mirror of
https://github.com/kairos-io/packages.git
synced 2025-07-19 09:39:45 +00:00
Drop unused packages (#441)
This commit is contained in:
Itxaka
GitHub
parent
bea8849d70
commit
4aa7e9efb2
@ -1,14 +0,0 @@
|
||||
image: "{{.Values.image}}"
|
||||
env:
|
||||
- DEBIAN_FRONTEND=noninteractive
|
||||
steps:
|
||||
|
||||
{{ if eq .Values.pm "apt-get" }}
|
||||
- |
|
||||
apt update && \
|
||||
apt-get install -y {{.Values.packages}} && apt-get clean && rm -rf /var/cache/*
|
||||
{{ else if eq .Values.pm "zypper" }}
|
||||
- |
|
||||
zypper ref && \
|
||||
zypper in -y {{.Values.packages}} && zypper cc
|
||||
{{ end }}
|
||||
@ -1,125 +0,0 @@
|
||||
packages:
|
||||
# Note, the package list is a dup of Kairos/images.
|
||||
# TODO: use those images in Kairos as are tagged and document how to create an image from scratch
|
||||
- &ubuntu
|
||||
name: "ubuntu"
|
||||
category: "base-image"
|
||||
pm: "apt-get"
|
||||
version: "22.10-1"
|
||||
packages: >-
|
||||
systemd
|
||||
sudo
|
||||
iproute2
|
||||
squashfs-tools
|
||||
parted
|
||||
dracut
|
||||
dracut-network
|
||||
dracut-live
|
||||
tar
|
||||
e2fsprogs
|
||||
dosfstools
|
||||
coreutils
|
||||
debianutils
|
||||
curl
|
||||
openssh-server
|
||||
nano
|
||||
gawk
|
||||
haveged
|
||||
rsync
|
||||
jq
|
||||
neovim
|
||||
open-vm-tools
|
||||
conntrack
|
||||
iptables
|
||||
image: "ubuntu"
|
||||
- <<: *ubuntu
|
||||
name: "ubuntu-20-lts"
|
||||
category: "base-image"
|
||||
version: "20.04-1"
|
||||
image: "ubuntu:20.04"
|
||||
packages: >-
|
||||
systemd
|
||||
sudo
|
||||
iproute2
|
||||
squashfs-tools
|
||||
parted
|
||||
dracut
|
||||
dracut-network
|
||||
tar
|
||||
e2fsprogs
|
||||
dosfstools
|
||||
coreutils
|
||||
debianutils
|
||||
curl
|
||||
openssh-server
|
||||
nano
|
||||
gawk
|
||||
haveged
|
||||
rsync
|
||||
jq
|
||||
neovim
|
||||
open-vm-tools
|
||||
conntrack
|
||||
iptables
|
||||
- <<: *ubuntu
|
||||
name: "ubuntu-22-lts"
|
||||
category: "base-image"
|
||||
version: "22.04-1"
|
||||
image: "ubuntu:22.04"
|
||||
- name: "opensuse-leap"
|
||||
category: "base-image"
|
||||
pm: "zypper"
|
||||
version: "15.4+2"
|
||||
image: "opensuse/leap:15.4"
|
||||
packages: >-
|
||||
bash-completion
|
||||
conntrack-tools
|
||||
coreutils
|
||||
curl
|
||||
dhcp
|
||||
device-mapper
|
||||
dosfstools
|
||||
dracut
|
||||
e2fsprogs
|
||||
cryptsetup
|
||||
findutils
|
||||
gawk
|
||||
gptfdisk
|
||||
logrotate
|
||||
fail2ban
|
||||
haveged
|
||||
htop
|
||||
iproute2
|
||||
iptables
|
||||
iputils
|
||||
issue-generator
|
||||
jq
|
||||
less
|
||||
lsscsi
|
||||
lvm2
|
||||
mdadm
|
||||
multipath-tools
|
||||
nano
|
||||
nfs-utils
|
||||
open-iscsi
|
||||
open-vm-tools
|
||||
openssh
|
||||
parted
|
||||
polkit
|
||||
pigz
|
||||
policycoreutils
|
||||
procps
|
||||
qemu-guest-agent
|
||||
rng-tools
|
||||
rsync
|
||||
squashfs
|
||||
strace
|
||||
systemd
|
||||
systemd-network
|
||||
systemd-sysvinit
|
||||
sudo
|
||||
tar
|
||||
timezone
|
||||
tmux
|
||||
vim
|
||||
which
|
||||
@ -1,10 +0,0 @@
|
||||
image: alpine
|
||||
prelude:
|
||||
- apk add git
|
||||
- git clone https://github.com/kairos-io/kairos
|
||||
- |
|
||||
PACKAGE_VERSION=${PACKAGE_VERSION%\+*} && \
|
||||
cd kairos && git checkout v$PACKAGE_VERSION
|
||||
steps:
|
||||
- mkdir -p /system/oem
|
||||
- cp -rfv kairos/overlay/files/system/oem/* /system/oem
|
||||
@ -1,8 +0,0 @@
|
||||
packages:
|
||||
- name: "kairos-configs"
|
||||
category: "bundles"
|
||||
version: "2.3.2"
|
||||
labels:
|
||||
github.repo: "kairos"
|
||||
github.owner: "kairos-io"
|
||||
autobump.strategy: "release"
|
||||
@ -1,26 +0,0 @@
|
||||
requires:
|
||||
- name: "toolchain-ubuntu"
|
||||
category: "development"
|
||||
version: ">=0"
|
||||
prelude:
|
||||
{{$arch:=(default "amd64" .Values.arch)}}
|
||||
{{ if eq $arch "arm" }}
|
||||
{{$arch:="arm64"}}
|
||||
{{end}}
|
||||
steps:
|
||||
- curl -o containerd.tar.gz -L ${CONTAINERD_URL} && tar Cxzvf / containerd.tar.gz --absolute-names --transform 's@usr@opt@' --transform 's@sbin@bin@' --transform 's@opt/local@opt@' && rm containerd.tar.gz
|
||||
- cp files/etc/systemd/system/containerd.service /etc/systemd/system
|
||||
- mkdir /etc/systemd/system/containerd.service.d
|
||||
- cp files/etc/systemd/system/containerd.service.d/*.conf /etc/systemd/system/containerd.service.d
|
||||
- systemctl enable containerd
|
||||
- mkdir /etc/containerd
|
||||
- cp files/etc/containerd/config.toml /etc/containerd
|
||||
- cp files/etc/modules-load.d/*.conf /etc/modules-load.d/
|
||||
- cp files/etc/sysctl.d/*.conf /etc/sysctl.d
|
||||
env:
|
||||
- DEBIAN_FRONTEND=noninteractive
|
||||
- CONTAINERD_TGZ="cri-containerd-{{.Values.containerd_version }}-linux-{{$arch}}.tar.gz"
|
||||
- CONTAINERD_URL="https://github.com/containerd/containerd/releases/download/v{{.Values.containerd_version}}/${CONTAINERD_TGZ}"
|
||||
excludes:
|
||||
- /etc/crictl.yaml
|
||||
- /opt/bin/crictl
|
||||
@ -1,12 +0,0 @@
|
||||
packages:
|
||||
- name: containerd
|
||||
arch: amd64
|
||||
category: container-runtime
|
||||
version: 1.6.4
|
||||
pause_image: "k8s.gcr.io/pause:3.6"
|
||||
kubernetes_http_source: "https://dl.k8s.io/release"
|
||||
crictl_version: "1.20.0"
|
||||
containerd_version: "1.6.4"
|
||||
runc_version: "1.1.2"
|
||||
cni_version: "1.1.1"
|
||||
containerd_cri_socket: "/var/run/containerd/containerd.sock"
|
||||
@ -1,10 +0,0 @@
|
||||
name: containerd
|
||||
category: container-runtime
|
||||
version: "1.6.4"
|
||||
pause_image: "k8s.gcr.io/pause:3.6"
|
||||
kubernetes_http_source: "https://dl.k8s.io/release"
|
||||
crictl_version: "1.20.0"
|
||||
containerd_version: "1.6.4"
|
||||
runc_version: "1.1.2"
|
||||
cni_version: "1.1.1"
|
||||
containerd_cri_socket: "/var/run/containerd/containerd.sock"
|
||||
@ -1,11 +0,0 @@
|
||||
version = 2
|
||||
|
||||
imports = ["/etc/containerd/conf.d/*.toml"]
|
||||
|
||||
[plugins]
|
||||
[plugins."io.containerd.grpc.v1.cri"]
|
||||
sandbox_image = "k8s.gcr.io/pause:3.6"
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||
runtime_type = "io.containerd.runc.v2"
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||
SystemdCgroup = true
|
||||
@ -1 +0,0 @@
|
||||
runtime-endpoint: unix:///var/run/containerd/containerd.sock
|
||||
@ -1,2 +0,0 @@
|
||||
overlay
|
||||
br_netfilter
|
||||
@ -1,3 +0,0 @@
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.ipv4.ip_forward = 1
|
||||
@ -1,40 +0,0 @@
|
||||
# Copyright The containerd Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
[Unit]
