feat: add Cloud-Neutra Golden Image pipeline and Packer template suite

- Added docs for environment setup and template usage
- Added Ubuntu 22.04 AWS builder template and edition templates
- Added flavor scripts: container, k3s, k3s-gpu, sealos, sealos-gpu
- Added base OS scripts (01_os_base.sh, 02_hardening.sh) and cleanup pipeline
- Added GitHub Actions workflow for AMI build, QA, and multi-region distribution

.github/workflows/cloud-neutra-golden-image.yaml

@@ -0,0 +1,204 @@
+name: Cloud-Neutra Golden Image Pipeline
+
+on:
+  workflow_dispatch:
+    inputs:
+      edition:
+        description: "Golden Image Edition"
+        type: choice
+        options: ["base", "container", "k3s", "sealos", "sealos-gpu"]
+        default: "container"
+      ubuntu_version:
+        description: "Ubuntu LTS version"
+        type: choice
+        options: ["2204", "2404"]
+        default: "2404"
+      cpu_arch:
+        description: "CPU Architecture"
+        type: choice
+        options: ["amd64", "arm64"]
+        default: "amd64"
+
+  schedule:
+    - cron: "0 18 1 * *"   # 每月 1 号 UTC18:00
+
+env:
+  BASE_REGION: ap-northeast-1
+  TARGET_REGIONS: "ap-northeast-1 ap-east-1 us-west-1"
+  PROJECT_TAG: Cloud-Neutra
+  PACKER_TEMPLATE_ROOT: packer/Cloud-Neutra-VMs
+
+jobs:
+  ##########################################################################
+  # Stage 1 — Lint / Validate / Security
+  ##########################################################################
+  lint:
+    name: Lint & Validate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install tools
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y shellcheck jq
+
+      - name: Packer FMT
+        run: |
+          packer fmt -recursive .
+
+      - name: Packer Validate (ensure no syntax issue)
+        run: |
+          packer validate .
+
+      - name: gitleaks Scan
+        uses: gitleaks/gitleaks-action@v2
+        with:
+          args: detect --no-git -v
+
+  ##########################################################################
+  # Stage 2 — Build Golden Image
+  ##########################################################################
+  build:
+    name: Build Golden AMI
+    runs-on: ubuntu-latest
+    needs: lint
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - edition: base
+            ubuntu_version: "2204"
+            cpu_arch: amd64
+
+          - edition: base
+            ubuntu_version: "2204"
+            cpu_arch: arm64
+
+    if: >
+      github.event_name == 'schedule' ||
+      (
+        github.event_name == 'workflow_dispatch' &&
+        github.event.inputs.edition == matrix.edition &&
+        github.event.inputs.ubuntu_version == matrix.ubuntu_version &&
+        github.event.inputs.cpu_arch == matrix.cpu_arch
+      )
+
+    steps:
+      - uses: actions/checkout@v4
+
+      ####################################################################
+      # Credential (OIDC first, AK/SK fallback)
+      ####################################################################
+      - name: Configure AWS Credentials (OIDC + AK/SK fallback)
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ env.BASE_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-access-key-id: ${{ secrets.AWS_ROOT_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_ROOT_SECRET_ACCESS_KEY }}
+          mask-aws-account-id: true
+
+      - name: Setup Packer
+        uses: hashicorp/setup-packer@v3
+
+      - name: Build AMI
+        id: packer_build
+        env:
+          EDITION: ${{ matrix.edition }}
+          UBUNTU_VERSION: ${{ matrix.ubuntu_version }}
+          CPU_ARCH: ${{ matrix.cpu_arch }}
+        run: |
+          TEMPLATE="${PACKER_TEMPLATE_ROOT}/${EDITION}/ubuntu-${UBUNTU_VERSION}-${EDITION}.pkr.hcl"
+
+          echo "Using template: $TEMPLATE"
+
+          packer build \
+            -color=false \
+            -var "cpu_arch=${CPU_ARCH}" \
+            -var "edition=${EDITION}" \
+            -var "ubuntu_version=${UBUNTU_VERSION}" \
+            "$TEMPLATE" | tee packer.log
+
+          AMI_ID=$(grep 'AMI:' packer.log | awk '{print $2}' | tail -n1 || true)
+
+          if [ -z "$AMI_ID" ]; then
+            echo "ERROR: Cannot parse AMI ID"
+            exit 1
+          fi
+
+          echo "ami_id=${AMI_ID}" >> $GITHUB_OUTPUT
+
+      - name: Upload Logs
+        uses: actions/upload-artifact@v4
+        with:
+          name: packer-build-log
+          path: packer.log
+
+  ##########################################################################
+  # Stage 3 — AMI QA Test
+  ##########################################################################
+  test:
+    name: Test Built AMI
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - name: Placeholder test
+        run: echo "TODO: Future QA test (ssh boot, containerd, k3s, sealos etc.)"
+
+  ##########################################################################
+  # Stage 4 — AMI Replication + Retention
+  ##########################################################################
+  distribute:
+    name: Replicate & Retain AMI
+    runs-on: ubuntu-latest
+    needs: test
+
+    strategy:
+      matrix:
+        include:
+          - edition: base
+            ubuntu_version: "2204"
+            cpu_arch: amd64
+
+          - edition: base
+            ubuntu_version: "2204"
+            cpu_arch: arm64
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ env.BASE_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          aws-access-key-id: ${{ secrets.AWS_ROOT_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_ROOT_SECRET_ACCESS_KEY }}
+
+      - name: Distribute AMI
+        env:
+          BASE_REGION: ${{ env.BASE_REGION }}
+          TARGET_REGIONS: ${{ env.TARGET_REGIONS }}
+          PROJECT_TAG: ${{ env.PROJECT_TAG }}
+          EDITION: ${{ matrix.edition }}
+          UBUNTU_VERSION: ${{ matrix.ubuntu_version }}
+          CPU_ARCH: ${{ matrix.cpu_arch }}
+          AMI_ID: ${{ needs.build.outputs.ami_id }}
+        run: |
+          bash packer/scripts/common/ami-replicate.sh \
+            "$AMI_ID" "$EDITION" "$UBUNTU_VERSION" "$CPU_ARCH" \
+            "$BASE_REGION" "$TARGET_REGIONS" "$PROJECT_TAG"
+
+      - name: Retention
+        env:
+          TARGET_REGIONS: ${{ env.TARGET_REGIONS }}
+          PROJECT_TAG: ${{ env.PROJECT_TAG }}
+          EDITION: ${{ matrix.edition }}
+          UBUNTU_VERSION: ${{ matrix.ubuntu_version }}
+          CPU_ARCH: ${{ matrix.cpu_arch }}
+        run: |
+          bash packer/scripts/common/ami-retention.sh \
+            "$EDITION" "$UBUNTU_VERSION" "$CPU_ARCH" "$PROJECT_TAG" "$TARGET_REGIONS"

