diff --git a/FAQ.md b/FAQ.md new file mode 100644 index 0000000000000000000000000000000000000000..6900d1a9eca61ed6ffc088199459c5d6059aae1f --- /dev/null +++ b/FAQ.md @@ -0,0 +1,7 @@ +1、NestOS与Fedora CoreOS是什么关系? + +NestOS是基于Fedora CoreOS的衍生版本,后续我们将会结合openeuler社区的各项特性,独立维护发展,也欢迎各位伙伴在issue中提出自己的需求和意见。 + +2、nestos-config仓是什么? + +nestos-config是制作NestOS镜像时使用的配置文件,由于现阶段没有跟随社区版本发布,所以该文件为我们根据openeuler定制的一份配置文件。配置文件中有一些注释,以及个别软件包引入与否,均为我们本地进行测试评估需要,现开源出来供大家交流学习使用。并且配置文件中所包含的软件包源、IP地址均为本地搭建。 \ No newline at end of file diff --git a/README.md b/README.md index 2383e623ca1a360ae508e537157c8eb703f7ae7a..f98479ac6d6865b912b4fe96cb04452c5aab7f77 100644 --- a/README.md +++ b/README.md @@ -11,17 +11,17 @@ NestOS将配置工具ignition与rpm-ostree、OCI支持、SElinux强化等技术 目前NestOS beta版已经在鲲鹏920、飞腾2000、飞腾2500等平台上完成了适配。 -![image-20211015170943884](graph/README/image-20211015170943884.png) +![image-20211015170943884](docs/graph/README/image-20211015170943884.png) #### 快速开始 -[在虚拟化平台部署-以VMware为例](https://gitee.com/openeuler/NestOS/blob/master/docs/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B.md) +[在虚拟化平台部署-以VMware为例](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B.md) #### NestOS应用指南 -1. [rpm-ostree使用](https://gitee.com/openeuler/NestOS/blob/master/docs/rpm-ostree%E4%BD%BF%E7%94%A8.md) -2. [k8s+iSulad搭建](https://gitee.com/openeuler/NestOS/blob/master/docs/K8S+iSulad%E6%90%AD%E5%BB%BA.md) -3. [zincati自动更新](https://gitee.com/openeuler/NestOS/blob/master/docs/zincati%E8%87%AA%E5%8A%A8%E6%9B%B4%E6%96%B0%E4%BD%BF%E7%94%A8.md) -4. [NestOS定制化](https://gitee.com/openeuler/NestOS/blob/master/docs/%E5%AE%9A%E5%88%B6NestOS.md) -5. [ignition配置示例](https://gitee.com/openeuler/NestOS/blob/master/docs/ignition%E9%85%8D%E7%BD%AE.md) +1. [rpm-ostree使用](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/rpm-ostree%E4%BD%BF%E7%94%A8.md) +2. [k8s+iSulad搭建](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/K8S+iSulad%E6%90%AD%E5%BB%BA.md) +3. [zincati自动更新](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/zincati%E8%87%AA%E5%8A%A8%E6%9B%B4%E6%96%B0%E4%BD%BF%E7%94%A8.md) +4. [NestOS定制化](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/%E5%AE%9A%E5%88%B6NestOS.md) +5. [ignition配置示例](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/ignition%E9%85%8D%E7%BD%AE.md) #### 功能特性 @@ -33,7 +33,7 @@ NestOS将配置工具ignition与rpm-ostree、OCI支持、SElinux强化等技术 6. ignition系统初始化 7. Afterburn -详细内容请点击[功能特性详细说明](https://gitee.com/openeuler/NestOS/blob/master/docs/%E5%8A%9F%E8%83%BD%E7%89%B9%E6%80%A7%E6%8F%8F%E8%BF%B0.md) +详细内容请点击[功能特性详细说明](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/%E5%8A%9F%E8%83%BD%E7%89%B9%E6%80%A7%E6%8F%8F%E8%BF%B0.md) #### 容器性能测试 @@ -46,19 +46,12 @@ NestOS将配置工具ignition与rpm-ostree、OCI支持、SElinux强化等技术 | 100*stop | 1316 | 1511 | 518 | -61% | -66% | | 100*rm | 1351 | 5582 | 920 | -32% | -84% | -更多详细内容请[点击](https://gitee.com/openeuler/NestOS/blob/master/docs/%E6%80%A7%E8%83%BD%E5%AF%B9%E6%AF%94%E6%B5%8B%E8%AF%95.md) +更多详细内容请[点击](https://gitee.com/openeuler/NestOS/blob/master/docs/usr_manual/%E6%80%A7%E8%83%BD%E5%AF%B9%E6%AF%94%E6%B5%8B%E8%AF%95.md) -1、NestOS与Fedora CoreOS是什么关系? - -NestOS是基于Fedora CoreOS的衍生版本,后续我们将会结合openeuler社区的各项特性,独立维护发展,也欢迎各位伙伴在issue中提出自己的需求和意见。 - -2、config文件夹是什么? - -config是制作NestOS镜像时使用的配置文件,由于现阶段没有跟随社区版本发布,所以该文件为我们根据openeuler定制的一份配置文件。配置文件中有一些注释,以及个别软件包引入与否,均为我们本地进行测试评估需要,现开源出来供大家交流学习使用。并且配置文件中所包含的软件包源、IP地址均为本地搭建。 #### NestOS roadmap -![image-NestOS-roadmap.png](graph/README/image-NestOS-roadmap.png) +![image-NestOS-roadmap.png](docs/graph/README/image-NestOS-roadmap.png) #### 主要贡献者 | Gitee ID | 公司 | 邮箱 | diff --git a/graph/README/image-20211015170943884.png b/docs/graph/README/image-20211015170943884.png similarity index 100% rename from graph/README/image-20211015170943884.png rename to docs/graph/README/image-20211015170943884.png diff --git a/graph/README/image-NestOS-roadmap.png b/docs/graph/README/image-NestOS-roadmap.png similarity index 100% rename from graph/README/image-NestOS-roadmap.png rename to docs/graph/README/image-NestOS-roadmap.png diff --git "a/docs/K8S+iSulad\346\220\255\345\273\272.md" "b/docs/usr_manual/K8S+iSulad\346\220\255\345\273\272.md" similarity index 100% rename from "docs/K8S+iSulad\346\220\255\345\273\272.md" rename to "docs/usr_manual/K8S+iSulad\346\220\255\345\273\272.md" diff --git "a/docs/ignition\351\205\215\347\275\256.md" "b/docs/usr_manual/ignition\351\205\215\347\275\256.md" similarity index 100% rename from "docs/ignition\351\205\215\347\275\256.md" rename to "docs/usr_manual/ignition\351\205\215\347\275\256.md" diff --git "a/docs/rpm-ostree\344\275\277\347\224\250.md" "b/docs/usr_manual/rpm-ostree\344\275\277\347\224\250.md" similarity index 100% rename from "docs/rpm-ostree\344\275\277\347\224\250.md" rename to "docs/usr_manual/rpm-ostree\344\275\277\347\224\250.md" diff --git "a/docs/zincati\350\207\252\345\212\250\346\233\264\346\226\260\344\275\277\347\224\250.md" "b/docs/usr_manual/zincati\350\207\252\345\212\250\346\233\264\346\226\260\344\275\277\347\224\250.md" similarity index 100% rename from "docs/zincati\350\207\252\345\212\250\346\233\264\346\226\260\344\275\277\347\224\250.md" rename to "docs/usr_manual/zincati\350\207\252\345\212\250\346\233\264\346\226\260\344\275\277\347\224\250.md" diff --git "a/docs/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" "b/docs/usr_manual/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" similarity index 100% rename from "docs/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" rename to "docs/usr_manual/\345\212\237\350\203\275\347\211\271\346\200\247\346\217\217\350\277\260.md" diff --git "a/docs/\345\256\232\345\210\266NestOS.md" "b/docs/usr_manual/\345\256\232\345\210\266NestOS.md" similarity index 100% rename from "docs/\345\256\232\345\210\266NestOS.md" rename to "docs/usr_manual/\345\256\232\345\210\266NestOS.md" diff --git "a/docs/\345\277\253\351\200\237\345\274\200\345\247\213.md" "b/docs/usr_manual/\345\277\253\351\200\237\345\274\200\345\247\213.md" similarity index 100% rename from "docs/\345\277\253\351\200\237\345\274\200\345\247\213.md" rename to "docs/usr_manual/\345\277\253\351\200\237\345\274\200\345\247\213.md" diff --git "a/docs/\346\200\247\350\203\275\345\257\271\346\257\224\346\265\213\350\257\225.md" "b/docs/usr_manual/\346\200\247\350\203\275\345\257\271\346\257\224\346\265\213\350\257\225.md" similarity index 100% rename from "docs/\346\200\247\350\203\275\345\257\271\346\257\224\346\265\213\350\257\225.md" rename to "docs/usr_manual/\346\200\247\350\203\275\345\257\271\346\257\224\346\265\213\350\257\225.md" diff --git a/nestos-config/COPYING b/nestos-config/COPYING deleted file mode 100644 index b81e261c59cc56e339a5d3b475b9ba43200b0395..0000000000000000000000000000000000000000 --- a/nestos-config/COPYING +++ /dev/null @@ -1,21 +0,0 @@ -Copyright 2018 Fedora CoreOS Authors. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - diff --git a/nestos-config/LICENSE b/nestos-config/LICENSE deleted file mode 100644 index e50acb0241fee58a0e67ee0b5e51e949592882be..0000000000000000000000000000000000000000 --- a/nestos-config/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -Copyright 2018 Fedora CoreOS Authors. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - diff --git a/nestos-config/image-base.yaml b/nestos-config/image-base.yaml deleted file mode 100644 index 9645d1342113ce0c3f49e3db021d2a819ff19fb9..0000000000000000000000000000000000000000 --- a/nestos-config/image-base.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This file is shared by all streams. For a stream-specific change, use -# image.yaml instead. - -# Target disk size in GB. -# Make it at least 10G because we want the rootfs to be at least 8G: -# https://github.com/coreos/fedora-coreos-tracker/issues/586 -size: 10 - -extra-kargs: - # Disable SMT on systems vulnerable to MDS or any similar future issue. - - mitigations=auto,nosmt - - console=tty1 - -# Disable networking by default on firstboot. We can drop this once cosa stops -# defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key. -ignition-network-kcmdline: [] - -# Optional remote by which to prefix the deployed OSTree ref -ostree-remote: openEuler - -# opt in to using the `metadata_csum_seed` feature of the ext4 filesystem -# for the /boot filesystem. Support for this was only recently added to grub -# and isn't available everywhere yet so we'll gate it behind this image.yaml -# knob. It should be easy to know when RHEL/RHCOS supports this by just flipping -# this to `true` and doing a build. It should error when building the disk -# images if grub doesn't support it. -# https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00031.html -#bootfs_metadata_csum_seed: true - -# After this, we plan to add support for the Ignition -# storage/filesystems sections. (Although one can do -# that on boot as well) - - diff --git a/nestos-config/image.yaml b/nestos-config/image.yaml deleted file mode 100644 index 9a5e77fdd9e8f92b05430a45ba9ce7d30148d939..0000000000000000000000000000000000000000 --- a/nestos-config/image.