|
||||
Description=containerd container runtime
|
||||
Documentation=https://containerd.io
|
||||
After=network.target local-fs.target
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/sbin/modprobe overlay
|
||||
ExecStart=/opt/bin/containerd
|
||||
|
||||
Type=notify
|
||||
Delegate=yes
|
||||
KillMode=process
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
LimitNOFILE=infinity
|
||||
# Comment TasksMax if your systemd version does not supports it.
|
||||
# Only systemd 226 and above support this version.
|
||||
TasksMax=infinity
|
||||
OOMScoreAdjust=-999
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -1,6 +0,0 @@
|
||||
[Service]
|
||||
Environment=PATH=/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
|
||||
ExecStartPre=mkdir -p /run/docker/libcontainerd
|
||||
ExecStartPre=ln -fs /run/containerd/containerd.sock /run/docker/libcontainerd/docker-containerd.sock
|
||||
ExecStart=
|
||||
ExecStart=/opt/bin/containerd --config /etc/containerd/config.toml
|
||||
@ -1,3 +0,0 @@
|
||||
[Service]
|
||||
# Do not limit the number of tasks that can be spawned by containerd
|
||||
TasksMax=infinity
|
||||
@ -1,8 +0,0 @@
|
||||
[Service]
|
||||
# Decreases the likelihood that containerd is killed due to memory
|
||||
# pressure.
|
||||
#
|
||||
# Please see the following link for more information about the
|
||||
# OOMScoreAdjust configuration property:
|
||||
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#OOMScoreAdjust=
|
||||
OOMScoreAdjust=-999
|
||||
@ -1,14 +0,0 @@
|
||||
{{ define "config" }}
|
||||
version = 2
|
||||
|
||||
imports = ["/etc/containerd/conf.d/*.toml"]
|
||||
|
||||
[plugins]
|
||||
[plugins."io.containerd.grpc.v1.cri"]
|
||||
sandbox_image = "{{.}}"
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||
runtime_type = "io.containerd.runc.v2"
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
|
||||
SystemdCgroup = true
|
||||
|
||||
{{ end }}
|
||||
@ -1,4 +1,4 @@
|
||||
packages:
|
||||
- name: "kairos-overlay-files"
|
||||
category: "bundles"
|
||||
category: "static"
|
||||
version: "1.0.7"
|
||||
@ -1,7 +0,0 @@
|
||||
image: alpine
|
||||
|
||||
steps:
|
||||
- mkdir -p /system/oem
|
||||
- chmod 700 /system/oem
|
||||
- cp -rfv oem/* /system/oem
|
||||
- chmod -R 600 /system/oem
|
||||
@ -1,3 +0,0 @@
|
||||
name: "base-cloud-config"
|
||||
category: "system"
|
||||
version: "0.2.0"
|
||||
@ -1,40 +0,0 @@
|
||||
# Rootfs Kairos OEM configuration file
|
||||
#
|
||||
# This file is part of Kairos and will get reset during upgrades.
|
||||
#
|
||||
# Before you change this file manually,
|
||||
# consider copying this file to /usr/local/cloud-config or
|
||||
# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
|
||||
name: "Rootfs Layout Settings"
|
||||
stages:
|
||||
rootfs.before:
|
||||
- name: "Pull data from provider"
|
||||
datasource:
|
||||
providers: ["aws", "gcp", "openstack", "cdrom"]
|
||||
path: "/oem"
|
||||
rootfs:
|
||||
- if: '[ ! -f "/run/cos/recovery_mode" ]'
|
||||
name: "Layout configuration"
|
||||
environment_file: /run/cos/cos-layout.env
|
||||
environment:
|
||||
VOLUMES: "LABEL=COS_OEM:/oem LABEL=COS_PERSISTENT:/usr/local"
|
||||
OVERLAY: "tmpfs:25%"
|
||||
- if: '[ -f "/run/cos/recovery_mode" ]'
|
||||
# omit the persistent partition on recovery mode
|
||||
name: "Layout configuration"
|
||||
environment_file: /run/cos/cos-layout.env
|
||||
environment:
|
||||
VOLUMES: "LABEL=COS_OEM:/oem"
|
||||
OVERLAY: "tmpfs:25%"
|
||||
initramfs:
|
||||
- if: '[ ! -f "/run/cos/recovery_mode" ]'
|
||||
name: "Persist /etc/machine-id"
|
||||
commands:
|
||||
- |
|
||||
# persist machine-id
|
||||
if [ -s /usr/local/etc/machine-id ]; then
|
||||
cat /usr/local/etc/machine-id > /etc/machine-id
|
||||
else
|
||||
mkdir -p /usr/local/etc
|
||||
cp /etc/machine-id /usr/local/etc
|
||||
fi
|
||||
@ -1,30 +0,0 @@
|
||||
# Default Kairos OEM configuration file
|
||||
#
|
||||
# This file is part of Kairos and will get reset during upgrades.
|
||||
#
|
||||
# Before you change this file manually,
|
||||
# consider copying this file to /usr/local/cloud-config or
|
||||
# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
|
||||
name: "Recovery partition boot setup"
|
||||
stages:
|
||||
rootfs.before:
|
||||
- if: |
|
||||
[ -n "$(blkid -L COS_SYSTEM || true)" ] || cat /proc/cmdline | grep -q "COS_RECOVERY"
|
||||
name: "Identify recovery mode"
|
||||
files:
|
||||
- path: /run/cos/recovery_mode
|
||||
content: "1"
|
||||
permissions: 0600
|
||||
owner: 0
|
||||
group: 0
|
||||
boot:
|
||||
- name: "Recovery"
|
||||
if: '[ -f "/run/cos/recovery_mode" ]'
|
||||
hostname: "cos-recovery"
|
||||
commands:
|
||||
- |
|
||||
source /etc/os-release
|
||||
echo >> /etc/issue
|
||||
echo "You are booting from recovery mode. Run 'kairos-agent reset' to reset the system to $VERSION" >> /etc/issue