packer/Cloud-Neutra-VMs/README.md

@@ -0,0 +1,212 @@
+# Cloud-Neutra Golden Image Pipeline
+
+Cloud-Neutra Golden Image Pipeline 为多云环境构建一套统一、可靠、可自动化的 Ubuntu Golden Image 家族。
+该体系覆盖 Ubuntu LTS 双版本（22.04 / 24.04）、双架构（amd64 / arm64） 以及多个容器/集群运行时的变种。
+
+Pipeline 包含：
+- Packer 自动构建 AMI
+- GitHub Actions 全自动流水线（构建 → 多 Region 复制 → 过期清理）
+- Terraform 模块自动引用最新 Golden Image
+- 完全统一的脚本与硬化规范
+
+## 0. Overall Goals
+
+Ubuntu LTS Baseline
+
+- Ubuntu 22.04 LTS
+- Ubuntu 24.04 LTS
+
+CPU Architectures
+
+- amd64
+- arm64
+
+### Golden Image Editions
+
+- Edition	内容说明
+- base	干净操作系统 + 基础硬化（去 snap，去 MOTD，去不必要服务）
+- container	containerd + nerdctl，作为通用 Container VM
+- k3s	预装 K3s，可在运行时决定 server/agent
+- sealos	预装 sealos CLI + containerd
+- sealos-gpu	适用于 GPU 节点：sealos + NVIDIA 驱动 + nvidia-container-toolkit
+
+###  Pipeline 统一要求
+
+- 完整统一脚本结构（base → flavor）
+- 去除 snap / MOTD / landscape / update-notifier 等非必要组件
+- 无 amazon-import 误用（使用 amazon-ebs 构建 AMI）
+
+GitHub Actions 统一构建 + 多 Region 复制
+
+- 每 Edition / Version / Arch 每月仅保留 1 个 AMI
+- Terraform 自动检索“最新且合法”的 Golden Image
+
+## 1. Naming Conventions & Tagging
+
+### AMI 命名规范
+
+Cloud-Neutra-${edition}-VM-${ubuntu_version}-${arch}-${timestamp}
+
+示例：
+
+- Cloud-Neutra-base-VM-2204-amd64-20251121-120000
+- Cloud-Neutra-container-VM-2404-arm64-20251121-123000
+- Cloud-Neutra-k3s-VM-2404-amd64-20251121-130000
+- Cloud-Neutra-sealos-gpu-VM-2404-amd64-20251121-133000
+
+### 统一标签（Tags）
+
+- Key	Value
+- Project	Cloud-Neutra
+- OS	Ubuntu 22.04 / Ubuntu 24.04
+- Edition	base / container / k3s / sealos / sealos-gpu
+- Architecture	amd64 / arm64
+- Role	Golden-Image
+
+这些标签用于：
+
+GitHub Actions Retention 策略过滤
+
+Terraform AMI 检索
+多 Region 管理
+生产审计与溯源
+
+## 2 . Directory Layout
+
+```
+packer/
+  templates/
+    base/
+      ubuntu-2204-base.pkr.hcl
+      ubuntu-2404-base.pkr.hcl
+    container/
+      ubuntu-2204-container.pkr.hcl
+      ubuntu-2404-container.pkr.hcl
+    k3s/
+      ubuntu-2204-k3s.pkr.hcl
+      ubuntu-2404-k3s.pkr.hcl
+    sealos/
+      ubuntu-2204-sealos.pkr.hcl
+      ubuntu-2404-sealos.pkr.hcl
+    sealos-gpu/
+      ubuntu-2204-sealos-gpu.pkr.hcl
+      ubuntu-2404-sealos-gpu.pkr.hcl
+
+  scripts/
+    base/
+      01_os_base.sh          # 开源仓库、更新系统、移除 snap / motd 等
+      02_hardening.sh        # 可选：sysctl / sshd / journald 硬化
+    flavors/
+      container.sh
+      k3s.sh
+      sealos.sh