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# This file can optionally contain configuration specific to the stream, -# similarly to manifest.yaml. Unlike image-base.yaml, which is shared by all -# streams. -include: image-base.yaml -squashfs-compression: gzip diff --git a/nestos-config/kola-denylist.yaml b/nestos-config/kola-denylist.yaml deleted file mode 100644 index c436860a70b2befcbef0f9294c4ead0d99b9c965..0000000000000000000000000000000000000000 --- a/nestos-config/kola-denylist.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This file documents currently known-to-fail kola tests. It is consumed by -# coreos-assembler to automatically skip some tests. For more information, -# see: https://github.com/coreos/coreos-assembler/pull/866. -- pattern: fcos.internet - tracker: https://github.com/coreos/coreos-assembler/pull/1478 -- pattern: podman.workflow - tracker: https://github.com/coreos/coreos-assembler/pull/1478 -- pattern: ostree.hotfix - tracker: https://github.com/coreos/fedora-coreos-tracker/issues/942 - snooze: 2021-10-25 - streams: - - rawhide - arches: - - aarch64 diff --git a/nestos-config/live/EFI/openEuler/grub.cfg b/nestos-config/live/EFI/openEuler/grub.cfg deleted file mode 100644 index 0db10324c906451e95bd139a5f185459a16a955a..0000000000000000000000000000000000000000 --- a/nestos-config/live/EFI/openEuler/grub.cfg +++ /dev/null @@ -1,36 +0,0 @@ -# Note this file mostly matches the grub.cfg file from within the -# efiboot.img on the NestOS Server DVD iso. Diff this file with that -# file in the future to pick up changes. -# -# One diff to note is we use linux and initrd instead of linuxefi and -# initrdefi. We do this because it works and allows us to use this same -# file on other architectures. -# -# This file is loaded directly when booting via El Torito, and indirectly -# from a stub config in efiboot.img when booting via the hybrid ESP. - -set default="1" - -function load_video { - insmod efi_gop - insmod efi_uga - insmod video_bochs - insmod video_cirrus - insmod all_video -} - -load_video -set gfxpayload=keep -insmod gzio -insmod part_gpt -insmod ext2 - -set timeout=5 -### END /etc/grub.d/00_header ### - -### BEGIN /etc/grub.d/10_linux ### -menuentry 'NestOS (Live)' --class openeuler --class gnu-linux --class gnu --class os { - linux /images/pxeboot/vmlinuz @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1 -################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ COREOS_KARG_EMBED_AREA - initrd /images/pxeboot/initrd.img /images/ignition.img -} diff --git a/nestos-config/live/README-devel.md b/nestos-config/live/README-devel.md deleted file mode 100644 index c0bde041c03cf58bb656ccded800b5f521fa3f49..0000000000000000000000000000000000000000 --- a/nestos-config/live/README-devel.md +++ /dev/null @@ -1,13 +0,0 @@ -These files will be copied to the target live ISO -via the CoreOS Assembler buildextend-live call. It -picks up all files in the coreos/NestOS-config/live/ -directory and copies them to the base of the ISO. - -Files currently copied are: - -- isolinux/boot.msg -- isolinux/isolinux.cfg - -Files that get copied into efiboot.img in the ISO: - -- EFI/grub.cfg diff --git a/nestos-config/live/isolinux/boot.msg b/nestos-config/live/isolinux/boot.msg deleted file mode 100644 index 362e9e5ebe5e755aac832f8ac64e8da51fcbaeeb..0000000000000000000000000000000000000000 --- a/nestos-config/live/isolinux/boot.msg +++ /dev/null @@ -1,5 +0,0 @@ - -splash.lss - - - Press the 0107 key to boot. - diff --git a/nestos-config/live/isolinux/isolinux.cfg b/nestos-config/live/isolinux/isolinux.cfg deleted file mode 100644 index 