|
||||
echo " or kairos-agent upgrade to upgrade the active partition" >> /etc/issue
|
||||
echo >> /etc/issue
|
||||
@ -1,19 +0,0 @@
|
||||
# Rootfs Kairos OEM configuration file
|
||||
#
|
||||
# This file is part of Kairos and will get reset during upgrades.
|
||||
#
|
||||
# Before you change this file manually,
|
||||
# consider copying this file to /usr/local/cloud-config or
|
||||
# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
|
||||
name: "LiveCD Detection"
|
||||
stages:
|
||||
rootfs.before:
|
||||
- if: |
|
||||
cat /proc/cmdline | grep -q "CDLABEL" || cat /proc/cmdline | grep -q "rd.cos.disable"
|
||||
name: "Identify live mode"
|
||||
files:
|
||||
- path: /run/cos/live_mode
|
||||
content: "1"
|
||||
permissions: 0600
|
||||
owner: 0
|
||||
group: 0
|
||||
@ -1,125 +0,0 @@
|
||||
# Rootfs Kairos OEM configuration file
|
||||
#
|
||||
# This file is part of Kairos and will get reset during upgrades.
|
||||
|
||||
# The boot assessment works in this way:
|
||||
# - After we upgrade, we set a grub env sentinel variable indicating that we did run an upgrade
|
||||
# - At the first boot, if we did an upgrade, we set another sentinel variable, which indicates we are trying to boot
|
||||
# - If we boot fine, we remove both sentinels
|
||||
# - If we get back again at the GRUB menu, a failure must have occurred and we select the fallback entry, creating also
|
||||
# sentinels files and a specific cmdline option indicating we failed booting after an upgrade
|
||||
|
||||
name: "Boot assessment"
|
||||
stages:
|
||||
boot.before:
|
||||
# Remove any grub sentinel and add
|
||||
# System sentinel to /run to indicate if we are booting after a failed upgrade.
|
||||
# This needs to run only on the active partition.
|
||||
# To note, we could similarly enable boot assessment always, also besides upgrades.
|
||||
# In this case it is enough to reset only boot_assessment_tentative here, and set
|
||||
# enable_boot_assessment to 'yes'.
|
||||
# This can be then customized easily by having a cloud-config file which always enables boot assessment on
|
||||
# the boot stage.
|
||||
- name: "Remove GRUB sentinels"
|
||||
if: |
|
||||
cat /proc/cmdline | grep -q "active.img"
|
||||
commands:
|
||||
- |
|
||||
mount -o rw,remount /run/initramfs/cos-state
|
||||
grub2-editenv /run/initramfs/cos-state/boot_assessment set enable_boot_assessment=
|
||||
grub2-editenv /run/initramfs/cos-state/boot_assessment set boot_assessment_tentative=
|
||||
mount -o ro,remount /run/initramfs/cos-state
|
||||
- name: "Create upgrade failure sentinel if necessary"
|
||||
if: |
|
||||
cat /proc/cmdline | grep -q "upgrade_failure"
|
||||
files:
|
||||
- path: /run/cos/upgrade_failure
|
||||
content: "1"
|
||||
permissions: 0600
|
||||
owner: 0
|
||||
group: 0
|
||||
after-install:
|
||||
# After install, reset, and upgrade, we install additional GRUB configuration for boot assessment into COS_STATE.
|
||||
|
||||
- &statemount
|
||||
name: "Mount state"
|
||||
commands:
|
||||
- |
|
||||
STATEDIR=/tmp/mnt/STATE
|
||||
STATE=$(blkid -L COS_STATE || true)
|
||||
mkdir -p $STATEDIR || true
|
||||
mount ${STATE} $STATEDIR
|
||||
# Here we hook the boot assessment configuration to 'grubcustom'
|
||||
# we do that selectively in order to just "append" eventual other configuration provided.
|
||||
# XXX: maybe we should just write to /grubcustom and override any other custom grub?
|
||||
- &customhook
|
||||
name: "Hook boot assessment grub configuration"
|
||||
if: |
|
||||
! grep -q "grub_boot_assessment" /tmp/mnt/STATE/grubcustom
|
||||
commands:
|
||||
- |
|
||||
cat << 'EOF' >> /tmp/mnt/STATE/grubcustom
|
||||
set bootfile="/grub_boot_assessment"
|
||||
search --no-floppy --file --set=bootfile_loc "${bootfile}"
|
||||
if [ "${bootfile_loc}" ]; then
|
||||
source "(${bootfile_loc})${bootfile}"
|
||||
fi
|
||||
EOF
|
||||
# Overrides the active cmdline by adding "rd.emergency=reboot", "rd.shell=0" and "panic=5"
|
||||
# so that any failure in booting initramfs or kernel loading results in a reboot.
|
||||
# It loads then the boot assessment environment and overrides default boot target if
|
||||
# a boot failure is detected.
|
||||
# A boot is considered failed when both sentinel are present ( upgrade triggered, tentative ).
|
||||
# The tentative sentinel is set after an upgrade was triggered.
|
||||
# This configuration is separated so it can be tracked separately from the install hook
|
||||
#
|
||||
- &bootgrub
|
||||
name: "Add boot assessment grub configuration"
|
||||
files:
|
||||
- path: "/tmp/mnt/STATE/grub_boot_assessment"
|
||||
owner: 0
|
||||
group: 0
|
||||
permsisions: 0600
|
||||
content: |
|
||||
set extra_active_cmdline="rd.emergency=reboot rd.shell=0 panic=5 systemd.crash_reboot systemd.crash_shell=0"
|
||||
set boot_assessment="/boot_assessment"
|
||||
search --no-floppy --file --set=boot_assessment_blk "${boot_assessment}"
|
||||
if [ "${boot_assessment_blk}" ]; then
|
||||
load_env -f "(${boot_assessment_blk})${boot_assessment}"
|
||||
fi
|
||||
if [ "${enable_boot_assessment}" = "yes" -o "${enable_boot_assessment_always}" = "yes" ]; then
|
||||
if [ -z "${selected_entry}" ]; then
|
||||
if [ "${boot_assessment_tentative}" = "yes" ]; then
|
||||
set default="fallback"
|
||||
set extra_passive_cmdline="upgrade_failure"
|
||||
else
|
||||
set boot_assessment_tentative="yes"
|
||||
save_env -f "(${boot_assessment_blk})${boot_assessment}" boot_assessment_tentative
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
- &stateumount
|
||||
name: "umount state"
|
||||
commands:
|
||||
- |
|
||||
umount /tmp/mnt/STATE
|
||||
|
||||
# Here we do enable boot assessment for the next bootup.
|
||||
# Similarly, we could trigger boot assessment in other cases
|
||||
after-upgrade:
|
||||
- <<: *statemount
|
||||
- name: "Set upgrade sentinel"
|
||||
commands:
|
||||
- |
|
||||
grub2-editenv /tmp/mnt/STATE/boot_assessment set enable_boot_assessment=yes
|
||||
# We do re-install hooks here if needed to track upgrades of boot assessment
|
||||
- <<: *customhook
|
||||
- <<: *bootgrub
|
||||
- <<: *stateumount
|
||||
|
||||
after-reset:
