underpost 2.8.79 → 2.8.84

package/conf.js

@@ -164,6 +164,10 @@ const DefaultConf = /**/ {
             auth: { user: 'noreply@default.net', pass: '' },
           },
         },
+        valkey: {
+          port: 6379,
+          host: '127.0.0.1',
+        },
       },
     },
     'www.default.net': {

package/docker-compose.yml

@@ -58,7 +58,7 @@ services:
           cpus: '0.25'
           memory: 20M
     labels: # labels in Compose file instead of Dockerfile
-      engine.version: '2.8.79'
+      engine.version: '2.8.84'
     networks:
       - load-balancer
 

package/manifests/deployment/dd-template-development/deployment.yaml

@@ -0,0 +1,167 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dd-template-development-blue
+  labels:
+    app: dd-template-development-blue
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dd-template-development-blue
+  template:
+    metadata:
+      labels:
+        app: dd-template-development-blue
+    spec:
+      containers:
+        - name: dd-template-development-blue
+          image: localhost/rockylinux9-underpost:v2.8.84
+          #          resources:
+          #            requests:
+          #              memory: "124Ki"
+          #              cpu: "100m"
+          #            limits:
+          #              memory: "1992Ki"
+          #              cpu: "1600m"
+          command:
+            - /bin/sh
+            - -c
+            - >
+              npm install -g npm@11.2.0 &&
+              npm install -g underpost &&
+              cd $(underpost root)/underpost &&
+              node bin/deploy update-default-conf template &&
+              mkdir -p /home/dd &&
+              cd /home/dd &&
+              underpost new engine
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dd-template-development-blue-service
+spec:
+  selector:
+    app: dd-template-development-blue
+  ports:
+    - name: 'tcp-4001'
+      protocol: TCP
+      port: 4001
+      targetPort: 4001
+    - name: 'udp-4001'
+      protocol: UDP
+      port: 4001
+      targetPort: 4001
+
+    - name: 'tcp-4002'
+      protocol: TCP
+      port: 4002
+      targetPort: 4002
+    - name: 'udp-4002'
+      protocol: UDP
+      port: 4002
+      targetPort: 4002
+
+    - name: 'tcp-4003'
+      protocol: TCP
+      port: 4003
+      targetPort: 4003
+    - name: 'udp-4003'
+      protocol: UDP
+      port: 4003
+      targetPort: 4003
+
+    - name: 'tcp-4004'
+      protocol: TCP
+      port: 4004
+      targetPort: 4004
+    - name: 'udp-4004'
+      protocol: UDP
+      port: 4004
+      targetPort: 4004
+  type: LoadBalancer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dd-template-development-green
+  labels:
+    app: dd-template-development-green
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dd-template-development-green
+  template:
+    metadata:
+      labels:
+        app: dd-template-development-green
+    spec:
+      containers:
+        - name: dd-template-development-green
+          image: localhost/rockylinux9-underpost:v2.8.84
+          #          resources:
+          #            requests:
+          #              memory: "124Ki"
+          #              cpu: "100m"
+          #            limits:
+          #              memory: "1992Ki"
+          #              cpu: "1600m"
+          command:
+            - /bin/sh
+            - -c
+            - >
+              npm install -g npm@11.2.0 &&
+              npm install -g underpost &&
+              cd $(underpost root)/underpost &&
+              node bin/deploy update-default-conf template &&
+              mkdir -p /home/dd &&
+              cd /home/dd &&
+              underpost new engine
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dd-template-development-green-service
+spec:
+  selector:
+    app: dd-template-development-green
+  ports:
+    - name: 'tcp-4001'
+      protocol: TCP
+      port: 4001
+      targetPort: 4001
+    - name: 'udp-4001'
+      protocol: UDP
+      port: 4001
+      targetPort: 4001
+
+    - name: 'tcp-4002'
+      protocol: TCP
+      port: 4002
+      targetPort: 4002
+    - name: 'udp-4002'
+      protocol: UDP
+      port: 4002
+      targetPort: 4002
+
+    - name: 'tcp-4003'
+      protocol: TCP
+      port: 4003
+      targetPort: 4003
+    - name: 'udp-4003'
+      protocol: UDP
+      port: 4003
+      targetPort: 4003
+
+    - name: 'tcp-4004'
+      protocol: TCP
+      port: 4004
+      targetPort: 4004
+    - name: 'udp-4004'
+      protocol: UDP
+      port: 4004
+      targetPort: 4004
+  type: LoadBalancer