5ec947c009f85d71075fd803976d144a91678a22..0000000000000000000000000000000000000000 --- a/nestos-config/live/isolinux/isolinux.cfg +++ /dev/null @@ -1,75 +0,0 @@ -# Note this file mostly matches the isolinux.cfg file from the NestOS -# Server DVD iso. Diff this file with that file in the future to pick up -# changes. -serial 0 -default vesamenu.c32 -# timeout in units of 1/10s. 50 == 5 seconds -timeout 50 - -display boot.msg - -# Clear the screen when exiting the menu, instead of leaving the menu displayed. -# For vesamenu, this means the graphical background is still displayed without -# the menu itself for as long as the screen remains in graphics mode. -menu clear -menu background splash.png -menu title NestOS -menu vshift 8 -menu rows 18 -menu margin 8 -#menu hidden -menu helpmsgrow 15 -menu tabmsgrow 13 - -# Border Area -menu color border * #00000000 #00000000 none - -# Selected item -menu color sel 0 #ffffffff #00000000 none - -# Title bar -menu color title 0 #ff7ba3d0 #00000000 none - -# Press [Tab] message -menu color tabmsg 0 #ff3a6496 #00000000 none - -# Unselected menu item -menu color unsel 0 #84b8ffff #00000000 none - -# Selected hotkey -menu color hotsel 0 #84b8ffff #00000000 none - -# Unselected hotkey -menu color hotkey 0 #ffffffff #00000000 none - -# Help text -menu color help 0 #ffffffff #00000000 none - -# A scrollbar of some type? Not sure. -menu color scrollbar 0 #ffffffff #ff355594 none - -# Timeout msg -menu color timeout 0 #ffffffff #00000000 none -menu color timeout_msg 0 #ffffffff #00000000 none - -# Command prompt text -menu color cmdmark 0 #84b8ffff #00000000 none -menu color cmdline 0 #ffffffff #00000000 none - -# Do not display the actual menu unless the user presses a key. All that is displayed is a timeout message. - -menu tabmsg Press Tab for full configuration options on menu items. - -menu separator # insert an empty line -menu separator # insert an empty line - -label linux - menu label ^NestOS (Live) - menu default - kernel /images/pxeboot/vmlinuz - append initrd=/images/pxeboot/initrd.img,/images/ignition.img @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1 -################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ COREOS_KARG_EMBED_AREA - -menu separator # insert an empty line - -menu end diff --git a/nestos-config/live/zipl.prm b/nestos-config/live/zipl.prm deleted file mode 100644 index c98eab0dc2a05cfab141515f68d7f66000a46cf4..0000000000000000000000000000000000000000 --- a/nestos-config/live/zipl.prm +++ /dev/null @@ -1 +0,0 @@ -@@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1 diff --git a/nestos-config/manifest.yaml b/nestos-config/manifest.yaml deleted file mode 100644 index acdb147ce78970347fbaf6eb513cdaf0d0c8502a..0000000000000000000000000000000000000000 --- a/nestos-config/manifest.yaml +++ /dev/null @@ -1,25 +0,0 @@ -ref: openEuler/${basearch}/nestos/stable -include: manifests/nestos.yaml - -releasever: "22.03" - -rojig: - license: MIT - name: nestos - summary: NestOS stable - -add-commit-metadata: - fedora-coreos.stream: stable - -packages: - # resolved was broken out to its own package in rawhide/f35 - # - systemd-resolved - # In F35+ need `iptables-legacy` package - # See https://github.com/coreos/fedora-coreos-tracker/issues/676#issuecomment-928028451 - # - iptables-legacy - -remove-from-packages: - # Hopefully short-term hack -- see https://github.com/coreos/fedora-coreos-config/pull/1206#discussion_r705425869. - # This keeps the size down and ensures nothing tries to use it, preventing us - # from shedding the dep eventually. - - [cracklib-dicts, .*] diff --git a/nestos-config/manifests/bootable-rpm-ostree.yaml b/nestos-config/manifests/bootable-rpm-ostree.yaml deleted file mode 100644 index aaef03a9be8ea048ef2395285b5c38e6727d4da3..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/bootable-rpm-ostree.