+      sealos_gpu.sh
+    common/
+      cleanup.sh             # apt autoremove + 清理临时文件
+```
+
+模板结构说明
+
+- 每个 flavor 模板只负责：
+- 指定 Ubuntu 版本与 CPU 架构
+- 引用 base 脚本（01_os_base.sh / 02_hardening.sh）
+- 引用 flavor 脚本（如 container.sh / k3s.sh）
+- 最后引用 cleanup.sh
+
+## 3. Script Architecture
+
+Base Scripts (scripts/base/)
+
+### 01_os_base.sh
+
+启用 universe/multiverse
+dist-upgrade（禁内核升级风险）
+移除 snapd / resolvconf / landscape / MOTD-news
+安装基础工具：curl、jq、lsb-release、net-tools、iptables
+关闭 apt-daily 自动更新
+
+### 02_hardening.sh
+
+可选的系统硬化（sysctl、sshd、journald 持久化等）
+Flavor Scripts (scripts/flavors/)
+container.sh
+containerd + nerdctl 安装
+containerd config 自动生成
+k3s.sh 安装 K3s（skip-start） 运行时可作为 server 或 agent
+sealos.sh 安装 sealos CLI 依赖 containerd（可复用 container flavor）
+sealos_gpu.sh 安装 NVIDIA 驱动（可扩展到不同云平台） 安装 nvidia-container-toolkit
+
+安装 sealos
+
+Common Scripts (scripts/common/)
+cleanup.sh
+apt autoremove
+清理 apt lists
+
+清理 tmp
+
+packer build -var cpu_arch=amd64 packer/templates/container/ubuntu-2404-container.pkr.hcl
+packer build -var cpu_arch=arm64 packer/templates/k3s/ubuntu-2404-k3s.pkr.hcl
+
+
+4. GitHub Actions Pipeline
+
+Pipeline 负责：
+Packer 构建 AMI（按 edition + Ubuntu version + arch）
+AMI 复制到多 Region（如 Tokyo/HK/US-West）
+Tag AMI
+按 edition/version/arch 筛选 → 每 Region 仅保留 1 个 AMI
+输出 AMI Map JSON（供 Terraform & Dashboard 使用）
+
+支持矩阵
+edition:        base / container / k3s / sealos / sealos-gpu
+ubuntu_version: 2204 / 2404
+cpu_arch:       amd64 / arm64
+
+
+GitHub Actions 会自动组合出所有 Golden Image 变种。
+
+5. Terraform: Auto-Select Latest Golden Image
+
+模块位置：
+
+modules/cloud_neutra_ami/
+  main.tf
+  variables.tf
+  outputs.tf
+
+
+使用方式：
+
+module "cn_container_2404_amd64" {
+  source         = "../../modules/cloud_neutra_ami"
+  ubuntu_version = "2404"
+  cpu_arch       = "amd64"
+  edition        = "container"
+}
+
+
+输出：
+
+module.cn_container_2404_amd64.id   # 最新 AMI ID
+module.cn_container_2404_amd64.name # AMI 名称
+
+
+Terraform 会自动从目标 Region 检索最 新 Golden Image，即使你复制了多 Region。
+
+6. Status
+
+Cloud-Neutra Golden Image Pipeline 已具备：
+完整家族命名体系（base / container / k3s / sealos / sealos-gpu）
+双 LTS / 双架构覆盖
+完整 Packer 模板体系
+完整统一脚本（base + flavors）
+GitHub Actions 自动构建、多 Region 复制、Retention
+Terraform 自动引用最新 AMI 的可重用模块
+整个体系作为 Cloud-Neutra IAC/GitOps 的底座，可直接扩展到：
+EKS 节点（GPU/ARM）
+K3s 边缘节点
+Sealos 容器云节点
+大模型推理 GPU 节点
+通用 Container VM
+DevOps 工具链

