Fix installation and trim packages

2025-08-31 14:23:11 +00:00 · 2021-11-03 22:06:12 -07:00
parent 85e1eb9320
commit f35b3697c3
11 changed files with 167 additions and 43 deletions
--- a/48
+++ b/48
@@ -1,11 +1,14 @@
 FROM opensuse/leap:15.3 AS build
 RUN zypper ref
 RUN zypper in -y squashfs xorriso go1.16 upx busybox-static curl tar git gzip
-RUN curl -Lo /usr/bin/luet https://github.com/mudler/luet/releases/download/0.20.5/luet-0.20.5-linux-$(go env GOARCH) && \
-    chmod +x /usr/bin/luet
+RUN curl -Lo /usr/bin/luet https://github.com/mudler/luet/releases/download/0.20.6/luet-0.20.6-linux-$(go env GOARCH) && \
+    chmod +x /usr/bin/luet && \
+    upx /usr/bin/luet
 RUN curl -Lo /usr/bin/rancherd https://github.com/rancher/rancherd/releases/download/v0.0.1-alpha11/rancherd-$(go env GOARCH) && \
-    chmod +x /usr/bin/rancherd
-RUN curl -L https://get.helm.sh/helm-v3.7.1-linux-$(go env GOARCH).tar.gz | tar xzf - -C /usr/bin --strip-components=1
+    chmod +x /usr/bin/rancherd && \
+    upx /usr/bin/rancherd
+RUN curl -L https://get.helm.sh/helm-v3.7.1-linux-$(go env GOARCH).tar.gz | tar xzf - -C /usr/bin --strip-components=1 && \
+    upx /usr/bin/helm
 COPY go.mod go.sum /usr/src/
 COPY cmd /usr/src/cmd
 COPY pkg /usr/src/pkg
@@ -48,8 +51,10 @@ RUN ["/usr/bin/busybox", "rm", "-rf", "/var", "/etc/ssl", "/usr/bin/busybox"]

 # Make OS image
 FROM opensuse/leap:15.3 as os
+RUN sed -i -s 's/^# rpm.install.excludedocs/rpm.install.excludedocs/' /etc/zypp/zypp.conf
 RUN zypper ref
-RUN zypper in -y \
+RUN zypper dup -y
+RUN zypper in -y -- \
    apparmor-parser \
    avahi \
    bash-completion \
@@ -69,7 +74,6 @@ RUN zypper in -y \
    grub2-x86_64-efi \
    haveged \
    hdparm \
-    iotop \
    iproute2 \
    iptables \
    iputils \
@@ -90,7 +94,7 @@ RUN zypper in -y \
    kernel-firmware-qlogic \
    kernel-firmware-realtek \
    kernel-firmware-usb-network \
-    libtspi1 \
+    -kubic-locale-archive \
    less \
    lshw \
    lsof \
@@ -98,43 +102,48 @@ RUN zypper in -y \
    lvm2 \
    mdadm \
    multipath-tools \
-    nano \
    netcat-openbsd \
    nfs-utils \
    open-iscsi \
    open-vm-tools \
+    openssh \
    parted \
+    -perl \
    pciutils \
    pigz \
-    policycoreutils \
    procps \
    psmisc \
-    python-azure-agent \
    qemu-guest-agent \
-    rng-tools \
    rsync \
    squashfs \
    strace \
-    SUSEConnect \
    sysstat \
    systemd \
+    systemd-presets-branding-openSUSE \
+    -systemd-presets-branding-MicroOS \
    systemd-sysvinit \
    tar \
-    tcpdump \
    timezone \
-    vim \
+    vim-small \
    which \
    zstd

 # Copy in some local OS customizations
 COPY opensuse/files /

+ARG IMAGE_TAG=latest
+RUN cat /etc/os-release.tmpl | env \
+    "VERSION=${IMAGE_TAG}" \
+    "VERSION_ID=$(echo ${IMAGE_TAG} | sed s/^v//)" \
+    "PRETTY_NAME=RancherOS ${IMAGE_TAG}" \
+    envsubst > /etc/os-release && \
+    rm /etc/os-release.tmpl
+
 # Starting from here are the lines needed for RancherOS to work

