CVE portal for SUSE Rancher products by gmacedo

Description

Currently it's a bit difficult for users to quickly see the list of CVEs affecting images in Rancher, RKE2, Harvester and Longhorn releases. Users need to individually look for each CVE in the SUSE CVE database page - https://www.suse.com/security/cve/ . This is not optimal, because those CVE pages are a bit hard to read and contain data for all SLE and BCI products too, making it difficult to easily see only the CVEs affecting the latest release of Rancher, for example. We understand that certain costumers are only looking for CVE data for Rancher and not SLE or BCI.

Goals

The objective is to create a simple to read and navigate page that contains only CVE data related to Rancher, RKE2, Harvester and Longhorn, where it's easy to search by a CVE ID, an image name or a release version. The page should also provide the raw data as an exportable CSV file.

It must be an MVP with the minimal amount of effort/time invested, but still providing great value to our users and saving the wasted time that the Rancher Security team needs to spend by manually sharing such data. It might not be long lived, as it can be replaced in 2-3 years with a better SUSE wide solution.

Resources

• The page must be simple and easy to read.
• The UI/UX must be as straightforward as possible with minimal visual noise.
• The content must be created automatically from the raw data that we already have internally.
• It must be updated automatically on a daily basis and on ad-hoc runs (when needed).
• The CVE status must be aligned with VEX.
• The raw data must be exportable as CSV file.
• Ideally it will be written in Go or pure Shell script with basic HTML and no external dependencies in CSS or JS.

---

Longhorn UI Extension (POC) by yiya.chen

Description

The goal is to create a Longhorn UI extension within Rancher using existing resources.
Longhorn’s UI is built using React, while Rancher’s UI extensions are built using Vue. Developers will explore different approaches to integrate and extend Longhorn’s UI within Rancher’s Vue-based ecosystem, aiming to create a seamless, functional UI extension.

Goals

• Build a Longhorn UI extension (look and feel)
• Support theme switching to align with Rancher’s UI

Results

• https://github.com/a110605/longhorn-hackday
• https://github.com/a110605/longhorn-ui/tree/darkmode
• https://github.com/houhoucoop/hackweek/tree/main/hackweek24

Resources

• Longhorn UI: https://github.com/longhorn/longhorn-ui
• Rancher UI Extension: https://extensions.rancher.io/extensions/next/home
• darkreader: https://www.npmjs.com/package/darkreader
• veaury: https://github.com/gloriasoft/veaury
• module federation: https://webpack.js.org/concepts/module-federation/

---

Cluster API Provider for Harvester by rcase

Project Description

The Cluster API "infrastructure provider" for Harvester, also named CAPHV, makes it possible to use Harvester with Cluster API. This enables people and organisations to create Kubernetes clusters running on VMs created by Harvester using a declarative spec.

The project has been bootstrapped in HackWeek 23, and its code is available here.

Work done in HackWeek 2023

• Have a early working version of the provider available on Rancher Sandbox : *DONE *
• Demonstrated the created cluster can be imported using Rancher Turtles: DONE
• Stretch goal - demonstrate using the new provider with CAPRKE2: DONE and the templates are available on the repo

Goals for HackWeek 2024

• Add support for ClusterClass
• Add e2e testing
• Add more Unit Tests
• Improve Status Conditions to reflect current state of Infrastructure
• Improve CI (some bugs for release creation)
• Testing with newer Harvester version (v1.3.X and v1.4.X)
• Due to the length and complexity of the templates, maybe package some of them as Helm Charts.
• Other improvement suggestions are welcome!

Resources

Looking for help from anyone interested in Cluster API (CAPI) or who wants to learn more about Harvester.

This will be an infrastructure provider for Cluster API. Some background reading for the CAPI aspect:

• Cluster infrastructure provider contract
• Machine infrastructure provider contract
• Provider implementers guide

---

A CLI for Harvester by mohamed.belgaied

[comment]: # Harvester does not officially come with a CLI tool, the user is supposed to interact with Harvester mostly through the UI [comment]: # Though it is theoretically possible to use kubectl to interact with Harvester, the manipulation of Kubevirt YAML objects is absolutely not user friendly. [comment]: # Inspired by tools like multipass from Canonical to easily and rapidly create one of multiple VMs, I began the development of Harvester CLI. Currently, it works but Harvester CLI needs some love to be up-to-date with Harvester v1.0.2 and needs some bug fixes and improvements as well.

