From 98ba6d20e3c80fdc3b45b1459b1f77bb38f91df6 Mon Sep 17 00:00:00 2001 From: Dimitris Karakasilis Date: Thu, 17 Aug 2023 17:25:55 +0300 Subject: [PATCH] Create kairos-overlay-files package (#381) * Create kairos-overlay-files package as part of: https://github.com/kairos-io/kairos/issues/1726 Signed-off-by: Dimitris Karakasilis * Start from version 1.0.0 for the new package Signed-off-by: Dimitris Karakasilis --------- Signed-off-by: Dimitris Karakasilis --- .../bundles/kairos-overlay-files/build.yaml | 3 + .../kairos-overlay-files/collection.yaml | 4 + .../files/etc/bash.bashrc.local | 5 + .../files/etc/default/console-setup | 7 + .../files/etc/issue.d/01-KAIROS | 11 + .../files/etc/kairos/branding/grubmenu.cfg | 31 +++ .../files/etc/kairos/branding/install_text | 11 + .../kairos/branding/interactive_install_text | 1 + .../files/etc/kairos/branding/recovery_text | 9 + .../files/etc/kairos/branding/reset_text | 6 + .../files/etc/logrotate.d/kairos | 8 + .../kairos-overlay-files/files/etc/motd | 3 + .../files/etc/runlevels/.keep | 0 .../etc/systemd/system/kairos-agent.service | 10 + .../systemd/system/kairos-interactive.service | 14 ++ .../systemd/system/kairos-recovery.service | 15 ++ .../etc/systemd/system/kairos-reset.service | 13 ++ .../etc/systemd/system/kairos-webui.service | 8 + .../files/etc/systemd/system/kairos.service | 15 ++ .../files/system/oem/00_datasource.yaml | 31 +++ .../files/system/oem/00_rootfs.yaml | 193 ++++++++++++++++++ .../files/system/oem/02_agent.yaml | 11 + .../files/system/oem/02_notify.yaml | 6 + .../files/system/oem/03-setupcon.yaml | 7 + .../files/system/oem/05_network.yaml | 24 +++ .../files/system/oem/08_grub.yaml | 131 ++++++++++++ .../files/system/oem/09_services.yaml | 33 +++ .../files/system/oem/10_accounting.yaml | 55 +++++ .../files/system/oem/11_bootargs.yaml | 59 ++++++ .../files/system/oem/12_nvidia.yaml | 68 ++++++ .../files/system/oem/13_openrc_services.yaml | 71 +++++++ .../files/system/oem/21_kcrypt.yaml | 15 ++ .../files/system/oem/23_c3os.yaml | 8 + .../files/system/oem/24_sysext.yaml | 17 ++ .../files/system/oem/25_autologin.yaml | 20 ++ .../files/system/oem/26_selinux.yaml | 10 + .../files/system/oem/26_vm.yaml | 25 +++ .../files/system/oem/28_cgroups.yaml | 7 + .../files/system/oem/29_blacklist.yaml | 6 + .../files/system/oem/30_ulimit.yaml | 6 + .../files/system/oem/31_hosts.yaml | 11 + .../files/system/oem/50_recovery.yaml | 28 +++ .../files/system/oem/51_reset.yaml | 17 ++ .../files/system/oem/52_installer.yaml | 35 ++++ .../files/usr/lib/os-release.tmpl | 13 ++ .../files/usr/libexec/.keep | 0 .../files/var/log/kairos/.keep | 0 47 files changed, 1081 insertions(+) create mode 100644 packages/bundles/kairos-overlay-files/build.yaml create mode 100644 packages/bundles/kairos-overlay-files/collection.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/etc/bash.bashrc.local create mode 100644 packages/bundles/kairos-overlay-files/files/etc/default/console-setup create mode 100644 packages/bundles/kairos-overlay-files/files/etc/issue.d/01-KAIROS create mode 100644 packages/bundles/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg create mode 100644 packages/bundles/kairos-overlay-files/files/etc/kairos/branding/install_text create mode 100644 packages/bundles/kairos-overlay-files/files/etc/kairos/branding/interactive_install_text create mode 100644 packages/bundles/kairos-overlay-files/files/etc/kairos/branding/recovery_text create mode 100644 packages/bundles/kairos-overlay-files/files/etc/kairos/branding/reset_text create mode 100644 packages/bundles/kairos-overlay-files/files/etc/logrotate.d/kairos create mode 100644 packages/bundles/kairos-overlay-files/files/etc/motd create mode 100644 packages/bundles/kairos-overlay-files/files/etc/runlevels/.keep create mode 100644 packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-agent.service create mode 100644 packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-interactive.service create mode 100644 packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-recovery.service create mode 100644 packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-reset.service create mode 100644 packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-webui.service create mode 100644 packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos.service create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/00_datasource.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/00_rootfs.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/02_agent.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/02_notify.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/03-setupcon.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/05_network.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/08_grub.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/09_services.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/10_accounting.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/11_bootargs.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/12_nvidia.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/13_openrc_services.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/21_kcrypt.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/23_c3os.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/24_sysext.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/25_autologin.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/26_selinux.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/26_vm.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/28_cgroups.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/29_blacklist.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/30_ulimit.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/31_hosts.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/50_recovery.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/51_reset.