Posted Updated 10 minutes read (About 1549 words)

SUSE EIB 使用随记

Edge Image Builder(EIB)是一款用于生成定制化可引导(CRB)镜像的工具,可用于机器引导,即使在完全离线的环境中也能使用。EIB 可创建适用于 SUSE Edge 三种部署模式的镜像,支持从简单的设置(如添加用户、配置时区)到复杂的定制(如配置网络、部署多节点 Kubernetes 集群、分发工作负载,并通过 Rancher/Elemental 和 SUSE Manager 注册到集中管理平台)。EIB 以容器形式运行,便于跨平台使用,所有依赖均已打包,对宿主系统影响极小。

参考文档:https://documentation.suse.com/suse-edge/3.1/html/edge/quickstart-eib.html

Prerequisites:

  1. 官方建议使用 x86_64 的 SLES 15 SP6、openSUSE Leap 15.6 或者 openSUSE Tumbleweed。
  2. 节点安装了 CRI(例如 Podman)。
  3. 下载最新的 SLE Micro 6.0 SelfInstall ISO

由于 EIB 运行在容器中,所以需要从宿主机挂载一个配置目录,以便指定所需的配置,并在构建过程中让 EIB 访问所有必要的输入文件和相关资源,该目录必须遵循特定的结构。

创建配置目录:

1
2
export CONFIG_DIR=$HOME/eib
mkdir -p $CONFIG_DIR/base-images

将下载好的 SLE Micro 6.0 SelfInstall ISO 存放在该目录中:

1
cp /path/to/downloads/SL-Micro.x86_64-6.0-Base-SelfInstall-GM2.install.iso $CONFIG_DIR/base-images/slemicro.iso

创建 eib-iso-definition.yaml

1
2
3
4
5
6
7
8
cat << EOF > $CONFIG_DIR/eib-iso-definition.yaml
apiVersion: 1.0
image:
  imageType: iso
  arch: x86_64
  baseImage: slemicro.iso
  outputImageName: eib-image.iso
EOF

更多 eib-iso-definition.yaml 配置可以参考文档:

  1. https://github.com/suse-edge/edge-image-builder/blob/release-1.1/pkg/image/testdata/full-valid-example.yaml
  2. https://github.com/suse-edge/edge-image-builder/blob/release-1.1/docs/building-images.md

配置 OS 用户,此处需要通过 openssl 创建单向加密密码:

1
openssl passwd -6 <your_password>

然后将输出的内容配置到 eib-iso-definition.yaml 中:

1
2
3
4
5
6
7
8
9
10
11
12
13
...
operatingSystem:
  users:
    - username: root
      encryptedPassword: xxx
    - username: rancher
      uid: 1000
      encryptedPassword: xxx
      createHomeDir: true
      primaryGroup: rancher
  groups:
    - name: rancher
      gid: 1000

添加时区配置到 eib-iso-definition.yaml 中:

1
2
3
4
5
6
7
8
9
10
...
operatingSystem:
...
  time:
    timezone: Asia/Shanghai
    ntp:
      forceWait: true
      servers:
        - ntp.aliyun.com
...

准备网络配置文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
mkdir $CONFIG_DIR/network

cat << EOF > $CONFIG_DIR/network/host1.local.yaml
routes:
  config:
  - destination: 0.0.0.0/0
    next-hop-address: 172.16.16.1
    next-hop-interface: eth0
dns-resolver:
  config:
    server:
    - 172.16.16.12
    - 223.5.5.5
interfaces:
- name: eth0
  type: ethernet
  state: up
  mac-address: 00:50:56:92:6b:3b
  ipv4:
    address:
    - ip: 172.16.16.146
      prefix-length: 24
    dhcp: false
    enabled: true
  ipv6:
    enabled: false
EOF

其中的 mac-address,可以先创建好虚拟机,然后在配置界面获取,VMware 界面如下:

准备 RKE2 配置文件:

1
2
3
4
5
6
mkdir -p $CONFIG_DIR/kubernetes/config

cat << EOF > $CONFIG_DIR/kubernetes/config/server.yaml
token: my-shared-secret
system-default-registry: registry.rancher.com
EOF

eib-iso-definition.yaml 中添加 Kubernetes/Rancher 配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
...
kubernetes:
  version: v1.31.7+rke2r1
  network:
    apiVIP: 172.16.16.147
  manifests:
    urls:
    - https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml
    - http://172.16.16.140:8080/config/rancher-namespace.yaml
  helm:
    charts:
      - name: rancher
        version: 2.10.3
        repositoryName: rancher-prime
        valuesFile: rancher-values.yaml
        targetNamespace: cattle-system
        createNamespace: true
        installationNamespace: cattle-system
    repositories:
      - name: rancher-prime
        url:  https://charts.rancher.com/server-charts/prime
embeddedArtifactRegistry:
  images:
    - name: registry.rancher.com/rancher/backup-restore-operator:v6.0.0
    - name: registry.rancher.com/rancher/calico-cni:v3.29.0-rancher1
    - name: registry.rancher.com/rancher/cis-operator:v1.3.4
    - name: registry.rancher.com/rancher/flannel-cni:v1.4.1-rancher1
    - name: registry.rancher.com/rancher/fleet-agent:v0.11.2
    - name: registry.rancher.com/rancher/fleet:v0.11.2
    - name: registry.rancher.com/rancher/hardened-addon-resizer:1.8.20-build20241001
    - name: registry.rancher.com/rancher/hardened-calico:v3.29.0-build20241104
    - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.8.11-build20241014
    - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.6.0-build20241022
    - name: registry.rancher.com/rancher/hardened-coredns:v1.11.3-build20241018
    - name: registry.rancher.com/rancher/hardened-dns-node-cache:1.23.1-build20241008
    - name: registry.rancher.com/rancher/hardened-etcd:v3.5.16-k3s1-build20241106
    - name: registry.rancher.com/rancher/hardened-flannel:v0.26.1-build20241107
    - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.7.1-build20241008
    - name: registry.rancher.com/rancher/hardened-kubernetes:v1.31.3-rke2r1-build20241121
    - name: registry.rancher.com/rancher/hardened-multus-cni:v4.1.3-build20241028
    - name: registry.rancher.com/rancher/hardened-whereabouts:v0.8.0-build20241011
    - name: registry.rancher.com/rancher/k3s-upgrade:v1.31.3-k3s1
    - name: registry.rancher.com/rancher/klipper-helm:v0.9.3-build20241008
    - name: registry.rancher.com/rancher/klipper-lb:v0.4.9
    - name: registry.rancher.com/rancher/kube-api-auth:v0.2.3
    - name: registry.rancher.com/rancher/kubectl:v1.31.1
    - name: registry.rancher.com/rancher/local-path-provisioner:v0.0.30
    - name: registry.rancher.com/rancher/machine:v0.15.0-rancher124
    - name: registry.rancher.com/rancher/mirrored-cluster-api-controller:v1.8.3
    - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.10.5-hardened4
    - name: registry.rancher.com/rancher/prometheus-federator:v0.4.3
    - name: registry.rancher.com/rancher/pushprox-client:v0.1.4-rancher2-client
    - name: registry.rancher.com/rancher/pushprox-proxy:v0.1.4-rancher2-proxy
    - name: registry.rancher.com/rancher/rancher-agent:v2.10.1
    - name: registry.rancher.com/rancher/rancher-csp-adapter:v5.0.1
    - name: registry.rancher.com/rancher/rancher-webhook:v0.6.2
    - name: registry.rancher.com/rancher/rancher:v2.10.1
    - name: registry.rancher.com/rancher/rke-tools:v0.1.105
    - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.31.2-0.20241016053446-0955fa330f90-build20241016
    - name: registry.rancher.com/rancher/rke2-runtime:v1.31.3-rke2r1
    - name: registry.rancher.com/rancher/rke2-upgrade:v1.31.3-rke2r1
    - name: registry.rancher.com/rancher/security-scan:v0.5.2
    - name: registry.rancher.com/rancher/shell:v0.3.0
    - name: registry.rancher.com/rancher/system-agent-installer-k3s:v1.31.3-k3s1
    - name: registry.rancher.com/rancher/system-agent-installer-rke2:v1.31.3-rke2r1
    - name: registry.rancher.com/rancher/system-agent:v0.3.11-suc
    - name: registry.rancher.com/rancher/system-upgrade-controller:v0.14.2
    - name: registry.rancher.com/rancher/ui-plugin-catalog:3.2.0
    - name: registry.rancher.com/rancher/kubectl:v1.20.2
    - name: registry.rancher.com/rancher/kubectl:v1.29.2
    - name: registry.rancher.com/rancher/shell:v0.1.24
    - name: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.4.1
    - name: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.4.3
    - name: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.4.4
    - name: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen:v20231226-1a7112e06
...

