underpost 2.8.78 → 2.8.79

package/README.md

@@ -68,7 +68,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.8.78
+## underpost ci/cd cli v2.8.79
 
 ### Usage: `underpost [options] [command]`
   ```

package/bin/deploy.js

@@ -822,6 +822,9 @@ try {
     }
 
     case 'version-deploy': {
+      shellExec(
+        `underpost secret underpost --create-from-file /home/dd/engine/engine-private/conf/dd-cron/.env.production`,
+      );
       shellExec(`node bin/build dd conf`);
       shellExec(`git add . && cd ./engine-private && git add .`);
       shellExec(`node bin cmt . ci package-pwa-microservices-template`);

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.8.78
+## underpost ci/cd cli v2.8.79
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -204,7 +204,6 @@ Options:
   --mongodb            Init with mongodb statefulset
   --postgresql         Init with postgresql statefulset
   --mongodb4           Init with mongodb 4.4 service
-  --istio              Init base istio cluster
   --valkey             Init with valkey service
   --contour            Init with project contour base HTTPProxy and envoy
   --cert-manager       Init with letsencrypt-prod ClusterIssuer
@@ -218,6 +217,11 @@ Options:
   --info-capacity      display current total machine capacity info
   --info-capacity-pod  display current machine capacity pod info
   --pull-image         Set optional pull associated image
+  --init-host          Install k8s node necessary cli env: kind, kubeadm,
+                       docker, podman, helm
+  --config             Set k8s base node config
+  --worker             Set worker node context
+  --chown              Set k8s kube chown
   -h, --help           display help for command
  
 ```
@@ -471,10 +475,22 @@ Options:
 Lxd management
 
 Options:
-  --init      Init lxd
-  --reset     Reset lxd on current machine
-  --install   Install lxd on current machine
-  -h, --help  display help for command
+  --init                    Init lxd
+  --reset                   Reset lxd on current machine
+  --install                 Install lxd on current machine
+  --dev                     Set dev context env
+  --control                 set control node vm context
+  --worker                  set worker node context
+  --create-vm <vm-id>       Create default virtual machines
+  --init-vm <vm-id>         Get init vm underpost script
+  --info-vm <vm-id>         Get all info vm
+  --start-vm <vm-id>        Start vm with networkt config
+  --root-size <gb-size>     Set root size vm
+  --join-node <nodes>       Comma separated worker and control node e. g.
+                            k8s-worker-1,k8s-control
+  --expose <vm-name-ports>  Vm name and : separated with Comma separated vm
+                            port to expose e. g. k8s-control:80,443
+  -h, --help                display help for command
  
 ```
   

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.78'
+      engine.version: '2.8.79'
     networks:
       - load-balancer
 

package/manifests/lxd/lxd-admin-profile.yaml

@@ -0,0 +1,16 @@
+config:
+  limits.cpu: "2"
+  limits.memory: 4GB
+description: vm nat network
+devices:
+  eth0:
+    name: eth0
+    network: lxdbr0
+    type: nic
+  root:
+    path: /
+    pool: local # lxc storage list
+    size: 100GB
+    type: disk
+name: admin-profile
+used_by: []

package/manifests/lxd/lxd-preseed.yaml

@@ -0,0 +1,58 @@
+config:
+  core.https_address: 127.0.0.1:8443
+
+networks:
+  - name: lxdbr0
+    type: bridge
+    config:
+      ipv4.address: 10.250.250.1/24
+      ipv4.nat: "true"
+      ipv4.dhcp: "true"
+      ipv4.dhcp.ranges: 10.250.250.2-10.250.250.254
+      ipv4.firewall: "false"
+      ipv6.address: none
+
+storage_pools:
+  - name: local
+    driver: zfs
+    config:
+      size: 100GiB
+
+profiles:
+  - name: default
+    config: {}
+    description: "default profile"
+    devices:
+      root:
+        path: /
+        pool: local
+        type: disk
+
+  - name: admin-profile
+    description: "vm nat network admin profile"
+    config:
+      limits.cpu: "2"
+      limits.memory: 4GB
+    devices:
+      eth0:
+        name: eth0
+        network: lxdbr0
+        type: nic
+      root:
+        path: /
+        pool: local
+        size: 100GB
+        type: disk
+
+projects: []
+
+cluster:
+  server_name: lxd-node1
+  enabled: true
+  member_config: []
+  cluster_address: ""
+  cluster_certificate: ""
+  server_address: ""
+  cluster_password: ""
+  cluster_token: ""
+  cluster_certificate_path: ""

package/manifests/lxd/underpost-setup.sh

@@ -0,0 +1,146 @@
+#!/bin/bash
+
+set -e
+
+# Expand /dev/sda2 partition and resize filesystem automatically
+
+# Check if parted is installed
+if ! command -v parted &>/dev/null; then
+    echo "parted not found, installing..."