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/system/oem/52_installer.yaml create mode 100644 packages/bundles/kairos-overlay-files/files/usr/lib/os-release.tmpl create mode 100644 packages/bundles/kairos-overlay-files/files/usr/libexec/.keep create mode 100644 packages/bundles/kairos-overlay-files/files/var/log/kairos/.keep diff --git a/packages/bundles/kairos-overlay-files/build.yaml b/packages/bundles/kairos-overlay-files/build.yaml new file mode 100644 index 0000000..c8914ab --- /dev/null +++ b/packages/bundles/kairos-overlay-files/build.yaml @@ -0,0 +1,3 @@ +image: alpine +steps: +- cp -rfv files/* / diff --git a/packages/bundles/kairos-overlay-files/collection.yaml b/packages/bundles/kairos-overlay-files/collection.yaml new file mode 100644 index 0000000..37f02a7 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/collection.yaml @@ -0,0 +1,4 @@ +packages: + - name: "kairos-overlay-files" + category: "bundles" + version: "1.0.0" diff --git a/packages/bundles/kairos-overlay-files/files/etc/bash.bashrc.local b/packages/bundles/kairos-overlay-files/files/etc/bash.bashrc.local new file mode 100644 index 0000000..183fd69 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/bash.bashrc.local @@ -0,0 +1,5 @@ +if [ -z "$KUBECONFIG" ]; then + if [ -e /etc/rancher/k3s/k3s.yaml ]; then + export KUBECONFIG="/etc/rancher/k3s/k3s.yaml" + fi +fi \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/default/console-setup b/packages/bundles/kairos-overlay-files/files/etc/default/console-setup new file mode 100644 index 0000000..ebe02a3 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/default/console-setup @@ -0,0 +1,7 @@ +ACTIVE_CONSOLES="/dev/tty[1-6]" +FONT="default8x16.psf.gz" +CHARMAP="UTF-8" +CODESET="guess" +FONTFACE="default" +FONTSIZE="8x16" +SCREEN_WIDTH="100" diff --git a/packages/bundles/kairos-overlay-files/files/etc/issue.d/01-KAIROS b/packages/bundles/kairos-overlay-files/files/etc/issue.d/01-KAIROS new file mode 100644 index 0000000..b9ee5f8 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/issue.d/01-KAIROS @@ -0,0 +1,11 @@ + + + + _/ _/ _/ + _/ _/ _/_/_/ _/ _/_/ _/_/ _/_/_/ + _/_/ _/ _/ _/ _/_/ _/ _/ _/_/ + _/ _/ _/ _/ _/ _/ _/ _/ _/_/ +_/ _/ _/_/_/ _/ _/ _/_/ _/_/_/ + + + \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg new file mode 100644 index 0000000..5c1b804 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg @@ -0,0 +1,31 @@ +menuentry "Kairos remote recovery" --id remoterecovery { + if search.file /cOS/recovery.squashfs ; then + set img=/cOS/recovery.squashfs + set recoverylabel=COS_RECOVERY + else + set img=/cOS/recovery.img + fi + search.fs_label COS_RECOVERY root + set label=COS_SYSTEM + loopback loop0 /$img + set root=($root) + source (loop0)/etc/cos/bootargs.cfg + linux (loop0)$kernel $kernelcmd ${extra_cmdline} ${extra_recovery_cmdline} vga=795 nomodeset kairos.remote_recovery_mode + initrd (loop0)$initramfs +} + +menuentry "Kairos state reset (auto)" --id statereset { + if search.file /cOS/recovery.squashfs ; then + set img=/cOS/recovery.squashfs + set recoverylabel=COS_RECOVERY + else + set img=/cOS/recovery.img + fi + search.fs_label COS_RECOVERY root + set label=COS_SYSTEM + loopback loop0 /$img + set root=($root) + source (loop0)/etc/cos/bootargs.cfg + linux (loop0)$kernel $kernelcmd ${extra_cmdline} ${extra_recovery_cmdline} vga=795 nomodeset kairos.reset + initrd (loop0)$initramfs +} \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/install_text b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/install_text new file mode 100644 index 0000000..1f3adb6 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/install_text @@ -0,0 +1,11 @@ +Welcome to Kairos! +P2P device installation enrollment is starting. +A QR code will be displayed below. +In another machine, run "kairos register" with the QR code visible on screen, +or "kairos register " to register the machine from a photo. +IF the qrcode is not displaying correctly, +try booting with another vga option from the boot cmdline (e.g. vga=791). + +Press any key to abort pairing. To restart run 'kairos install'. + +Starting in 5 seconds... \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/interactive_install_text b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/interactive_install_text new file mode 100644 index 0000000..37b35c1 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/interactive_install_text @@ -0,0 +1 @@ +Interactive installation. Documentation is available at https://kairos.io. \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/recovery_text b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/recovery_text new file mode 100644 index 0000000..4969c47 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/recovery_text @@ -0,0 +1,9 @@ +Welcome to kairos recovery mode! +P2P device recovery mode is starting. +A QR code with a generated network token will be displayed below that can be used to connect +over with "kairos bridge --qr-code-image /path/to/image.jpg" from another machine, +further instruction will appear on the bridge CLI to connect over via SSH. +IF the qrcode is not displaying correctly, +try booting with another vga option from the boot cmdline (e.g. vga=791). + +Press any key to abort recovery. To restart the process run 'kairos recovery'. \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/reset_text b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/reset_text new file mode 100644 index 0000000..11a18a8 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/kairos/branding/reset_text @@ -0,0 +1,6 @@ +Welcome to kairos! +The node will automatically reset its state in a few. + +Press any key to abort this process. To restart run 'kairos reset'. + +Starting in 60 seconds... \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/logrotate.d/kairos b/packages/bundles/kairos-overlay-files/files/etc/logrotate.d/kairos new file mode 100644 index 0000000..6bd3003 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/logrotate.d/kairos @@ -0,0 +1,8 @@ +/var/log/kairos/*.log { + create + daily + compress + copytruncate + missingok + rotate 3 +} \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/etc/motd b/packages/bundles/kairos-overlay-files/files/etc/motd new file mode 100644 index 0000000..81924ff --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/motd @@ -0,0 +1,3 @@ +Welcome to Kairos! + +Refer to https://kairos.io for documentation. diff --git a/packages/bundles/kairos-overlay-files/files/etc/runlevels/.keep b/packages/bundles/kairos-overlay-files/files/etc/runlevels/.keep new file mode 100644 index 0000000..e69de29 diff --git a/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-agent.service b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-agent.service new file mode 100644 index 0000000..fbaec01 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-agent.service @@ -0,0 +1,10 @@ +[Unit] +Description=kairos agent +After=cos-setup-network.service +Wants=network.target +[Service] +Restart=on-failure +RestartSec=5s +ExecStart=/usr/bin/kairos-agent start +[Install] +WantedBy=multi-user.target diff --git a/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-interactive.service b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-interactive.service new file mode 100644 index 0000000..6302035 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-interactive.service @@ -0,0 +1,14 @@ +[Unit] +Description=kairos interactive-installer +After=sysinit.target +[Service] +Type=oneshot +StandardInput=tty +StandardOutput=tty +LimitNOFILE=49152 +ExecStartPre=-/bin/sh -c "dmesg -D" +TTYPath=/dev/tty1 +RemainAfterExit=yes +ExecStart=/usr/bin/kairos-agent interactive-install --shell +[Install] +WantedBy=multi-user.target diff --git a/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-recovery.service b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-recovery.service new file mode 100644 index 0000000..0c9cc2c --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-recovery.service @@ -0,0 +1,15 @@ +[Unit] +Description=kairos recovery +After=sysinit.target +[Service] +Type=oneshot +StandardInput=tty +StandardOutput=tty +LimitNOFILE=49152 +ExecStartPre=-/bin/sh -c "dmesg -D" +ExecStartPre=-/bin/sh -c "sysctl -w net.core.rmem_max=2500000" +TTYPath=/dev/tty1 +RemainAfterExit=yes +ExecStart=/usr/bin/kairos-agent recovery +[Install] +WantedBy=multi-user.target diff --git a/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-reset.service b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-reset.service new file mode 100644 index 0000000..0d7888f --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-reset.service @@ -0,0 +1,13 @@ +[Unit] +Description=kairos reset +After=sysinit.target +[Service] +Type=oneshot +StandardInput=tty +StandardOutput=tty +LimitNOFILE=49152 +TTYPath=/dev/tty1 +RemainAfterExit=yes +ExecStart=/usr/bin/kairos-agent reset +[Install] +WantedBy=multi-user.target diff --git a/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-webui.service b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-webui.service new file mode 100644 index 0000000..23f0f99 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-webui.service @@ -0,0 +1,8 @@ +[Unit] +Description=kairos installer +After=sysinit.target +[Service] +ExecStart=/usr/bin/kairos-agent webui +TimeoutStopSec=10s +[Install] +WantedBy=multi-user.target diff --git a/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos.service b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos.service new file mode 100644 index 0000000..f440582 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos.service @@ -0,0 +1,15 @@ +[Unit] +Description=kairos installer +After=sysinit.target +[Service] +Type=oneshot +StandardInput=tty +StandardOutput=tty +LimitNOFILE=49152 +ExecStartPre=-/bin/sh -c "dmesg -D" +TTYPath=/dev/tty1 +RemainAfterExit=yes +ExecStart=/usr/bin/kairos-agent install +TimeoutStopSec=10s +[Install] +WantedBy=multi-user.target diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/00_datasource.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/00_datasource.yaml new file mode 100644 index 0000000..d87edc4 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/00_datasource.yaml @@ -0,0 +1,31 @@ +name: "Datasource handling" +stages: + rootfs.before: + - &datasource + if: '[ ! -f /oem/userdata ]' + name: "Pull data from provider" + datasource: + providers: ["cdrom", "gcp", "openstack", "aws", "azure", "hetzner", "packet", "vultr", "digitalocean", "metaldata"] + path: "/oem" + - if: '[ ! -f /oem/userdata ]' + name: "Sentinel file for userdata" + files: + - path: /run/.userdata_load + initramfs.before: + - <<: *datasource + - if: '[ ! -f /oem/userdata ]' + files: + - path: /run/.userdata_load + # After network, if no datasource could be pulled, we stop trying + network: + - <<: *datasource + - if: '[ -f /oem/userdata ] && [ -f /run/.userdata_load ]' + name: "Run stages if userdata is found" + commands: + - kairos-agent run-stage initramfs + - kairos-agent run-stage boot + - rm -rf /run/.userdata_load + - if: '[ ! -f /oem/userdata ] && [ -f /run/.userdata_load ]' + name: "Remove userdata sentinel" + commands: + - rm -rf /run/.userdata_load diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/00_rootfs.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/00_rootfs.yaml new file mode 100644 index 0000000..430aa96 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/00_rootfs.yaml @@ -0,0 +1,193 @@ +# Rootfs Kairos OEM configuration file +# +# This file is part of Kairos and will get reset during upgrades. +# +# Before you change this file manually, +# consider copying this file to /usr/local/cloud-config or +# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml +name: "Rootfs Layout Settings" +stages: + rootfs: + - name: "Mount BPF on Alpine systems" + if: '[ ! -e "/sbin/systemctl" ] && [ ! -e "/usr/bin/systemctl" ] && [ ! -e "/usr/sbin/systemctl" ] && [ ! -e "/usr/bin/systemctl" ]' + commands: + - mount bpffs -o rw,nosuid,nodev,noexec,relatime,mode=700 /sys/fs/bpf -t bpf + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -e "/run/cos/uki_mode" ]' + name: "Layout configuration for active/passive mode" + environment_file: /run/cos/cos-layout.env + environment: + VOLUMES: "LABEL=COS_PERSISTENT:/usr/local" + OVERLAY: "tmpfs:25%" + RW_PATHS: "/var /etc /srv" + PERSISTENT_STATE_PATHS: >- + /etc/systemd + /etc/modprobe.d + /etc/rancher + /etc/sysconfig + /etc/runlevels + /etc/ssh + /etc/ssl/certs + /etc/iscsi + /etc/zfs + /etc/cni + /etc/kubernetes + /home + /opt + /root + /snap + /var/snap + /usr/libexec + /var/log + /var/lib/containerd + /var/lib/rancher + /var/lib/kubelet + /var/lib/snapd + /var/lib/wicked + /var/lib/longhorn + /var/lib/cni + /var/lib/dbus + /usr/share/pki/trust + /usr/share/pki/trust/anchors + /var/lib/ca-certificates + PERSISTENT_STATE_BIND: "true" + - if: '[ -f "/run/cos/recovery_mode" ]' + # omit the persistent partition on recovery mode + name: "Layout configuration for recovery mode" + environment_file: /run/cos/cos-layout.env + environment: + OVERLAY: "tmpfs:25%" + - if: grep -q "kairos.boot_live_mode" /proc/cmdline + name: "Layout configuration for booting local node from livecd" + environment_file: /run/cos/cos-layout.env + environment: + VOLUMES: "LABEL=COS_PERSISTENT:/usr/local" + OVERLAY: "tmpfs:25%" + RW_PATHS: "/var /etc /srv" + PERSISTENT_STATE_PATHS: >- + /etc/systemd + /etc/modprobe.d + /etc/rancher + /etc/sysconfig + /etc/runlevels + /etc/ssh + /etc/ssl/certs + /etc/iscsi + /etc/cni + /etc/kubernetes + /home + /opt + /root + /snap + /var/snap + /usr/libexec + /var/log + /var/lib/containerd + /var/lib/rancher + /var/lib/kubelet + /var/lib/snapd + /var/lib/wicked + /var/lib/longhorn + /var/lib/cni + /usr/share/pki/trust + /usr/share/pki/trust/anchors + /var/lib/ca-certificates + PERSISTENT_STATE_BIND: "true" + - if: '[ -e "/run/cos/uki_mode" ]' + # omit the persistent partition on uki mode + # And mount all persistent mounts under the overlay + name: "Layout configuration for UKI" + environment_file: /run/cos/cos-layout.env + environment: + RW_PATHS: "/var /etc /srv /usr" + OVERLAY: "tmpfs:25%" + PERSISTENT_STATE_PATHS: >- + /var + /etc + /etc/systemd + /etc/modprobe.d + /etc/rancher + /etc/sysconfig + /etc/runlevels + /etc/ssh + /etc/ssl/certs + /etc/iscsi + /etc/cni + /etc/kubernetes + /home + /opt + /root + /var/snap + /usr/libexec + /var/log + /var/lib/containerd + /var/lib/rancher + /var/lib/kubelet + /var/lib/snapd + /var/lib/wicked + /var/lib/longhorn + /var/lib/cni + /usr/share/pki/trust + /usr/share/pki/trust/anchors + /var/lib/ca-certificates + rootfs.after: + - if: '[ -r /run/cos/custom-layout.env ] && [ ! -f "/run/cos/recovery_mode" ] && [ ! -f /run/cos/live_mode ]' + name: "add custom bind and ephemeral mounts to /run/cos/cos-layout.env" + commands: + - | + source /run/cos/cos-layout.env + source /run/cos/custom-layout.env + PERSISTENT_STATE_PATHS="${PERSISTENT_STATE_PATHS} ${CUSTOM_BIND_MOUNTS} " + RW_PATHS="${RW_PATHS} ${CUSTOM_EPHEMERAL_MOUNTS}" + # Remove the existing lines that we are gonna rewrite + sed -i "/RW_PATHS/d" /run/cos/cos-layout.env + sed -i "/PERSISTENT_STATE_PATHS/d" /run/cos/cos-layout.env + # Add the new lines + echo "# rw paths with user bind mounts" >> /run/cos/cos-layout.env + echo RW_PATHS=\"${RW_PATHS}\" >> /run/cos/cos-layout.env + echo "# persistent state paths with user ephemeral mounts" >> /run/cos/cos-layout.env + echo PERSISTENT_STATE_PATHS=\"${PERSISTENT_STATE_PATHS}\" >> /run/cos/cos-layout.env + - if: '[ ! -f /run/cos/recovery_mode ] && [ ! -f /run/cos/live_mode ]' + name: "Grow persistent" + layout: + device: + label: COS_PERSISTENT + expand_partition: + # Size 0 is required to specify all remaining space + size: 0 + initramfs: + - name: "Create journalctl /var/log/journal dir" + if: '[ -e "/sbin/systemctl" ] || [ -e "/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]' + directories: + - path: /var/log/journal + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ -s /usr/local/etc/machine-id ]' + name: "Restore /etc/machine-id for systemd systems" + commands: + - cat /usr/local/etc/machine-id > /etc/machine-id + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ -s /var/lib/dbus/machine-id ] && [ -f "/sbin/openrc" ]' + name: "Restore /etc/machine-id for openrc systems" + commands: + - cat /var/lib/dbus/machine-id > /etc/machine-id + fs: + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -s /usr/local/etc/machine-id ] ' + name: "Save /etc/machine-id for systemd systems" + commands: + - | + mkdir -p /usr/local/etc + cp /etc/machine-id /usr/local/etc + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -s /var/lib/dbus/machine-id ] && [ -f "/sbin/openrc" ]' + name: "Save /etc/machine-id for openrc systems" + commands: + - | + mkdir -p /var/lib/dbus/ + cp /etc/machine-id /var/lib/dbus/ + fs.after: + - if: "[ ! -d /usr/local/cloud-config ]" + name: "Ensure /usr/local/cloud-config exists" + commands: + - mkdir /usr/local/cloud-config + - chmod 600 /usr/local/cloud-config + boot.before: + - name: "Mount tmp on alpine" + if: "[[ $(kairos-agent state get kairos.flavor) =~ ^alpine ]]" + commands: + - mount --make-rshared / diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/02_agent.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/02_agent.yaml new file mode 100644 index 0000000..652ab34 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/02_agent.yaml @@ -0,0 +1,11 @@ +name: "Start agent" +stages: + boot: + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ -d "/usr/share/systemd" ]' + commands: + - systemctl start kairos-agent + - systemctl enable kairos-agent + initramfs: + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ -d "/usr/share/systemd" ]' + commands: + - systemctl enable kairos-agent diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/02_notify.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/02_notify.yaml new file mode 100644 index 0000000..467d535 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/02_notify.yaml @@ -0,0 +1,6 @@ +name: "Notify Kairos Plugins of Elemental Events" +stages: + initramfs: + - if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -f "/run/cos/live_mode" ]' + commands: + - kairos-agent notify agent.boot diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/03-setupcon.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/03-setupcon.yaml new file mode 100644 index 0000000..09cf2e0 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/03-setupcon.yaml @@ -0,0 +1,7 @@ +name: "Fonts fix for ubuntu" +stages: + initramfs.after: + - if: "[[ $(kairos-agent state get kairos.flavor) =~ ^ubuntu ]]" + name: "setupcon initramfs.after ubuntu" + commands: + - setupcon diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/05_network.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/05_network.yaml new file mode 100644 index 0000000..2093d10 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/05_network.yaml @@ -0,0 +1,24 @@ +name: "Default network configuration" +stages: + initramfs: + - name: "Disable NetworkManager and wicked" + if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]' + systemctl: + disable: + - NetworkManager + - wicked + - name: "Enable systemd-network and systemd-resolved" + if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]' + systemctl: + enable: + - systemd-networkd + - systemd-resolved + - name: "Link /etc/resolv.conf to systemd resolv.conf" + if: '([ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]) && [ -f /etc/hosts ]' + commands: + - rm /etc/resolv.conf + - ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf +# dns: +# path: /etc/resolv.conf +# nameservers: +# - 8.8.8.8 diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/08_grub.