kairos/packages
1
0
Fork 0
mirror of https://github.com/kairos-io/packages.git synced 2025-08-24 08:38:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create kairos-overlay-files package (#381)

Browse Source 
* Create kairos-overlay-files package

as part of: https://github.com/kairos-io/kairos/issues/1726

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>

* Start from version 1.0.0 for the new package

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>

---------

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
This commit is contained in:
Dimitris Karakasilis 2023-08-17 17:25:55 +03:00 committed by GitHub
parent 34d99f75ce
commit 98ba6d20e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
47 changed files with 1081 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/bundles/kairos-overlay-files/build.yaml Normal file
View File

@ -0,0 +1,3 @@
image: alpine
steps:
- cp -rfv files/* /

4
packages/bundles/kairos-overlay-files/collection.yaml Normal file
View File

@ -0,0 +1,4 @@
packages:
- name: "kairos-overlay-files"
category: "bundles"
version: "1.0.0"

5
packages/bundles/kairos-overlay-files/files/etc/bash.bashrc.local Normal file
View File

@ -0,0 +1,5 @@
if [ -z "$KUBECONFIG" ]; then
if [ -e /etc/rancher/k3s/k3s.yaml ]; then
export KUBECONFIG="/etc/rancher/k3s/k3s.yaml"
fi
fi

7
packages/bundles/kairos-overlay-files/files/etc/default/console-setup Normal file
View File

@ -0,0 +1,7 @@
ACTIVE_CONSOLES="/dev/tty[1-6]"
FONT="default8x16.psf.gz"
CHARMAP="UTF-8"
CODESET="guess"
FONTFACE="default"
FONTSIZE="8x16"
SCREEN_WIDTH="100"

11
packages/bundles/kairos-overlay-files/files/etc/issue.d/01-KAIROS Normal file
View File

@ -0,0 +1,11 @@


_/ _/ _/
_/ _/ _/_/_/ _/ _/_/ _/_/ _/_/_/
_/_/ _/ _/ _/ _/_/ _/ _/ _/_/
_/ _/ _/ _/ _/ _/ _/ _/ _/_/
_/ _/ _/_/_/ _/ _/ _/_/ _/_/_/


31
packages/bundles/kairos-overlay-files/files/etc/kairos/branding/grubmenu.cfg Normal file
View File

@ -0,0 +1,31 @@
menuentry "Kairos remote recovery" --id remoterecovery {
if search.file /cOS/recovery.squashfs ; then
set img=/cOS/recovery.squashfs
set recoverylabel=COS_RECOVERY
else
set img=/cOS/recovery.img
fi
search.fs_label COS_RECOVERY root
set label=COS_SYSTEM
loopback loop0 /$img
set root=($root)
source (loop0)/etc/cos/bootargs.cfg
linux (loop0)$kernel $kernelcmd ${extra_cmdline} ${extra_recovery_cmdline} vga=795 nomodeset kairos.remote_recovery_mode
initrd (loop0)$initramfs
}
menuentry "Kairos state reset (auto)" --id statereset {
if search.file /cOS/recovery.squashfs ; then
set img=/cOS/recovery.squashfs
set recoverylabel=COS_RECOVERY
else
set img=/cOS/recovery.img
fi
search.fs_label COS_RECOVERY root
set label=COS_SYSTEM
loopback loop0 /$img
set root=($root)
source (loop0)/etc/cos/bootargs.cfg
linux (loop0)$kernel $kernelcmd ${extra_cmdline} ${extra_recovery_cmdline} vga=795 nomodeset kairos.reset
initrd (loop0)$initramfs
}

11
packages/bundles/kairos-overlay-files/files/etc/kairos/branding/install_text Normal file
View File

@ -0,0 +1,11 @@
Welcome to Kairos!
P2P device installation enrollment is starting.
A QR code will be displayed below.
In another machine, run "kairos register" with the QR code visible on screen,
or "kairos register <file>" to register the machine from a photo.
IF the qrcode is not displaying correctly,
try booting with another vga option from the boot cmdline (e.g. vga=791).
Press any key to abort pairing. To restart run 'kairos install'.
Starting in 5 seconds...

1
packages/bundles/kairos-overlay-files/files/etc/kairos/branding/interactive_install_text Normal file
View File

@ -0,0 +1 @@
Interactive installation. Documentation is available at https://kairos.io.

9
packages/bundles/kairos-overlay-files/files/etc/kairos/branding/recovery_text Normal file
View File

@ -0,0 +1,9 @@
Welcome to kairos recovery mode!
P2P device recovery mode is starting.
A QR code with a generated network token will be displayed below that can be used to connect
over with "kairos bridge --qr-code-image /path/to/image.jpg" from another machine,
further instruction will appear on the bridge CLI to connect over via SSH.
IF the qrcode is not displaying correctly,
try booting with another vga option from the boot cmdline (e.g. vga=791).
Press any key to abort recovery. To restart the process run 'kairos recovery'.

6
packages/bundles/kairos-overlay-files/files/etc/kairos/branding/reset_text Normal file
View File

@ -0,0 +1,6 @@
Welcome to kairos!
The node will automatically reset its state in a few.
Press any key to abort this process. To restart run 'kairos reset'.
Starting in 60 seconds...

8
packages/bundles/kairos-overlay-files/files/etc/logrotate.d/kairos Normal file
View File

@ -0,0 +1,8 @@
/var/log/kairos/*.log {
create
daily
compress
copytruncate
missingok
rotate 3
}

3
packages/bundles/kairos-overlay-files/files/etc/motd Normal file
View File

@ -0,0 +1,3 @@
Welcome to Kairos!
Refer to https://kairos.io for documentation.