|
||||
- <<: *statemount
|
||||
# Reset completely restores COS_STATE, so we re-inject ourselves
|
||||
- <<: *customhook
|
||||
- <<: *bootgrub
|
||||
- <<: *stateumount
|
||||
@ -1,12 +0,0 @@
|
||||
# Rootfs Kairos OEM configuration file
|
||||
#
|
||||
# This file is part of Kairos and will get reset during upgrades.
|
||||
|
||||
name: "Default config"
|
||||
stages:
|
||||
initramfs:
|
||||
- name: "Default systemd config"
|
||||
if: '[ -e "/sbin/systemctl" ] || [ -e "/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]'
|
||||
systemctl:
|
||||
enable:
|
||||
- systemd-timesyncd
|
||||
@ -1,60 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
function doLoopMount {
|
||||
local partdev
|
||||
local partname
|
||||
local dev
|
||||
|
||||
# Iterate over current device labels
|
||||
for partdev in $(lsblk -nlp | awk '$0 ~ /part/ {print $1}'); do
|
||||
partname=$(basename "${partdev}")
|
||||
[ -e "/tmp/cosloop-${partname}" ] && continue
|
||||
> "/tmp/cosloop-${partname}"
|
||||
|
||||
# Ensure run system-fsck, at least, for the root partition
|
||||
systemd-fsck "${partdev}"
|
||||
|
||||
# Only run systemd-fsck if root is already found
|
||||
[ "${found}" == "ok" ] && continue
|
||||
|
||||
mount -t auto -o "${cos_root_perm}" "${partdev}" "${cos_state}" || continue
|
||||
if [ -f "${cos_state}/${cos_img}" ]; then
|
||||
|
||||
dev=$(losetup --show -f "${cos_state}/${cos_img}")
|
||||
|
||||
# attempt to run systemd-fsck on the loop device
|
||||
systemd-fsck "${dev}"
|
||||
|
||||
found="ok"
|
||||
else
|
||||
umount "${cos_state}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
|
||||
|
||||
PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
declare cos_img=$1
|
||||
declare cos_root_perm="ro"
|
||||
declare cos_state="/run/initramfs/cos-state"
|
||||
declare found=""
|
||||
|
||||
[ -z "${cos_img}" ] && exit 1
|
||||
|
||||
if getargbool 0 rd.cos.debugrw; then
|
||||
cos_root_perm="rw"
|
||||
fi
|
||||
|
||||
ismounted "${cos_state}" && exit 0
|
||||
|
||||
mkdir -p "${cos_state}"
|
||||
|
||||
doLoopMount
|
||||
if [ "${found}" == "ok" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
rm -r "${cos_state}"
|
||||
exit 1
|
||||
@ -1,10 +0,0 @@
|
||||
This package is a fork of the immutable-rootfs package in rancher/elemental-toolkit.
|
||||
|
||||
Copyright (c) 2020-2021 SUSE, LLC
|
||||
Copyright (c) 2022 Kairos
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
|
||||
@ -1,2 +0,0 @@
|
||||
This package auguments the immutable-rootfs package by adding support for legacy
|
||||
versions of uitl-linux/lsblk which are present in systems like RHEL 8
|
||||
@ -1,5 +0,0 @@
|
||||
image: alpine
|
||||
package_dir: "/package"
|
||||
steps:
|
||||
- mkdir -p /package/usr/lib/dracut/modules.d
|
||||
- cp -r 30cos-immutable-rootfs /package/usr/lib/dracut/modules.d
|
||||
@ -1,3 +0,0 @@
|
||||
name: "immutable-rootfs-legacy-compat"
|
||||
category: "dracut"
|
||||
version: "0.10"
|
||||
@ -1,129 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
|
||||
|
||||
cos_unit="cos-immutable-rootfs.service"
|
||||
cos_layout="/run/cos/cos-layout.env"
|
||||
|
||||
# Omit any immutable roofs module logic if disabled
|
||||
if getargbool 0 rd.cos.disable; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
[ -z "${root}" ] && root=$(getarg root=)
|
||||
|
||||
cos_root_perm="ro"
|
||||
if getargbool 0 rd.cos.debugrw; then
|
||||
cos_root_perm="rw"
|
||||
fi
|
||||
|
||||
oem_timeout=$(getargnum 120 1 1800 rd.cos.oemtimeout=)
|
||||
oem_label=$(getarg rd.cos.oemlabel=)
|
||||
cos_overlay=$(getarg rd.cos.overlay=)
|
||||
[ -z "${cos_overlay}" ] && cos_overlay="tmpfs:20%"
|
||||
|
||||
GENERATOR_DIR="$2"
|
||||
[ -z "$GENERATOR_DIR" ] && exit 1
|
||||
[ -d "$GENERATOR_DIR" ] || mkdir "$GENERATOR_DIR"
|
||||
|
||||
if [ -n "${oem_label}" ]; then
|
||||
dev=$(dev_unit_name /dev/disk/by-label/${oem_label})
|
||||
{
|
||||
echo "[Unit]"
|
||||
echo "DefaultDependencies=no"
|
||||
echo "Before=cos-setup-rootfs.service"
|
||||
echo "Conflicts=initrd-switch-root.target"
|
||||
echo "[Mount]"
|
||||
echo "Where=/oem"
|
||||
echo "What=/dev/disk/by-label/${oem_label}"
|
||||
echo "Options=rw,suid,dev,exec,noauto,nouser,async"
|
||||
} > "$GENERATOR_DIR"/oem.mount
|
||||
|
||||
if [ ! -e "$GENERATOR_DIR/cos-setup-rootfs.service.wants/oem.mount" ]; then
|
||||
mkdir -p "$GENERATOR_DIR"/cos-setup-rootfs.service.wants
|
||||
ln -s "$GENERATOR_DIR"/oem.mount \
|
||||
"$GENERATOR_DIR"/cos-setup-rootfs.service.wants/oem.mount
|
||||
fi
|
||||
|
||||
mkdir -p "$GENERATOR_DIR/$dev.device.d"
|
||||
{
|
||||
echo "[Unit]"
|
||||
echo "Before=initrd-root-fs.target"
|
||||
echo "JobRunningTimeoutSec=${oem_timeout}"
|
||||
} > "$GENERATOR_DIR/$dev.device.d/timeout.conf"
|
||||
|
||||
if [ ! -e "$GENERATOR_DIR/initrd-root-fs.target.wants/$dev.device" ]; then
|
||||
mkdir -p "$GENERATOR_DIR"/initrd-root-fs.target.wants
|
||||
ln -s "$GENERATOR_DIR"/"$dev".device \
|
||||
"$GENERATOR_DIR"/initrd-root-fs.target.wants/"$dev".device
|
||||
fi
|
||||
fi
|
||||
|
||||
case "${cos_overlay}" in
|
||||
UUID=*) \
|
||||
cos_overlay="block:/dev/disk/by-uuid/${cos_overlay#UUID=}"
|
||||
;;
|
||||
LABEL=*) \
|
||||
cos_overlay="block:/dev/disk/by-label/${cos_overlay#LABEL=}"
|
||||
;;
|
||||
esac
|
||||
|
||||
cos_mounts=()
|
||||
for mount in $(getargs rd.cos.mount=); do
|
||||
case "${mount}" in
|
||||
UUID=*) \
|
||||
mount="/dev/disk/by-uuid/${mount#UUID=}"
|
||||
;;
|
||||
LABEL=*) \
|
||||
mount="/dev/disk/by-label/${mount#LABEL=}"
|
||||
;;
|
||||
esac
|
||||
cos_mounts+=("${mount}")
|
||||
done
|
||||
|
||||
mkdir -p "/run/systemd/system/${cos_unit}.d"
|
||||
{
|
||||
echo "[Service]"
|
||||
echo "Environment=\"cos_mounts=${cos_mounts[@]}\""
|
||||
echo "Environment=\"cos_overlay=${cos_overlay}\""
|
||||
echo "Environment=\"cos_root_perm=${cos_root_perm}\""
|
||||