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/08_grub.yaml new file mode 100644 index 0000000..1caf5a2 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/08_grub.yaml @@ -0,0 +1,131 @@ +# Rootfs Kairos OEM configuration file +# +# This file is part of Kairos and will get reset during upgrades. + +# The boot assessment works in this way: +# - After we upgrade, we set a grub env sentinel variable indicating that we did run an upgrade +# - At the first boot, if we did an upgrade, we set another sentinel variable, which indicates we are trying to boot +# - If we boot fine, we remove both sentinels +# - If we get back again at the GRUB menu, a failure must have occurred and we select the fallback entry, creating also +# sentinels files and a specific cmdline option indicating we failed booting after an upgrade + +name: "Boot assessment and branding" +stages: + boot.before: + # Remove any grub sentinel and add + # System sentinel to /run to indicate if we are booting after a failed upgrade. + # This needs to run only on the active partition. + # To note, we could similarly enable boot assessment always, also besides upgrades. + # In this case it is enough to reset only boot_assessment_tentative here, and set + # enable_boot_assessment to 'yes'. + # This can be then customized easily by having a cloud-config file which always enables boot assessment on + # the boot stage. + - name: "Remove GRUB sentinels" + if: | + cat /proc/cmdline | grep -q "active.img" + commands: + - | + mount -o rw,remount /run/initramfs/cos-state + grub2-editenv /run/initramfs/cos-state/boot_assessment set enable_boot_assessment= + grub2-editenv /run/initramfs/cos-state/boot_assessment set boot_assessment_tentative= + mount -o ro,remount /run/initramfs/cos-state + - name: "Create upgrade failure sentinel if necessary" + if: | + cat /proc/cmdline | grep -q "upgrade_failure" + files: + - path: /run/cos/upgrade_failure + content: "1" + permissions: 0600 + owner: 0 + group: 0 + after-install: + # After install, reset, and upgrade, we install additional GRUB configuration for boot assessment into COS_STATE. + # We also add any branding that exists + + - &statemount + name: "Mount state" + commands: + - | + STATEDIR=/tmp/mnt/STATE + STATE=$(blkid -L COS_STATE || true) + mkdir -p $STATEDIR || true + mount ${STATE} $STATEDIR + # Here we hook the boot assessment configuration to 'grubcustom' + # we do that selectively in order to just "append" eventual other configuration provided. + # XXX: maybe we should just write to /grubcustom and override any other custom grub? + - &customhook + name: "Hook boot assessment grub configuration" + if: | + ! grep -q "grub_boot_assessment" /tmp/mnt/STATE/grubcustom + commands: + - | + cat << 'EOF' >> /tmp/mnt/STATE/grubcustom + set bootfile="/grub_boot_assessment" + search --no-floppy --file --set=bootfile_loc "${bootfile}" + if [ "${bootfile_loc}" ]; then + source "(${bootfile_loc})${bootfile}" + fi + EOF + # Overrides the active cmdline by adding "rd.emergency=reboot", "rd.shell=0" and "panic=5" + # so that any failure in booting initramfs or kernel loading results in a reboot. + # It loads then the boot assessment environment and overrides default boot target if + # a boot failure is detected. + # A boot is considered failed when both sentinel are present ( upgrade triggered, tentative ). + # The tentative sentinel is set after an upgrade was triggered. + # This configuration is separated so it can be tracked separately from the install hook + - &bootgrub + name: "Add boot assessment grub configuration" + files: + - path: "/tmp/mnt/STATE/grub_boot_assessment" + owner: 0 + group: 0 + permsisions: 0600 + content: | + set extra_active_cmdline="rd.emergency=reboot rd.shell=0 panic=5 systemd.crash_reboot systemd.crash_shell=0" + set boot_assessment="/boot_assessment" + search --no-floppy --file --set=boot_assessment_blk "${boot_assessment}" + if [ "${boot_assessment_blk}" ]; then + load_env -f "(${boot_assessment_blk})${boot_assessment}" + fi + if [ "${enable_boot_assessment}" = "yes" -o "${enable_boot_assessment_always}" = "yes" ]; then + if [ -z "${selected_entry}" ]; then + if [ "${boot_assessment_tentative}" = "yes" ]; then + set default="fallback" + set extra_passive_cmdline="upgrade_failure" + else + set boot_assessment_tentative="yes" + save_env -f "(${boot_assessment_blk})${boot_assessment}" boot_assessment_tentative + fi + fi + fi + - &grubinstall + name: "Grub branding" + if: '[ -e "/etc/kairos/branding/grubmenu.cfg" ]' + commands: + - cp -rfv /etc/kairos/branding/grubmenu.cfg /tmp/mnt/STATE/grubmenu + - &stateumount + name: "umount state" + commands: + - umount /tmp/mnt/STATE + + # Here we do enable boot assessment for the next bootup. + # Similarly, we could trigger boot assessment in other cases + after-upgrade: + - <<: *statemount + - name: "Set upgrade sentinel" + commands: + - | + grub2-editenv /tmp/mnt/STATE/boot_assessment set enable_boot_assessment=yes + # We do re-install hooks here if needed to track upgrades of boot assessment + - <<: *customhook + - <<: *grubinstall + - <<: *bootgrub + - <<: *stateumount + + after-reset: + - <<: *statemount + # Reset completely restores COS_STATE, so we re-inject ourselves + - <<: *customhook + - <<: *grubinstall + - <<: *bootgrub + - <<: *stateumount diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/09_services.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/09_services.yaml new file mode 100644 index 0000000..a6a0507 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/09_services.yaml @@ -0,0 +1,33 @@ +# Rootfs Kairos OEM configuration file +# +# This file is part of Kairos and will get reset during upgrades. + +name: "Default config" +stages: + boot: + - name: "Default sysctl settings" + sysctl: + net.core.rmem_max: 2500000 + vm.max_map_count: 262144 + initramfs: + - name: "Default systemd config" + if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]' + systemctl: + enable: + - multi-user.target + - getty@tty1 + - iscsid + - systemd-timesyncd + - nohang + - nohang-desktop + - fail2ban + - logrotate.timer + - sshd + mask: + - purge-kernels + commands: + - systemctl set-default multi-user.target + - name: "Generate host keys" + # Make sure the host always has available keys + commands: + - ssh-keygen -A diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/10_accounting.