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This minimal base starts just from: kernel + systemd + rpm-ostree + bootloader. -# The intent of this is to inherit from this if you are doing something highly -# custom that e.g. might not involve Ignition or podman, but you do want -# rpm-ostree. -# We expect most people though using nestos-assembler to inherit from -# nestos-base.yaml. -packages: - # Kernel + systemd. Note we explicitly specify kernel-{core,modules} - # because otherwise depsolving could bring in kernel-debug. - - kernel systemd - # rpm-ostree - - rpm-ostree nss-altfiles - # firmware updates - - fwupd - -# bootloader -packages-aarch64: - - grub2-efi-aa64 efibootmgr shim -packages-ppc64le: - - grub2 ostree-grub2 -packages-s390x: - # On Fedora, this is provided by s390utils-core. on RHEL, this is for now - # provided by s390utils-base, but soon will be -core too. - - /usr/sbin/zipl -packages-x86_64: - - grub2 grub2-efi-x64 efibootmgr shim - - microcode_ctl diff --git a/nestos-config/manifests/bootupd.yaml b/nestos-config/manifests/bootupd.yaml deleted file mode 100644 index 659f72d30de14aa7a195e1a1af70a8e524e44140..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/bootupd.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Integration with https://github.com/coreos/bootupd -# xref https://github.com/coreos/fedora-coreos-tracker/issues/510 -packages: - - bootupd - -postprocess: - - | - #!/bin/bash - set -xeuo pipefail - # Until we have https://github.com/coreos/rpm-ostree/pull/2275 - mkdir -p /run - # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload - /usr/bin/bootupctl backend generate-update-metadata / - chmod -R +x /usr/bin/ - chmod -R +x /usr/sbin/ - chmod -R +x /usr/libexec/ \ No newline at end of file diff --git a/nestos-config/manifests/file-transfer.yaml b/nestos-config/manifests/file-transfer.yaml deleted file mode 100644 index 64ae36782c6a42fb0de5e93c88d63279ea15f2a9..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/file-transfer.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# Moving files around and verifying them -packages: - - git-core - - gnupg2 - - rsync diff --git a/nestos-config/manifests/group b/nestos-config/manifests/group deleted file mode 100644 index 4c2f543d4d329f9242eb5dfcaed6d4c983cf578b..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/group +++ /dev/null @@ -1,58 +0,0 @@ -root:x:0: -bin:x:1: -daemon:x:2: -sys:x:3: -adm:x:4: -tty:x:5: -disk:x:6: -lp:x:7: -mem:x:8: -kmem:x:9: -wheel:x:10: -cdrom:x:11: -mail:x:12: -man:x:15: -sudo:x:16: -dialout:x:18: -floppy:x:19: -games:x:20: -tape:x:30: -video:x:39: -ftp:x:50: -lock:x:54: -audio:x:63: -nobody:x:99: -users:x:100: -utmp:x:22: -utempter:x:35: -ssh_keys:x:999: -systemd-journal:x:190: -dbus:x:81: -polkitd:x:998: -etcd:x:997: -dip:x:40: -cgred:x:996: -tss:x:59: -avahi-autoipd:x:170: -rpc:x:32: -sssd:x:993: -dockerroot:x:986: -rpcuser:x:29: -nfsnobody:x:65534: -kube:x:994: -sshd:x:74: -chrony:x:992: -tcpdump:x:72: -ceph:x:167: -input:x:995: -systemd-timesync:x:991: -systemd-network:x:990: -systemd-resolve:x:989: -systemd-bus-proxy:x:988: -cockpit-ws:x:987: - -named:x:25: -dhcpd:x:177: -dnsmasq:x:980: -saslauth:x:76: -isula:x:986: diff --git a/nestos-config/manifests/grub2-removals.yaml b/nestos-config/manifests/grub2-removals.yaml deleted file mode 100644 index f4800ddd113edbd3c8244afbeb68c55fa5d82a2e..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/grub2-removals.yaml +++ /dev/null @@ -1,8 +0,0 @@ -remove-from-packages: - # The grub bits are mainly designed for desktops, and IMO haven't seen - # enough testing in concert with ostree. At some point we'll flesh out - # the full plan in https://github.com/coreos/fedora-coreos-tracker/issues/47 - - [grub2-tools, /etc/grub.d/08_fallback_counting, - /etc/grub.d/10_reset_boot_success, - /etc/grub.d/12_menu_auto_hide, - /usr/lib/systemd/.*] diff --git a/nestos-config/manifests/ignition-and-ostree.yaml b/nestos-config/manifests/ignition-and-ostree.yaml deleted file mode 100644 index 34879ff4089f4425479a5c0f9139191110077f56..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/ignition-and-ostree.