0
packages/bundles/kairos-overlay-files/files/etc/runlevels/.keep Normal file
View File

10
packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-agent.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=kairos agent
After=cos-setup-network.service
Wants=network.target
[Service]
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/kairos-agent start
[Install]
WantedBy=multi-user.target

14
packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-interactive.service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=kairos interactive-installer
After=sysinit.target
[Service]
Type=oneshot
StandardInput=tty
StandardOutput=tty
LimitNOFILE=49152
ExecStartPre=-/bin/sh -c "dmesg -D"
TTYPath=/dev/tty1
RemainAfterExit=yes
ExecStart=/usr/bin/kairos-agent interactive-install --shell
[Install]
WantedBy=multi-user.target

15
packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-recovery.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=kairos recovery
After=sysinit.target
[Service]
Type=oneshot
StandardInput=tty
StandardOutput=tty
LimitNOFILE=49152
ExecStartPre=-/bin/sh -c "dmesg -D"
ExecStartPre=-/bin/sh -c "sysctl -w net.core.rmem_max=2500000"
TTYPath=/dev/tty1
RemainAfterExit=yes
ExecStart=/usr/bin/kairos-agent recovery
[Install]
WantedBy=multi-user.target

13
packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-reset.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=kairos reset
After=sysinit.target
[Service]
Type=oneshot
StandardInput=tty
StandardOutput=tty
LimitNOFILE=49152
TTYPath=/dev/tty1
RemainAfterExit=yes
ExecStart=/usr/bin/kairos-agent reset
[Install]
WantedBy=multi-user.target

8
packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos-webui.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=kairos installer
After=sysinit.target
[Service]
ExecStart=/usr/bin/kairos-agent webui
TimeoutStopSec=10s
[Install]
WantedBy=multi-user.target

15
packages/bundles/kairos-overlay-files/files/etc/systemd/system/kairos.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=kairos installer
After=sysinit.target
[Service]
Type=oneshot
StandardInput=tty
StandardOutput=tty
LimitNOFILE=49152
ExecStartPre=-/bin/sh -c "dmesg -D"
TTYPath=/dev/tty1
RemainAfterExit=yes
ExecStart=/usr/bin/kairos-agent install
TimeoutStopSec=10s
[Install]
WantedBy=multi-user.target

31
packages/bundles/kairos-overlay-files/files/system/oem/00_datasource.yaml Normal file
View File

@ -0,0 +1,31 @@
name: "Datasource handling"
stages:
rootfs.before:
- &datasource
if: '[ ! -f /oem/userdata ]'
name: "Pull data from provider"
datasource:
providers: ["cdrom", "gcp", "openstack", "aws", "azure", "hetzner", "packet", "vultr", "digitalocean", "metaldata"]
path: "/oem"
- if: '[ ! -f /oem/userdata ]'
name: "Sentinel file for userdata"
files:
- path: /run/.userdata_load
initramfs.before:
- <<: *datasource
- if: '[ ! -f /oem/userdata ]'
files:
- path: /run/.userdata_load
# After network, if no datasource could be pulled, we stop trying
network:
- <<: *datasource
- if: '[ -f /oem/userdata ] && [ -f /run/.userdata_load ]'
name: "Run stages if userdata is found"
commands:
- kairos-agent run-stage initramfs
- kairos-agent run-stage boot
- rm -rf /run/.userdata_load
- if: '[ ! -f /oem/userdata ] && [ -f /run/.userdata_load ]'
name: "Remove userdata sentinel"
commands:
- rm -rf /run/.userdata_load

193
packages/bundles/kairos-overlay-files/files/system/oem/00_rootfs.yaml Normal file
View File