packer/Cloud-Neutra-VMs/docs/README.md

@@ -0,0 +1,2 @@
+# Cloud-Neutra VM Project
+This directory contains documentation for building custom VM images using Packer.

packer/Cloud-Neutra-VMs/docs/environment-setup.md

@@ -0,0 +1,2 @@
+# Environment Setup
+Instructions for setting up the environment for Packer builds.

packer/Cloud-Neutra-VMs/docs/packer-templates.md

@@ -0,0 +1,2 @@
+# Packer Templates
+This document explains the Packer templates and their configuration.

packer/Cloud-Neutra-VMs/scripts/base/01_os_base.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# 强制非交互模式（解决 debconf / dpkg-preconfigure 报错）
+export DEBIAN_FRONTEND=noninteractive
+export DEBCONF_NONINTERACTIVE_SEEN=true
+
+echo "[Cloud-Neutra] OS Base Initialization"
+
+##############################################
+# Enable standard repositories
+##############################################
+sudo add-apt-repository universe -y || true
+sudo add-apt-repository multiverse -y || true
+sudo add-apt-repository restricted -y || true
+sudo sed -i 's/# deb/deb/g' /etc/apt/sources.list
+
+sudo apt-get update -y
+
+##############################################
+# Safe upgrade (no kernel updates)
+##############################################
+sudo apt-get dist-upgrade -y --no-install-recommends
+
+##############################################
+# Remove snapd
+##############################################
+if command -v snap >/dev/null 2>&1; then
+  sudo systemctl stop snapd.service || true
+fi
+
+sudo apt-get remove --purge -y snapd || true
+sudo rm -rf /var/cache/snapd/ ~/snap /snap || true
+
+##############################################
+# Remove MOTD noise and useless packages
+##############################################
+sudo apt-get remove --purge -y \
+  landscape-common \
+  update-notifier-common \
+  motd-news-config \
+  apport \
+  whoopsie || true
+
+sudo rm -rf /etc/update-motd.d/* || true
+
+##############################################
+# Add minimal essential tools
+##############################################
+sudo apt-get install -y --no-install-recommends \
+  jq curl unzip gnupg lsb-release ca-certificates \
+  software-properties-common net-tools iproute2 iptables
+
+##############################################
+# Disable auto-update timers
+##############################################
+sudo systemctl disable apt-daily.service apt-daily-upgrade.service || true
+sudo systemctl disable apt-daily.timer apt-daily-upgrade.timer || true
+
+echo "[Cloud-Neutra] Base OS setup completed."