Project Description

Harvester CLI is a command line interface tool written in Go, designed to simplify interfacing with a Harvester cluster as a user. It is especially useful for testing purposes as you can easily and rapidly create VMs in Harvester by providing a simple command such as: harvester vm create my-vm --count 5 to create 5 VMs named my-vm-01 to my-vm-05.

Harvester CLI is functional but needs a number of improvements: up-to-date functionality with Harvester v1.0.2 (some minor issues right now), modifying the default behaviour to create an opensuse VM instead of an ubuntu VM, solve some bugs, etc.

Github Repo for Harvester CLI: https://github.com/belgaied2/harvester-cli

Done in previous Hackweeks

• Create a Github actions pipeline to automatically integrate Harvester CLI to Homebrew repositories: DONE
• Automatically package Harvester CLI for OpenSUSE / Redhat RPMs or DEBs: DONE

Goal for this Hackweek

The goal for this Hackweek is to bring Harvester CLI up-to-speed with latest Harvester versions (v1.3.X and v1.4.X), and improve the code quality as well as implement some simple features and bug fixes.

Some nice additions might be: * Improve handling of namespaced objects * Add features, such as network management or Load Balancer creation ? * Add more unit tests and, why not, e2e tests * Improve CI * Improve the overall code quality * Test the program and create issues for it

Issue list is here: https://github.com/belgaied2/harvester-cli/issues

Resources

The project is written in Go, and using client-go the Kubernetes Go Client libraries to communicate with the Harvester API (which is Kubernetes in fact). Welcome contributions are:

• Testing it and creating issues
• Documentation
• Go code improvement

What you might learn

Harvester CLI might be interesting to you if you want to learn more about:

• GitHub Actions
• Harvester as a SUSE Product
• Go programming language
• Kubernetes API

---

Introducing "Bottles": A Proof of Concept for Multi-Version CRD Management in Kubernetes by aruiz

Description

As we delve deeper into the complexities of managing multiple CRD versions within a single Kubernetes cluster, I want to introduce "Bottles" - a proof of concept that aims to address these challenges.

Bottles propose a novel approach to isolating and deploying different CRD versions in a self-contained environment. This would allow for greater flexibility and efficiency in managing diverse workloads.

Goals

• Evaluate Feasibility: determine if this approach is technically viable, as well as identifying possible obstacles and limitations.
• Reuse existing technology: leverage existing products whenever possible, e.g. build on top of Kubewarden as admission controller.
• Focus on Rancher's use case: the ultimate goal is to be able to use this approach to solve Rancher users' needs.

Resources

Core concepts:

• ConfigMaps: Bottles could be defined and configured using ConfigMaps.
• Admission Controller: An admission controller will detect "bootled" CRDs being installed and replace the resource name used to store them.
• Aggregated API Server: By analyzing the author of a request, the aggregated API server will determine the correct bottle and route the request accordingly, making it transparent for the user.

---

Enable the containerized Uyuni server to run on different host OS by j_renner

Description

The Uyuni server is provided as a container, but we still require it to run on Leap Micro? This is not how people expect to use containerized applications, so it would be great if we tested other host OSs and enabled them by providing builds of necessary tools for (e.g. mgradm). Interesting candidates should be:

• openSUSE Leap
• Cent OS 7
• Ubuntu
• ???

Goals

Make it really easy for anyone to run the Uyuni containerized server on whatever OS they want (with support for containers of course).

---

Improve Development Environment on Uyuni by mbussolotto

Description

Currently create a dev environment on Uyuni might be complicated. The steps are:

• add the correct repo
• download packages
• configure your IDE (checkstyle, format rules, sonarlint....)
• setup debug environment
• ...

The current doc can be improved: some information are hard to be find out, some others are completely missing.

Dev Container might solve this situation.

Goals

Uyuni development in no time:

• using VSCode:
  • setting.json should contains all settings (for all languages in Uyuni, with all checkstyle rules etc...)
  • dev container should contains all dependencies
  • setup debug environment
• implement a GitHub Workspace solution
• re-write documentation

Lots of pieces are already implemented: we need to connect them in a consistent solution.

Resources

• https://github.com/uyuni-project/uyuni/wiki

---

ADS-B receiver with MicroOS by epaolantonio

I would like to put one of my spare Raspberry Pis to good use, and what better way to see what flies above my head at any time?