@ -0,0 +1,193 @@
# Rootfs Kairos OEM configuration file
#
# This file is part of Kairos and will get reset during upgrades.
#
# Before you change this file manually,
# consider copying this file to /usr/local/cloud-config or
# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
name: "Rootfs Layout Settings"
stages:
rootfs:
- name: "Mount BPF on Alpine systems"
if: '[ ! -e "/sbin/systemctl" ] && [ ! -e "/usr/bin/systemctl" ] && [ ! -e "/usr/sbin/systemctl" ] && [ ! -e "/usr/bin/systemctl" ]'
commands:
- mount bpffs -o rw,nosuid,nodev,noexec,relatime,mode=700 /sys/fs/bpf -t bpf
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -e "/run/cos/uki_mode" ]'
name: "Layout configuration for active/passive mode"
environment_file: /run/cos/cos-layout.env
environment:
VOLUMES: "LABEL=COS_PERSISTENT:/usr/local"
OVERLAY: "tmpfs:25%"
RW_PATHS: "/var /etc /srv"
PERSISTENT_STATE_PATHS: >-
/etc/systemd
/etc/modprobe.d
/etc/rancher
/etc/sysconfig
/etc/runlevels
/etc/ssh
/etc/ssl/certs
/etc/iscsi
/etc/zfs
/etc/cni
/etc/kubernetes
/home
/opt
/root
/snap
/var/snap
/usr/libexec
/var/log
/var/lib/containerd
/var/lib/rancher
/var/lib/kubelet
/var/lib/snapd
/var/lib/wicked
/var/lib/longhorn
/var/lib/cni
/var/lib/dbus
/usr/share/pki/trust
/usr/share/pki/trust/anchors
/var/lib/ca-certificates
PERSISTENT_STATE_BIND: "true"
- if: '[ -f "/run/cos/recovery_mode" ]'
# omit the persistent partition on recovery mode
name: "Layout configuration for recovery mode"
environment_file: /run/cos/cos-layout.env
environment:
OVERLAY: "tmpfs:25%"
- if: grep -q "kairos.boot_live_mode" /proc/cmdline
name: "Layout configuration for booting local node from livecd"
environment_file: /run/cos/cos-layout.env
environment:
VOLUMES: "LABEL=COS_PERSISTENT:/usr/local"
OVERLAY: "tmpfs:25%"
RW_PATHS: "/var /etc /srv"
PERSISTENT_STATE_PATHS: >-
/etc/systemd
/etc/modprobe.d
/etc/rancher
/etc/sysconfig
/etc/runlevels
/etc/ssh
/etc/ssl/certs
/etc/iscsi
/etc/cni
/etc/kubernetes
/home
/opt
/root
/snap
/var/snap
/usr/libexec
/var/log
/var/lib/containerd
/var/lib/rancher
/var/lib/kubelet
/var/lib/snapd
/var/lib/wicked
/var/lib/longhorn
/var/lib/cni
/usr/share/pki/trust
/usr/share/pki/trust/anchors
/var/lib/ca-certificates
PERSISTENT_STATE_BIND: "true"
- if: '[ -e "/run/cos/uki_mode" ]'
# omit the persistent partition on uki mode
# And mount all persistent mounts under the overlay
name: "Layout configuration for UKI"
environment_file: /run/cos/cos-layout.env
environment:
RW_PATHS: "/var /etc /srv /usr"
OVERLAY: "tmpfs:25%"
PERSISTENT_STATE_PATHS: >-
/var
/etc
/etc/systemd
/etc/modprobe.d
/etc/rancher
/etc/sysconfig
/etc/runlevels
/etc/ssh
/etc/ssl/certs
/etc/iscsi
/etc/cni
/etc/kubernetes
/home
/opt
/root
/var/snap
/usr/libexec
/var/log
/var/lib/containerd
/var/lib/rancher
/var/lib/kubelet
/var/lib/snapd
/var/lib/wicked
/var/lib/longhorn
/var/lib/cni
/usr/share/pki/trust
/usr/share/pki/trust/anchors
/var/lib/ca-certificates
rootfs.after:
- if: '[ -r /run/cos/custom-layout.env ] && [ ! -f "/run/cos/recovery_mode" ] && [ ! -f /run/cos/live_mode ]'
name: "add custom bind and ephemeral mounts to /run/cos/cos-layout.env"
commands:
- |
source /run/cos/cos-layout.env
source /run/cos/custom-layout.env
PERSISTENT_STATE_PATHS="${PERSISTENT_STATE_PATHS} ${CUSTOM_BIND_MOUNTS} "
RW_PATHS="${RW_PATHS} ${CUSTOM_EPHEMERAL_MOUNTS}"
# Remove the existing lines that we are gonna rewrite
sed -i "/RW_PATHS/d" /run/cos/cos-layout.env
sed -i "/PERSISTENT_STATE_PATHS/d" /run/cos/cos-layout.env
# Add the new lines
echo "# rw paths with user bind mounts" >> /run/cos/cos-layout.env
echo RW_PATHS=\"${RW_PATHS}\" >> /run/cos/cos-layout.env
echo "# persistent state paths with user ephemeral mounts" >> /run/cos/cos-layout.env
echo PERSISTENT_STATE_PATHS=\"${PERSISTENT_STATE_PATHS}\" >> /run/cos/cos-layout.env
- if: '[ ! -f /run/cos/recovery_mode ] && [ ! -f /run/cos/live_mode ]'
name: "Grow persistent"
layout:
device:
label: COS_PERSISTENT
expand_partition:
# Size 0 is required to specify all remaining space
size: 0
initramfs:
- name: "Create journalctl /var/log/journal dir"
if: '[ -e "/sbin/systemctl" ] || [ -e "/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
directories:
- path: /var/log/journal
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ -s /usr/local/etc/machine-id ]'
name: "Restore /etc/machine-id for systemd systems"
commands:
- cat /usr/local/etc/machine-id > /etc/machine-id
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ -s /var/lib/dbus/machine-id ] && [ -f "/sbin/openrc" ]'
name: "Restore /etc/machine-id for openrc systems"
commands:
- cat /var/lib/dbus/machine-id > /etc/machine-id
fs:
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -s /usr/local/etc/machine-id ] '
name: "Save /etc/machine-id for systemd systems"
commands:
- |
mkdir -p /usr/local/etc
cp /etc/machine-id /usr/local/etc
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -s /var/lib/dbus/machine-id ] && [ -f "/sbin/openrc" ]'
name: "Save /etc/machine-id for openrc systems"
commands:
- |
mkdir -p /var/lib/dbus/
cp /etc/machine-id /var/lib/dbus/
fs.after:
- if: "[ ! -d /usr/local/cloud-config ]"
name: "Ensure /usr/local/cloud-config exists"
commands:
- mkdir /usr/local/cloud-config
- chmod 600 /usr/local/cloud-config
boot.before:
- name: "Mount tmp on alpine"
if: "[[ $(kairos-agent state get kairos.flavor) =~ ^alpine ]]"
commands:
- mount --make-rshared /

11
packages/bundles/kairos-overlay-files/files/system/oem/02_agent.yaml Normal file
View File