packer/Cloud-Neutra-VMs/scripts/base/02_hardening.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# 强制非交互模式（解决 debconf / dpkg-preconfigure 报错）
+export DEBIAN_FRONTEND=noninteractive
+export DEBCONF_NONINTERACTIVE_SEEN=true
+
+echo "[Cloud-Neutra] System Hardening"
+
+##############################################
+# SSH hardening
+##############################################
+sudo sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+sudo sed -i 's/^#PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
+sudo sed -i 's/^X11Forwarding yes/X11Forwarding no/' /etc/ssh/sshd_config
+
+##############################################
+# Sysctl tuning (safe defaults)
+##############################################
+cat <<EOF | sudo tee /etc/sysctl.d/99-cloud-neutra.conf
+fs.inotify.max_user_watches=524288
+vm.swappiness=10
+net.ipv4.ip_forward=1
+net.ipv4.conf.all.rp_filter=1
+EOF
+
+sudo sysctl --system || true
+
+##############################################
+# Journald persistent logging
+##############################################
+sudo mkdir -p /var/log/journal
+sudo systemd-tmpfiles --create --prefix /var/log/journal
+
+echo "[Cloud-Neutra] Hardening complete."

packer/Cloud-Neutra-VMs/scripts/common/cleanup.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "[Cloud-Neutra] Cleanup phase"
+
+sudo apt-get autoremove -y
+sudo apt-get clean -y
+sudo rm -rf /var/lib/apt/lists/*
+sudo rm -rf /tmp/* /var/tmp/*
+
+# Cloud images best practice
+sudo truncate -s 0 /var/log/wtmp || true
+sudo truncate -s 0 /var/log/lastlog || true
+
+echo "[Cloud-Neutra] Cleanup complete."

packer/Cloud-Neutra-VMs/scripts/flavors/container.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "[Cloud-Neutra] Installing containerd + nerdctl"
+
+ARCH="$(uname -m)"
+NERDCTL_VERSION="2.2.0"
+
+##############################################
+# Install containerd
+##############################################
+sudo apt-get install -y containerd
+
+sudo mkdir -p /etc/containerd
+sudo containerd config default | sudo tee /etc/containerd/config.toml >/dev/null
+sudo systemctl enable containerd
+sudo systemctl restart containerd
+
+##############################################
+# Install nerdctl
+##############################################
+if [[ "$ARCH" == "x86_64" ]]; then
+  URL="https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-amd64.tar.gz"
+else
+  URL="https://github.com/containerd/nerdctl/releases/download/v${NERDCTL_VERSION}/nerdctl-${NERDCTL_VERSION}-linux-arm64.tar.gz"
+fi
+
+curl -LO $URL
+tar -xzf nerdctl-*.tar.gz
+sudo mv nerdctl /usr/local/bin/nerdctl
+rm -f nerdctl-*.tar.gz
+
+echo "[Cloud-Neutra] container edition installed."

packer/Cloud-Neutra-VMs/scripts/flavors/k3s.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "[Cloud-Neutra] Installing K3s (skip start)"
+
+curl -sfL https://get.k3s.io -o install_k3s.sh
+chmod +x install_k3s.sh
+
+# Skip start (important for AMI)
+sudo INSTALL_K3S_SKIP_START=true ./install_k3s.sh
+
+sudo systemctl disable k3s || true
+
+echo "[Cloud-Neutra] K3s installed (not started)."

