFIX@|/opt/google-cloud-ops-agent|g; s|@SYSCONFDIR@|/etc|g' "$DESTDIR/usr/lib/systemd/system/google-cloud-ops-agent"*.service

l2-builder/mkosi.extra/etc/default/prometheus-node-exporter

@@ -0,0 +1,7 @@
+# Set the command-line arguments to pass to the server.
+ARGS="\
+--collector.systemd \
+--collector.systemd.unit-include=\".*(bproxy|node-healthchecker|op-rbuilder|prometheus-node-exporter|prometheus-process-exporter|rproxy|vault-agent).*\" \
+--log.format=json \
+--web.listen-address=0.0.0.0:9100 \
+"

l2-builder/mkosi.extra/etc/default/prometheus-process-exporter

@@ -0,0 +1,6 @@
+# Set the command-line arguments to pass to the server.
+ARGS="\
+-config.path=/etc/prometheus-process-exporter/config.yaml \
+-threads=false \
+-web.listen-address=0.0.0.0:9256 \
+"

l2-builder/mkosi.extra/etc/google-cloud-ops-agent/config.yaml

@@ -0,0 +1,18 @@
+logging:
+  receivers:
+    syslog:
+      type: files
+      include_paths:
+        - /var/log/messages
+        - /var/log/syslog
+  processors:
+    parse_json:
+      type: parse_json
+      field: message
+      time_key: "@timestamp"
+      time_format: "%Y-%m-%dT%H:%M:%S.%L%z"
+  service:
+    pipelines:
+      default_pipeline:
+        receivers: [syslog]
+        processors: [parse_json]

l2-builder/mkosi.extra/etc/prometheus-process-exporter/config.yaml

@@ -0,0 +1,16 @@
+process_names:
+  - name: bproxy
+    cmdline:
+      - '^\/([-.0-9a-zA-Z]+\/)*bproxy[-.0-9a-zA-Z]* '
+  - name: node-healthchecker
+    cmdline:
+      - '^\/([-.0-9a-zA-Z]+\/)*node-healthchecker[-.0-9a-zA-Z]* '
+  - name: op-rbuilder
+    cmdline:
+      - '^\/([-.0-9a-zA-Z]+\/)*op-rbuilder[-.0-9a-zA-Z]* '
+  - name: rproxy
+    cmdline:
+      - '^\/([-.0-9a-zA-Z]+\/)*rproxy[-.0-9a-zA-Z]* '
+  - name: vault-agent
+    cmdline:
+      - '^\/([-.0-9a-zA-Z]+\/)*vault[-.0-9a-zA-Z]* '