There are various ready-to-use distros already set-up to provide feeder data to platforms like Flightradar24, ADS-B Exchange, FlightAware etc... The goal here would be to do it using MicroOS as a base and containerized decoding of ADS-B data (via tools like dump1090) and web frontend (tar1090).

Goals

• Create a working receiver using MicroOS as a base, and containers based on Tumbleweed
• Make it easy to install
• Optimize for maximum laziness (i.e. it should take care of itself with minimum intervention)

Resources

• 1x Small Board Computer capable of running MicroOS
• 1x RTL2832U DVB-T dongle
• 1x MicroSD card
• https://github.com/antirez/dump1090
• https://github.com/flightaware/dump1090 (dump1090 fork by FlightAware)
• https://github.com/wiedehopf/tar1090

Project status (2024-11-22)

So I'd say that I'm pretty satisfied with how it turned out. I've packaged readsb (as a replacement for dump1090), tar1090, tar1090-db and mlat-client (not used yet).

Current status:

• Able to set-up a working receiver using combustion+ignition (web app based on Fuel Ignition)
• Able to feed to various feeds using the Beast protocol (Airplanes.live, ADSB.fi, ADSB.lol, ADSBExchange.com, Flyitalyadsb.com, Planespotters.net)
• Able to feed to Flightradar24 (initial-setup available but NOT tested! I've only tested using a key I already had)
• Local web interface (tar1090) to easily visualize the results
• Cockpit pre-configured to ease maintenance

What's missing:

• MLAT (Multilateration) support. I've packaged mlat-client already, but I have to wire it up
• FlightAware support

Give it a go at https://g7.github.io/adsbreceiver/ !

Project links

• https://g7.github.io/adsbreceiver/
• https://github.com/g7/adsbreceiver
• https://build.opensuse.org/project/show/home:epaolantonio:adsbreceiver

---

Port the classic browser game HackTheNet to PHP 8 by dgedon

Description

The classic browser game HackTheNet from 2004 still runs on PHP 4/5 and MySQL 5 and needs a port to PHP 8 and e.g. MariaDB.

Goals

• Port the game to PHP 8 and MariaDB 11
• Create a container where the game server can simply be started/stopped

Resources

• https://github.com/nodeg/hackthenet

---

Technical talks at universities by agamez

Description

This project aims to empower the next generation of tech professionals by offering hands-on workshops on containerization and Kubernetes, with a strong focus on open-source technologies. By providing practical experience with these cutting-edge tools and fostering a deep understanding of open-source principles, we aim to bridge the gap between academia and industry.

For now, the scope is limited to Spanish universities, since we already have the contacts and have started some conversations.

Goals

• Technical Skill Development: equip students with the fundamental knowledge and skills to build, deploy, and manage containerized applications using open-source tools like Kubernetes.
• Open-Source Mindset: foster a passion for open-source software, encouraging students to contribute to open-source projects and collaborate with the global developer community.
• Career Readiness: prepare students for industry-relevant roles by exposing them to real-world use cases, best practices, and open-source in companies.

Resources

• Instructors: experienced open-source professionals with deep knowledge of containerization and Kubernetes.
• SUSE Expertise: leverage SUSE's expertise in open-source technologies to provide insights into industry trends and best practices.

---

Learn enough Golang and hack on CoreDNS by jkuzilek

Description

I'm implementing a split-horizon DNS for my home Kubernetes cluster to be able to access my internal (and external) services over the local network through public domains. I managed to make a PoC with the k8s_gateway plugin for CoreDNS. However, I soon found out it responds with IPs for all Gateways assigned to HTTPRoutes, publishing public IPs as well as the internal Loadbalancer ones.

To remedy this issue, a simple filtering mechanism has to be implemented.

Goals

• Learn an acceptable amount of Golang
• Implement GatewayClass (and IngressClass) filtering for k8s_gateway
• Deploy on homelab cluster
• Profit?

Resources

• https://github.com/ori-edge/k8s_gateway/issues/36
• https://github.com/coredns/coredns/issues/2465#issuecomment-593910983

EDIT: Feature mostly complete. An unfinished PR lies here. Successfully tested working on homelab cluster.

