From a89f096f8b13597355a72c144762cd79d7f93204 Mon Sep 17 00:00:00 2001
From: Abhay Krishna <arnchlm@amazon.com>
Date: Fri, 17 May 2024 16:12:20 -0400
Subject: [PATCH] Build Nutanix images in CI (#3180)

---
 build/lib/create_release_checksums.sh         |  2 +-
 .../kubernetes-sigs/image-builder/Makefile    | 42 ++++++++++++------
 .../image-builder/build/build_image.sh        | 43 ++++++++++++++++---
 .../image-builder/buildspecs/nutanix.yml      | 22 ++++++++++
 .../expected_artifacts_nutanix                | 12 ++++++
 5 files changed, 99 insertions(+), 22 deletions(-)
 create mode 100644 projects/kubernetes-sigs/image-builder/buildspecs/nutanix.yml
 create mode 100644 projects/kubernetes-sigs/image-builder/expected-artifacts/expected_artifacts_nutanix

diff --git a/build/lib/create_release_checksums.sh b/build/lib/create_release_checksums.sh
index 609c994c6c..66e8f528d1 100755
--- a/build/lib/create_release_checksums.sh
+++ b/build/lib/create_release_checksums.sh
@@ -33,7 +33,7 @@ rm -f $SHA512SUM
 echo "Writing artifact hashes to SHA256SUM/SHA512SUM files..."
 cd $ASSET_ROOT
 for file in $(find ${ASSET_ROOT} -type f -not -path '*\.sha[25][51][62]' -not -path '*\.docker_*' \
-     \( -path '*bin/linux*' -o -path '*bin/windows*' -o -path '*bin/darwin*' -o -name '*\.gz' -o -name '*\.ova' -o -name '*\.qcow2' \) ); do
+     \( -path '*bin/linux*' -o -path '*bin/windows*' -o -path '*bin/darwin*' -o -name '*\.gz' -o -name '*\.ova' -o -name '*\.qcow2' -o -name '*\.img' \) ); do
     filepath=$($REALPATH --relative-base=${ASSET_ROOT} $file )
     sha256sum "$filepath" | tee -a $SHA256SUM > "$file.sha256" || return 1
     sha512sum "$filepath" | tee -a $SHA512SUM > "$file.sha512" || return 1
diff --git a/projects/kubernetes-sigs/image-builder/Makefile b/projects/kubernetes-sigs/image-builder/Makefile
index f92d36ab62..a6986c906d 100644
--- a/projects/kubernetes-sigs/image-builder/Makefile
+++ b/projects/kubernetes-sigs/image-builder/Makefile
@@ -32,6 +32,7 @@ REDHAT_CONFIG_TARGET=redhat-config.json
 IF_REDHAT_CONFIG_TARGET=$(if $(filter redhat,$(IMAGE_OS)),$(REDHAT_CONFIG_TARGET),)
 
 VSPHERE_CONNECTION_DATA?={}
+NUTANIX_CONNECTION_DATA?={}
 # Aws accounts to share built AMI with
 DEV_ACCOUNTS?=
 
@@ -87,10 +88,7 @@ OVA_FORMAT_EXT=ova
 RAW_FORMAT_EXT=gz
 AMI_FORMAT_EXT=gz
 CLOUDSTACK_FORMAT_EXT=qcow2
-
-# there is no file produced during nutanix builds, defining to avoid
-# missing variable warning
-NUTANIX_FORMAT_EXT=
+NUTANIX_FORMAT_EXT=img
 
 # $1- image_format
 # $2 - image_os
@@ -152,7 +150,7 @@ BUILD_RAW_TARGETS=$(foreach os,ubuntu-2004 ubuntu-2204 redhat-8 redhat-9,build-r
 BUILD_CLOUDSTACK_TARGETS=$(foreach os, redhat-8 redhat-9,build-cloudstack-$(os) $(call FAKE_IMAGE_PATH_FROM_OS_WITH_VER,cloudstack,$(os)) upload-artifacts-cloudstack-$(os))
 