package/manifests/deployment/dd-template-development/proxy.yaml

@@ -0,0 +1,46 @@
+# "http://default.net:4001/socket.io": "http://localhost:4001/socket.io",
+# "http://default.net:4002/peer": "http://localhost:4002/peer",
+# "http://default.net:4001/": "http://localhost:4001/",
+# "http://www.default.net:4003/": "http://localhost:4003/"
+
+---
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: default.net
+spec:
+  virtualhost:
+    fqdn: default.net
+  routes:
+    - conditions:
+        - prefix: /
+      enableWebsockets: true
+      services:
+        - name: dd-template-development-blue-service
+          port: 4001
+          weight: 100
+
+    - conditions:
+        - prefix: /peer
+      enableWebsockets: true
+      services:
+        - name: dd-template-development-blue-service
+          port: 4002
+          weight: 100
+
+---
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: www.default.net
+spec:
+  virtualhost:
+    fqdn: www.default.net
+  routes:
+    - conditions:
+        - prefix: /
+      enableWebsockets: true
+      services:
+        - name: dd-template-development-blue-service
+          port: 4003
+          weight: 100

package/manifests/deployment/tensorflow/tf-gpu-test.yaml

@@ -0,0 +1,65 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tf-gpu-test-script
+  namespace: default
+data:
+  main_tf_gpu_test.py: |
+    import os
+    import tensorflow as tf
+
+    print("--- Starting GPU and Library Check ---")
+
+    gpus = tf.config.list_physical_devices("GPU")
+    if gpus:
+        try:
+            tf.config.set_visible_devices(gpus[0], "GPU")
+            logical_gpus = tf.config.list_logical_devices("GPU")
+            print(
+                f"TensorFlow detected {len(gpus)} Physical GPUs, {len(logical_gpus)} Logical GPUs. Using: {gpus[0].name}"
+            )
+        except RuntimeError as e:
+            print(f"RuntimeError during GPU configuration: {e}")
+    else:
+        print("TensorFlow did not detect any GPU devices. Running on CPU.")
+
+    print(f"XLA_FLAGS environment variable: {os.environ.get('XLA_FLAGS')}")
+    print(f"TF_XLA_FLAGS environment variable: {os.environ.get('TF_XLA_FLAGS')}")
+
+    print(f"TensorFlow version: {tf.__version__}")
+    print(f"Built with CUDA: {tf.test.is_built_with_cuda()}")
+    print(f"Is GPU available: {tf.config.list_physical_devices('GPU') != []}")
+
+    print("--- GPU and Library Check Complete ---")
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: tf-gpu-test-pod
+  namespace: default
+spec:
+  restartPolicy: Never
+  runtimeClassName: nvidia
+  containers:
+    - name: tensorflow-gpu-tester
+      image: nvcr.io/nvidia/tensorflow:24.04-tf2-py3
+      imagePullPolicy: IfNotPresent
+      command: ['python']
+      args: ['/app/main_tf_gpu_test.py']
+      resources:
+        limits:
+          nvidia.com/gpu: '1'
+      env:
+        - name: NVIDIA_VISIBLE_DEVICES
+          value: all
+      volumeMounts:
+        - name: tf-script-volume
+          mountPath: /app
+  volumes:
+    - name: tf-script-volume
+      configMap:
+        name: tf-gpu-test-script
+        items:
+          - key: main_tf_gpu_test.py
+            path: main_tf_gpu_test.py

package/manifests/lxd/lxd-admin-profile.yaml

@@ -7,6 +7,7 @@ devices:
     name: eth0
     network: lxdbr0
     type: nic
+    ipv4.address: 10.250.250.100
   root:
     path: /
     pool: local # lxc storage list