---

iSCSI integration in Warewulf by ncuralli

Description

This Hackweek project aims to enhance Warewulf’s capabilities by adding iSCSI support, enabling both remote boot and flexible mounting of iSCSI devices within the filesystem. The project, which already handles NFS, DHCP, and iPXE, will be extended to offer iSCSI services as well, centralizing all necessary services for provisioning and booting cluster nodes.

Goals

• iSCSI Boot Option: Enable nodes to boot directly from iSCSI volumes
• Mounting iSCSI Volumes within the Filesystem: Implement support for mounting iSCSI devices at various points within the filesystem

Resources

https://warewulf.org/

Steps

• add generic framework to handle remote ressource/filesystems to wwctl [ ]
• add iSCSI handling to wwctl configure [ ]
• add iSCSI to dracut files [ ]
• test it [ ]

---

OpenQA Golang api client by hilchev

Description

I would like to make a simple cli tool to communicate with the OpenQA API

Goals

• OpenQA has a ton of information that is hard to get via the UI. A tool like this would make my life easier :)
• Would potentially make it easier in the future to make UI changes without Perl.
• Improve my Golang skills

Resources

• https://go.dev/doc/
• https://openqa.opensuse.org/api

---

WebUI for your data by avicenzi

A single place to view every bit of data you have.

Problem

You have too much data and you are a data hoarder.

• Family photos and videos.
• Lots of eBooks, TV Shows, Movies, and else.
• Boxes full of papers (taxes, invoices, IDs, certificates, exams, and else).
• Bank account statements (multiple currencies, countries, and people).

Maybe you have some data on S3, some on your NAS, and some on your local PC.

• How do you get it all together?
• How do you link a bank transaction to a product invoice?
• How to tag any object type and create a collection out of it (mix videos, photos, PDFs, transactions)?
• How to store this? file/folder structure does not work, everything is linked together

Project Description

The idea is a place where you can throw all your data, photos, videos, documents, binaries, and else.

Create photo albums, document collections, add tags across multiple file-formats, link content, and else.

The UI should be easy to use, where the data is not important for now (could be all S3 or local drive).

Similar proposals

The closest I found so far is https://perkeep.org/, but this is not what I'm looking for.

Goal for this Hackweek

Create a web UI, in Svelte ideally, perhaps React.

It should be able to show photos and videos at least.

Resources

None so far, this is just an idea.

---

terraform-provider-feilong by e_bischoff

Project Description

People need to test operating systems and applications on s390 platform.

Installation from scratch solutions include:

• just deploy and provision manually (with the help of ftpboot script, if you are at SUSE)
• use s3270 terminal emulation (used by openQA people?)
• use LXC from IBM to start CP commands and analyze the results
• use zPXE to do some PXE-alike booting (used by the orthos team?)
• use tessia to install from scratch using autoyast
• use libvirt for s390 to do some nested virtualization on some already deployed z/VM system
• directly install a Linux kernel on a LPAR and use kvm + libvirt from there

Deployment from image solutions include:

• use ICIC web interface (openstack in disguise, contributed by IBM)
• use ICIC from the openstack terraform provider (used by Rancher QA)
• use zvm_ansible to control SMAPI
• connect directly to SMAPI low-level socket interface

IBM Cloud Infrastructure Center (ICIC) harnesses the Feilong API, but you can use Feilong without installing ICIC, provided you set up a "z/VM cloud connector" into one of your VMs following this schema.

What about writing a terraform Feilong provider, just like we have the terraform libvirt provider? That would allow to transparently call Feilong from your main.tf files to deploy and destroy resources on your system/z.

Other Feilong-based solutions include:

• make libvirt Feilong-aware
• simply call Feilong from shell scripts with curl
• use zvmconnector client python library from Feilong
• use zthin part of Feilong to directly command SMAPI.

Goal for Hackweek 23

My final goal is to be able to easily deploy and provision VMs automatically on a z/VM system, in a way that people might enjoy even outside of SUSE.

My technical preference is to write a terraform provider plugin, as it is the approach that involves the least software components for our deployments, while remaining clean, and compatible with our existing development infrastructure.

Goals for Hackweek 24

Feilong provider works and is used internally by SUSE Manager team. Let's push it forward!

• Fix problems with registration on hashicorp providers registry
• Add support for fiberchannel disks
• Finish the U part of CRUD
• Move from private repos to Open Mainframe project
• Anything else as needed

---