准备 Rancher Helm Chart Values 配置文件:

1
2
3
4
5
6
7
8
9
mkdir -p $CONFIG_DIR/kubernetes/helm/values

cat << EOF > $CONFIG_DIR/kubernetes/helm/values/rancher-values.yaml
hostname: eib-rancher.warnerchen.com
replicas: 1
bootstrapPassword: "xxx"
systemDefaultRegistry: registry.rancher.com
useBundledSystemChart: true
EOF

准备创建 cattle-system 命名空间文件:

1
2
3
4
5
6
7
8
mkdir -p $HOME/config/

cat << EOF > ~/config/rancher-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: cattle-system
EOF

启动一个 Nginx,使 EIB 构建 ISO 的时候能够获取所需文件:

1
podman run -d --name nginx -p 8080:80 -v $HOME/config:/usr/share/nginx/html/config -v $HOME/eib:/usr/share/nginx/html/eib/ harbor.warnerchen.com/library/nginx:mainline

最终目录结构:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
root@test-0:~# tree $HOME/config $HOME/eib
/root/config
└── rancher-namespace.yaml
/root/eib
├── base-images
│   └── slemicro.iso
├── eib-iso-definition.yaml
├── kubernetes
│   ├── config
│   │   └── server.yaml
│   └── helm
│       └── values
│           └── rancher-values.yaml
└── network
    └── host1.local.yaml

开始构建 ISO:

1
2
3
podman run --rm -it --privileged -v $CONFIG_DIR:/eib \
registry.suse.com/edge/3.2/edge-image-builder:1.1.1 \
build --definition-file eib-iso-definition.yaml

构建过程日志:

也可以查看 $HOME/eib/_build/build-xxx/*.log 检查日志。

给虚拟机挂载 ISO,开机后执行安装:

安装完成后,登陆到节点查看 Kubernetes 运行状况:

登陆 Rancher:

SUSE EIB 使用随记

https://warnerchen.github.io/2025/05/07/SUSE-EIB-使用随记/

Author

Warner Chen

Posted on

2025-05-07

Updated on

2025-05-08

Licensed under

#
You need to set install_url to use ShareThis. Please set it in _config.yml.

Like this article? Support the author with

You forgot to set the business or currency_code for Paypal. Please set it in _config.yml.

Comments

You forgot to set the shortname for Disqus. Please set it in _config.yml.
Follow

Links

Recents

Archives

Tags

ai2
ansible1
calico1
cert-manager1
cisco1
container2
containerd1
docker2
elasticsearch1
elk1
etcd3
istio2
jenkins1
kafka1
kubernetes9
linux3
metallb1
mysql1
nexus1
others2
prometheus1
redis2
suse28
web1
zookeeper1
面试1
首页1

Subscribe for updates

You need to set client_id and slot_id to show this AD unit. Please set it in _config.yml.

follow.it

×