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/10_accounting.yaml new file mode 100644 index 0000000..4ac0f7e --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/10_accounting.yaml @@ -0,0 +1,55 @@ +name: "Default user, permissions and serial login" +stages: + initramfs: + - name: "Setup groups" + ensure_entities: + - entity: | + kind: "group" + group_name: "admin" + password: "x" + gid: 900 + - name: "Setup users" + users: + kairos: + passwd: "!" + shell: /bin/bash + homedir: "/home/kairos" + groups: + - "admin" + - name: "Set user password if running in live or uki" + if: "[ -e /run/cos/live_mode ] || [ -e /run/cos/uki_mode ]" + users: + kairos: + passwd: "kairos" + - name: "Setup sudo" + files: + - path: "/etc/sudoers" + owner: 0 + group: 0 + permsisions: 0600 + content: | + Defaults always_set_home + Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/usr/local/sbin" + Defaults env_reset + Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" + Defaults !insults + root ALL=(ALL) ALL + %admin ALL=(ALL) NOPASSWD: ALL + #includedir /etc/sudoers.d + commands: + - passwd -l root + - name: "Ensure runtime permission" + if: '[ -e "/oem" ]' + commands: + - chown -R root:admin /oem + - chmod 770 /oem + - name: "Ensure runtime permission" + if: '[ -e "/usr/local/cloud-config" ]' + commands: + - chown -R root:admin /usr/local/cloud-config + - chmod 770 /usr/local/cloud-config + - name: "Enable serial login for alpine" # https://wiki.alpinelinux.org/wiki/Enable_Serial_Console_on_Boot + if: '[ -e /sbin/rc-service ]' + commands: + - sed -i -e 's/ttyS0.*//g' /etc/inittab + - echo "ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/11_bootargs.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/11_bootargs.yaml new file mode 100644 index 0000000..a8b431b --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/11_bootargs.yaml @@ -0,0 +1,59 @@ +name: "Creation of bootargs.cfg file" +stages: + after-install: + - &createfile + name: "Install bootargs.cfg file" + commands: + - | + export COMMON_RECOVERY_OPTS="console=tty1 root=live:LABEL=\$recoverylabel rd.live.dir=/ rd.live.squashimg=\$img panic=5" + export COMMON_OPTS="console=tty1 root=LABEL=\$label cos-img/filename=\$img panic=5 rd.cos.oemlabel=COS_OEM" + + # Model based options: + # Raspberry + if [ -f "/sys/firmware/devicetree/base/model" ] && grep Raspberry "/sys/firmware/devicetree/base/model"; then + COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS console=ttyS0,115200 net.ifnames=1 modprobe.blacklist=vc4 rd.cos.oemtimeout=10" + COMMON_OPTS="$COMMON_OPTS console=ttyS0,115200 net.ifnames=1 security=selinux selinux=1 modprobe.blacklist=vc4 rd.cos.oemtimeout=10" + # Nvidia + # TODO: Test this out on an nvidia board. Does that file even exist? + elif [ -f "/sys/firmware/devicetree/base/model" ] && grep -i nvidia "/sys/firmware/devicetree/base/model"; then + COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS console=ttyTCU0,115200 security=selinux selinux=1 net.ifnames=1 rd.cos.oemtimeout=10" + COMMON_OPTS="$COMMON_OPTS console=ttyTCU0,115200 net.ifnames=1 security=selinux selinux=1 rd.cos.oemtimeout=10" + # All other cases + else + COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS console=ttyS0 rd.cos.oemlabel=COS_OEM" + COMMON_OPTS="$COMMON_OPTS console=ttyS0 net.ifnames=1" + fi + + # OS based options: + if $(grep -i -E '(fedora|almalinux|rockylinux)' /etc/os-release); then + COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS selinux=0" + # NOTE: This may conflict with model settings above! + COMMON_OPTS="$COMMON_OPTS selinux=0" + elif $(grep -i -E '(debian|ubuntu)' /etc/os-release); then + COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS" + COMMON_OPTS="$COMMON_OPTS security=selinux selinux=1 rd.neednet=0 vga=795" + else + COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS net.ifnames=1" + COMMON_OPTS="$COMMON_OPTS rd.emergency=reboot rd.shell=0 security=selinux selinux=1 fsck.mode=force fsck.repair=yes systemd.crash_reboot=yes" + fi + + cat << EOF > /etc/cos/bootargs.cfg + set kernel=/boot/vmlinuz + if [ -n "\$recoverylabel" ]; then + # Boot arguments when the image is used as recovery + set kernelcmd="$COMMON_RECOVERY_OPTS" + else + # Boot arguments when the image is used as active/passive + set kernelcmd="$COMMON_OPTS" + fi + + set initramfs=/boot/initrd + + EOF + + chmod 0600 /etc/cos/bootargs.cfg + + after-upgrade: + - <<: *createfile + after-reset: + - <<: *createfile diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/12_nvidia.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/12_nvidia.yaml new file mode 100644 index 0000000..47d9e7d --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/12_nvidia.yaml @@ -0,0 +1,68 @@ +name: "Nvidia jetson specific files" +stages: + after-install: + - &createfiles + name: "Create files" + if: | + [ -f "/sys/firmware/devicetree/base/model" ] && grep -i nvidia "/sys/firmware/devicetree/base/model" + files: + - path: /etc/dracut.conf.d/iscsi.conf + content: | + omit_dracutmodules+=" iscsi " + permissions: 0600 + owner: 0 + group: 0 + # TODO: This is no longer read. This should be moved to cloud-init file. + - path: /etc/elemental/config.yaml + content: | + cosign: false + verify: false + install: + grub-entry-name: "Kairos" + system: + size: 4500 + recovery-system: + size: 4500 + upgrade: + grub-entry-name: "Kairos" + recovery-system: + size: 4500 + system: + size: 4500 + reset: + grub-entry-name: "Kairos" + system: + size: 4500 + cloud-init-paths: + - /run/initramfs/cos-state + # - /run/initramfs/live + permissions: 0600 + owner: 0 + group: 0 + - path: /system/oem/mount.yaml + content: | + ## TODO: this is a workaround + ## The orin packages are writing to /usr/local, which is mounted to COS_PERSISTENT. + ## We probably should run this in immucore, overlaying the /usr/local of the image to COS_PERSISTENT. + ## For the time being, doing it in the cloud configs. + # + ### Note: This have the consequences of everything stored inside /usr/local to go inside the "local" directory inside the partition. + ### Usually this is not the case as there is no need of subtrees, but due to how overlayfs work the workdir and uppermount needs to be in the same filesystem. + stages: + initramfs.before: + - commands: + - umount /usr/local + - | + mkdir -p /run/mount/persistent && \ + mount /dev/disk/by-label/COS_PERSISTENT /run/mount/persistent && \ + mkdir -p /run/mount/persistent/work /run/mount/persistent/local && \ + mount -t overlay \ + -o lowerdir=/usr/local,upperdir=/run/mount/persistent/local,workdir=/run/mount/persistent/work \ + /usr/local + permissions: 0600 + owner: 0 + group: 0 + after-upgrade: + - <<: *createfiles + after-reset: + - <<: *createfiles diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/13_openrc_services.