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Defines the "core" of a Fedora CoreOS like system; basically (ignition, ostree) -# plus other default tweaks. Things in this file should be something we expect -# basically everyone using both Ignition and (rpm-)ostree to want. -# It may be used as an inheritance base by other projects like Fedora Silverblue or RHCOS. -# One good model is to add fedora-coreos-config as a git submodule. See: -# https://github.com/coreos/coreos-assembler/pull/639 - -# Include rpm-ostree + kernel + bootloader -include: bootable-rpm-ostree.yaml - -initramfs-args: - # make it a hard error if Ignition can't be included - - --add=ignition - -# Modern defaults we want -boot-location: modules -tmp-is-dir: true - -# Required by Ignition, and makes the system not compatible with Anaconda -machineid-compat: false - -packages: - - ignition - - dracut-network - # for encryption - - clevis clevis-dracut clevis-systemd - -remove-from-packages: - # We don't want systemd-firstboot.service. It conceptually conflicts with - # Ignition. We also inject runtime bits to disable it in systemd-firstboot.service.d/fcos-disable.conf - # to make it easier to use systemd builds from git. - - [systemd, /usr/bin/systemd-firstboot, - /usr/lib/systemd/system/systemd-firstboot.service, - /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] - # We don't want auto-generated mount units. See also - # https://github.com/systemd/systemd/issues/13099 - - [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator] - -postprocess: - # Undo RPM scripts enabling units; we want the presets to be canonical - # https://github.com/projectatomic/rpm-ostree/issues/1803 - - | - #!/usr/bin/env bash - set -xeuo pipefail - rm -rf /etc/systemd/system/* - systemctl preset-all - rm -rf /etc/systemd/user/* - systemctl --user --global preset-all diff --git a/nestos-config/manifests/nestos-base.yaml b/nestos-config/manifests/nestos-base.yaml deleted file mode 100644 index 1aca9344fd08154a4f3ddd6521f2244bc9243d1e..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/nestos-base.yaml +++ /dev/null @@ -1,211 +0,0 @@ -# This file is most of a NestOS like system; it inherits from "core". -# Add things in this file which are somewhat "opinionated", not necessarily -# core functionality. - -include: - - ignition-and-ostree.yaml - - file-transfer.yaml - - networking-tools.yaml - - system-configuration.yaml - - user-experience.yaml - - shared-workarounds.yaml - -initramfs-args: - - --no-hostonly - # We don't support root on NFS, so we don't need it in the initramfs. It also - # conflicts with /var mount support in ignition because NFS tries to mount stuff - # in /var/ and then ignition can't cleanly unmount it. For example: - # https://github.com/dracutdevs/dracut/blob/1856ae95c873a6fe855b3dccd0144f1a96b9e71c/modules.d/95nfs/nfs-start-rpc.sh#L7 - # See also discussion in https://github.com/coreos/fedora-coreos-config/pull/60 - - --omit=nfs - # Omit these since we don't use them - - --omit=lvm - - --omit=iscsi - -# Be minimal -recommends: false - -ignore-removed-users: - - root -ignore-removed-groups: - - root -etc-group-members: - - wheel - - sudo - - systemd-journal - - adm - -check-passwd: - type: "file" - filename: "passwd" -check-groups: - type: "file" - filename: "group" - -default-target: multi-user.target - -# we can drop this when it's the rpm-ostree default -rpmdb: sqlite - -# ⚠⚠⚠ ONLY TEMPORARY HACKS ALLOWED HERE; ALL ENTRIES NEED TRACKER LINKS ⚠⚠⚠ -# See also the version of this in fedora-coreos.yaml -postprocess: - - | - #!/usr/bin/env bash - #/usr/sbin/mpathconf --enable - systemctl mask kdump.service - systemctl mask multipathd.service - - - | - #!/usr/bin/env bash - rm -rf /etc/gshadow - echo "u polkitd - polkitd" > /usr/lib/sysusers.d/polkit.conf - echo "u chrony - chrony" > /usr/lib/sysusers.d/chrony.conf - echo "u sshd - sshd" > /usr/lib/sysusers.d/sshd.conf - echo "u rpc - rpc" > /usr/lib/sysusers.d/rpc.conf - echo "u rpcuser - rpcuser" > /usr/lib/sysusers.d/rpcuser.conf - # This will be dropped once rpm-ostree because module-aware. - # https://github.com/projectatomic/rpm-ostree/issues/1542#issuecomment-419684977 - # https://github.com/projectatomic/rpm-ostree/issues/1435 - - | - #!/usr/bin/env bash - set -xeuo pipefail - for x in /etc/yum.repos.d/*modular.repo; do - sed -i -e 's,enabled=[01],enabled=0,' ${x} - done - # Enable SELinux booleans used by OpenShift - # https://github.com/coreos/fedora-coreos-tracker/issues/284 - - | - #!/usr/bin/env bash - set -xeuo pipefail - #setsebool -P -N container_use_cephfs on # RHBZ#1692369 - setsebool -P -N virt_use_samba on # RHBZ#1754825 - - # Mask dnsmasq. We include dnsmasq for host services that use the dnsmasq - # binary but intentionally mask the systemd service so users can't easily - # use it as an external dns server. We prefer they use a container for that. - # https://github.com/coreos/fedora-coreos-tracker/issues/519 - - | - #!