@ -0,0 +1,11 @@
name: "Start agent"
stages:
boot:
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ -d "/usr/share/systemd" ]'
commands:
- systemctl start kairos-agent
- systemctl enable kairos-agent
initramfs:
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ -d "/usr/share/systemd" ]'
commands:
- systemctl enable kairos-agent

6
packages/bundles/kairos-overlay-files/files/system/oem/02_notify.yaml Normal file
View File

@ -0,0 +1,6 @@
name: "Notify Kairos Plugins of Elemental Events"
stages:
initramfs:
- if: '[ ! -f "/run/cos/recovery_mode" ] && [ ! -f "/run/cos/live_mode" ]'
commands:
- kairos-agent notify agent.boot

7
packages/bundles/kairos-overlay-files/files/system/oem/03-setupcon.yaml Normal file
View File

@ -0,0 +1,7 @@
name: "Fonts fix for ubuntu"
stages:
initramfs.after:
- if: "[[ $(kairos-agent state get kairos.flavor) =~ ^ubuntu ]]"
name: "setupcon initramfs.after ubuntu"
commands:
- setupcon

24
packages/bundles/kairos-overlay-files/files/system/oem/05_network.yaml Normal file
View File

@ -0,0 +1,24 @@
name: "Default network configuration"
stages:
initramfs:
- name: "Disable NetworkManager and wicked"
if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
systemctl:
disable:
- NetworkManager
- wicked
- name: "Enable systemd-network and systemd-resolved"
if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
systemctl:
enable:
- systemd-networkd
- systemd-resolved
- name: "Link /etc/resolv.conf to systemd resolv.conf"
if: '([ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]) && [ -f /etc/hosts ]'
commands:
- rm /etc/resolv.conf
- ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
# dns:
# path: /etc/resolv.conf
# nameservers:
# - 8.8.8.8

131
packages/bundles/kairos-overlay-files/files/system/oem/08_grub.yaml Normal file
View File

@ -0,0 +1,131 @@
# Rootfs Kairos OEM configuration file
#
# This file is part of Kairos and will get reset during upgrades.
# The boot assessment works in this way:
# - After we upgrade, we set a grub env sentinel variable indicating that we did run an upgrade
# - At the first boot, if we did an upgrade, we set another sentinel variable, which indicates we are trying to boot
# - If we boot fine, we remove both sentinels
# - If we get back again at the GRUB menu, a failure must have occurred and we select the fallback entry, creating also
# sentinels files and a specific cmdline option indicating we failed booting after an upgrade
name: "Boot assessment and branding"
stages:
boot.before:
# Remove any grub sentinel and add
# System sentinel to /run to indicate if we are booting after a failed upgrade.
# This needs to run only on the active partition.
# To note, we could similarly enable boot assessment always, also besides upgrades.
# In this case it is enough to reset only boot_assessment_tentative here, and set
# enable_boot_assessment to 'yes'.
# This can be then customized easily by having a cloud-config file which always enables boot assessment on
# the boot stage.
- name: "Remove GRUB sentinels"
if: |
cat /proc/cmdline | grep -q "active.img"
commands:
- |
mount -o rw,remount /run/initramfs/cos-state
grub2-editenv /run/initramfs/cos-state/boot_assessment set enable_boot_assessment=
grub2-editenv /run/initramfs/cos-state/boot_assessment set boot_assessment_tentative=
mount -o ro,remount /run/initramfs/cos-state
- name: "Create upgrade failure sentinel if necessary"
if: |
cat /proc/cmdline | grep -q "upgrade_failure"
files:
- path: /run/cos/upgrade_failure
content: "1"
permissions: 0600
owner: 0
group: 0
after-install:
# After install, reset, and upgrade, we install additional GRUB configuration for boot assessment into COS_STATE.
# We also add any branding that exists
- &statemount
name: "Mount state"
commands:
- |
STATEDIR=/tmp/mnt/STATE
STATE=$(blkid -L COS_STATE || true)
mkdir -p $STATEDIR || true
mount ${STATE} $STATEDIR
# Here we hook the boot assessment configuration to 'grubcustom'
# we do that selectively in order to just "append" eventual other configuration provided.
# XXX: maybe we should just write to /grubcustom and override any other custom grub?
- &customhook
name: "Hook boot assessment grub configuration"
if: |
! grep -q "grub_boot_assessment" /tmp/mnt/STATE/grubcustom
commands:
- |
cat << 'EOF' >> /tmp/mnt/STATE/grubcustom
set bootfile="/grub_boot_assessment"
search --no-floppy --file --set=bootfile_loc "${bootfile}"
if [ "${bootfile_loc}" ]; then
source "(${bootfile_loc})${bootfile}"
fi
EOF
# Overrides the active cmdline by adding "rd.emergency=reboot", "rd.shell=0" and "panic=5"
# so that any failure in booting initramfs or kernel loading results in a reboot.
# It loads then the boot assessment environment and overrides default boot target if
# a boot failure is detected.
# A boot is considered failed when both sentinel are present ( upgrade triggered, tentative ).
# The tentative sentinel is set after an upgrade was triggered.
# This configuration is separated so it can be tracked separately from the install hook
- &bootgrub
name: "Add boot assessment grub configuration"
files:
- path: "/tmp/mnt/STATE/grub_boot_assessment"
owner: 0
group: 0
permsisions: 0600
content: |
set extra_active_cmdline="rd.emergency=reboot rd.shell=0 panic=5 systemd.crash_reboot systemd.crash_shell=0"
set boot_assessment="/boot_assessment"
search --no-floppy --file --set=boot_assessment_blk "${boot_assessment}"
if [ "${boot_assessment_blk}" ]; then
load_env -f "(${boot_assessment_blk})${boot_assessment}"
fi
if [ "${enable_boot_assessment}" = "yes" -o "${enable_boot_assessment_always}" = "yes" ]; then
if [ -z "${selected_entry}" ]; then
if [ "${boot_assessment_tentative}" = "yes" ]; then
set default="fallback"
set extra_passive_cmdline="upgrade_failure"
else
set boot_assessment_tentative="yes"
save_env -f "(${boot_assessment_blk})${boot_assessment}" boot_assessment_tentative
fi
fi
fi
- &grubinstall
name: "Grub branding"
if: '[ -e "/etc/kairos/branding/grubmenu.cfg" ]'
commands:
- cp -rfv /etc/kairos/branding/grubmenu.cfg /tmp/mnt/STATE/grubmenu
- &stateumount
name: "umount state"
commands:
- umount /tmp/mnt/STATE
# Here we do enable boot assessment for the next bootup.
# Similarly, we could trigger boot assessment in other cases
after-upgrade:
- <<: *statemount
- name: "Set upgrade sentinel"
commands:
- |
grub2-editenv /tmp/mnt/STATE/boot_assessment set enable_boot_assessment=yes
# We do re-install hooks here if needed to track upgrades of boot assessment
- <<: *customhook
- <<: *grubinstall
- <<: *bootgrub
- <<: *stateumount
after-reset:
- <<: *statemount
# Reset completely restores COS_STATE, so we re-inject ourselves
- <<: *customhook
- <<: *grubinstall
- <<: *bootgrub
- <<: *stateumount