+    dnf install -y parted
+fi
+
+# Get start sector of /dev/sda2
+START_SECTOR=$(parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
+
+# Resize the partition
+parted /dev/sda ---pretend-input-tty <<EOF
+unit s
+resizepart 2 100%
+Yes
+quit
+EOF
+
+# Resize the filesystem
+resize2fs /dev/sda2
+
+echo "Disk and filesystem resized successfully."
+sudo dnf install -y tar
+sudo dnf install -y bzip2
+sudo dnf install -y git
+sudo dnf -y update
+sudo dnf -y install epel-release
+sudo dnf install -y ufw
+sudo systemctl enable --now ufw
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+nvm install 23.8.0
+nvm use 23.8.0
+echo "
+██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
+██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
+██║░░░██║██╔██╗██║██║░░██║█████╗░░██████╔╝██████╔╝██║░░██║╚█████╗░░░░██║░░░
+██║░░░██║██║╚████║██║░░██║██╔══╝░░██╔══██╗██╔═══╝░██║░░██║░╚═══██╗░░░██║░░░
+╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░
+░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░
+
+Installing underpost k8s node ...
+
+"
+npm install -g underpost
+chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost
+sudo modprobe br_netfilter
+mkdir -p /home/dd
+cd $(underpost root)/underpost
+underpost cluster --init-host
+
+# Default flags
+USE_KUBEADM=false
+USE_KIND=false
+USE_WORKER=false
+
+# Loop through arguments
+for arg in "$@"; do
+    case "$arg" in
+    --kubeadm)
+        USE_KUBEADM=true
+        ;;
+    --kind)
+        USE_KIND=true
+        ;;
+    --worker)
+        USE_WORKER=true
+        ;;
+    esac
+done
+
+echo "USE_KUBEADM = $USE_KUBEADM"
+echo "USE_KIND   = $USE_KIND"
+echo "USE_WORKER = $USE_WORKER"
+
+underpost cluster --kubeadm
+underpost cluster --reset
+
+PORTS=(
+    22    # SSH
+    80    # HTTP
+    443   # HTTPS
+    53    # DNS (TCP/UDP)
+    66    # TFTP
+    67    # DHCP
+    69    # TFTP
+    111   # rpcbind
+    179   # Calico BGP
+    2049  # NFS
+    20048 # NFS mountd
+    4011  # PXE boot
+    5240  # snapd API
+    5248  # Juju controller
+    6443  # Kubernetes API
+    9153  # CoreDNS metrics
+    10250 # Kubelet API
+    10251 # kube-scheduler
+    10252 # kube-controller-manager
+    10255 # Kubelet read-only (deprecated)
+    10257 # controller-manager (v1.23+)
+    10259 # scheduler (v1.23+)
+)
+
+PORT_RANGES=(
+    2379:2380 # etcd
+    # 30000:32767 # NodePort range
+    # 3000:3100 # App node ports
+    32765:32766 # Ephemeral ports
+    6783:6784   # Weave Net
+)
+
+# Open individual ports
+for PORT in "${PORTS[@]}"; do
+    ufw allow ${PORT}/tcp
+    ufw allow ${PORT}/udp
+done
+
+# Open port ranges
+for RANGE in "${PORT_RANGES[@]}"; do
+    ufw allow ${RANGE}/tcp
+    ufw allow ${RANGE}/udp
+done
+
+# Behavior based on flags
+if $USE_KUBEADM; then
+    echo "Running control node with kubeadm..."
+    underpost cluster --kubeadm
+    # kubectl get pods --all-namespaces -o wide -w
+fi
+
+if $USE_KIND; then
+    echo "Running control node with kind..."
+    underpost cluster
+    # kubectl get pods --all-namespaces -o wide -w
+fi
+
+if $USE_WORKER; then
+    echo "Running worker..."
