Use Ubuntu 22.04 for new VMs

Also, remove the custom config image generation and replace it with
`--cloud-init` options.

site-cookbooks/kosmos-base/recipes/letsencrypt.rb

@@ -2,27 +2,6 @@
 # Cookbook Name:: kosmos-base
 # Recipe:: letsencrypt
 #
-# The MIT License (MIT)
-#
-# Copyright:: 2019, Kosmos Developers
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
 
 unless platform?('ubuntu')
   raise "This recipe only supports Ubuntu installs"

site-cookbooks/kosmos-base/resources/tls_cert_for.rb

@@ -3,6 +3,7 @@ provides :tls_cert_for
 
 property :domain, [String, Array], name_property: true
 property :auth, [String, NilClass], default: nil
+property :deploy_hook, [String, NilClass], default: nil
 property :acme_domain, [String, NilClass], default: nil
 
 default_action :create
@@ -36,6 +37,19 @@ action :create do
       sensitive true
     end
 
+    if new_resource.deploy_hook
+      deploy_hook_path = "/etc/letsencrypt/renewal-hooks/#{domains.first}"
+
+      file deploy_hook_path do
+        content new_resource.deploy_hook
+        mode 0755
+        owner "root"
+        group "root"
+      end
+    elsif node.run_list.roles.include?("openresty_proxy")
+      deploy_hook_path = "/etc/letsencrypt/renewal-hooks/post/openresty"
+    end
+
     # Generate a Let's Encrypt cert (only if no cert has been generated before).
     # The systemd timer will take care of renewing
     execute "letsencrypt cert for #{domains.join(', ')}" do
@@ -47,7 +61,7 @@ action :create do
         --manual-auth-hook '#{hook_auth_command}' \
         --manual-cleanup-hook '#{hook_cleanup_command}' \
         --email ops@kosmos.org \
-        #{node.run_list.roles.include?("openresty_proxy") ? '--deploy-hook /etc/letsencrypt/renewal-hooks/post/openresty' : nil } \
+        #{"--deploy-hook #{deploy_hook_path}" if defined?(deploy_hook_path)} \
         #{domains.map {|d| "-d #{d}" }.join(" ")}
       CMD
       not_if do

site-cookbooks/kosmos_email/recipes/default.rb

@@ -7,6 +7,7 @@ domain   = node["email"]["domain"]
 hostname = node["email"]["hostname"]
 root_dir = node["email"]["root_directory"]
 ip_addr  = node["knife_zero"]["host"]
+extra_hostnames = ["smtp.#{domain}", "imap.#{domain}"]
 
 node.override["set_fqdn"] = hostname
 include_recipe "hostname"
@@ -23,7 +24,9 @@ directory root_dir do
 end
 
 tls_cert_for hostname do
+  domain ([hostname]+extra_hostnames)
   auth "gandi_dns"
+  deploy_hook "systemctl reload postfix.service && systemctl reload dovecot.service"
   action :create
 end
 

site-cookbooks/kosmos_gitea/attributes/default.rb

@@ -1,5 +1,5 @@
-node.default["gitea"]["version"] = "1.21.10"
+node.default["gitea"]["version"] = "1.22.0"
-node.default["gitea"]["checksum"] = "17eb858f3ef2b7cdb649286e6a9cc050f9d949606327a7d6f27aaba49fc3b492"
+node.default["gitea"]["checksum"] = "a31086f073cb9592d28611394b2de3655db515d961e4fdcf5b549cb40753ef3d"
 node.default["gitea"]["working_directory"] = "/var/lib/gitea"
 node.default["gitea"]["port"] = 3000
 node.default["gitea"]["postgresql_host"] = "localhost:5432"

site-cookbooks/kosmos_kvm/attributes/default.rb

@@ -1,9 +1,9 @@
-ubuntu_server_cloud_image_release = "20230506"
+release = "20240514"
 
 node.default["kosmos_kvm"]["host"]["qemu_base_image"] = {
-  "url" => "https://cloud-images.ubuntu.com/releases/focal/release-#{ubuntu_server_cloud_image_release}/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.img",
+  "url" => "https://cloud-images.ubuntu.com/releases/jammy/release-#{release}/ubuntu-22.04-server-cloudimg-amd64-disk-kvm.img",
-  "checksum" => "27d2b91fd2b715729d739e2a3155dce70d1aaae4f05c177f338b9d4b60be638c",
+  "checksum" => "2e7698b3ebd7caead06b08bd3ece241e6ce294a6db01f92ea12bcb56d6972c3f",
-  "path" => "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm-#{ubuntu_server_cloud_image_release}.qcow2"
+  "path" => "/var/lib/libvirt/images/base/ubuntu-22.04-server-cloudimg-amd64-disk-kvm-#{release}.qcow2"
 }
 
 # A systemd.timer OnCalendar config value

site-cookbooks/kosmos_kvm/templates/create_vm.erb

@@ -17,7 +17,7 @@ DISKSIZE=${4:-10} # 10GB default
 # Directory where image files will be stored
 IMAGE_DIR=/var/lib/libvirt/images
 IMAGE_PATH=$IMAGE_DIR/${VMNAME}.qcow2
-CIDATA_PATH=${IMAGE_DIR}/cidata-${VMNAME}.iso
+CIDATA_PATH=${IMAGE_DIR}/${VMNAME}-cloudinit
 BASE_FILE=<%= @base_image_path %>
 
 # Create the VM image if it does not already exist
@@ -38,9 +38,8 @@ qemu-img info "$IMAGE_PATH"
 # Check if the cloud-init metadata file exists
 # if not, generate it
 if [ ! -r $CIDATA_PATH ]; then
-  pushd $(dirname $CIDATA_PATH)
+  mkdir -p $CIDATA_PATH
-  mkdir -p $VMNAME
+  pushd $CIDATA_PATH
-  cd $VMNAME
 
   cat > user-data <<-EOS
 #cloud-config
@@ -62,25 +61,19 @@ instance-id: $VMNAME
 local-hostname: $VMNAME
 EOS
 
-  genisoimage -output "$CIDATA_PATH" -volid cidata -joliet -rock user-data meta-data
-  chown libvirt-qemu:kvm "$CIDATA_PATH"
-  chmod 600 "$CIDATA_PATH"
   popd
 fi
 
-# setting --os-variant to ubuntu20.04 and ubuntu18.04 breaks SSH and networking
 virt-install \
   --name "$VMNAME" \
   --ram "$RAM" \
   --vcpus "$CPUS" \
   --cpu host \
   --arch x86_64 \
-  --os-type linux \
+  --osinfo detect=on,name=ubuntujammy \
-  --os-variant ubuntu16.04 \
   --hvm \
   --virt-type kvm \
   --disk "$IMAGE_PATH" \
-  --cdrom "$CIDATA_PATH" \
   --boot hd \
   --network=bridge=virbr0,model=virtio \
   --graphics none \
@@ -88,4 +81,5 @@ virt-install \
   --console pty \
   --channel unix,mode=bind,path=/var/lib/libvirt/qemu/$VMNAME.guest_agent.0,target_type=virtio,name=org.qemu.guest_agent.0 \
   --autostart \
-  --import
+  --import \
+  --cloud-init root-password-generate=off,disable=on,meta-data=$CIDATA_PATH/meta-data,user-data=$CIDATA_PATH/user-data