/usr/bin/env bash - systemctl mask dnsmasq.service - # Mask systemd-repart. Ignition is responsible for partition setup on first - # boot and does not use systemd-repart currently. See also - # https://github.com/coreos/fedora-coreos-tracker/issues/570 - - | - #!/usr/bin/env bash - systemctl mask systemd-repart.service - - # Neuter systemd-resolved for now. - # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-743219353 - # Remove when on F35+ as NM now handles rdns + resolved better - # https://github.com/coreos/fedora-coreos-tracker/issues/834 - # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/601 - # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/877 - - | - #!/usr/bin/env bash - set -xeuo pipefail - # Only operate on F34 since F35+ has been fixed - source /etc/os-release - [ ${VERSION_ID} -eq 34 ] || exit 0 - # Get us back to Fedora 32's nsswitch.conf settings - sed -i 's/^hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf - mkdir -p /usr/lib/systemd/resolved.conf.d/ - cat > /usr/lib/systemd/resolved.conf.d/nestos-stub-listener.conf <<'EOF' - # Fedora CoreOS is electing to not use systemd-resolved's internal - # logic for now because of issues with setting hostnames via reverse DNS. - # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-736104003 - [Resolve] - DNSStubListener=no - EOF - - # Set the fallback hostname to `localhost`. This was needed in F33/F34 - # because a fallback hostname of `fedora` + systemd-resolved broke - # rDNS. It's now fixed in F35+ NetworkManager to handle the corner cases - # around synthetized hostnames and systemd-resolved, but the question - # remains on what is a more appropriate default hostname for a server like - # host. https://github.com/coreos/fedora-coreos-tracker/issues/902 - - | - #!/usr/bin/env bash - source /etc/os-release - if [ -z "${DEFAULT_HOSTNAME:-}" ]; then - echo 'DEFAULT_HOSTNAME=localhost' >> /usr/lib/os-release - fi - -# Packages listed here should be specific to Fedore CoreOS (as in not yet -# available in RHCOS or not desired in RHCOS). All other packages should go -# into one of the sub-manifests listed at the top. -packages: - # Container tooling - - crun - # Security - - polkit - # System setup - - afterburn-dracut - # SSH - - ssh-key-dir - # Containers - - systemd-container catatonit - - fuse-overlayfs slirp4netns - # name resolution for podman containers - # https://github.com/coreos/fedora-coreos-tracker/issues/519 - - dnsmasq - - iSulad - # Remote IPC for podman - - libvarlink-util - # Minimal NFS client - - nfs-utils-nestos - # Active Directory support - - adcli - # Additional firewall support; we aren't including these in RHCOS or they - # don't exist in RHEL - #- iptables-nft iptables-services - # WireGuard https://github.com/coreos/fedora-coreos-tracker/issues/362 - - wireguard-tools - # Storage - - btrfs-progs - - WALinuxAgent-udev - # Allow communication between sudo and SSSD - # for caching sudo rules by SSSD. - # https://github.com/coreos/fedora-coreos-tracker/issues/445 - - libsss_sudo - # SSSD; we only ship a subset of the backends - - sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap - # Used by admins interactively - - attr - - openssl - - lsof - # Provides terminal tools like clear, reset, tput, and tset - - ncurses - # file-transfer: note fuse-sshfs is not in RHEL - # so we can't put it in file-transfer.yaml - - fuse-sshfs - # Improved MOTD experience - - console-login-helper-messages-motdgen - # i18n - - kbd - # nvme-cli for managing nvme disks - - nvme-cli - # zram-generator (but not zram-generator-defaults) for F33 change - # https://github.com/coreos/fedora-coreos-tracker/issues/509 - - zram-generator - -# This thing is crying out to be pulled into systemd, but that hasn't happened -# yet. Also we may want to add to rpm-ostree something like arch negation; -# basically right now it doesn't exist on s390x. -# Anyways, it was requested by the Red Hat perf team for RHCOS, so we have it here. -# https://serverfault.com/questions/513807/is-there-still-a-use-for-irqbalance-on-modern-hardware -# https://access.redhat.com/solutions/41535 -packages-x86_64: - - irqbalance -packages-ppc64le: - - irqbalance - - librtas - - powerpc-utils-core - - ppc64-diag-rtas -packages-aarch64: - - irqbalance - -# See https://github.com/coreos/bootupd -arch-include: - x86_64: bootupd.yaml - aarch64: bootupd.yaml diff --git a/nestos-config/manifests/nestos.yaml b/nestos-config/manifests/nestos.yaml deleted file mode 100644 index 3dcdd93092b0a744137211680f1e2545678a4516..