echo "EnvironmentFile=${cos_layout}"
|
||||
} > "/run/systemd/system/${cos_unit}.d/override.conf"
|
||||
|
||||
case "${root}" in
|
||||
LABEL=*) \
|
||||
root="${root//\//\\x2f}"
|
||||
root="/dev/disk/by-label/${root#LABEL=}"
|
||||
rootok=1 ;;
|
||||
UUID=*) \
|
||||
root="/dev/disk/by-uuid/${root#UUID=}"
|
||||
rootok=1 ;;
|
||||
/dev/*) \
|
||||
rootok=1 ;;
|
||||
esac
|
||||
|
||||
[ "${rootok}" != "1" ] && exit 0
|
||||
|
||||
dev=$(dev_unit_name "${root}")
|
||||
{
|
||||
echo "[Unit]"
|
||||
echo "Before=initrd-root-fs.target"
|
||||
echo "DefaultDependencies=no"
|
||||
echo "[Mount]"
|
||||
echo "Where=/sysroot"
|
||||
echo "What=${root}"
|
||||
echo "Options=${cos_root_perm},suid,dev,exec,auto,nouser,async"
|
||||
} > "$GENERATOR_DIR"/sysroot.mount
|
||||
|
||||
if [ ! -e "$GENERATOR_DIR/initrd-root-fs.target.requires/sysroot.mount" ]; then
|
||||
mkdir -p "$GENERATOR_DIR"/initrd-root-fs.target.requires
|
||||
ln -s "$GENERATOR_DIR"/sysroot.mount \
|
||||
"$GENERATOR_DIR"/initrd-root-fs.target.requires/sysroot.mount
|
||||
fi
|
||||
|
||||
mkdir -p "$GENERATOR_DIR/$dev.device.d"
|
||||
{
|
||||
echo "[Unit]"
|
||||
echo "JobTimeoutSec=300"
|
||||
echo "JobRunningTimeoutSec=300"
|
||||
} > "$GENERATOR_DIR/$dev.device.d/timeout.conf"
|
||||
@ -1,13 +0,0 @@
|
||||
[Unit]
|
||||
Description=cOS system immutable rootfs mounts
|
||||
DefaultDependencies=no
|
||||
After=initrd-root-fs.target cos-setup-rootfs.service
|
||||
Requires=initrd-root-fs.target
|
||||
Before=initrd-fs.target
|
||||
Conflicts=initrd-switch-root.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStartPre=-/usr/bin/systemctl stop oem.mount
|
||||
ExecStart=/sbin/cos-mount-layout
|
||||
@ -1,60 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
function doLoopMount {
|
||||
local partdev
|
||||
local partname
|
||||
local dev
|
||||
|
||||
# Iterate over current device labels
|
||||
for partdev in $(lsblk -ln -o path,type | grep part | cut -d" " -f1); do
|
||||
partname=$(basename "${partdev}")
|
||||
[ -e "/tmp/cosloop-${partname}" ] && continue
|
||||
> "/tmp/cosloop-${partname}"
|
||||
|
||||
# Ensure run system-fsck, at least, for the root partition
|
||||
systemd-fsck "${partdev}"
|
||||
|
||||
# Only run systemd-fsck if root is already found
|
||||
[ "${found}" == "ok" ] && continue
|
||||
|
||||
mount -t auto -o "${cos_root_perm}" "${partdev}" "${cos_state}" || continue
|
||||
if [ -f "${cos_state}/${cos_img}" ]; then
|
||||
|
||||
dev=$(losetup --show -f "${cos_state}/${cos_img}")
|
||||
|
||||
# attempt to run systemd-fsck on the loop device
|
||||
systemd-fsck "${dev}"
|
||||
|
||||
found="ok"
|
||||
else
|
||||
umount "${cos_state}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
|
||||
|
||||
PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
declare cos_img=$1
|
||||
declare cos_root_perm="ro"
|
||||
declare cos_state="/run/initramfs/cos-state"
|
||||
declare found=""
|
||||
|
||||
[ -z "${cos_img}" ] && exit 1
|
||||
|
||||
if getargbool 0 rd.cos.debugrw; then
|
||||
cos_root_perm="rw"
|
||||
fi
|
||||
|
||||
ismounted "${cos_state}" && exit 0
|
||||
|
||||
mkdir -p "${cos_state}"
|
||||
|
||||
doLoopMount
|
||||
if [ "${found}" == "ok" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
rm -r "${cos_state}"
|
||||
exit 1
|
||||
@ -1,278 +0,0 @@
|
||||
#!/bin/bash
|
||||
# cos_root_perm, cos_mounts and cos_overlay variables already processsed
|
||||
|
||||
#======================================
|
||||
# Functions
|
||||
#--------------------------------------
|
||||
|
||||
function getOverlayMountpoints {
|
||||
local mountpoints
|
||||
|
||||
for path in "${rw_paths[@]}"; do
|
||||
if ! hasMountpoint "${path}" "${cos_mounts[@]}"; then
|
||||
mountpoints+="${path}:overlay "
|
||||
fi
|
||||
done
|
||||
echo "${mountpoints}"
|
||||
}
|
||||
|
||||
function getStateMountpoints {
|
||||
local mountpoints=$1
|
||||
local state_mounts
|
||||
|
||||
for path in "${state_paths[@]}"; do
|
||||
if ! hasMountpoint "${path}" "${mountpoints}"; then
|
||||
state_mounts+="${path} "
|
||||
fi
|
||||
done
|
||||
echo "${state_mounts}"
|
||||
}
|
||||
|
||||
function hasMountpoint {
|
||||
local path=$1
|
||||
shift
|
||||
local mounts=("$@")
|
||||
|
||||
for mount in "${mounts[@]}"; do
|
||||
if [ "${path}" = "${mount#*:}" ]; then
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
function parseOverlay {
|
||||
local overlay=$1
|
||||
|
||||
case "${overlay}" in
|
||||
UUID=*) \
|
||||
overlay="block:/dev/disk/by-uuid/${overlay#UUID=}"
|
||||
;;
|
||||
LABEL=*) \
|
||||
overlay="block:/dev/disk/by-label/${overlay#LABEL=}"
|
||||
;;
|
||||
esac
|
||||
echo "${overlay}"
|
||||
}
|
||||
|
||||
function parseCOSMount {
|
||||
local mount=$1
|
||||
|
||||
case "${mount}" in
|
||||
UUID=*) \
|
||||
mount="/dev/disk/by-uuid/${mount#UUID=}"
|
||||
;;
|
||||
LABEL=*) \
|
||||
mount="/dev/disk/by-label/${mount#LABEL=}"
|
||||
;;
|
||||
esac
|
||||
echo "${mount}"
|
||||
}
|
||||
|
||||
function readCOSLayoutConfig {
|
||||
local mounts=()
|
||||
: "${MERGE:=true}"
|
||||
|
||||
if [ "${DEBUG_RW}" = "true" ]; then
|
||||
cos_root_perm="rw"
|
||||
fi
|
||||
|
||||
if [ -n "${VOLUMES}" ]; then
|
||||
for volume in ${VOLUMES}; do
|
||||
mounts+=("$(parseCOSMount ${volume})")
|
||||
done
|
||||
fi
|
||||
|
||||
if [ "${MERGE}" = "true" ]; then
|
||||
if [ -n "${cos_mounts}" ]; then
|
||||
for mount in ${cos_mounts}; do
|
||||
if ! hasMountpoint "${mount#*:}" "${mounts[@]}"; then
|
||||
mounts+=("${mount}")
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${OVERLAY}" ]; then
|
||||
cos_overlay=$(parseOverlay "${OVERLAY}")
|
||||
fi
|
||||
if [ ${#mounts[@]} -gt 0 ]; then
|
||||
cos_mounts=("${mounts[@]}")
|
||||
else
|
||||
cos_mounts=()
|
||||
fi
|
||||
|
||||
state_paths=()
|
||||
state_bind="${PERSISTENT_STATE_BIND:-false}"
|
||||
state_target="${PERSISTENT_STATE_TARGET:-/usr/local/.state}"