 # IMPORTANT: Setup rancheros-release used for versioning/upgrade. The
 # values here should reflect the tag of the image being built
 ARG IMAGE_REPO=norepo
-ARG IMAGE_TAG=latest
 RUN echo "IMAGE_REPO=${IMAGE_REPO}"          > /usr/lib/rancheros-release && \
    echo "IMAGE_TAG=${IMAGE_TAG}"           >> /usr/lib/rancheros-release && \
    echo "IMAGE=${IMAGE_REPO}:${IMAGE_TAG}" >> /usr/lib/rancheros-release
@@ -147,3 +156,12 @@ RUN mkinitrd && \
    # aarch64 has an uncompressed kernel so we need to link it to vmlinuz
    kernel=$(ls /boot/Image-* | head -n1) && \
    if [ -e "$kernel" ]; then ln -sf "${kernel#/boot/}" /boot/vmlinuz; fi
+
+# Save some space
+RUN zypper clean --all && \
+    rm -rf /var/log/update* && \
+    >/var/log/lastlog && \
+    rm -rf /boot/vmlinux*
+
+FROM scratch as default
+COPY --from=os / /
--- a/cmd/ros-installer/main.go
+++ b/cmd/ros-installer/main.go
@@ -21,7 +21,7 @@ var (
 func main() {
 	flag.Parse()
 	if *printConfig {
-		cfg, err := config.ReadConfig(*configFile)
+		cfg, err := config.ReadConfig(*configFile, *automatic)
 		if err != nil {
 			logrus.Fatal(err)
 		}
--- a/framework/files/etc/luet/luet.yaml
+++ b/framework/files/etc/luet/luet.yaml
@@ -5,8 +5,17 @@ general:
   debug: false
   spinner_charset: 9
 repositories:
- name: "cos-toolkit-green"
+- name: "cos-toolkit-green-amd64"
  type: "docker"
  enable: true
+  arch: amd64
+  reference: 20211103130314-repository.yaml
  urls:
  - "quay.io/costoolkit/releases-green"
+- name: "cos-toolkit-green-arm64"
+  type: "docker"
+  enable: true
+  arch: arm64
+  reference: 20211103171213-repository.yaml
+  urls:
+  - "quay.io/costoolkit/releases-green-arm64"
--- a/framework/files/usr/sbin/suc-upgrade
+++ b/framework/files/usr/sbin/suc-upgrade
@@ -2,15 +2,32 @@
 set -x -e
 HOST_DIR="${HOST_DIR:-/host}"
 RELEASE_FILE="${RELEASE_FILE:-/usr/lib/rancheros-release}"
+CONF_FILE="${CONF_FILE:-/run/data/cloud-config}"
+
+function config()
+{
+    if [ ! -e $CONF_FILE ]; then
+        return 0
+    fi
+
+    if [ ! -e ${HOST}/oem/90_operator.yaml ] || ! diff $CONF_FILE ${HOST}/oem/90/operator.yaml >/dev/null; then
+        cp -f $CONF_FILE ${HOST}/oem/90/operator.yaml
+        $REBOOT
+    fi
+}

 if [ "$FORCE" != "true" ]; then
    if diff $RELEASE_FILE ${HOST_DIR}${RELEASE_FILE} >/dev/null; then
        echo Update to date with
        cat ${RELEASE_FILE}
+
+        REBOOT="nsenter -i -m -t 1 -- reboot"
+        config
        exit 0
    fi
 fi

+config
 mount --rbind $HOST_DIR/dev /dev
 mount --rbind $HOST_DIR/run /run
 bash -x cos-upgrade --directory /
--- a/opensuse/files/etc/os-release.tmpl
+++ b/opensuse/files/etc/os-release.tmpl
@@ -0,0 +1,9 @@
+NAME="RancherOS"
+ID="rancheros"
+ID_LIKE="suse opensuse"
+BUG_REPORT_URL="https://github.com/rancher/os2/issues"
+HOME_URL="https://github.com/rancher/os2"
+
+VERSION="${VERSION}"
+VERSION_ID="${VERSION_ID}"
+PRETTY_NAME="${PRETTY_NAME}"
--- a/pkg/apis/rancheros.cattle.io/v1/os.go
+++ b/pkg/apis/rancheros.cattle.io/v1/os.go
@@ -19,6 +19,7 @@ type ManagedOSImage struct {

 type ManagedOSImageSpec struct {
 	OSImage      string                `json:"osImage,omitempty"`
+	CloudConfig  *fleet.GenericMap     `json:"cloudConfig,omitempty"`
 	NodeSelector *metav1.LabelSelector `json:"nodeSelector,omitempty"`
 	Concurrency  *int64                `json:"concurrency,omitempty"`

--- a/pkg/config/read.go
+++ b/pkg/config/read.go
@@ -146,11 +146,24 @@ func merge(readers ...reader) (map[string]interface{}, error) {
 	return d, nil
 }