packer/Cloud-Neutra-VMs/scripts/flavors/sealos.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "[Cloud-Neutra] Installing Sealos"
+
+ARCH="$(uname -m)"
+VERSION="5.0.0-alpha1"
+
+if [[ "$ARCH" == "x86_64" ]]; then
+  URL="https://github.com/labring/sealos/releases/download/v${VERSION}/sealos_${VERSION}_linux_amd64.tar.gz"
+else
+  URL="https://github.com/labring/sealos/releases/download/v${VERSION}/sealos_${VERSION}_linux_arm64.tar.gz"
+fi
+
+curl -LO $URL
+tar -xzf sealos_*.tar.gz
+sudo mv sealos /usr/local/bin/
+rm -f sealos_*.tar.gz
+
+echo "[Cloud-Neutra] Sealos installed."

packer/Cloud-Neutra-VMs/scripts/flavors/sealos_gpu.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "[Cloud-Neutra] Installing Sealos GPU edition"
+
+##############################################
+# Install NVIDIA drivers (AWS/AliCloud safe)
+##############################################
+if lspci | grep -i nvidia >/dev/null 2>&1; then
+  echo "[GPU] NVIDIA GPU detected"
+  sudo apt-get install -y nvidia-driver-535
+else
+  echo "[GPU] No NVIDIA GPU detected, skip driver"
+fi
+
+##############################################
+# Install containerd (if not installed)
+##############################################
+sudo apt-get install -y containerd
+sudo containerd config default | sudo tee /etc/containerd/config.toml >/dev/null
+sudo systemctl restart containerd
+
+##############################################
+# Install NVIDIA container toolkit
+##############################################
+distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
+curl -s -L https://nvidia.github.io/libnvidia-container/gpgkey | sudo apt-key add -
+curl -s -L https://nvidia.github.io/libnvidia-container/$distribution/libnvidia-container.list \
+  | sudo tee /etc/apt/sources.list.d/libnvidia-container.list
+
+sudo apt-get update
+sudo apt-get install -y nvidia-container-toolkit
+
+sudo nvidia-ctk runtime configure --runtime=containerd
+sudo systemctl restart containerd
+
+##############################################
+# Install Sealos
+##############################################
+ARCH="$(uname -m)"
+VERSION="5.0.0-alpha1"
+
+if [[ "$ARCH" == "x86_64" ]]; then
+  URL="https://github.com/labring/sealos/releases/download/v${VERSION}/sealos_${VERSION}_linux_amd64.tar.gz"
+else
+  URL="https://github.com/labring/sealos/releases/download/v${VERSION}/sealos_${VERSION}_linux_arm64.tar.gz"
+fi
+
+curl -LO "$URL"
+tar -xzf sealos_*.tar.gz
+sudo mv sealos /usr/local/bin/
+rm -f sealos_*.tar.gz
+
+echo "[Cloud-Neutra] Sealos GPU edition installed."