|
||||
|
||||
# An empty RW_PATHS is a valid value, default rw_paths are only
|
||||
# applied when RW_PATHS is unset.
|
||||
if [ -n "${RW_PATHS+x}" ]; then
|
||||
rw_paths=(${RW_PATHS})
|
||||
fi
|
||||
if [ -n "${PERSISTENT_STATE_PATHS}" ]; then
|
||||
state_paths=(${PERSISTENT_STATE_PATHS})
|
||||
fi
|
||||
}
|
||||
|
||||
function getCOSMounts {
|
||||
local mounts
|
||||
|
||||
for mount in "${cos_mounts[@]}"; do
|
||||
mounts+="${mount#*:}:${mount%%:*} "
|
||||
done
|
||||
mounts+="$(getOverlayMountpoints)"
|
||||
echo -e "${mounts// /\\n}" | sort -
|
||||
}
|
||||
|
||||
function mountOverlayBase {
|
||||
local fstab_line
|
||||
|
||||
mkdir -p "${overlay_base}"
|
||||
if [ "${cos_overlay%%:*}" = "tmpfs" ]; then
|
||||
overlay_size="${cos_overlay#*:}"
|
||||
mount -t tmpfs -o "defaults,size=${overlay_size}" tmpfs "${overlay_base}"
|
||||
fstab_line="tmpfs ${overlay_base} tmpfs defaults,size=${overlay_size} 0 0\n"
|
||||
elif [ "${cos_overlay%%:*}" = "block" ]; then
|
||||
overlay_block="${cos_overlay#*:}"
|
||||
mount -t auto "${overlay_block}" "${overlay_base}"
|
||||
fstab_line="${overlay_block} ${overlay_base} auto defaults 0 0\n"
|
||||
fi
|
||||
echo "${fstab_line}"
|
||||
}
|
||||
|
||||
function mountOverlay {
|
||||
local mount=$1
|
||||
local base=${2:-$overlay_base}
|
||||
local merged
|
||||
local upperdir
|
||||
local workdir
|
||||
local fstab_line
|
||||
|
||||
mount="${mount#/}"
|
||||
merged="/sysroot/${mount}"
|
||||
if [ "${base##/run}" == "${base}" ]; then
|
||||
base="/sysroot${base}"
|
||||
fi
|
||||
if ! mountpoint -q "${merged}"; then
|
||||
upperdir="${base}/${mount//\//-}.overlay/upper"
|
||||
workdir="${base}/${mount//\//-}.overlay/work"
|
||||
mkdir -p "${merged}" "${upperdir}" "${workdir}"
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "failed creating one of '${merged}', '${upperdir}' or '${workdir}'. Ignoring '${merged}' mount"
|
||||
return
|
||||
fi
|
||||
mount -t overlay overlay -o "defaults,lowerdir=${merged},upperdir=${upperdir},workdir=${workdir}" "${merged}"
|
||||
fstab_line="overlay /${mount} overlay defaults,lowerdir=/${mount},upperdir=${upperdir##/sysroot},workdir=${workdir##/sysroot}"
|
||||
required_mount=$(findmnt -fno TARGET --target "${base}")
|
||||
if [ -n "${required_mount}" ] && [ "${required_mount}" != "/" ]; then
|
||||
fstab_line+=",x-systemd.requires-mounts-for=${required_mount##/sysroot}"
|
||||
fi
|
||||
fstab_line+="\n"
|
||||
fi
|
||||
echo "${fstab_line}"
|
||||
}
|
||||
|
||||
function mountState {
|
||||
local mount=$1
|
||||
local base
|
||||
local fstab_line
|
||||
local state_dir
|
||||
|
||||
if [ "${state_bind}" = "true" ]; then
|
||||
mount="${mount#/}"
|
||||
base="/sysroot/${mount}"
|
||||
state_dir="/sysroot${state_target}/${mount//\//-}.bind"
|
||||
if ! mountpoint -q "${base}"; then
|
||||
mkdir -p "${base}" "${state_dir}"
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "failed creating '${base}' or '${state_dir}'. Ignoring '${base}' mount"
|
||||
return
|
||||
fi
|
||||
rsync -aqAX "${base}/" "${state_dir}/"
|
||||
mount -o defaults,bind "${state_dir}" "${base}"
|
||||
fstab_line="${state_dir##/sysroot} /${mount} none defaults,bind 0 0\n"
|
||||
fi
|
||||
else
|
||||
fstab_line=$(mountOverlay "${mount}" "${state_target}")
|
||||
fi
|
||||
echo "${fstab_line}"
|
||||
}
|
||||
|
||||
function mountPersistent {
|
||||
local mount=$1
|
||||
|
||||
if [ -e "${mount#*:}" ] && ! findmnt -rno SOURCE "${mount#*:}" > /dev/null; then
|
||||
mount -t auto "${mount#*:}" "/sysroot${mount%%:*}"
|
||||
else
|
||||
echo "Warning: ${mount#*:} already mounted or device not found" >&2
|
||||
fi
|
||||
echo "${mount#*:} ${mount%%:*} auto defaults 0 0\n"
|
||||
}
|
||||
|
||||
#======================================
|
||||
# Mount the rootfs layout
|
||||
#--------------------------------------
|
||||
|
||||
PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
declare cos_mounts=${cos_mounts}
|
||||
declare cos_overlay=${cos_overlay}
|
||||
declare cos_root_perm=${cos_root_perm}
|
||||
declare overlay_base="/run/overlay"
|
||||
declare rw_paths=("/etc" "/root" "/home" "/opt" "/srv" "/usr/local" "/var")
|
||||
declare etc_conf="/sysroot/etc/systemd/system/etc.mount.d"
|
||||
declare cos_layout="/run/cos/cos-layout.env"
|
||||
declare root_fstype=$(findmnt -rno FSTYPE /sysroot)
|
||||
declare root=$(findmnt -rno SOURCE /sysroot)
|
||||
declare fstab
|
||||
declare state_label
|
||||
declare state_paths
|
||||
declare state_bind
|
||||
declare state_target
|
||||
|
||||
readCOSLayoutConfig
|
||||
|
||||
[ -z "${cos_overlay}" ] && exit 0
|
||||
|
||||
# If sysroot is already an overlay do not prepare the rw overlay
|
||||
if [ "${root_fstype}" != "overlay" ]; then
|
||||
state_label=$(ls /tmp/cosloop-*)
|
||||
state_label="${state_label##/tmp/cosloop-}"
|
||||
if [ -f "/dev/disk/by-label/${state_label}" ]; then
|
||||
fstab="/dev/disk/by-label/${state_label} /run/initramfs/cos-state auto ${cos_root_perm} 0 0\n"
|
||||
fi
|
||||
fstab+="${root} / auto ${cos_root_perm} 0 0\n"
|
||||
fstab+=$(mountOverlayBase)
|
||||
fi
|
||||
|
||||
mountpoints=($(getCOSMounts))
|
||||
|
||||
for mount in "${mountpoints[@]}"; do
|
||||
if [ "${mount#*:}" = "overlay" ]; then
|
||||
if [ "${root_fstype}" != "overlay" ]; then
|
||||
fstab+=$(mountOverlay "${mount%%:*}")
|
||||
fi
|
||||
else
|
||||
# FSCK
|
||||
systemd-fsck "${mount#*:}"
|
||||
fstab+=$(mountPersistent "${mount}")
|
||||
fi
|
||||
done
|
||||
|
||||
for mount in $(getStateMountpoints "${mountpoints[@]}"); do
|
||||
fstab+=$(mountState "${mount}")
|
||||
done
|
||||
|
||||
echo -e "${fstab}" > /sysroot/etc/fstab
|
||||
|
||||
if [ ! -f "${etc_conf}/override.conf" ]; then
|
||||
mkdir -p "${etc_conf}"
|
||||
{
|
||||
echo "[Mount]"
|
||||
echo "LazyUnmount=true"
|
||||
} > "${etc_conf}/override.conf"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
@ -1,16 +0,0 @@
|
||||
[Unit]
|
||||
Description=cOS system initramfs setup before switch root
|
||||
DefaultDependencies=no
|
||||
After=initrd-fs.target
|
||||
Requires=initrd-fs.target
|
||||
Before=initrd.target
|
||||
|
||||
[Service]
|
||||
RootDirectory=/sysroot
|
||||
BindPaths=/proc /sys /dev /run /tmp
