core/installer: multi-arch talos support

Signed-off-by: nbykov0 <166552198+nbykov0@users.noreply.github.com>

hack/upload-assets.sh

@@ -4,8 +4,18 @@ set -xe
 version=${VERSION:-$(git describe --tags)}
 
 gh release upload --clobber $version _out/assets/cozystack-installer.yaml
+
 gh release upload --clobber $version _out/assets/metal-amd64.iso
+gh release upload --clobber $version _out/assets/metal-arm64.iso
+
 gh release upload --clobber $version _out/assets/metal-amd64.raw.xz
+gh release upload --clobber $version _out/assets/metal-arm64.raw.xz
+
 gh release upload --clobber $version _out/assets/nocloud-amd64.raw.xz
+gh release upload --clobber $version _out/assets/nocloud-arm64.raw.xz
+
 gh release upload --clobber $version _out/assets/kernel-amd64
+gh release upload --clobber $version _out/assets/kernel-arm64
+
 gh release upload --clobber $version _out/assets/initramfs-metal-amd64.xz
+gh release upload --clobber $version _out/assets/initramfs-metal-arm64.xz

packages/core/installer/Makefile

@@ -1,10 +1,12 @@
 NAME=installer
 NAMESPACE=cozy-system
 
-TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/installer.yaml)
+TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' images/talos/profiles/installer-amd64.yaml)
 
 include ../../../scripts/common-envs.mk
 
+ARCH := $(shell echo "$(PLATFORM)" | sed 's:linux/::g;s:,: :g')
+
 pre-checks:
 	../../../hack/pre-checks.sh
 
@@ -17,8 +19,10 @@ apply:
 diff:
 	helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f -
 
-update:
-	hack/gen-profiles.sh
+update: update-amd64 update-arm64
+
+update-%:
+	hack/gen-profiles.sh $*
 
 image: pre-checks image-matchbox image-cozystack image-talos
 
@@ -26,9 +30,10 @@ image-cozystack:
 	make -C ../../.. repos
 	docker buildx build -f images/cozystack/Dockerfile ../../.. \
 		--provenance false \
+		--builder=$(BUILDER) \
+		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/installer:$(call settag,$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/installer:latest \
-		--platform linux/amd64 \
 		--cache-to type=inline \
 		--metadata-file images/installer.json \
 		--push=$(PUSH) \
@@ -39,14 +44,28 @@ image-cozystack:
 	rm -f images/installer.json
 
 image-talos:
-	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
-	skopeo copy docker-archive:../../../_out/assets/installer-amd64.tar docker://$(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
+	# assets for different architectures may be built on a single host
+	for arch in amd64 arm64; do \
+		test -f ../../../_out/assets/installer-$${arch}.tar || make talos-installer-$${arch}; \
+		skopeo copy --override-os=linux --override-arch=$${arch} docker-archive:../../../_out/assets/installer-$${arch}.tar \
+			docker://$(REGISTRY)/talos-$${arch}:$(call settag,$(TALOS_VERSION)); \
+	done
+	# assemble multiarch image from two parts
+	docker buildx imagetools create \
+		--builder=$(BUILDER) \
+		--tag $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION)) \
+		$(REGISTRY)/talos-amd64:$(call settag,$(TALOS_VERSION)) \
+		$(REGISTRY)/talos-arm64:$(call settag,$(TALOS_VERSION))
 
 image-matchbox:
-	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel
-	test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs
+	for arch in $(ARCH); do \
+		test -f ../../../_out/assets/kernel-$${arch} || make talos-kernel-$${arch}; \
+		test -f ../../../_out/assets/initramfs-metal-$${arch}.xz || make talos-initramfs-$${arch}; \
+	done
 	docker buildx build -f images/matchbox/Dockerfile ../../.. \
 		--provenance false \
+		--builder=$(BUILDER) \
+		--platform=$(PLATFORM) \
 		--tag $(REGISTRY)/matchbox:$(call settag,$(TAG)) \
 		--tag $(REGISTRY)/matchbox:$(call settag,$(TALOS_VERSION)-$(TAG)) \
 		--cache-from type=registry,ref=$(REGISTRY)/matchbox:latest \
@@ -59,10 +78,13 @@ image-matchbox:
 		> ../../extra/bootbox/images/matchbox.tag
 	rm -f images/matchbox.json
 
-assets: talos-iso talos-nocloud talos-metal talos-kernel talos-initramfs
+assets: assets-amd64 assets-arm64
 
-talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal:
+assets-amd64 assets-arm64: assets-%: talos-iso-% talos-nocloud-% talos-metal-% talos-kernel-% talos-initramfs-%
+
+talos-%:
 	mkdir -p ../../../_out/assets
+	@echo Building $@...
 	cat images/talos/profiles/$(subst talos-,,$@).yaml | \
 		docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \
 		tar -C ../../../_out/assets -xzf-

packages/core/installer/hack/gen-profiles.sh

@@ -2,6 +2,12 @@
 set -e
 set -u
 
+case ${1:-} in
+  amd64|arm64) ARCH=$1; talos_version="";;
+  *) ARCH=${2:-"amd64"}; talos_version=${1:-""};; #this supports previously available script call syntax
+esac
+echo "ARCH=$ARCH"
+
 PROFILES="initramfs kernel iso installer nocloud metal"
 FIRMWARES="amd-ucode amdgpu-firmware bnx2-bnx2x i915-ucode intel-ice-firmware intel-ucode qlogic-firmware"
 EXTENSIONS="drbd zfs"
@@ -9,7 +15,7 @@ EXTENSIONS="drbd zfs"
 mkdir -p images/talos/profiles
 
 printf "fetching talos version: "
-talos_version=${1:-$(skopeo --override-os linux --override-arch amd64 list-tags docker://ghcr.io/siderolabs/imager | jq -r '.Tags[]' | grep '^v[0-9]\+.[0-9]\+.[0-9]\+$' | sort -V | tail -n 1)}
+talos_version=${talos_version:-$(skopeo --override-os=linux --override-arch=$ARCH list-tags docker://ghcr.io/siderolabs/imager | jq -r '.Tags[]' | grep '^v[0-9]\+.[0-9]\+.[0-9]\+$' | sort -V | tail -n 1)}
 echo "$talos_version"
 
 export "TALOS_VERSION=$talos_version"
@@ -17,7 +23,7 @@ export "TALOS_VERSION=$talos_version"
 for firmware in $FIRMWARES; do
   printf "fetching %s version: " "$firmware"
   firmware_var=$(echo "$firmware" | tr '[:lower:]' '[:upper:]' | tr - _)_VERSION
-  version=$(skopeo list-tags docker://ghcr.io/siderolabs/$firmware | jq -r '.Tags[]|select(length == 8)|select(startswith("20"))' | sort -V | tail -n 1)
+  version=$(skopeo --override-os=linux --override-arch=$ARCH list-tags docker://ghcr.io/siderolabs/$firmware | jq -r '.Tags[]|select(length == 8)|select(startswith("20"))' | sort -V | tail -n 1)
   echo "$version"
   export "$firmware_var=$version"
 done
@@ -25,13 +31,13 @@ done
 for extension in $EXTENSIONS; do
   printf "fetching %s version: " "$extension"
   extension_var=$(echo "$extension" | tr '[:lower:]' '[:upper:]' | tr - _)_VERSION
-  version=$(skopeo --override-os linux --override-arch amd64 list-tags docker://ghcr.io/siderolabs/$extension | jq -r '.Tags[]' | grep "\-${talos_version}$" | sort -V | tail -n1)
+  version=$(skopeo --override-os=linux --override-arch=$ARCH list-tags docker://ghcr.io/siderolabs/$extension | jq -r '.Tags[]' | grep "\-${talos_version}$" | sort -V | tail -n1)
   echo "$version"
   export "$extension_var=$version"
 done
 
 for profile in $PROFILES; do
-  echo "writing profile images/talos/profiles/$profile.yaml"
+  echo "writing profile images/talos/profiles/${profile}-${ARCH}.yaml"
   case "$profile" in
     initramfs|kernel|iso)
       image_options="{}"
@@ -63,18 +69,18 @@ for profile in $PROFILES; do
       ;;
   esac
 
-  cat > images/talos/profiles/$profile.yaml <<EOT
+  cat > images/talos/profiles/${profile}-${ARCH}.yaml <<EOT
 # this file generated by hack/gen-profiles.sh
 # do not edit it
-arch: amd64
+arch: ${ARCH}
 platform: ${platform}
 secureboot: false
 version: ${TALOS_VERSION}
 input:
   kernel:
-    path: /usr/install/amd64/vmlinuz
+    path: /usr/install/${ARCH}/vmlinuz
   initramfs:
-    path: /usr/install/amd64/initramfs.xz
+    path: /usr/install/${ARCH}/initramfs.xz
   baseInstaller:
     imageRef: "ghcr.io/siderolabs/installer:v1.10.3"
   systemExtensions:

packages/core/installer/hack/gen-versions.sh

@@ -1,20 +1,28 @@
 #!/bin/sh
+set -e
+set -u
+
+case ${1:-} in
+  amd64|arm64) ARCH=$1; talos_version="";;
+  *) ARCH=${2:-"amd64"}; talos_version=${1:-""};; #this supports previously available script call syntax
+esac
+echo "ARCH=$ARCH"
 