packer/Cloud-Neutra-VMs/templates/common/ubuntu-2204-aws-builder.pkr.hcl

@@ -0,0 +1,124 @@
+###############################################################
+# Cloud-Neutra AWS AMI Builder (Multi-Arch / Multi-LTS)
+# This file is the COMMON builder template inherited by:
+#   base / container / k3s / sealos / sealos-gpu
+###############################################################
+
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.2.8"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+###############################################################
+# Input Variables
+###############################################################
+variable "cpu_arch" {
+  type        = string
+  description = "CPU architecture (amd64 or arm64)"
+  default     = "amd64"
+}
+
+###############################################################
+# Locals — override `edition` / `ubuntu_version` in edition-specific template
+###############################################################
+
+locals {
+  edition        = lookup(var, "edition", "container")
+  ubuntu_version = lookup(var, "ubuntu_version", "2204")
+
+  arch_map = {
+    amd64 = "amd64"
+    arm64 = "arm64"
+  }
+
+  ubuntu_codename = lookup(
+    {
+      "2204" = "jammy"
+      "2404" = "noble"
+    },
+    local.ubuntu_version,
+    "unknown"
+  )
+
+  ubuntu_version_dot = lookup(
+    {
+      "2204" = "22.04"
+      "2404" = "24.04"
+    },
+    local.ubuntu_version,
+    "unknown"
+  )
+}
+
+###############################################################
+# AMI Builder
+###############################################################
+source "amazon-ebs" "this" {
+  region = "ap-northeast-1"
+
+  # Arm = t4g, AMD64 = t3
+  instance_type = var.cpu_arch == "arm64" ? "t4g.micro" : "t3.micro"
+
+  ami_name        = "Cloud-Neutra-${local.edition}-VM-${local.ubuntu_version}-${var.cpu_arch}-{{timestamp}}"
+  ami_description = "Cloud-Neutra ${local.edition} image Ubuntu ${local.ubuntu_version} ${var.cpu_arch}"
+  ssh_username    = "ubuntu"
+
+  ###############################################################
+  # Official Ubuntu AMI Filter (AWS official image name pattern)
+  #
+  # Example name pattern:
+  # ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20240229
+  ###############################################################
+  source_ami_filter {
+    filters = {
+      name = "ubuntu/images/*ubuntu-${local.ubuntu_codename}-${local.ubuntu_version_dot}-${local.arch_map[var.cpu_arch]}-server-*"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["099720109477"] # Canonical
+  }
+
+  ###############################################################
+  # Tags
+  ###############################################################
+  tags = {
+    Project      = "Cloud-Neutra"
+    OS           = "Ubuntu ${local.ubuntu_version}"
+    Edition      = local.edition
+    Architecture = var.cpu_arch
+    Role         = "Golden-Image"
+  }
+
+  run_tags = {
+    Name = "CN-${local.edition}-${local.ubuntu_version}-${var.cpu_arch}"
+  }
+}
+
+###############################################################
+# Build Script Pipeline (Standardized)
+###############################################################
+build {
+  name    = "Cloud-Neutra-${local.edition}-VM-${local.ubuntu_version}"
+  sources = ["source.amazon-ebs.this"]
+
+  provisioner "shell" {
+    script = "packer/scripts/base/01_os_base.sh"
+  }
+
+  provisioner "shell" {
+    script = "packer/scripts/base/02_hardening.sh"
+  }
+
+  provisioner "shell" {
+    script = "packer/scripts/flavors/${local.edition}.sh"
+  }
+
+  provisioner "shell" {
+    script = "packer/scripts/common/cleanup.sh"
+  }
+}