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/bin/elemental run-stage initramfs
|
||||
|
||||
[Install]
|
||||
RequiredBy=initrd.target
|
||||
@ -1,15 +0,0 @@
|
||||
[Unit]
|
||||
Description=cOS system early rootfs setup
|
||||
DefaultDependencies=no
|
||||
After=initrd-root-fs.target
|
||||
Requires=initrd-root-fs.target
|
||||
Conflicts=initrd-switch-root.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStartPre=/usr/bin/ln -sf -t / /sysroot/system
|
||||
ExecStart=/usr/bin/elemental run-stage rootfs
|
||||
|
||||
[Install]
|
||||
RequiredBy=initrd-fs.target
|
||||
@ -1,56 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# called by dracut
|
||||
check() {
|
||||
require_binaries "$systemdutildir"/systemd || return 1
|
||||
return 255
|
||||
}
|
||||
|
||||
# called by dracut
|
||||
depends() {
|
||||
echo systemd rootfs-block dm fs-lib
|
||||
return 0
|
||||
}
|
||||
|
||||
# called by dracut
|
||||
installkernel() {
|
||||
instmods overlay
|
||||
}
|
||||
|
||||
# called by dracut
|
||||
install() {
|
||||
declare moddir=${moddir}
|
||||
declare systemdutildir=${systemdutildir}
|
||||
declare systemdsystemunitdir=${systemdsystemunitdir}
|
||||
declare initdir="${initdir}"
|
||||
|
||||
inst_multiple \
|
||||
mount mountpoint elemental sort findmnt rmdir findmnt rsync cut
|
||||
|
||||
# Include utilities required for cos-setup services,
|
||||
# probably a devoted cos-setup dracut module makes sense
|
||||
inst_multiple -o \
|
||||
"$systemdutildir"/systemd-fsck partprobe sync udevadm lsblk sgdisk parted mkfs.ext2 mkfs.ext3 mkfs.ext4 mkfs.vfat mkfs.fat mkfs.xfs blkid e2fsck resize2fs mount xfs_growfs umount basename
|
||||
inst_hook cmdline 30 "${moddir}/parse-cos-cmdline.sh"
|
||||
inst_script "${moddir}/cos-generator.sh" \
|
||||
"${systemdutildir}/system-generators/dracut-cos-generator"
|
||||
inst_script "${moddir}/cos-mount-layout.sh" "/sbin/cos-mount-layout"
|
||||
inst_script "${moddir}/cos-loop-img.sh" "/sbin/cos-loop-img"
|
||||
inst_simple "${moddir}/cos-immutable-rootfs.service" \
|
||||
"${systemdsystemunitdir}/cos-immutable-rootfs.service"
|
||||
inst_simple "${moddir}/cos-setup-initramfs.service" \
|
||||
"${systemdsystemunitdir}/cos-setup-initramfs.service"
|
||||
inst_simple "${moddir}/cos-setup-rootfs.service" \
|
||||
"${systemdsystemunitdir}/cos-setup-rootfs.service"
|
||||
mkdir -p "${initdir}/${systemdsystemunitdir}/initrd-fs.target.requires"
|
||||
ln_r "../cos-immutable-rootfs.service" \
|
||||
"${systemdsystemunitdir}/initrd-fs.target.requires/cos-immutable-rootfs.service"
|
||||
ln_r "$systemdutildir"/systemd-fsck \
|
||||
"/sbin/systemd-fsck"
|
||||
ln_r "../cos-setup-rootfs.service" \
|
||||
"${systemdsystemunitdir}/initrd-fs.target.requires/cos-setup-rootfs.service"
|
||||
mkdir -p "${initdir}/${systemdsystemunitdir}/initrd.target.requires"
|
||||
ln_r "../cos-setup-initramfs.service" \
|
||||
"${systemdsystemunitdir}/initrd.target.requires/cos-setup-initramfs.service"
|
||||
dracut_need_initqueue
|
||||
}
|
||||
@ -1,49 +0,0 @@
|
||||
#!/bin/bash
|
||||
# immutable root is specified with
|
||||
# rd.cos.mount=LABEL=<vol_label>:<mountpoint>
|
||||
# rd.cos.mount=UUID=<vol_uuid>:<mountpoint>
|
||||
# rd.cos.overlay=tmpfs:<size>
|
||||
# rd.cos.overlay=LABEL=<vol_label>
|
||||
# rd.cos.overlay=UUID=<vol_uuid>
|
||||
# rd.cos.oemtimeout=<seconds>
|
||||
# rd.cos.oemlabel=<vol_label>
|
||||
# rd.cos.debugrw
|
||||
# rd.cos.disable
|
||||
# cos-img/filename=/cOS/active.img
|
||||
|
||||
type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
|
||||
|
||||
if getargbool 0 rd.cos.disable; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
cos_img=$(getarg cos-img/filename=)
|
||||
[ -z "${cos_img}" ] && return 0
|
||||
[ -z "${root}" ] && root=$(getarg root=)
|
||||
|
||||
cos_root_perm="ro"
|
||||
if getargbool 0 rd.cos.debugrw; then
|
||||
cos_root_perm="rw"
|
||||
fi
|
||||
|
||||
case "${root}" in
|
||||
LABEL=*) \
|
||||
root="${root//\//\\x2f}"
|
||||
root="/dev/disk/by-label/${root#LABEL=}"
|
||||
rootok=1 ;;
|
||||
UUID=*) \
|
||||
root="/dev/disk/by-uuid/${root#UUID=}"
|
||||
rootok=1 ;;
|
||||
/dev/*) \
|
||||
root="${root}"
|
||||
rootok=1 ;;
|
||||
esac
|
||||
|
||||
[ "${rootok}" != "1" ] && return 0
|
||||
|
||||
info "root device set to root=${root}"
|
||||
|
||||
wait_for_dev -n "${root}"
|
||||
/sbin/initqueue --settled --unique /sbin/cos-loop-img "${cos_img}"
|
||||
|
||||
return 0
|
||||
@ -1,10 +0,0 @@
|
||||
This package is a fork of the immutable-rootfs package in rancher/elemental-toolkit.
|
||||
|
||||
Copyright (c) 2020-2021 SUSE, LLC
|
||||
Copyright (c) 2022 Kairos
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
|
||||
@ -1,139 +0,0 @@
|
||||
This package ships the `immutable-rootfs` dracut module responsible of mounting the root tree during
|
||||
boot time with the immutable specific setup. The immutability concept refers
|
||||
to read only root (`/`) system. To ensure the linux OS is still functional
|
||||
certain paths or areas are required to be writable, in those cases an
|
||||
ephemeral overaly tmpfs is set in place. Additionaly, the immutable rootfs
|
||||
module can also mount a custom list of device blocks with read write
|
||||
permissions, those are mostly devoted to store persistent data.
|
||||
|
||||
The dracut module is mostly configured via kernel command line parameters or
|
||||
via the `/run/cos/cos-layout.env` environment file.
|
||||
|
||||
These are the read write paths the module mounts as part of the overlay
|
||||
ephemeral tmpfs: `/etc`, `/root`, `/home`, `/opt`, `/srv`, `/usr/local`
|
||||
and `/var`.
|
||||
|
||||
These paths will be all ephemeral unless there is a block device configured
|
||||
to be mounted in the same path.
|
||||
|
||||
It is important to remark all the immutable root configuration is applied
|
||||
in initrd before switching root and after `rootfs` cloud-init stage but
|
||||
before `initramfs` stage. So immutable rootfs configuration via cloud-init
|
||||
using the `/run/cos/cos-layout.env` file is only effective if called in any
|
||||
of the `rootfs.before`, `rootfs` or `rootfs.after` cloud-init stages.