package/manifests/lxd/lxd-preseed.yaml

@@ -1,51 +1,23 @@
 config:
   core.https_address: 127.0.0.1:8443
-
-networks:
-  - name: lxdbr0
-    type: bridge
-    config:
-      ipv4.address: 10.250.250.1/24
-      ipv4.nat: "true"
-      ipv4.dhcp: "true"
-      ipv4.dhcp.ranges: 10.250.250.2-10.250.250.254
-      ipv4.firewall: "false"
-      ipv6.address: none
-
+networks: []
 storage_pools:
-  - name: local
-    driver: zfs
-    config:
+  - config:
       size: 100GiB
-
+    description: ""
+    name: local
+    driver: zfs
+storage_volumes: []
 profiles:
-  - name: default
-    config: {}
-    description: "default profile"
-    devices:
-      root:
-        path: /
-        pool: local
-        type: disk
-
-  - name: admin-profile
-    description: "vm nat network admin profile"
-    config:
-      limits.cpu: "2"
-      limits.memory: 4GB
+  - config: {}
+    description: ""
     devices:
-      eth0:
-        name: eth0
-        network: lxdbr0
-        type: nic
       root:
         path: /
         pool: local
-        size: 100GB
         type: disk
-
+    name: default
 projects: []
-
 cluster:
   server_name: lxd-node1
   enabled: true

package/manifests/lxd/underpost-setup.sh

@@ -1,20 +1,25 @@
 #!/bin/bash
 
+# Exit immediately if a command exits with a non-zero status.
 set -e
 
-# Expand /dev/sda2 partition and resize filesystem automatically
+echo "Starting Underpost Kubernetes Node Setup for Production (Kubeadm/K3s Use Case)..."
+
+# --- Disk Partition Resizing (Keep as is, seems functional) ---
+echo "Expanding /dev/sda2 partition and resizing filesystem..."
 
 # Check if parted is installed
 if ! command -v parted &>/dev/null; then
     echo "parted not found, installing..."
-    dnf install -y parted
+    sudo dnf install -y parted
 fi
 
 # Get start sector of /dev/sda2
-START_SECTOR=$(parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
+START_SECTOR=$(sudo parted /dev/sda -ms unit s print | awk -F: '/^2:/{print $2}' | sed 's/s//')
 
 # Resize the partition
-parted /dev/sda ---pretend-input-tty <<EOF
+# Using 'sudo' for parted commands
+sudo parted /dev/sda ---pretend-input-tty <<EOF
 unit s
 resizepart 2 100%
 Yes
@@ -22,21 +27,28 @@ quit
 EOF
 
 # Resize the filesystem
-resize2fs /dev/sda2
+sudo resize2fs /dev/sda2
 
 echo "Disk and filesystem resized successfully."
-sudo dnf install -y tar
-sudo dnf install -y bzip2
-sudo dnf install -y git
+
+# --- Essential System Package Installation ---
+echo "Installing essential system packages..."
+sudo dnf install -y tar bzip2 git epel-release
+
+# Perform a system update to ensure all packages are up-to-date
 sudo dnf -y update
-sudo dnf -y install epel-release
-sudo dnf install -y ufw
-sudo systemctl enable --now ufw
+
+# --- NVM and Node.js Installation ---
+echo "Installing NVM and Node.js v23.8.0..."
 curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
-NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
+
+# Load nvm for the current session
+export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+
 nvm install 23.8.0
 nvm use 23.8.0
+
 echo "
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗
 ██║░░░██║████╗░██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
@@ -45,22 +57,37 @@ echo "
 ╚██████╔╝██║░╚███║██████╔╝███████╗██║░░██║██║░░░░░╚█████╔╝██████╔╝░░░██║░░░
 ░╚═════╝░╚═╝░░╚══╝╚═════╝░╚══════╝╚═╝░░╚═╝╚═╝░░░░░░╚════╝░╚═════╝░░░░╚═╝░░░
 
-Installing underpost k8s node ...
-
+Installing underpost k8s node...
 "
+
+# Install underpost globally
 npm install -g underpost
-chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost
+
+# Ensure underpost executable is in PATH and has execute permissions
+# Adjusting this for global npm install which usually handles permissions
+# If you still face issues, ensure /root/.nvm/versions/node/v23.8.0/bin is in your PATH
+# For global installs, it's usually handled automatically.
+# chmod +x /root/.nvm/versions/node/v23.8.0/bin/underpost # This might not be necessary for global npm installs
+
+# --- Kernel Module for Bridge Filtering ---
+# This is crucial for Kubernetes networking (CNI)
+echo "Loading br_netfilter kernel module..."
 sudo modprobe br_netfilter
-mkdir -p /home/dd
-cd $(underpost root)/underpost
+
+# --- Initial Host Setup for Kubernetes Prerequisites ---
+# This calls the initHost method in cluster.js to install Docker, Podman, Kind, Kubeadm, Helm.
+echo "Running initial host setup for Kubernetes prerequisites..."
+# Ensure the current directory is where 'underpost' expects its root, or use absolute paths.
+# Assuming 'underpost root' correctly points to the base directory of your project.
+cd "$(underpost root)/underpost"
 underpost cluster --init-host
 