33
packages/bundles/kairos-overlay-files/files/system/oem/09_services.yaml Normal file
View File

@ -0,0 +1,33 @@
# Rootfs Kairos OEM configuration file
#
# This file is part of Kairos and will get reset during upgrades.
name: "Default config"
stages:
boot:
- name: "Default sysctl settings"
sysctl:
net.core.rmem_max: 2500000
vm.max_map_count: 262144
initramfs:
- name: "Default systemd config"
if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
systemctl:
enable:
- multi-user.target
- getty@tty1
- iscsid
- systemd-timesyncd
- nohang
- nohang-desktop
- fail2ban
- logrotate.timer
- sshd
mask:
- purge-kernels
commands:
- systemctl set-default multi-user.target
- name: "Generate host keys"
# Make sure the host always has available keys
commands:
- ssh-keygen -A

55
packages/bundles/kairos-overlay-files/files/system/oem/10_accounting.yaml Normal file
View File

@ -0,0 +1,55 @@
name: "Default user, permissions and serial login"
stages:
initramfs:
- name: "Setup groups"
ensure_entities:
- entity: |
kind: "group"
group_name: "admin"
password: "x"
gid: 900
- name: "Setup users"
users:
kairos:
passwd: "!"
shell: /bin/bash
homedir: "/home/kairos"
groups:
- "admin"
- name: "Set user password if running in live or uki"
if: "[ -e /run/cos/live_mode ] || [ -e /run/cos/uki_mode ]"
users:
kairos:
passwd: "kairos"
- name: "Setup sudo"
files:
- path: "/etc/sudoers"
owner: 0
group: 0
permsisions: 0600
content: |
Defaults always_set_home
Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/usr/local/sbin"
Defaults env_reset
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
Defaults !insults
root ALL=(ALL) ALL
%admin ALL=(ALL) NOPASSWD: ALL
#includedir /etc/sudoers.d
commands:
- passwd -l root
- name: "Ensure runtime permission"
if: '[ -e "/oem" ]'
commands:
- chown -R root:admin /oem
- chmod 770 /oem
- name: "Ensure runtime permission"
if: '[ -e "/usr/local/cloud-config" ]'
commands:
- chown -R root:admin /usr/local/cloud-config
- chmod 770 /usr/local/cloud-config
- name: "Enable serial login for alpine" # https://wiki.alpinelinux.org/wiki/Enable_Serial_Console_on_Boot
if: '[ -e /sbin/rc-service ]'
commands:
- sed -i -e 's/ttyS0.*//g' /etc/inittab
- echo "ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab

59
packages/bundles/kairos-overlay-files/files/system/oem/11_bootargs.yaml Normal file
View File