|
||||
|
||||
## Kernel configuraton paramters
|
||||
|
||||
The immutable rootfs can be configured witht he following kernel parameters:
|
||||
|
||||
* `cos-img/filename=<imgfile>`: This is one of the main parameters, it defines
|
||||
the location of the image file to boot from.
|
||||
|
||||
* `rd.cos.overlay=tmpfs:<size>`: This defines the size of the tmpfs used for
|
||||
the ephemeral overlayfs. It can be expressed in MiB or as a % of the available
|
||||
memory. Defaults to `rd.cos.overlay=tmpfs:20%` if not present.
|
||||
|
||||
* `rd.cos.overlay=LABEL=<vol_label>`: Optionally and mostly for debugging
|
||||
purposes the overlayfs can be mounted on top of a persistent block device.
|
||||
Block devices can be expressed by LABEL (`LABEL=<blk_label>`) or by UUID
|
||||
(`UUID=<blk_uuid>`)
|
||||
|
||||
* `rd.cos.mount=LABEL:<blk_label>:<mountpoint>`: This option defines a
|
||||
persistent block device and its mountpoint. Block devices can also be
|
||||
defined by UUID (`UUID=<blk_uuid>:<mountpoint>`). This option can be passed
|
||||
multiple times.
|
||||
|
||||
* `rd.cos.oemtimeout=<seconds>`: cOS by default assumes the existence of a
|
||||
persistent block device labelled `COS_OEM` which is used to keep some
|
||||
configuration data (mostly cloud-init files). The immutable rootfs tries
|
||||
to mount this device at very early stages of the boot even before applying
|
||||
the immutable rootfs configs. It done this way to enable to configure the
|
||||
immutable rootfs module within the cloud-init files. As the `COS_OEM` device
|
||||
might not be always present the boot process just continues without failing
|
||||
after a certain timeout. This option configures such a timeout. Defaults to
|
||||
10s.
|
||||
|
||||
* `rd.cos.debugrw`: This is a boolean option, true if present, false if not.
|
||||
This option sets the root image to be mounted as a writable device. Note this
|
||||
completely breaks the concept of an immutable root. This is helpful for
|
||||
debugging or testing purposes, so changes persist across reboots.
|
||||
|
||||
* `rd.cos.disable`: This is a boolean option, true if present, false if not.
|
||||
It disables the execution of any immutable rootfs module logic at boot.
|
||||
|
||||
### Configuration with an environment file
|
||||
|
||||
The immutable rootfs can be configured with the `/run/cos/cos-layout.env`
|
||||
environment file. It is important to note that all the immutable root
|
||||
configuration is applied in initrd before switching root and after
|
||||
`rootfs` cloud-init stage but before `initramfs` stage. So immutable rootfs
|
||||
configuration via cloud-init using the `/run/cos/cos-layout.env` file is
|
||||
only effective if called in any of the `rootfs.before`, `rootfs` or
|
||||
`rootfs.after` cloud-init stages.
|
||||
|
||||
|
||||
In the environment file few options are available:
|
||||
|
||||
|
||||
* `VOLUMES=LABEL=<blk_label>:<mountpoint>`: This variable expects a block device
|
||||
and it mountpoint pair space separated list. The default cOS configuration is:
|
||||
|
||||
`VOLUMES="LABEL=COS_OEM:/oem LABEL=COS_PERSISTENT:/usr/local"`
|
||||
|
||||
* `OVERLAY`: It defines the underlaying device for the overlayfs as in
|
||||
`rd.cos.overlay=` kernel parameter.
|
||||
|
||||
* `DEBUGRW=true`: Sets the root (`/`) to be mounted with read/write permissions.
|
||||
|
||||
* `MERGE=true`: Sets makes the `VOLUMES` values to be merged with any other
|
||||
volume that might have been defined in the kernel command line. The merging
|
||||
criteria is simple: any overlapping volume is overwritten all others are
|
||||
appended to whatever was already defined as a kernel parameter. If not
|
||||
defined defaults to `true`.
|
||||
|
||||
* `RW_PATHS`: This is a space separated list of paths. These are the paths
|
||||
that will be used for the ephemeral overlayfs. These are the paths that
|
||||
will be mounted as overlay on top of the `OVERLAY` (or `rd.cos.overlay`)
|
||||
device. Default value is:
|
||||
|
||||
`RW_PATHS="/etc /root /home /opt /srv /usr/local /var"`
|
||||
**Note**: as those paths are overlayed with an ephemeral mount (`tmpfs`),
|
||||
additional data wrote on those location won't be available on subsequent boots.
|
||||
|
||||
* `PERSISTENT_STATE_TARGET`: This is the folder where the persistent state data
|
||||
will be stored, if any. Default value is `/usr/local/.state`.
|
||||
|
||||
* `PERSISTENT_STATE_PATHS`: This is a space separated list of paths. These are
|
||||
the paths that will become writable and store its data inside
|
||||
`PERSISTENT_STATE_TARGET`. By default this variable is empty, which means
|
||||
no persistent state area is created or used.
|
||||
|
||||
**Note**: The specified paths needs either to exist or be located in an area
|
||||
which is writeable ( for example, inside locations specified with `RW_PATHS`).
|
||||
The dracut module will attempt to create non-existant directories,
|
||||
but might fail if the mountpoint where are located is read-only.
|
||||
|
||||
* `PERSISTENT_STATE_BIND="true|false"`: When this variable is set to true
|
||||
the persistent state paths are bind mounted (instead of using overlayfs)
|
||||
after being mirrored with the original content. By default this variable is
|
||||
set to `false`.
|
||||
|
||||
Note that persistent state are is setup once the ephemeral paths and persistent
|
||||
volumes are mounted. Persistent state paths can't be an already existing mount
|
||||
point. If the persistent state requires any of the paths that are part of the
|
||||
ephemeral area by default, then `RW_PATHS` needs to be defined to avoid
|
||||
overlapping paths.
|
||||
|
||||
For exmaple a common cOS configuration can be expressed as part of the
|
||||
cloud-init configuration as follows:
|
||||
|
||||
```yaml
|
||||
name: example
|
||||
stage:
|
||||
rootfs:
|
||||
- name: "Layout configuration"
|
||||
environment_file: /run/cos/cos-layout.env
|
||||
environment:
|
||||
VOLUMES: "LABEL=COS_OEM:/oem LABEL=COS_PERSISTENT:/usr/local"
|
||||
OVERLAY: "tmpfs:25%"
|
||||
```
|
||||
@ -1,10 +0,0 @@
|
||||
image: alpine
|
||||
package_dir: "/package"
|
||||
steps:
|
||||
- mkdir -p /package/etc/systemd/system
|
||||
- mkdir -p /package/etc/dracut.conf.d
|
||||
- cp -rf tmp.mount /package/etc/systemd/system
|
||||
- mkdir -p /package/usr/lib/dracut/modules.d
|
||||
- cp -r 30cos-immutable-rootfs /package/usr/lib/dracut/modules.d
|
||||
- cp -rfv conf/* /package/etc/dracut.conf.d
|
||||
- cp -rfv 30cos-immutable-rootfs/cos-setup-*.service /package/etc/systemd/system
|
||||
@ -1 +0,0 @@
|
||||
add_dracutmodules+=" cos-immutable-rootfs "
|
||||
@ -1,2 +0,0 @@
|
||||
install_items+=" /etc/hosts "
|
||||
add_dracutmodules+=" network "
|
||||
@ -1,5 +0,0 @@
|
||||
hostonly_cmdline="no"
|
||||
hostonly="no"
|
||||
compress="xz"
|
||||
omit_dracutmodules+=" multipath "
|
||||
add_dracutmodules+=" livenet dmsquash-live "
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user