-func readConfigMap(cfg string) (map[string]interface{}, error) {
-	data, err := merge(readCmdline, readFileFunc(cfg))
-	if err != nil {
-		return nil, err
+func readConfigMap(cfg string, includeCmdline bool) (map[string]interface{}, error) {
+	var (
+		data map[string]interface{}
+		err  error
+	)
+
+	if includeCmdline {
+		data, err = merge(readCmdline, readFileFunc(cfg))
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		data, err = merge(readFileFunc(cfg))
+		if err != nil {
+			return nil, err
+		}
 	}
+
 	if cfg != "" {
 		values.PutValue(data, cfg, "rancheros", "install", "configUrl")
 	}
@@ -180,7 +193,18 @@ func ToFile(cfg Config, output string) error {
 }

 func ToBytes(cfg Config) ([]byte, error) {
-	data := values.MergeMaps(nil, cfg.Data)
+	var (
+		data map[string]interface{}
+		err  error
+	)
+	if len(cfg.Data) > 0 {
+		data = values.MergeMaps(nil, cfg.Data)
+	} else {
+		data, err = convert.EncodeToMap(cfg)
+		if err != nil {
+			return nil, err
+		}
+	}
 	values.RemoveValue(data, "install")
 	values.RemoveValue(data, "rancheros", "install")
 	bytes, err := yaml.Marshal(data)
@@ -191,8 +215,8 @@ func ToBytes(cfg Config) ([]byte, error) {
 	return append([]byte("#cloud-config\n"), bytes...), nil
 }

-func ReadConfig(cfg string) (result Config, err error) {
-	data, err := readConfigMap(cfg)
+func ReadConfig(cfg string, includeCmdline bool) (result Config, err error) {
+	data, err := readConfigMap(cfg, includeCmdline)
 	if err != nil {
 		return result, err
 	}
--- a/pkg/controllers/managedos/managedos.go
+++ b/pkg/controllers/managedos/managedos.go
@@ -67,7 +67,12 @@ func (h *handler) OnChange(mos *provv1.ManagedOSImage, status provv1.ManagedOSIm
 		return nil, status, err
 	}

-	resources, err := ToResources(objects(mos, prefix))
+	objs, err := objects(mos, prefix)
+	if err != nil {
+		return nil, status, err
+	}
+
+	resources, err := ToResources(objs)
 	if err != nil {
 		return nil, status, err
 	}
--- a/pkg/controllers/managedos/template.go
+++ b/pkg/controllers/managedos/template.go
@@ -6,13 +6,30 @@ import (
 	osv1 "github.com/rancher/os2/pkg/apis/rancheros.cattle.io/v1"
 	"github.com/rancher/os2/pkg/clients"
 	upgradev1 "github.com/rancher/system-upgrade-controller/pkg/apis/upgrade.cattle.io/v1"
+	"gopkg.in/yaml.v3"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )

-func objects(mos *osv1.ManagedOSImage, prefix string) []runtime.Object {
+func cloudConfig(mos *osv1.ManagedOSImage) ([]byte, error) {
+	if mos.Spec.CloudConfig == nil || len(mos.Spec.CloudConfig.Data) == 0 {
+		return []byte{}, nil
+	}
+	data, err := yaml.Marshal(mos.Spec.CloudConfig.Data)
+	if err != nil {
+		return nil, err
+	}
+	return append([]byte("#cloud-config\n"), data...), nil
+}
+
+func objects(mos *osv1.ManagedOSImage, prefix string) ([]runtime.Object, error) {
+	cloudConfig, err := cloudConfig(mos)
+	if err != nil {
+		return nil, err
+	}
+
 	concurrency := int64(1)
 	if mos.Spec.Concurrency != nil {
 		concurrency = *mos.Spec.Concurrency
@@ -66,6 +83,15 @@ func objects(mos *osv1.ManagedOSImage, prefix string) []runtime.Object {
 				Namespace: clients.SystemNamespace,
 			},
 		},
+		&corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "os-upgrader-data",
+				Namespace: clients.SystemNamespace,
+			},
+			Data: map[string][]byte{
+				"cloud-config": cloudConfig,
+			},
+		},
 		&upgradev1.Plan{
 			TypeMeta: metav1.TypeMeta{
 				Kind:       "Plan",
@@ -86,6 +112,10 @@ func objects(mos *osv1.ManagedOSImage, prefix string) []runtime.Object {
 				Cordon:             cordon,
 				Drain:              mos.Spec.Drain,
 				Prepare:            mos.Spec.Prepare,
+				Secrets: []upgradev1.SecretSpec{{
+					Name: "os-upgrader-data",
+					Path: "/run/data",
+				}},
 				Upgrade: &upgradev1.ContainerSpec{
 					Image: PrefixPrivateRegistry(image[0], prefix),
 					Command: []string{
@@ -94,7 +124,7 @@ func objects(mos *osv1.ManagedOSImage, prefix string) []runtime.Object {
 				},
 			},
 		},
-	}
+	}, nil
 }