+    underpost cluster --worker --config
+fi

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "2.8.78",
+    "version": "2.8.79",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/src/cli/cluster.js

@@ -31,6 +31,10 @@ class UnderpostCluster {
         pullImage: false,
         dedicatedGpu: false,
         kubeadm: false,
+        initHost: false,
+        config: false,
+        worker: false,
+        chown: false,
       },
     ) {
       // sudo dnf update
@@ -39,6 +43,9 @@ class UnderpostCluster {
       // 3) Install Nvidia drivers from Rocky Linux docs
       // 4) Install LXD with MAAS from Rocky Linux docs
       // 5) Install MAAS src from snap
+      if (options.initHost === true) return UnderpostCluster.API.initHost();
+      if (options.config === true) UnderpostCluster.API.config();
+      if (options.chown === true) UnderpostCluster.API.chown();
       const npmRoot = getNpmRootPath();
       const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
       if (options.infoCapacityPod === true) return logger.info('', UnderpostDeploy.API.resourcesFactory());
@@ -89,28 +96,17 @@ class UnderpostCluster {
         UnderpostDeploy.API.get('calico-kube-controllers')[0];
 
       if (
+        !options.worker &&
         !alrreadyCluster &&
-        ((!options.istio && !UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0]) ||
-          (options.istio === true && !UnderpostDeploy.API.get('calico-kube-controllers')[0]))
+        ((!options.kubeadm && !UnderpostDeploy.API.get('kube-apiserver-kind-control-plane')[0]) ||
+          (options.kubeadm === true && !UnderpostDeploy.API.get('calico-kube-controllers')[0]))
       ) {
-        shellExec(`sudo setenforce 0`);
-        shellExec(`sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config`);
-        // sudo systemctl disable kubelet
-        // shellExec(`sudo systemctl enable --now kubelet`);
-        shellExec(`containerd config default > /etc/containerd/config.toml`);
-        shellExec(`sed -i -e "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml`);
-        // shellExec(`cp /etc/kubernetes/admin.conf ~/.kube/config`);
-        // shellExec(`sudo systemctl restart kubelet`);
-        shellExec(`sudo service docker restart`);
-        shellExec(`sudo systemctl enable --now containerd.service`);
-        shellExec(`sudo swapoff -a; sudo sed -i '/swap/d' /etc/fstab`);
-        if (options.istio === true) {
-          shellExec(`sysctl net.bridge.bridge-nf-call-iptables=1`);
+        UnderpostCluster.API.config();
+        if (options.kubeadm === true) {
           shellExec(
             `sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --control-plane-endpoint="${os.hostname()}:6443"`,
           );
-          shellExec(`sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config`);
-          shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
+          UnderpostCluster.API.chown();
           // https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart
           shellExec(
             `sudo kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml`,
@@ -119,17 +115,16 @@ class UnderpostCluster {
           //   `wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml`,
           // );
           shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/kubeadm-calico-config.yaml`);
-          shellExec(`sudo systemctl restart containerd`);
           const nodeName = os.hostname();
           shellExec(`kubectl taint nodes ${nodeName} node-role.kubernetes.io/control-plane:NoSchedule-`);
           shellExec(
             `kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml`,
           );
         } else {
-          shellExec(`sudo systemctl restart containerd`);
           if (options.full === true || options.dedicatedGpu === true) {
             // https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/
             shellExec(`cd ${underpostRoot}/manifests && kind create cluster --config kind-config-cuda.yaml`);
+            UnderpostCluster.API.chown();
           } else {
             shellExec(
               `cd ${underpostRoot}/manifests && kind create cluster --config kind-config${
@@ -137,7 +132,6 @@ class UnderpostCluster {
               }.yaml`,
             );
           }
-          shellExec(`sudo chown $(id -u):$(id -g) $HOME/.kube/config**`);
         }
       } else logger.warn('Cluster already initialized');
 
