Adds pre/post boot and node roles

[vasyl-purchel]

Issues addressed:

• Feature: Allow users to add custom packages to images built with image-builder #2301
• Passing packer variables to specify custom overrides does not seem to work #2372

Description of changes:
As per kubernetes-sigs/image-builder#894 issue upstream project opened to use custom Ansible roles pre/post boot of the node and also pre/post node provisioning.

This opens doors to customize image built for custom requirements, for example if deployment needs to happen in offline environment that has no access to the internet and would require to update system with required changes to look for packages on internal proxies instead.

Also allows to provide extra updates to the system before Kubernetes is installed along with extra tweaks after.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[eks-distro-bot]

Hi @vasyl-purchel. Thanks for your PR.

I'm waiting for a aws member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[vasyl-purchel]

PR verified:

image-builder@eksa_test:~$ cat /home/image-builder/packer_vars.json
{
        "disable_public_repos": "true",
        "node_custom_roles_pre": "wd.eksa.pre_node"
}
image-builder@eksa_test:~$ cat ~/.ansible/roles/wd.eksa.pre_node/tasks/main.yml 
- name: Do custom stuff
  apt:
    name:
      - jq
      - ansible
      - make
    update_cache: yes
    state: latest
image-builder@eksa_test:~$ export EKSA_USE_DEV_RELEASE=true
image-builder@eksa_test:~$ image-builder-pr build --os ubuntu --os-version 22.04 --hypervisor baremetal --release-channel 1-27 -v 3 --force --baremetal-config /home/image-builder/packer_vars.json
...

and while it's running we can see that overrides are passed over to packer:

$ cat /home/image-builder/eks-anywhere-build-tooling/projects/kubernetes-sigs/image-builder/packer/config/baremetal.json
{"files":null,"rhel_username":"","rhel_password":"","node_custom_roles_pre":"wd.eksa.pre_node","disable_public_repos":"true"}

Note: this example is not complete since when we disable public repos we need to supply private repos as well and for ansible roles I'm using only one role while value can be space separated multiple roles

[vignesh-goutham]

/ok-to-test

[vignesh-goutham]

Thanks for this!

One question I had was, can the pre/post role take in a full path for the ansible role, and if user doesn't provide the full path, does it expect the role to be present in a certain relative path?

Also could you add this overrides to cloudstack, vsphere, nutanix and ami builder types?

[vasyl-purchel]

details on what these overrides can take are very well described here: https://image-builder.sigs.k8s.io/capi/capi.html#customization
if ansible is not configured to look in specific location it can't take full path to it, but if you put roles into ansible configured location then it can use those

in my case I've used ~/.ansible/ where I believe ansible-galaxy would install collections and they were found out.

as for adding those to other hypervisors can do for sure but won't be able to verify if it works in any way as I don't have those configured

[vasyl-purchel]

@vignesh-goutham , I've updated PR with requested addition to other hypervisor types along with rebasing the change on top of latest main branch.

[vignesh-goutham]

Thanks for this PR!

/lgtm
/approve

[eks-distro-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vignesh-goutham

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [vignesh-goutham]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jaxesn]

/cherrypick release-0.17

[eks-distro-pr-bot]

@jaxesn: #2474 failed to apply on top of branch "release-0.17":

Applying: Adds pre/post boot and node roles
Using index info to reconstruct a base tree...
M	projects/aws/image-builder/builder/types.go
Falling back to patching base and 3-way merge...
Auto-merging projects/aws/image-builder/builder/types.go
CONFLICT (content): Merge conflict in projects/aws/image-builder/builder/types.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Adds pre/post boot and node roles
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-0.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.