 func PrefixPrivateRegistry(image, prefix string) string {
--- a/pkg/install/install.go
+++ b/pkg/install/install.go
@@ -12,7 +12,7 @@ import (
 )

 func Run(automatic bool, configFile string, powerOff bool, silent bool) error {
-	cfg, err := config.ReadConfig(configFile)
+	cfg, err := config.ReadConfig(configFile, automatic)
 	if err != nil {
 		return err
 	}
@@ -58,6 +58,7 @@ func runInstall(cfg config.Config, output string) error {
 		if err != nil || !val {
 			return err
 		}
+		cfg.Data = nil
 	}

 	if cfg.RancherOS.Install.ConfigURL == "" && !cfg.RancherOS.Install.Automatic {
@@ -91,13 +92,13 @@ func runInstall(cfg config.Config, output string) error {
 			return err
 		}
 		cfg.RancherOS.Install.ConfigURL = output + ".yip"
+	} else {
+		if err := config.ToFile(cfg, output); err != nil {
+			return err
+		}
+		cfg.RancherOS.Install.ConfigURL = output
 	}

-	if err := config.ToFile(cfg, output); err != nil {
-		return err
-	}
-	cfg.RancherOS.Install.ConfigURL = output
-
 	ev, err := config.ToEnv(cfg)
 	if err != nil {
 		return err
--- a/30
+++ b/30
@@ -27,14 +27,10 @@ RUN cd /usr/sbin && \
    rm tmp
 RUN cd /usr/src && \
    git clone https://github.com/rancher-sandbox/cOS-toolkit
-RUN curl -Lo /usr/bin/luet https://github.com/mudler/luet/releases/download/0.20.5/luet-0.20.5-linux-$(go env GOARCH) && \
+RUN curl -Lo /usr/bin/luet https://github.com/mudler/luet/releases/download/0.20.6/luet-0.20.6-linux-$(go env GOARCH) && \
    chmod +x /usr/bin/luet
 RUN mkdir -p /iso/iso-overlay/boot/grub2 /etc/luet
-RUN export SUFFIX; \
-if [ "$(uname -m)" == "aarch64" ]; then \
-    SUFFIX=-arm64 \
-;fi && \
-echo -e \
+RUN echo -e \
 'logging:\n'\
 '  color: false\n'\
 '  enable_emoji: false\n'\
@@ -42,11 +38,18 @@ echo -e \
 '   debug: false\n'\
 '   spinner_charset: 9\n'\
 'repositories:\n'\
+'- name: "cos-toolkit-green-amd64"\n'\
+'  type: "docker"\n'\
+'  enable: true\n'\
+'  arch: amd64\n'\
+'  urls:\n'\
+'  - "quay.io/costoolkit/releases-green"\n'\
 '- name: "cos-toolkit-green"\n'\
 '  type: "docker"\n'\
 '  enable: true\n'\
+'  arch: arm64\n'\
 '  urls:\n'\
-"  - \"quay.io/costoolkit/releases-green${SUFFIX}\"\n" > /etc/luet/luet.yaml && \
+'  - "quay.io/costoolkit/releases-green-arm64"\n' > /etc/luet/luet.yaml && \
 echo -e \
 'packages:\n'\
 '  uefi:\n'\
@@ -71,15 +74,22 @@ echo -e \
 'label: "COS_LIVE"\n'\
 '\n'\
 'squashfs_options:\n'\
-'  compression: gzip\n'\
+'  compression: xz\n'\
 '\n'\
 'luet:\n'\
 '  repositories:\n'\
-'  - name: "cos-toolkit-green"\n'\
+'  - name: "cos-toolkit-green-amd64"\n'\
 '    type: "docker"\n'\
 '    enable: true\n'\
+'    arch: amd64\n'\
 '    urls:\n'\
-"    - \"quay.io/costoolkit/releases-green${SUFFIX}\"\n" > /iso/iso.yaml
+'    - "quay.io/costoolkit/releases-green"\n'\
+'  - name: "cos-toolkit-green-arm64"\n'\
+'    type: "docker"\n'\
+'    enable: true\n'\
+'    arch: arm64\n'\
+'    urls:\n'\
+'    - "quay.io/costoolkit/releases-green-arm64"\n' > /iso/iso.yaml
 RUN echo -e \
 'search --file --set=root /boot/kernel.xz\n'\
 'set default=0\n'\