@@ -285,6 +279,26 @@ class UnderpostCluster {
         shellExec(`sudo kubectl apply -f ${underpostRoot}/manifests/${letsEncName}.yaml`);
       }
     },
+
+    config() {
+      shellExec(`sudo setenforce 0`);
+      shellExec(`sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config`);
+      shellExec(`sudo systemctl enable --now docker`);
+      shellExec(`sudo systemctl enable --now kubelet`);
+      shellExec(`containerd config default > /etc/containerd/config.toml`);
+      shellExec(`sed -i -e "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml`);
+      shellExec(`sudo service docker restart`);
+      shellExec(`sudo systemctl enable --now containerd.service`);
+      shellExec(`sudo swapoff -a; sudo sed -i '/swap/d' /etc/fstab`);
+      shellExec(`sudo systemctl daemon-reload`);
+      shellExec(`sudo systemctl restart containerd`);
+      shellExec(`sysctl net.bridge.bridge-nf-call-iptables=1`);
+    },
+    chown() {
+      shellExec(`mkdir -p ~/.kube`);
+      shellExec(`sudo -E cp -i /etc/kubernetes/admin.conf ~/.kube/config`);
+      shellExec(`sudo -E chown $(id -u):$(id -g) ~/.kube/config`);
+    },
     // This function performs a comprehensive reset of Kubernetes and container environments
     // on the host machine. Its primary goal is to clean up cluster components, temporary files,
     // and container data, ensuring a clean state for re-initialization or fresh deployments,
@@ -460,6 +474,35 @@ Allocatable:
 
       return resources;
     },
+    initHost() {
+      // Install docker
+      shellExec(`sudo dnf -y install dnf-plugins-core
+sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo`);
+      shellExec(`sudo dnf -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin`);
+      // Install podman
+      shellExec(`sudo dnf -y install podman`);
+      // Install kind
+      shellExec(`[ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.29.0/kind-linux-arm64
+chmod +x ./kind
+sudo mv ./kind /bin/kind`);
+      // Install kubeadm
+      shellExec(`cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
+exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
+EOF`);
+      shellExec(`sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes`);
+      // Install helm
+      shellExec(`curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+chmod 700 get_helm.sh
+./get_helm.sh
+chmod +x /usr/local/bin/helm
+sudo mv /usr/local/bin/helm /bin/helm`);
+    },
   };
 }
 export default UnderpostCluster;

package/src/cli/deploy.js

@@ -82,13 +82,13 @@ spec:
       containers:
         - name: ${deployId}-${env}-${suffix}
           image: localhost/debian-underpost:${Underpost.version}
-          resources:
-            requests:
-              memory: "${resources.requests.memory}"
-              cpu: "${resources.requests.cpu}"
-            limits:
-              memory: "${resources.limits.memory}"
-              cpu: "${resources.limits.cpu}"
+#          resources:
+#            requests:
+#              memory: "${resources.requests.memory}"
+#              cpu: "${resources.requests.cpu}"
+#            limits:
+#              memory: "${resources.limits.memory}"
+#              cpu: "${resources.limits.cpu}"
           command:
             - /bin/sh
             - -c

package/src/cli/index.js

@@ -1,7 +1,7 @@
 import dotenv from 'dotenv';
 import { Command } from 'commander';
 import Underpost from '../index.js';
-import { getUnderpostRootPath, loadConf } from '../server/conf.js';
+import { getNpmRootPath, getUnderpostRootPath, loadConf } from '../server/conf.js';
 import fs from 'fs-extra';
 import { commitData } from '../client/components/core/CommonJs.js';
 import { shellExec } from '../server/process.js';
@@ -97,7 +97,7 @@ program
   .option('--mongodb', 'Init with mongodb statefulset')
   .option('--postgresql', 'Init with postgresql statefulset')
   .option('--mongodb4', 'Init with mongodb 4.4 service')
-  .option('--istio', 'Init base istio cluster')
+  //  .option('--istio', 'Init base istio service mesh')
   .option('--valkey', 'Init with valkey service')
   .option('--contour', 'Init with project contour base HTTPProxy and envoy')
   .option('--cert-manager', 'Init with letsencrypt-prod ClusterIssuer')
@@ -111,6 +111,10 @@ program
   .option('--info-capacity', 'display current total machine capacity info')
   .option('--info-capacity-pod', 'display current machine capacity pod info')
   .option('--pull-image', 'Set optional pull associated image')