packer/Cloud-Neutra-VMs/templates/container/ubuntu-2204-container.pkr.hcl

@@ -0,0 +1,104 @@
+# # Packer Template for AWS - Cloud-Neutra Container VM (Ubuntu 22.04)
+
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.2.8"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+# Define the builder to create an AWS AMI
+source "amazon-ebs" "ami-ubuntu-2204" {
+  region                    = "ap-northeast-1"                          # AWS Region for the AMI
+  ami_name                  = "Cloud-Neutra-Container-VM-2204-{{timestamp}}"
+  instance_type             = "t3a.micro"                                # Instance type for AMI creation
+  source_ami_filter {
+    filters = {
+      name                = "ubuntu/images/*ubuntu-jammy-22.04-amd64-server-*"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["099720109477"]                                     # Official Ubuntu AMI owner ID
+  }
+  ami_description           = "Containerized Ubuntu 22.04 with nerdctl, containerd, and monitoring tools"
+  ssh_username              = "ubuntu"                                    # Default user for Ubuntu AMIs
+  #ssh_private_key_file      = "~/.ssh/id_rsa"                       # SSH private key to connect (GitHub Secrets)
+  run_tags                  = { "Name" = "Container-VM-2204" }
+
+  tags = {
+    "Environment"            = "Container"
+    "Project"                = "Cloud-Neutra"
+  }
+
+  # AWS specific variables for network configuration
+  subnet_id                = "subnet-0c98af564f030a473"                            # Specify subnet if needed
+  vpc_id                   = "vpc-05e6af5f2bc7eb41b"                               # Specify VPC ID if needed
+  associate_public_ip_address = true                                       # Optional for public IP
+}
+
+# Define the build block with provisioners and post-processors
+build {
+  name    = "Cloud-Neutra-Container-VM-2204"
+  sources = [
+    "source.amazon-ebs.ami-ubuntu-2204"
+  ]
+
+  # Provisioners to install and configure the system
+  provisioner "shell" {
+    inline = [
+      # Enable all standard repositories
+      "sudo add-apt-repository universe -y",
+      "sudo add-apt-repository multiverse -y",
+      "sudo add-apt-repository restricted -y",
+      "sudo sed -i 's/# deb/deb/g' /etc/apt/sources.list",
+
+      "sudo apt-get update",
+
+      # Safe upgrade without kernel/bootloader risks
+      "sudo apt-get dist-upgrade -y --no-install-recommends",
+
+      # Remove unwanted packages
+      "sudo apt-get remove --purge -y snapd resolvconf",
+      "sudo rm -rf /var/cache/snapd/",
+      "sudo rm -rf ~/snap",
+
+      # Remove MOTD spam / cloud-init noise
+      "sudo apt-get remove --purge -y landscape-common update-notifier-common motd-news-config",
+      "sudo rm -rf /etc/update-motd.d/*",
+
+      # Install required minimal tools
+      "sudo apt-get install -y --no-install-recommends jq curl unzip gnupg lsb-release software-properties-common",
+
+      # Install containerd
+      "sudo apt-get install -y containerd",
+
+      # Install nerdctl (for containerd orchestration)
+      "curl -LO https://github.com/containerd/nerdctl/releases/download/v2.2.0/nerdctl-2.2.0-linux-amd64.tar.gz",
+      "tar -xvzf nerdctl-2.2.0-linux-amd64.tar.gz",
+      "sudo mv nerdctl /usr/local/bin/nerdctl",
+
+
+      # Install monitoring tools
+
+      # Install node_exporter (Prometheus Node Exporter)
+      #"curl -s https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-amd64.tar.gz | tar xz",
+      #"sudo mv node_exporter-1.10.2.linux-amd64/node_exporter /usr/local/bin/",
+      #"sudo systemctl enable node_exporter && sudo systemctl start node_exporter",
+
+      # Install process_exporter
+      #"curl -sL https://github.com/ncabatoff/process-exporter/releases/download/v0.8.7/process-exporter-0.8.7.linux-amd64.tar.gz  | tar xz",
+      #"sudo mv process_exporter-0.8.7.linux-amd64/process_exporter /usr/local/bin/",
+      #"sudo systemctl enable process_exporter && sudo systemctl start process_exporter",
+
+      # Install Vector (log aggregation and processing)
+      #"curl -LO https://github.com/vectordotdev/vector/releases/download/v0.51.1/vector_0.51.1-1_amd64.deb",
+      #"sudo dpkg -i vector_0.51.1-1_amd64.deb",
+      #"sudo systemctl enable vector && sudo systemctl start vector"
+    ]
+  }
+}
+
+

packer/Cloud-Neutra-VMs/templates/k3s-gpu/ubuntu-2204-k3s-gpu.pkr.hcl

@@ -0,0 +1 @@
+# Cloud-Neutra-K3S-GPU-VM-2204

packer/Cloud-Neutra-VMs/templates/k3s/ubuntu-2204-k3s.pkr.hcl

@@ -0,0 +1 @@
+# Cloud-Neutra-K3S-VM-2204

packer/Cloud-Neutra-VMs/templates/sealos-gpu/ubuntu-2204-sealos-gpu.pkr.hcl

@@ -0,0 +1 @@
+# Cloud-Neutra-Sealos-GPU-VM-2204

packer/Cloud-Neutra-VMs/templates/sealos/ubuntu-2204-sealos.pkr.hcl

@@ -0,0 +1 @@
+# Cloud-Neutra-Sealos-VM-2204

packer/Cloud-Neutra-VMs/variables/azure.json

@@ -0,0 +1,6 @@
+{
+  "azure_client_id": "YOUR_AZURE_CLIENT_ID",
+  "azure_client_secret": "YOUR_AZURE_CLIENT_SECRET",
+  "azure_subscription_id": "YOUR_AZURE_SUBSCRIPTION_ID",
+  "azure_tenant_id": "YOUR_AZURE_TENANT_ID"
+}

packer/Cloud-Neutra-VMs/variables/common.json

@@ -0,0 +1,3 @@
+{
+  "common_variable": "value"
+}

packer/Cloud-Neutra-VMs/variables/gcp.json

@@ -0,0 +1,4 @@
+{
+  "gcp_project_id": "YOUR_GCP_PROJECT_ID",
+  "gcp_credentials_file": "YOUR_GCP_CREDENTIALS_FILE.json"
+}