@ -0,0 +1,59 @@
name: "Creation of bootargs.cfg file"
stages:
after-install:
- &createfile
name: "Install bootargs.cfg file"
commands:
- |
export COMMON_RECOVERY_OPTS="console=tty1 root=live:LABEL=\$recoverylabel rd.live.dir=/ rd.live.squashimg=\$img panic=5"
export COMMON_OPTS="console=tty1 root=LABEL=\$label cos-img/filename=\$img panic=5 rd.cos.oemlabel=COS_OEM"
# Model based options:
# Raspberry
if [ -f "/sys/firmware/devicetree/base/model" ] && grep Raspberry "/sys/firmware/devicetree/base/model"; then
COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS console=ttyS0,115200 net.ifnames=1 modprobe.blacklist=vc4 rd.cos.oemtimeout=10"
COMMON_OPTS="$COMMON_OPTS console=ttyS0,115200 net.ifnames=1 security=selinux selinux=1 modprobe.blacklist=vc4 rd.cos.oemtimeout=10"
# Nvidia
# TODO: Test this out on an nvidia board. Does that file even exist?
elif [ -f "/sys/firmware/devicetree/base/model" ] && grep -i nvidia "/sys/firmware/devicetree/base/model"; then
COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS console=ttyTCU0,115200 security=selinux selinux=1 net.ifnames=1 rd.cos.oemtimeout=10"
COMMON_OPTS="$COMMON_OPTS console=ttyTCU0,115200 net.ifnames=1 security=selinux selinux=1 rd.cos.oemtimeout=10"
# All other cases
else
COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS console=ttyS0 rd.cos.oemlabel=COS_OEM"
COMMON_OPTS="$COMMON_OPTS console=ttyS0 net.ifnames=1"
fi
# OS based options:
if $(grep -i -E '(fedora|almalinux|rockylinux)' /etc/os-release); then
COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS selinux=0"
# NOTE: This may conflict with model settings above!
COMMON_OPTS="$COMMON_OPTS selinux=0"
elif $(grep -i -E '(debian|ubuntu)' /etc/os-release); then
COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS"
COMMON_OPTS="$COMMON_OPTS security=selinux selinux=1 rd.neednet=0 vga=795"
else
COMMON_RECOVERY_OPTS="$COMMON_RECOVERY_OPTS net.ifnames=1"
COMMON_OPTS="$COMMON_OPTS rd.emergency=reboot rd.shell=0 security=selinux selinux=1 fsck.mode=force fsck.repair=yes systemd.crash_reboot=yes"
fi
cat << EOF > /etc/cos/bootargs.cfg
set kernel=/boot/vmlinuz
if [ -n "\$recoverylabel" ]; then
# Boot arguments when the image is used as recovery
set kernelcmd="$COMMON_RECOVERY_OPTS"
else
# Boot arguments when the image is used as active/passive
set kernelcmd="$COMMON_OPTS"
fi
set initramfs=/boot/initrd
EOF
chmod 0600 /etc/cos/bootargs.cfg
after-upgrade:
- <<: *createfile
after-reset:
- <<: *createfile

68
packages/bundles/kairos-overlay-files/files/system/oem/12_nvidia.yaml Normal file
View File

@ -0,0 +1,68 @@
name: "Nvidia jetson specific files"
stages:
after-install:
- &createfiles
name: "Create files"
if: |
[ -f "/sys/firmware/devicetree/base/model" ] && grep -i nvidia "/sys/firmware/devicetree/base/model"
files:
- path: /etc/dracut.conf.d/iscsi.conf
content: |
omit_dracutmodules+=" iscsi "
permissions: 0600
owner: 0
group: 0
# TODO: This is no longer read. This should be moved to cloud-init file.
- path: /etc/elemental/config.yaml
content: |
cosign: false
verify: false
install:
grub-entry-name: "Kairos"
system:
size: 4500
recovery-system:
size: 4500
upgrade:
grub-entry-name: "Kairos"
recovery-system:
size: 4500
system:
size: 4500
reset:
grub-entry-name: "Kairos"
system:
size: 4500
cloud-init-paths:
- /run/initramfs/cos-state
# - /run/initramfs/live
permissions: 0600
owner: 0
group: 0
- path: /system/oem/mount.yaml
content: |
## TODO: this is a workaround
## The orin packages are writing to /usr/local, which is mounted to COS_PERSISTENT.
## We probably should run this in immucore, overlaying the /usr/local of the image to COS_PERSISTENT.
## For the time being, doing it in the cloud configs.
#
### Note: This have the consequences of everything stored inside /usr/local to go inside the "local" directory inside the partition.
### Usually this is not the case as there is no need of subtrees, but due to how overlayfs work the workdir and uppermount needs to be in the same filesystem.
stages:
initramfs.before:
- commands:
- umount /usr/local
- |
mkdir -p /run/mount/persistent && \
mount /dev/disk/by-label/COS_PERSISTENT /run/mount/persistent && \
mkdir -p /run/mount/persistent/work /run/mount/persistent/local && \
mount -t overlay \
-o lowerdir=/usr/local,upperdir=/run/mount/persistent/local,workdir=/run/mount/persistent/work \
/usr/local
permissions: 0600
owner: 0
group: 0
after-upgrade:
- <<: *createfiles
after-reset:
- <<: *createfiles

71
packages/bundles/kairos-overlay-files/files/system/oem/13_openrc_services.yaml Normal file
View File

@ -0,0 +1,71 @@
name: "Create openrc services"
stages:
after-install:
- &createfiles
name: "Create files"
if: |
grep -i alpine "/etc/os-release"
files:
- path: /etc/init.d/kairos-agent
content: |
#!/sbin/openrc-run
depend() {
provide kairos-agent
after cos-setup-network
use net
}
start() {
kairos-agent start
eend $?
}
permissions: 0600
owner: 0
group: 0
- path: /etc/init.d/kairos-webui
content: |
#!/sbin/openrc-run
depend() {
provide kairos-webui
}
supervisor=supervise-daemon
name="kairos-webui"
command="kairos-agent webui"
supervise_daemon_args="--stdout /var/log/kairos/webui.log --stderr /var/log/kairos/webui.log"
pidfile="/run/${RC_SVCNAME}.pid"
respawn_delay=5
set -o allexport
if [ -f /etc/environment ]; then source /etc/environment; fi
set +o allexport
permissions: 0600
owner: 0
group: 0
- path: /etc/issue
content: |