+  .option('--init-host', 'Install k8s node necessary cli env: kind, kubeadm, docker, podman, helm')
+  .option('--config', 'Set k8s base node config')
+  .option('--worker', 'Set worker node context')
+  .option('--chown', 'Set k8s kube chown')
   .action(Underpost.cluster.init)
   .description('Manage cluster, for default initialization base kind cluster');
 
@@ -271,6 +275,19 @@ program
   .option('--init', 'Init lxd')
   .option('--reset', 'Reset lxd on current machine')
   .option('--install', 'Install lxd on current machine')
+  .option('--dev', 'Set dev context env')
+  .option('--control', 'set control node vm context')
+  .option('--worker', 'set worker node context')
+  .option('--create-vm <vm-id>', 'Create default virtual machines')
+  .option('--init-vm <vm-id>', 'Get init vm underpost script')
+  .option('--info-vm <vm-id>', 'Get all info vm')
+  .option('--start-vm <vm-id>', 'Start vm with networkt config')
+  .option('--root-size <gb-size>', 'Set root size vm')
+  .option('--join-node <nodes>', 'Comma separated worker and control node e. g. k8s-worker-1,k8s-control')
+  .option(
+    '--expose <vm-name-ports>',
+    'Vm name and : separated with Comma separated vm port to expose e. g. k8s-control:80,443',
+  )
   .description('Lxd management')
   .action(UnderpostLxd.API.callback);
 

package/src/cli/lxd.js

@@ -1,8 +1,30 @@
-import { shellExec } from '../server/process.js';
+import { getNpmRootPath } from '../server/conf.js';
+import { getLocalIPv4Address } from '../server/dns.js';
+import { pbcopy, shellExec } from '../server/process.js';
+import fs from 'fs-extra';
 
 class UnderpostLxd {
   static API = {
-    async callback(options = { init: false, reset: false, install: false }) {
+    async callback(
+      options = {
+        init: false,
+        reset: false,
+        dev: false,
+        install: false,
+        createVirtualNetwork: false,
+        control: false,
+        worker: false,
+        startVm: '',
+        initVm: '',
+        createVm: '',
+        infoVm: '',
+        rootSize: '',
+        joinNode: '',
+        expose: '',
+      },
+    ) {
+      const npmRoot = getNpmRootPath();
+      const underpostRoot = options?.dev === true ? '.' : `${npmRoot}/underpost`;
       if (options.reset === true) {
         shellExec(`sudo systemctl stop snap.lxd.daemon`);
         shellExec(`sudo snap remove lxd --purge`);
@@ -11,7 +33,128 @@ class UnderpostLxd {
       if (options.init === true) {
         shellExec(`sudo systemctl start snap.lxd.daemon`);
         shellExec(`sudo systemctl status snap.lxd.daemon`);
+        const lxdPressedContent = fs
+          .readFileSync(`${underpostRoot}/manifests/lxd/lxd-preseed.yaml`, 'utf8')
+          .replaceAll(`127.0.0.1`, getLocalIPv4Address());
+        // shellExec(`lxc profile show admin-profile`);
+        // shellExec(`lxc network show lxdbr0`);
+        // shellExec(`lxd init --preseed < ${underpostRoot}/manifests/lxd/lxd-preseed.yaml`);
+        shellExec(`echo "${lxdPressedContent}" | lxd init --preseed`);
+        shellExec(`lxc cluster list`);
       }
+      if (options.createVm && typeof options.createVm === 'string') {
+        // lxc launch
+        const createVmCommand = `lxc init images:rockylinux/9/cloud ${
+          options.createVm
+        } --vm --target lxd-node1 -c limits.cpu=2 -c limits.memory=4GB --profile admin-profile -d root,size=${
+          options.rootSize && typeof options.rootSize === 'string' ? options.rootSize + 'GiB' : '32GiB'
+        }`;
+        pbcopy(createVmCommand); // Copy the command to clipboard for user
+      }
+      if (options.startVm && typeof options.startVm === 'string') {
+        const vmIp = UnderpostLxd.API.getNextAvailableIp();
+        shellExec(`lxc stop ${options.startVm}`);
+        shellExec(
+          `lxc config set ${options.startVm} user.network-config="${UnderpostLxd.API.generateCloudInitNetworkConfig(
+            vmIp,
+          )}"`,
+        );
+        shellExec(`lxc config device override ${options.startVm} eth0`);
+        shellExec(`lxc config device set ${options.startVm} eth0 ipv4.address ${vmIp}`);
+        shellExec(
+          `lxc config set ${options.startVm} user.user-data="#cloud-config
+runcmd:
+  - [touch, /var/log/userdata-ok]"`,
+        );
+        shellExec(`lxc start ${options.startVm}`);
+      }
+      if (options.initVm && typeof options.initVm === 'string') {