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/13_openrc_services.yaml new file mode 100644 index 0000000..9f0d4d4 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/13_openrc_services.yaml @@ -0,0 +1,71 @@ +name: "Create openrc services" +stages: + after-install: + - &createfiles + name: "Create files" + if: | + grep -i alpine "/etc/os-release" + files: + - path: /etc/init.d/kairos-agent + content: | + #!/sbin/openrc-run + + depend() { + provide kairos-agent + after cos-setup-network + use net + } + + start() { + kairos-agent start + eend $? + } + permissions: 0600 + owner: 0 + group: 0 + - path: /etc/init.d/kairos-webui + content: | + #!/sbin/openrc-run + + depend() { + provide kairos-webui + } + + supervisor=supervise-daemon + name="kairos-webui" + command="kairos-agent webui" + supervise_daemon_args="--stdout /var/log/kairos/webui.log --stderr /var/log/kairos/webui.log" + pidfile="/run/${RC_SVCNAME}.pid" + respawn_delay=5 + set -o allexport + if [ -f /etc/environment ]; then source /etc/environment; fi + set +o allexport + + permissions: 0600 + owner: 0 + group: 0 + - path: /etc/issue + content: | +  +  + + + ██╗ ██╗ █████╗ ██╗██████╗ ██████╗ ███████╗ + ██║ ██╔╝██╔══██╗██║██╔══██╗██╔═══██╗██╔════╝ + █████╔╝ ███████║██║██████╔╝██║ ██║███████╗ + ██╔═██╗ ██╔══██║██║██╔══██╗██║ ██║╚════██║ + ██║ ██╗██║ ██║██║██║ ██║╚██████╔╝███████║ + ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝ + + +  + + Welcome to kairos (login with user: kairos, password: kairos) + Kernel \r on an \m (\l) + permissions: 0600 + owner: 0 + group: 0 + after-upgrade: + - <<: *createfiles + after-reset: + - <<: *createfiles diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/21_kcrypt.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/21_kcrypt.yaml new file mode 100644 index 0000000..89ba01d --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/21_kcrypt.yaml @@ -0,0 +1,15 @@ +name: "Kcrypt" +stages: + after-upgrade: + - name: "Update plugins" + if: "[ $(kairos-agent state get oem.found) == 'true' ]" + commands: + - | + STATEDIR=/tmp/mnt/OEM + OEM=$(kairos-agent state get oem.name) + mkdir -p $STATEDIR || true + mount ${OEM} $STATEDIR + if [ -d "$STATEDIR/system/discovery" ]; then + cp -rfv /system/discovery/* $STATEDIR/system/discovery + fi + umount $STATEDIR diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/23_c3os.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/23_c3os.yaml new file mode 100644 index 0000000..6764a50 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/23_c3os.yaml @@ -0,0 +1,8 @@ +name: "c3os sentinel migration" +stages: + fs.after: + - name: "Rename sentinel dir" + if: '[ -d "/usr/local/.c3os" ]' + commands: + - | + mv /usr/local/.c3os /usr/local/.kairos diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/24_sysext.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/24_sysext.yaml new file mode 100644 index 0000000..141aaea --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/24_sysext.yaml @@ -0,0 +1,17 @@ +name: "sysext" +stages: + fs.after: + - name: "Default sysext extensions dirs" + if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]' + directories: + - path: /etc/extensions + - path: /run/extensions + - path: /var/lib/extensions + - path: /usr/lib/extensions + - path: /usr/local/lib/extensions + initramfs: + - name: "systemd-sysext initramfs settings" + if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]' + systemctl: + enable: + - systemd-sysext diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/25_autologin.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/25_autologin.yaml new file mode 100644 index 0000000..2717027 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/25_autologin.yaml @@ -0,0 +1,20 @@ +name: "Root autologin" +stages: + initramfs: + - if: | + [ ! $(cat /proc/cmdline | grep -q "interactive-install") ] && \ + [ -f /run/cos/live_mode ] && \ + ( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] ) + files: + - path: /etc/systemd/system/serial-getty@ttyS0.service.d/override.conf + content: | + [Service] + ExecStart= + ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM + permissions: 0644 + - path: /etc/systemd/system/getty@tty1.service.d/override.conf + content: | + [Service] + ExecStart= + ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM + permissions: 0644 diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/26_selinux.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/26_selinux.yaml new file mode 100644 index 0000000..1b42326 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/26_selinux.yaml @@ -0,0 +1,10 @@ +name: "SELinux" +stages: + initramfs: + - name: "Relabelling" + if: | + cat /proc/cmdline | grep "selinux=1" + commands: + - | + load_policy -i + restorecon -R -i -v /etc /root /opt /srv /var /home /usr/local /oem diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/26_vm.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/26_vm.yaml new file mode 100644 index 0000000..95b83f4 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/26_vm.yaml @@ -0,0 +1,25 @@ +name: "Enable QEMU tools" +stages: + boot: + - name: "Enable QEMU" + if: | + grep -iE "qemu|kvm|Virtual Machine" /sys/class/dmi/id/product_name && [ -e /sbin/rc-service ] + commands: + - rc-service qemu-guest-agent start + - name: "Enable QEMU" + if: | + grep -iE "qemu|kvm|Virtual Machine" /sys/class/dmi/id/product_name && \ + ( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] ) + commands: + - systemctl start qemu-guest-agent + - name: "Enable VBOX" + if: | + grep -iE "Virtualbox" /sys/class/dmi/id/product_name && [ -e /sbin/rc-service ] + commands: + - rc-service open-vm-tools start + - name: "Enable V" + if: | + grep -iE "Virtualbox" /sys/class/dmi/id/product_name && \ + ( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] ) + commands: + - systemctl start vmtoolsd diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/28_cgroups.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/28_cgroups.yaml new file mode 100644 index 0000000..d8e76d3 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/28_cgroups.yaml @@ -0,0 +1,7 @@ +stages: + initramfs.before: + - name: "Setup hybrid cgroups" + if: '[ -e /sbin/rc-service ]' + commands: + - echo 'rc_cgroup_mode="hybrid"' >> /etc/rc.conf + - echo 'rc_cgroup_controllers="cpuset cpu io memory hugetlb pids"' >> /etc/rc.conf diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/29_blacklist.