 # nutanix node images
-BUILD_NUTANIX_TARGETS=build-nutanix-ubuntu-2004 build-nutanix-ubuntu-2204
+BUILD_NUTANIX_TARGETS=packer/nutanix/nutanix.json $(foreach os,ubuntu-2004 ubuntu-2204 redhat-8 redhat-9,build-nutanix-$(os) $(call FAKE_IMAGE_PATH_FROM_OS_WITH_VER,nutanix,$(os)) upload-artifacts-nutanix-$(os))
 
 ifneq ($(BOTTLEROCKET_AMI_RELEASE_VERSION),null)
 	BUILD_AMI_TARGETS+=upload-bottlerocket-1-ami
@@ -253,17 +251,26 @@ REDHAT_8_VERSION=8.4
 REDHAT_9_VERSION=9.3
 REDHAT_8_ISO_CHECKSUM=ea5f349d492fed819e5086d351de47261c470fc794f7124805d176d69ddf1fcd
 REDHAT_9_ISO_CHECKSUM=5c802147aa58429b21e223ee60e347e850d6b0d8680930c4ffb27340ffb687a8
+NUTANIX_REDHAT_8_VERSION=8.8
+NUTANIX_REDHAT_9_VERSION=9.3
 
 $(REDHAT_CONFIG_TARGET):
-	@echo $(IMAGE_OS_VERSION)
-	jq --null-input \
-		--arg rhel_username "$(RHSM_USERNAME)" \
-		--arg rhel_password "$(RHSM_PASSWORD)" \
-		--arg iso_url "$(if $(filter 9,$(IMAGE_OS_VERSION)),$$(aws s3 presign redhat-iso-pdx/$(REDHAT_9_VERSION)/rhel-$(REDHAT_9_VERSION)-x86_64-dvd.iso),$$(aws s3 presign redhat-iso-pdx/$(REDHAT_8_VERSION)/rhel-$(REDHAT_8_VERSION)-x86_64-dvd.iso))" \
-		--arg extra_rpms "$(if $(filter raw,$(IMAGE_FORMAT)),$$(aws s3 presign redhat-iso-pdx/8.4/rpms/kmod-megaraid_sas-07.719.06.00_el8.4-1.x86_64.rpm),)" \
-		--arg iso_checksum_type "sha256" \
-		--arg iso_checksum "$(if $(filter 9,$(IMAGE_OS_VERSION)),$(REDHAT_9_ISO_CHECKSUM),$(REDHAT_8_ISO_CHECKSUM))" \
-		'{"rhel_username": $$rhel_username, "rhel_password": $$rhel_password, "iso_url": $$iso_url, "iso_checksum_type": $$iso_checksum_type, "iso_checksum": $$iso_checksum, "extra_rpms": $$extra_rpms}' > $@
+	@if [[ "$(IMAGE_FORMAT)" == "nutanix" ]]; then \
+		jq --null-input \
+			--arg rhel_username "$(RHSM_USERNAME)" \
+			--arg rhel_password "$(RHSM_PASSWORD)" \
+			--arg image_url "$(if $(filter 9,$(IMAGE_OS_VERSION)),https://redhat-iso-pdx.s3.us-west-2.amazonaws.com/$(NUTANIX_REDHAT_9_VERSION)/rhel-$(NUTANIX_REDHAT_9_VERSION).qcow2,https://redhat-iso-pdx.s3.us-west-2.amazonaws.com/$(NUTANIX_REDHAT_8_VERSION)/rhel-$(NUTANIX_REDHAT_8_VERSION).qcow2)" \
+			'{"rhel_username": $$rhel_username, "rhel_password": $$rhel_password, "image_url": $$image_url}' > $@; \
+	else \
+		jq --null-input \
+			--arg rhel_username "$(RHSM_USERNAME)" \
+			--arg rhel_password "$(RHSM_PASSWORD)" \
+			--arg iso_url "$(if $(filter 9,$(IMAGE_OS_VERSION)),$$(aws s3 presign redhat-iso-pdx/$(REDHAT_9_VERSION)/rhel-$(REDHAT_9_VERSION)-x86_64-dvd.iso),$$(aws s3 presign redhat-iso-pdx/$(REDHAT_8_VERSION)/rhel-$(REDHAT_8_VERSION)-x86_64-dvd.iso))" \
+			--arg extra_rpms "$(if $(filter raw,$(IMAGE_FORMAT)),$$(aws s3 presign redhat-iso-pdx/8.4/rpms/kmod-megaraid_sas-07.719.06.00_el8.4-1.x86_64.rpm),)" \
+			--arg iso_checksum_type "sha256" \
+			--arg iso_checksum "$(if $(filter 9,$(IMAGE_OS_VERSION)),$(REDHAT_9_ISO_CHECKSUM),$(REDHAT_8_ISO_CHECKSUM))" \
+			'{"rhel_username": $$rhel_username, "rhel_password": $$rhel_password, "iso_url": $$iso_url, "iso_checksum_type": $$iso_checksum_type, "iso_checksum": $$iso_checksum, "extra_rpms": $$extra_rpms}' > $@; \
+	fi
 ##############################################################
 