+        let flag = '';
+        if (options.control === true) {
+          flag = ' -s -- --kubeadm';
+          shellExec(`lxc exec ${options.initVm} -- bash -c 'mkdir -p /home/dd/engine'`);
+          shellExec(`lxc file push /home/dd/engine/engine-private ${options.initVm}/home/dd/engine --recursive`);
+        } else if (options.worker == true) {
+          flag = ' -s -- --worker';
+        }
+        pbcopy(`cat ${underpostRoot}/manifests/lxd/underpost-setup.sh | lxc exec ${options.initVm} -- bash${flag}`);
+      }
+      if (options.joinNode && typeof options.joinNode === 'string') {
+        const [workerNode, controlNode] = options.joinNode.split(',');
+        const token = shellExec(
+          `echo "$(lxc exec ${controlNode} -- bash -c 'sudo kubeadm token create --print-join-command')"`,
+          { stdout: true },
+        );
+        shellExec(`lxc exec ${workerNode} -- bash -c '${token}'`);
+      }
+      if (options.infoVm && typeof options.infoVm === 'string') {
+        shellExec(`lxc config show ${options.infoVm}`);
+        shellExec(`lxc info --show-log ${options.infoVm}`);
+        shellExec(`lxc info ${options.infoVm}`);
+        shellExec(`lxc list ${options.infoVm}`);
+      }
+      if (options.expose && typeof options.expose === 'string') {
+        const [controlNode, ports] = options.expose.split(':');
+        console.log({ controlNode, ports });
+        const protocols = ['tcp', 'udp'];
+        const hostIp = getLocalIPv4Address();
+        const vmIp = shellExec(
+          `lxc list ${controlNode} --format json | jq -r '.[0].state.network.enp5s0.addresses[] | select(.family=="inet") | .address'`,
+          { stdout: true },
+        ).trim();
+        for (const port of ports.split(',')) {
+          for (const protocol of protocols) {
+            shellExec(`lxc config device remove ${controlNode} ${controlNode}-port-${port}`);
+            shellExec(
+              `lxc config device add ${controlNode} ${controlNode}-port-${port} proxy listen=${protocol}:${hostIp}:${port} connect=${protocol}:${vmIp}:${port} nat=true`,
+            );
+            shellExec(`lxc config show ${controlNode} --expanded | grep proxy`);
+          }
+        }
+      }
+    },
+    generateCloudInitNetworkConfig(ip) {
+      return `version: 2
+ethernets:
+  enp5s0:
+    dhcp4: false
+    addresses:
+      - ${ip}/24
+    gateway4: 10.250.250.1
+    nameservers:
+      addresses: [1.1.1.1, 8.8.8.8]`;
+    },
+    getUsedIpsFromLxd() {
+      const json = shellExec('lxc list --format json', { stdout: true, silent: true });
+      const vms = JSON.parse(json);
+
+      const usedIps = [];
+
+      for (const vm of vms) {
+        if (vm.state && vm.state.network) {
+          for (const iface of Object.values(vm.state.network)) {
+            if (iface.addresses) {
+              for (const addr of iface.addresses) {
+                if (addr.family === 'inet' && addr.address.startsWith('10.250.250.')) {
+                  usedIps.push(addr.address);
+                }
+              }
+            }
+          }
+        }
+      }
+
+      return usedIps;
+    },
+    getNextAvailableIp(base = '10.250.250.', start = 100, end = 254) {
+      const usedIps = UnderpostLxd.API.getUsedIpsFromLxd();
+      for (let i = start; i <= end; i++) {
+        const candidate = `${base}${i}`;
+        if (!usedIps.includes(candidate)) {
+          return candidate;
+        }
+      }
+      throw new Error('No IPs available in the static range');
     },
   };
 }

package/src/index.js

@@ -11,6 +11,7 @@ import UnderpostDeploy from './cli/deploy.js';
 import UnderpostRootEnv from './cli/env.js';
 import UnderpostFileStorage from './cli/fs.js';
 import UnderpostImage from './cli/image.js';
+import UnderpostLxd from './cli/lxd.js';
 import UnderpostMonitor from './cli/monitor.js';
 import UnderpostRepository from './cli/repository.js';
 import UnderpostScript from './cli/script.js';
@@ -30,7 +31,7 @@ class Underpost {
    * @type {String}
    * @memberof Underpost
    */
-  static version = 'v2.8.78';
+  static version = 'v2.8.79';
   /**
    * Repository cli API
    * @static
@@ -122,6 +123,13 @@ class Underpost {
    * @memberof Underpost
    */
   static monitor = UnderpostMonitor.API;
+  /**
+   * LXD cli API
+   * @static
+   * @type {UnderpostLxd.API}
+   * @memberof Underpost
+   */
+  static lxd = UnderpostLxd.API;
 }
 
 const up = Underpost;