-# Default flags
+# --- Argument Parsing for Kubeadm/Kind/K3s/Worker ---
 USE_KUBEADM=false
-USE_KIND=false
+USE_KIND=false # Not the primary focus for this request, but keeping the logic
+USE_K3S=false  # New K3s option
 USE_WORKER=false
 
-# Loop through arguments
 for arg in "$@"; do
     case "$arg" in
     --kubeadm)
@@ -69,6 +96,9 @@ for arg in "$@"; do
     --kind)
         USE_KIND=true
         ;;
+    --k3s) # New K3s argument
+        USE_K3S=true
+        ;;
     --worker)
         USE_WORKER=true
         ;;
@@ -76,71 +106,58 @@ for arg in "$@"; do
 done
 
 echo "USE_KUBEADM = $USE_KUBEADM"
-echo "USE_KIND   = $USE_KIND"
-echo "USE_WORKER = $USE_WORKER"
-
-underpost cluster --kubeadm
-underpost cluster --reset
-
-PORTS=(
-    22    # SSH
-    80    # HTTP
-    443   # HTTPS
-    53    # DNS (TCP/UDP)
-    66    # TFTP
-    67    # DHCP
-    69    # TFTP
-    111   # rpcbind
-    179   # Calico BGP
-    2049  # NFS
-    20048 # NFS mountd
-    4011  # PXE boot
-    5240  # snapd API
-    5248  # Juju controller
-    6443  # Kubernetes API
-    9153  # CoreDNS metrics
-    10250 # Kubelet API
-    10251 # kube-scheduler
-    10252 # kube-controller-manager
-    10255 # Kubelet read-only (deprecated)
-    10257 # controller-manager (v1.23+)
-    10259 # scheduler (v1.23+)
-)
-
-PORT_RANGES=(
-    2379:2380 # etcd
-    # 30000:32767 # NodePort range
-    # 3000:3100 # App node ports
-    32765:32766 # Ephemeral ports
-    6783:6784   # Weave Net
-)
-
-# Open individual ports
-for PORT in "${PORTS[@]}"; do
-    ufw allow ${PORT}/tcp
-    ufw allow ${PORT}/udp
-done
+echo "USE_KIND      = $USE_KIND"
+echo "USE_K3S      = $USE_K3S" # Display K3s flag status
+echo "USE_WORKER   = $USE_WORKER"
 
-# Open port ranges
-for RANGE in "${PORT_RANGES[@]}"; do
-    ufw allow ${RANGE}/tcp
-    ufw allow ${RANGE}/udp
-done
+# --- Kubernetes Cluster Initialization Logic ---
 
-# Behavior based on flags
-if $USE_KUBEADM; then
-    echo "Running control node with kubeadm..."
-    underpost cluster --kubeadm
-    # kubectl get pods --all-namespaces -o wide -w
-fi
+# Apply host configuration (SELinux, Containerd, Sysctl, and now firewalld disabling)
+echo "Applying Kubernetes host configuration (SELinux, Containerd, Sysctl, Firewalld)..."
+underpost cluster --config
 