 FIRMWARES="amd-ucode amdgpu-firmware bnx2-bnx2x i915-ucode intel-ice-firmware intel-ucode qlogic-firmware"
 EXTENSIONS="drbd zfs"
 
-talos_version=${1:-$(skopeo --override-os linux --override-arch amd64 list-tags docker://ghcr.io/siderolabs/imager | jq -r '.Tags[]' | grep '^v[0-9]\+.[0-9]\+.[0-9]\+$' | sort -V | tail -n 1)}
+talos_version=${1:-$(skopeo --override-os linux --override-arch=$ARCH list-tags docker://ghcr.io/siderolabs/imager | jq -r '.Tags[]' | grep '^v[0-9]\+.[0-9]\+.[0-9]\+$' | sort -V | tail -n 1)}
 
 echo "TALOS_VERSION=$talos_version"
 
 for firmware in $FIRMWARES; do
   firmware_var=$(echo "$firmware" | tr '[:lower:]' '[:upper:]' | tr - _)_VERSION
-  version=$(skopeo list-tags docker://ghcr.io/siderolabs/$firmware | jq -r '.Tags[]|select(length == 8)|select(startswith("20"))' | sort -V | tail -n 1)
+  version=$(skopeo --override-os=linux --override-arch=$ARCH list-tags docker://ghcr.io/siderolabs/$firmware | jq -r '.Tags[]|select(length == 8)|select(startswith("20"))' | sort -V | tail -n 1)
   echo "$firmware_var=$version"
 done
 
 for extension in $EXTENSIONS; do
   extension_var=$(echo "$extension" | tr '[:lower:]' '[:upper:]' | tr - _)_VERSION
-  version=$(skopeo --override-os linux --override-arch amd64 list-tags docker://ghcr.io/siderolabs/$extension | jq -r '.Tags[]' | grep "\-${talos_version}$" | sort -V | tail -n1)
+  version=$(skopeo --override-os=linux --override-arch=$ARCH list-tags docker://ghcr.io/siderolabs/$extension | jq -r '.Tags[]' | grep "\-${talos_version}$" | sort -V | tail -n1)
   echo "$extension_var=$version"
 done

packages/core/installer/images/cozystack/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:alpine3.21 as k8s-await-election-builder
+FROM golang:alpine3.21 AS k8s-await-election-builder
 
 ARG K8S_AWAIT_ELECTION_GITREPO=https://github.com/LINBIT/k8s-await-election
 ARG K8S_AWAIT_ELECTION_VERSION=0.4.1
@@ -13,7 +13,10 @@ RUN git clone ${K8S_AWAIT_ELECTION_GITREPO} /usr/local/go/k8s-await-election/ \
  && make \
  && mv ./out/k8s-await-election-${TARGETARCH} /k8s-await-election
 
-FROM golang:alpine3.21 as builder
+FROM golang:alpine3.21 AS builder
+
+ARG TARGETOS
+ARG TARGETARCH
 
 RUN apk add --no-cache make git
 RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
@@ -21,7 +24,7 @@ RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/communi
 COPY . /src/
 WORKDIR /src
 
-RUN go build -o /cozystack-assets-server -ldflags '-extldflags "-static" -w -s' ./cmd/cozystack-assets-server
+RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /cozystack-assets-server -ldflags '-extldflags "-static" -w -s' ./cmd/cozystack-assets-server
 
 # Check that versions_map is not changed
 RUN make repos
@@ -29,9 +32,9 @@ RUN make repos
 FROM alpine:3.21
 
 RUN apk add --no-cache make
-RUN apk add helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
-RUN apk add yq
-RUN apk add coreutils
+RUN apk add --no-cache helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
+RUN apk add --no-cache yq
+RUN apk add --no-cache coreutils
 