 ########################### FAKE TARGETS ###############################
@@ -276,6 +283,9 @@ fake-%: | $$(ENABLE_LOGGING)
 packer/ova/vsphere.json:
 	echo "{}" > $@
 
+packer/nutanix/nutanix.json:
+	echo "{}" > $@
+
 ########################################################################
 
 ######################## BOTTLEROCKET #######################
@@ -363,6 +373,10 @@ release-cloudstack-%: IMAGE_FORMAT=cloudstack
 release-cloudstack-%: release-image-build-on-metal-%
 	@echo Done building $@
 
+release-nutanix-%: IMAGE_FORMAT=nutanix
+release-nutanix-%: validate-supported-image-% $(IF_REDHAT_CONFIG_TARGET) | ensure-jq $$(ENABLE_LOGGING)
+	@build/build_image.sh $(IMAGE_OS) $(IMAGE_OS_VERSION) $(RELEASE_BRANCH) $(IMAGE_FORMAT) $(ARTIFACTS_BUCKET) $(LATEST) $(IMAGE_OS_FIRMWARE)
+
 # used for cloudstack and raw
 # clone the repo first since its scp'd to the temporary instance which runs kvm
 release-image-build-on-metal-%: IMAGE_FORMAT?=raw
diff --git a/projects/kubernetes-sigs/image-builder/build/build_image.sh b/projects/kubernetes-sigs/image-builder/build/build_image.sh
index c0dee3b8b5..4eebc78491 100755
--- a/projects/kubernetes-sigs/image-builder/build/build_image.sh
+++ b/projects/kubernetes-sigs/image-builder/build/build_image.sh
@@ -18,6 +18,7 @@ set -o errexit
 set -o nounset
 
 MAKE_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P)"
+source "${MAKE_ROOT}/../../../build/lib/common.sh"
 
 image_os="${1?Specify the first argument - image os}"
 image_os_version="${2?Specify the second argument - image os version}"
@@ -40,7 +41,7 @@ if [ ! -f "${HOME}/image-builder" ]; then
     ARCH="amd64"
   fi
 
-  cp "$MAKE_ROOT/../../aws/image-builder/_output/bin/image-builder/linux-$ARCH/image-builder" "${HOME}" 
+  cp "$MAKE_ROOT/../../aws/image-builder/_output/bin/image-builder/linux-$ARCH/image-builder" "${HOME}"
 fi
 
 image_builder_config_file="${HOME}/image_builder_config_file"
@@ -69,7 +70,7 @@ function retry_image_builder() {
 
       local retry="false"
       local message=""
-      for key in "${!retryable_messages[@]}"; do 
+      for key in "${!retryable_messages[@]}"; do
         if grep -q "$key" "$log_file"; then
           message="${retryable_messages[$key]}"
           retry="true"
@@ -98,7 +99,7 @@ if [[ $image_format == "ova" ]]; then
   vsphere_config_file="${HOME}/vsphere_config_file"
   echo "${VSPHERE_CONNECTION_DATA}" > $vsphere_config_file
 
-  # Run image-builder cli
+  echo "Creating VSphere image-builder config"
   if [[ $image_os == "redhat" ]]; then
     jq -s add $vsphere_config_file $redhat_config_file > $image_builder_config_file
   else
@@ -109,15 +110,20 @@ if [[ $image_format == "ova" ]]; then
   if [ -n "$firmware" ] && [[ "$image_os" == "ubuntu" ]]; then
     firmware_arg="--firmware $firmware"
   fi
+  cat $image_builder_config_file
 
+  # Run image-builder CLI
   retry_image_builder build --hypervisor vsphere --os $image_os $image_os_version_arg --vsphere-config $image_builder_config_file --release-channel $release_channel $firmware_arg
 elif [[ $image_format == "raw" ]]; then
-  # Run image-builder cli
+  echo "Creating Bare metal image-builder config"
   if [[ $image_os == "ubuntu" ]]; then
+    # Run image-builder CLI
     retry_image_builder build --hypervisor baremetal --os $image_os $image_os_version_arg --release-channel $release_channel
-    echo "done with image builder"
   elif [[ $image_os == "redhat" ]]; then
     image_builder_config_file=$redhat_config_file
+    cat $image_builder_config_file
+
+    # Run image-builder CLI
     retry_image_builder build --hypervisor baremetal --os $image_os $image_os_version_arg --release-channel $release_channel --baremetal-config $image_builder_config_file
   fi
 elif [[ $image_format == "cloudstack" ]]; then
@@ -126,8 +132,11 @@ elif [[ $image_format == "cloudstack" ]]; then
     exit 1
   fi
 