██╗ ██╗ █████╗ ██╗██████╗ ██████╗ ███████╗
██║ ██╔╝██╔══██╗██║██╔══██╗██╔═══██╗██╔════╝
█████╔╝ ███████║██║██████╔╝██║ ██║███████╗
██╔═██╗ ██╔══██║██║██╔══██╗██║ ██║╚════██║
██║ ██╗██║ ██║██║██║ ██║╚██████╔╝███████║
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝

Welcome to kairos (login with user: kairos, password: kairos)
Kernel \r on an \m (\l)
permissions: 0600
owner: 0
group: 0
after-upgrade:
- <<: *createfiles
after-reset:
- <<: *createfiles

15
packages/bundles/kairos-overlay-files/files/system/oem/21_kcrypt.yaml Normal file
View File

@ -0,0 +1,15 @@
name: "Kcrypt"
stages:
after-upgrade:
- name: "Update plugins"
if: "[ $(kairos-agent state get oem.found) == 'true' ]"
commands:
- |
STATEDIR=/tmp/mnt/OEM
OEM=$(kairos-agent state get oem.name)
mkdir -p $STATEDIR || true
mount ${OEM} $STATEDIR
if [ -d "$STATEDIR/system/discovery" ]; then
cp -rfv /system/discovery/* $STATEDIR/system/discovery
fi
umount $STATEDIR

8
packages/bundles/kairos-overlay-files/files/system/oem/23_c3os.yaml Normal file
View File

@ -0,0 +1,8 @@
name: "c3os sentinel migration"
stages:
fs.after:
- name: "Rename sentinel dir"
if: '[ -d "/usr/local/.c3os" ]'
commands:
- |
mv /usr/local/.c3os /usr/local/.kairos

17
packages/bundles/kairos-overlay-files/files/system/oem/24_sysext.yaml Normal file
View File

@ -0,0 +1,17 @@
name: "sysext"
stages:
fs.after:
- name: "Default sysext extensions dirs"
if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
directories:
- path: /etc/extensions
- path: /run/extensions
- path: /var/lib/extensions
- path: /usr/lib/extensions
- path: /usr/local/lib/extensions
initramfs:
- name: "systemd-sysext initramfs settings"
if: '[ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
systemctl:
enable:
- systemd-sysext

20
packages/bundles/kairos-overlay-files/files/system/oem/25_autologin.yaml Normal file
View File

@ -0,0 +1,20 @@
name: "Root autologin"
stages:
initramfs:
- if: |
[ ! $(cat /proc/cmdline | grep -q "interactive-install") ] && \
[ -f /run/cos/live_mode ] && \
( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] )
files:
- path: /etc/systemd/system/serial-getty@ttyS0.service.d/override.conf
content: |
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM
permissions: 0644
- path: /etc/systemd/system/getty@tty1.service.d/override.conf
content: |
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM
permissions: 0644

10
packages/bundles/kairos-overlay-files/files/system/oem/26_selinux.yaml Normal file
View File

@ -0,0 +1,10 @@
name: "SELinux"
stages:
initramfs:
- name: "Relabelling"
if: |
cat /proc/cmdline | grep "selinux=1"
commands:
- |
load_policy -i
restorecon -R -i -v /etc /root /opt /srv /var /home /usr/local /oem

25
packages/bundles/kairos-overlay-files/files/system/oem/26_vm.yaml Normal file
View File

@ -0,0 +1,25 @@
name: "Enable QEMU tools"
stages:
boot:
- name: "Enable QEMU"
if: |
grep -iE "qemu|kvm|Virtual Machine" /sys/class/dmi/id/product_name && [ -e /sbin/rc-service ]
commands:
- rc-service qemu-guest-agent start
- name: "Enable QEMU"
if: |
grep -iE "qemu|kvm|Virtual Machine" /sys/class/dmi/id/product_name && \
( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] )
commands:
- systemctl start qemu-guest-agent
- name: "Enable VBOX"
if: |
grep -iE "Virtualbox" /sys/class/dmi/id/product_name && [ -e /sbin/rc-service ]
commands:
- rc-service open-vm-tools start
- name: "Enable V"
if: |
grep -iE "Virtualbox" /sys/class/dmi/id/product_name && \
( [ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] )
commands:
- systemctl start vmtoolsd

7
packages/bundles/kairos-overlay-files/files/system/oem/28_cgroups.yaml Normal file
View File

@ -0,0 +1,7 @@
stages:
initramfs.before:
- name: "Setup hybrid cgroups"
if: '[ -e /sbin/rc-service ]'
commands:
- echo 'rc_cgroup_mode="hybrid"' >> /etc/rc.conf
- echo 'rc_cgroup_controllers="cpuset cpu io memory hugetlb pids"' >> /etc/rc.conf

6
packages/bundles/kairos-overlay-files/files/system/oem/29_blacklist.yaml Normal file
View File

@ -0,0 +1,6 @@
stages:
initramfs.before:
- name: "Blacklist bpfilter on Alpine ( bug: https://github.com/kairos-io/kairos/issues/277 )"
if: '[ -e /sbin/rc-service ]'
commands:
- echo "install bpfilter /bin/false" > /etc/modprobe.d/blacklist_bpfilter.conf

6
packages/bundles/kairos-overlay-files/files/system/oem/30_ulimit.yaml Normal file
View File

@ -0,0 +1,6 @@
stages:
boot.before:
- name: "Setup higher limit for open files"
if: '[ -e /sbin/rc-service ]'
commands:
- echo 'rc_ulimit="-n 1048576"' >> /etc/rc.conf