 COPY scripts /cozystack/scripts
 COPY --from=builder /src/packages/core /cozystack/packages/core

packages/core/installer/images/matchbox/Dockerfile

@@ -1,6 +1,8 @@
 FROM quay.io/poseidon/matchbox:v0.10.0
 
-COPY _out/assets/initramfs-metal-amd64.xz /var/lib/matchbox/assets/initramfs.xz
-COPY _out/assets/kernel-amd64 /var/lib/matchbox/assets/vmlinuz
+ARG TARGETARCH
+
+COPY _out/assets/initramfs-metal-$TARGETARCH.xz /var/lib/matchbox/assets/initramfs.xz
+COPY _out/assets/kernel-$TARGETARCH /var/lib/matchbox/assets/vmlinuz
 COPY packages/core/installer/images/matchbox/groups /var/lib/matchbox/groups
 COPY packages/core/installer/images/matchbox/profiles /var/lib/matchbox/profiles

packages/core/installer/images/talos/profiles/initramfs-arm64.yaml

@@ -0,0 +1,27 @@
+# this file generated by hack/gen-profiles.sh
+# do not edit it
+arch: arm64
+platform: metal
+secureboot: false
+version: v1.10.1
+input:
+  kernel:
+    path: /usr/install/arm64/vmlinuz
+  initramfs:
+    path: /usr/install/arm64/initramfs.xz
+  baseInstaller:
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
+  systemExtensions:
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
+output:
+  kind: initramfs
+  imageOptions: {}
+  outFormat: raw

packages/core/installer/images/talos/profiles/installer-arm64.yaml

@@ -0,0 +1,27 @@
+# this file generated by hack/gen-profiles.sh
+# do not edit it
+arch: arm64
+platform: metal
+secureboot: false
+version: v1.10.1
+input:
+  kernel:
+    path: /usr/install/arm64/vmlinuz
+  initramfs:
+    path: /usr/install/arm64/initramfs.xz
+  baseInstaller:
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
+  systemExtensions:
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
+output:
+  kind: installer
+  imageOptions: {}
+  outFormat: raw

packages/core/installer/images/talos/profiles/iso-arm64.yaml

@@ -0,0 +1,27 @@
+# this file generated by hack/gen-profiles.sh
+# do not edit it
+arch: arm64
+platform: metal
+secureboot: false
+version: v1.10.1
+input:
+  kernel:
+    path: /usr/install/arm64/vmlinuz
+  initramfs:
+    path: /usr/install/arm64/initramfs.xz
+  baseInstaller:
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
+  systemExtensions:
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
+output:
+  kind: iso
+  imageOptions: {}
+  outFormat: raw

packages/core/installer/images/talos/profiles/kernel-arm64.yaml

@@ -0,0 +1,27 @@
+# this file generated by hack/gen-profiles.sh
+# do not edit it
+arch: arm64
+platform: metal
+secureboot: false
+version: v1.10.1
+input:
+  kernel:
+    path: /usr/install/arm64/vmlinuz
+  initramfs:
+    path: /usr/install/arm64/initramfs.xz
+  baseInstaller:
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
+  systemExtensions:
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
+output:
+  kind: kernel
+  imageOptions: {}
+  outFormat: raw

packages/core/installer/images/talos/profiles/metal-arm64.yaml

@@ -0,0 +1,27 @@
+# this file generated by hack/gen-profiles.sh
+# do not edit it
+arch: arm64
+platform: metal
+secureboot: false
+version: v1.10.1
+input:
+  kernel:
+    path: /usr/install/arm64/vmlinuz
+  initramfs:
+    path: /usr/install/arm64/initramfs.xz
+  baseInstaller:
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
+  systemExtensions:
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
+output:
+  kind: image
+  imageOptions: { diskSize: 1306525696, diskFormat: raw }
+  outFormat: .xz

packages/core/installer/images/talos/profiles/nocloud-arm64.yaml

@@ -0,0 +1,27 @@
+# this file generated by hack/gen-profiles.sh
+# do not edit it
+arch: arm64
+platform: nocloud
+secureboot: false
+version: v1.10.1
+input:
+  kernel:
+    path: /usr/install/arm64/vmlinuz
+  initramfs:
+    path: /usr/install/arm64/initramfs.xz
+  baseInstaller:
+    imageRef: ghcr.io/siderolabs/installer:v1.10.1
+  systemExtensions:
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20250410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20241110
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20250211
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.13-v1.10.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.3.1-v1.10.1
+output:
+  kind: image
+  imageOptions: { diskSize: 1306525696, diskFormat: raw }
+  outFormat: .xz