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/29_blacklist.yaml new file mode 100644 index 0000000..021f9b0 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/29_blacklist.yaml @@ -0,0 +1,6 @@ +stages: + initramfs.before: + - name: "Blacklist bpfilter on Alpine ( bug: https://github.com/kairos-io/kairos/issues/277 )" + if: '[ -e /sbin/rc-service ]' + commands: + - echo "install bpfilter /bin/false" > /etc/modprobe.d/blacklist_bpfilter.conf diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/30_ulimit.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/30_ulimit.yaml new file mode 100644 index 0000000..9968341 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/30_ulimit.yaml @@ -0,0 +1,6 @@ +stages: + boot.before: + - name: "Setup higher limit for open files" + if: '[ -e /sbin/rc-service ]' + commands: + - echo 'rc_ulimit="-n 1048576"' >> /etc/rc.conf diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/31_hosts.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/31_hosts.yaml new file mode 100644 index 0000000..3cbddaa --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/31_hosts.yaml @@ -0,0 +1,11 @@ +stages: + initramfs.before: + # For debian based distributions, /etc/hosts is present but empty. This is because the file + # is populated when running the configuration. For those cases we insert a record so it can be + # manipulated later on by yip's hostname plugin + # Read more: https://wiki.debian.org/ConfigPackages + - name: "Make sure hosts file is present and includes a record for 127.0.0.1" + if: | + ! [[ -f /etc/hosts ]] || ! [[ $(grep '127.0.0.1' /etc/hosts) ]] + commands: + - echo '127.0.0.1\tlocalhost' >> /etc/hosts diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/50_recovery.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/50_recovery.yaml new file mode 100644 index 0000000..d142483 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/50_recovery.yaml @@ -0,0 +1,28 @@ +name: "Start recovery on tty1" +stages: + initramfs: + - name: "Starts kairos-recovery and generate a temporary pass" + if: | + cat /proc/cmdline | grep -q "kairos.remote_recovery_mode" + commands: + - systemctl disable getty@tty1 + - systemctl enable kairos-recovery + # Starts installer on boot in Alpine and openRC based + - name: "Starts kairos-recovery with openRC-based systems" + if: | + [ -f "/etc/inittab" ] && \ + ( cat /proc/cmdline | grep -q "kairos.remote_recovery_mode" ) + commands: + - sed -i -e 's/tty1.*//g' /etc/inittab + - echo "tty1::respawn:/usr/bin/kairos-agent recovery" >> /etc/inittab + boot: + - name: "Recovery" + if: '[ -f "/run/cos/recovery_mode" ]' + hostname: "cos-recovery" + commands: + - | + source /etc/os-release + echo >> /etc/issue + echo "You are booting from recovery mode. Run 'kairos-agent reset' to reset the system to $VERSION" >> /etc/issue + echo " or 'kairos-agent upgrade' to upgrade the active partition" >> /etc/issue + echo >> /etc/issue diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/51_reset.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/51_reset.yaml new file mode 100644 index 0000000..55700f7 --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/51_reset.yaml @@ -0,0 +1,17 @@ +name: "Start reset on tty1" +stages: + initramfs: + - name: "Starts kairos-reset" + if: | + cat /proc/cmdline | grep -q "kairos.reset" + commands: + - systemctl disable getty@tty1 + - systemctl enable kairos-reset + # Starts installer on boot in Alpine and openRC based + - name: "Starts kairos-reset with openRC-based systems" + if: | + [ -f "/etc/inittab" ] && \ + ( cat /proc/cmdline | grep -q "kairos.reset" ) + commands: + - sed -i -e 's/tty1.*//g' /etc/inittab + - echo "tty1::respawn:/usr/bin/kairos-agent reset" >> /etc/inittab diff --git a/packages/bundles/kairos-overlay-files/files/system/oem/52_installer.yaml b/packages/bundles/kairos-overlay-files/files/system/oem/52_installer.yaml new file mode 100644 index 0000000..8a4c0bd --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/system/oem/52_installer.yaml @@ -0,0 +1,35 @@ +name: "Start installer on tty1" +stages: + initramfs: + - if: | + cat /proc/cmdline | grep -q "nodepair.enable" + commands: + - systemctl disable getty@tty1 + - systemctl enable kairos + - systemctl enable kairos-webui + # Starts installer on boot in Alpine and openRC based + - if: | + cat /proc/cmdline | grep -q "nodepair.enable" + commands: + - sed -i -e 's/tty1.*//g' /etc/inittab + - echo "tty1::respawn:/usr/bin/kairos-agent install" >> /etc/inittab + - if: | + cat /proc/cmdline | grep -q "interactive-install" + commands: + - systemctl disable getty@tty1 + - systemctl enable kairos-interactive + # Starts installer on boot in Alpine and openRC based + - if: | + cat /proc/cmdline | grep -q "interactive-install" + commands: + - sed -i -e 's/tty1.*//g' /etc/inittab + - echo "tty1::respawn:/usr/bin/kairos-agent interactive-install --shell" >> /etc/inittab + boot: + - if: | + [ "$(kairos-agent state get boot)" == "livecd_boot" ] && [ -f "/sbin/openrc" ] + commands: + - rc-service kairos-webui start + - if: | + [ "$(kairos-agent state get boot)" == "livecd_boot" ] && [ -d "/usr/share/systemd" ] + commands: + - systemctl start kairos-webui diff --git a/packages/bundles/kairos-overlay-files/files/usr/lib/os-release.tmpl b/packages/bundles/kairos-overlay-files/files/usr/lib/os-release.tmpl new file mode 100644 index 0000000..15ed9ef --- /dev/null +++ b/packages/bundles/kairos-overlay-files/files/usr/lib/os-release.tmpl @@ -0,0 +1,13 @@ +KAIROS_NAME="${OS_NAME}" +KAIROS_VERSION="${OS_VERSION}" +KAIROS_ID="${OS_ID}" +KAIROS_ID_LIKE="${OS_NAME}" +KAIROS_VERSION_ID="${OS_VERSION}" +KAIROS_PRETTY_NAME="${OS_NAME} ${OS_VERSION}" +KAIROS_BUG_REPORT_URL="${BUG_REPORT_URL}" +KAIROS_HOME_URL="${HOME_URL}" +KAIROS_IMAGE_REPO="${OS_REPO}" +KAIROS_IMAGE_LABEL="${OS_LABEL}" +KAIROS_GITHUB_REPO="${GITHUB_REPO}" +KAIROS_VARIANT="${VARIANT}" +KAIROS_FLAVOR="${FLAVOR}" \ No newline at end of file diff --git a/packages/bundles/kairos-overlay-files/files/usr/libexec/.keep b/packages/bundles/kairos-overlay-files/files/usr/libexec/.keep new file mode 100644 index 0000000..e69de29 diff --git a/packages/bundles/kairos-overlay-files/files/var/log/kairos/.keep b/packages/bundles/kairos-overlay-files/files/var/log/kairos/.keep new file mode 100644 index 0000000..e69de29