-if $USE_KIND; then
+if $USE_KUBEADM; then
+    if $USE_WORKER; then
+        echo "Running worker node setup for kubeadm..."
+        # For worker nodes, the 'underpost cluster --worker' command will handle joining
+        # the cluster. The join command itself needs to be provided from the control plane.
+        # This script assumes the join command will be executed separately or passed in.
+        # Example: underpost cluster --worker --join-command "kubeadm join ..."
+        # For now, this just runs the worker-specific config.
+        underpost cluster --worker
+        underpost cluster --chown
+        echo "Worker node setup initiated. You will need to manually join this worker to your control plane."
+        echo "On your control plane, run 'kubeadm token create --print-join-command' and execute the output here."
+    else
+        echo "Running control plane setup with kubeadm..."
+        # This will initialize the kubeadm control plane and install Calico
+        underpost cluster --kubeadm
+        echo "Kubeadm control plane initialized. Check cluster status with 'kubectl get nodes'."
+    fi
+elif $USE_K3S; then # New K3s initialization block
+    if $USE_WORKER; then
+        echo "Running worker node setup for K3s..."
+        # For K3s worker nodes, the 'underpost cluster --worker' command will handle joining
+        # the cluster. The K3s join command (k3s agent --server ...) needs to be provided.
+        underpost cluster --worker --k3s
+        underpost cluster --chown
+        echo "K3s Worker node setup initiated. You will need to manually join this worker to your control plane."
+        echo "On your K3s control plane, get the K3S_TOKEN from /var/lib/rancher/k3s/server/node-token"
+        echo "and the K3S_URL (e.g., https://<control-plane-ip>:6443)."
+        echo "Then execute: K3S_URL=${K3S_URL} K3S_TOKEN=${K3S_TOKEN} curl -sfL https://get.k3s.io | sh -"
+    else
+        echo "Running control plane setup with K3s..."
+        underpost cluster --k3s
+        echo "K3s control plane initialized. Check cluster status with 'kubectl get nodes'."
+    fi
+elif $USE_KIND; then
     echo "Running control node with kind..."
     underpost cluster
-    # kubectl get pods --all-namespaces -o wide -w
+    echo "Kind cluster initialized. Check cluster status with 'kubectl get nodes'."
+else
+    echo "No specific cluster role (--kubeadm, --kind, --k3s, --worker) specified. Please provide one."
+    exit 1
 fi
 
-if $USE_WORKER; then
-    echo "Running worker..."
-    underpost cluster --worker --config
-fi
+echo "Underpost Kubernetes Node Setup completed."
+echo "Remember to verify cluster health with 'kubectl get nodes' and 'kubectl get pods --all-namespaces'."

package/manifests/maas/device-scan.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+for iface_path in /sys/class/net/*; do
+  name=$(basename "$iface_path")
+  mac=$(< "$iface_path/address")
+  ip=$(ip -4 addr show dev "$name" \
+       | grep -oP '(?<=inet\s)\d+(\.\d+){3}' || echo "—")
+  operstate=$(< "$iface_path/operstate")
+  mtu=$(< "$iface_path/mtu")
+
+  # Driver
+  if [ -L "$iface_path/device/driver" ]; then
+    driver=$(basename "$(readlink -f "$iface_path/device/driver")")
+  else
+    driver="—"
+  fi
+
+  # Vendor device ID PCI
+  pci_dev="$iface_path/device"
+  if [ -f "$pci_dev/vendor" ] && [ -f "$pci_dev/device" ]; then
+    vendor_id=$(< "$pci_dev/vendor")
+    device_id=$(< "$pci_dev/device")
+    # pasamos de 0x8086 a 8086, etc.
+    vendor_id=${vendor_id#0x}
+    device_id=${device_id#0x}
+    pci="${vendor_id}:${device_id}"
+  else
+    pci="—"
+  fi
+
+  # Link Speed
+  speed=$(cat "$iface_path/speed" 2>/dev/null || echo "—")
+
+  echo "Interface: $name"
+  echo "  MAC:          $mac"
+  echo "  IPv4:         $ip"
+  echo "  State:       $operstate"
+  echo "  MTU:          $mtu"
+  echo "  Driver:       $driver"
+  echo "  PCI Vendor:Device ID: $pci"
+  echo "  Link Speed:   ${speed}Mb/s"
+  echo
+done

package/manifests/maas/gpu-diag.sh

@@ -0,0 +1,19 @@
+# GPUs and drivers in use
+sudo lspci -nnk | egrep -i 'vga|3d' -A3
+
+# modules loaded relevant
+lsmod | egrep 'nvidia|nouveau|amdgpu' || true
+
+# if exists nvidia tool
+nvidia-smi 2>/dev/null || echo "nvidia-smi no disponible / driver no cargado"
+
+# kernel related errors
+sudo dmesg | egrep -i 'nvidia|nouveau|amdgpu' --color=auto
+
+# recent system errors / gdm / mutter / X
+sudo journalctl -b -p err --no-pager | head -n 200
+journalctl -b _COMM=gdm --no-pager | tail -n 200
+journalctl -b _COMM=Xorg --no-pager | tail -n 200
+
+# X log (if exists)
+sudo grep -E "(EE|WW|NVIDIA|nouveau|amdgpu)" /var/log/Xorg.0.log || true