-  echo "Creating cloudstack config"
+  echo "Creating Cloudstack image-builder config"
   image_builder_config_file=$redhat_config_file
+  cat $image_builder_config_file
+
+  # Run image-builder CLI
   retry_image_builder build --hypervisor cloudstack --os $image_os $image_os_version_arg --release-channel $release_channel --cloudstack-config $image_builder_config_file
 elif [[ $image_format == "ami" ]]; then
   if [[ $image_os != "ubuntu" ]]; then
@@ -135,10 +144,30 @@ elif [[ $image_format == "ami" ]]; then
     exit 1
   fi
 
-  echo "Creating AMI config"
+  echo "Creating AMI image-builder config"
   jq --null-input \
     --arg ami_filter_owners "099720109477" \
     --arg manifest_output "$MANIFEST_OUTPUT" \
     '{"ami_filter_owners": $ami_filter_owners, "manifest_output": $manifest_output}' > $image_builder_config_file
+  cat $image_builder_config_file
+
+  # Run image-builder CLI
   retry_image_builder build --hypervisor ami --os $image_os $image_os_version_arg --release-channel $release_channel --ami-config $image_builder_config_file
+elif [[ $image_format == "nutanix" ]]; then
+  # Setup nutanix config
+  nutanix_config_file="${HOME}/nutanix_config_file"
+  echo "${NUTANIX_CONNECTION_DATA}" > $nutanix_config_file
+  image_name=${image_os}-${image_os_version}-kube-v${release_channel}
+  build::jq::update_in_place $nutanix_config_file '.image_name = '"\"$image_name\""'' 
+
+  echo "Creating Nutanix image-builder config"
+  if [[ $image_os == "redhat" ]]; then
+    jq -s add $nutanix_config_file $redhat_config_file > $image_builder_config_file
+  else
+    image_builder_config_file=$nutanix_config_file
+  fi
+  cat $image_builder_config_file
+
+  # Run image-builder CLI
+  retry_image_builder build --hypervisor nutanix --os $image_os $image_os_version_arg --nutanix-config $image_builder_config_file --release-channel $release_channel
 fi
diff --git a/projects/kubernetes-sigs/image-builder/buildspecs/nutanix.yml b/projects/kubernetes-sigs/image-builder/buildspecs/nutanix.yml
new file mode 100644
index 0000000000..2d1bfb6794
--- /dev/null
+++ b/projects/kubernetes-sigs/image-builder/buildspecs/nutanix.yml
@@ -0,0 +1,22 @@
+version: 0.2
+
+run-as: imagebuilder
+
+env:
+  variables:
+    HOME: "/home/imagebuilder"
+    CLI_FOLDER: "projects/aws/image-builder"
+    GOPATH: "/home/imagebuilder/go"
+  secrets-manager:
+    NUTANIX_CONNECTION_DATA: "nutanix_ci:nutanix_connection_data"
+
+phases:
+  pre_build:
+    run-as: root
+    commands:
+      - git config --global credential.helper '!aws codecommit credential-helper $@'
+      - git config --global credential.UseHttpPath true
+
+  build:
+    commands:      
+      - if make check-for-supported-release-branch IMAGE_OS=$IMAGE_OS IMAGE_FORMAT=nutanix RELEASE_BRANCH=$RELEASE_BRANCH -C $PROJECT_PATH && make check-for-release-branch-skip -C $PROJECT_PATH; then make binaries -C $CLI_FOLDER && make release IMAGE_OS=$IMAGE_OS IMAGE_OS_VERSION=$IMAGE_OS_VERSION IMAGE_FORMAT=nutanix RELEASE_BRANCH=$RELEASE_BRANCH -C $PROJECT_PATH; fi
diff --git a/projects/kubernetes-sigs/image-builder/expected-artifacts/expected_artifacts_nutanix b/projects/kubernetes-sigs/image-builder/expected-artifacts/expected_artifacts_nutanix
new file mode 100644
index 0000000000..c4ccd4dfb4
--- /dev/null
+++ b/projects/kubernetes-sigs/image-builder/expected-artifacts/expected_artifacts_nutanix
@@ -0,0 +1,12 @@
+EKSD_MANIFEST_URL
+KUBERNETES_VERSION
+SHA256SUM
+SHA256SUM.sha256
+SHA256SUM.sha512
+SHA512SUM
+SHA512SUM.sha256
+SHA512SUM.sha512
+packer.log
+$IMAGE_OS.img
+$IMAGE_OS.img.sha256
+$IMAGE_OS.img.sha512