11
packages/bundles/kairos-overlay-files/files/system/oem/31_hosts.yaml Normal file
View File

@ -0,0 +1,11 @@
stages:
initramfs.before:
# For debian based distributions, /etc/hosts is present but empty. This is because the file
# is populated when running the configuration. For those cases we insert a record so it can be
# manipulated later on by yip's hostname plugin
# Read more: https://wiki.debian.org/ConfigPackages
- name: "Make sure hosts file is present and includes a record for 127.0.0.1"
if: |
! [[ -f /etc/hosts ]] || ! [[ $(grep '127.0.0.1' /etc/hosts) ]]
commands:
- echo '127.0.0.1\tlocalhost' >> /etc/hosts

28
packages/bundles/kairos-overlay-files/files/system/oem/50_recovery.yaml Normal file
View File

@ -0,0 +1,28 @@
name: "Start recovery on tty1"
stages:
initramfs:
- name: "Starts kairos-recovery and generate a temporary pass"
if: |
cat /proc/cmdline | grep -q "kairos.remote_recovery_mode"
commands:
- systemctl disable getty@tty1
- systemctl enable kairos-recovery
# Starts installer on boot in Alpine and openRC based
- name: "Starts kairos-recovery with openRC-based systems"
if: |
[ -f "/etc/inittab" ] && \
( cat /proc/cmdline | grep -q "kairos.remote_recovery_mode" )
commands:
- sed -i -e 's/tty1.*//g' /etc/inittab
- echo "tty1::respawn:/usr/bin/kairos-agent recovery" >> /etc/inittab
boot:
- name: "Recovery"
if: '[ -f "/run/cos/recovery_mode" ]'
hostname: "cos-recovery"
commands:
- |
source /etc/os-release
echo >> /etc/issue
echo "You are booting from recovery mode. Run 'kairos-agent reset' to reset the system to $VERSION" >> /etc/issue
echo " or 'kairos-agent upgrade' to upgrade the active partition" >> /etc/issue
echo >> /etc/issue

17
packages/bundles/kairos-overlay-files/files/system/oem/51_reset.yaml Normal file
View File

@ -0,0 +1,17 @@
name: "Start reset on tty1"
stages:
initramfs:
- name: "Starts kairos-reset"
if: |
cat /proc/cmdline | grep -q "kairos.reset"
commands:
- systemctl disable getty@tty1
- systemctl enable kairos-reset
# Starts installer on boot in Alpine and openRC based
- name: "Starts kairos-reset with openRC-based systems"
if: |
[ -f "/etc/inittab" ] && \
( cat /proc/cmdline | grep -q "kairos.reset" )
commands:
- sed -i -e 's/tty1.*//g' /etc/inittab
- echo "tty1::respawn:/usr/bin/kairos-agent reset" >> /etc/inittab

35
packages/bundles/kairos-overlay-files/files/system/oem/52_installer.yaml Normal file
View File

@ -0,0 +1,35 @@
name: "Start installer on tty1"
stages:
initramfs:
- if: |
cat /proc/cmdline | grep -q "nodepair.enable"
commands:
- systemctl disable getty@tty1
- systemctl enable kairos
- systemctl enable kairos-webui
# Starts installer on boot in Alpine and openRC based
- if: |
cat /proc/cmdline | grep -q "nodepair.enable"
commands:
- sed -i -e 's/tty1.*//g' /etc/inittab
- echo "tty1::respawn:/usr/bin/kairos-agent install" >> /etc/inittab
- if: |
cat /proc/cmdline | grep -q "interactive-install"
commands:
- systemctl disable getty@tty1
- systemctl enable kairos-interactive
# Starts installer on boot in Alpine and openRC based
- if: |
cat /proc/cmdline | grep -q "interactive-install"
commands:
- sed -i -e 's/tty1.*//g' /etc/inittab
- echo "tty1::respawn:/usr/bin/kairos-agent interactive-install --shell" >> /etc/inittab
boot:
- if: |
[ "$(kairos-agent state get boot)" == "livecd_boot" ] && [ -f "/sbin/openrc" ]
commands:
- rc-service kairos-webui start
- if: |
[ "$(kairos-agent state get boot)" == "livecd_boot" ] && [ -d "/usr/share/systemd" ]
commands:
- systemctl start kairos-webui

13
packages/bundles/kairos-overlay-files/files/usr/lib/os-release.tmpl Normal file
View File

@ -0,0 +1,13 @@
KAIROS_NAME="${OS_NAME}"
KAIROS_VERSION="${OS_VERSION}"
KAIROS_ID="${OS_ID}"
KAIROS_ID_LIKE="${OS_NAME}"
KAIROS_VERSION_ID="${OS_VERSION}"
KAIROS_PRETTY_NAME="${OS_NAME} ${OS_VERSION}"
KAIROS_BUG_REPORT_URL="${BUG_REPORT_URL}"
KAIROS_HOME_URL="${HOME_URL}"
KAIROS_IMAGE_REPO="${OS_REPO}"
KAIROS_IMAGE_LABEL="${OS_LABEL}"
KAIROS_GITHUB_REPO="${GITHUB_REPO}"
KAIROS_VARIANT="${VARIANT}"
KAIROS_FLAVOR="${FLAVOR}"

0
packages/bundles/kairos-overlay-files/files/usr/libexec/.keep Normal file
View File

0
packages/bundles/kairos-overlay-files/files/var/log/kairos/.keep Normal file
View File