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/nestos.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# This manifest file defines things that should really only go -# into "official" builds of Fedora CoreOS (such as including `fedora-release-coreos`) -# or are very "opinionated" like disabling SSH passwords by default. - -include: nestos-base.yaml - -automatic-version-prefix: "${releasever}..dev" -mutate-os-release: "${releasever}" - -# All NestOS streams share the same pool for locked files. -lockfile-repos: - - nestos - -packages: - - openEuler-release-nestos - - openEuler-repos-ostree - # Continue to include it in case users want to use it. - - openEuler-repos-modular - # the archive repo for more reliable package layering - # https://github.com/coreos/fedora-coreos-tracker/issues/400 - - openEuler-repos-archive - # CL ships this. - - docker-engine - # User metrics - - # Updates - - zincati - -etc-group-members: - # Add the docker group to /etc/group - # https://github.com/coreos/fedora-coreos-tracker/issues/2 - # This will be no longer needed when systemd-sysusers has been implemented: - # https://github.com/projectatomic/rpm-ostree/issues/49 - - docker - -# XXX: this is used by nestos-assembler for artifact naming... -rojig: - license: MIT - name: nestos - summary: NestOS base image - - -# ⚠⚠⚠ ONLY TEMPORARY HACKS ALLOWED HERE; ALL ENTRIES NEED TRACKER LINKS ⚠⚠⚠ -# See also the version of this in fedora-coreos-base.yaml -postprocess: - # Disable Zincati and fedora-coreos-pinger on non-release builds - # https://github.com/coreos/fedora-coreos-tracker/issues/212 - - | - #!/usr/bin/env bash - set -xeuo pipefail - source /etc/os-release - if [[ $OSTREE_VERSION = *.dev* ]]; then - mkdir -p /etc/nestos-pinger/config.d /etc/zincati/config.d - echo -e 'reporting.enabled = false' > /etc/nestos-pinger/config.d/95-disable-on-dev.toml - echo -e 'updates.enabled = false' > /etc/zincati/config.d/95-disable-on-dev.toml - fi - # Users shouldn't be configuring `rpm-ostreed.conf` - # https://github.com/coreos/fedora-coreos-tracker/issues/271 - - | - #!/usr/bin/env bash - set -xeuo pipefail - cat > /tmp/rpm-ostreed.conf << 'EOF' - # By default, this system has its OS updates managed by - # `zincati.service`. Changes made to this file may - # conflict with the configuation of `zincati.service`. - # See https://github.com/coreos/zincati for additional - # information. - - EOF - cat /usr/etc/rpm-ostreed.conf >> /tmp/rpm-ostreed.conf - cp /tmp/rpm-ostreed.conf /usr/etc/rpm-ostreed.conf - rm /tmp/rpm-ostreed.conf - -remove-from-packages: - # Drop NetworkManager support for ifcfg files, see also corresponding - # overlay.d/14NetworkManager-plugins - - [NetworkManager, /usr/lib64/NetworkManager/.*/libnm-settings-plugin-ifcfg-rh.so] - -remove-files: - # We don't ship man(1) or info(1) - - usr/share/info - - usr/share/man - # Drop text docs too - - usr/share/doc - -# Things we don't expect to ship on the host. We currently -# have recommends: false so these could only come in via -# hard requirement, in which case the build will fail. -exclude-packages: - - python - - python2 - - python2-libs - - python3 - - python3-libs - - perl - - nodejs - - dnf - #- grubby - - cowsay # Just in case - # Let's make sure initscripts doesn't get pulled back in - # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254 - #- initscripts - # For (datacenter/cloud oriented) servers, we want to see the details by default. - # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/ - - plymouth - -# And remove some cruft from grub2 -arch-include: - x86_64: grub2-removals.yaml - aarch64: grub2-removals.yaml - ppc64le: grub2-removals.yaml diff --git a/nestos-config/manifests/networking-tools.yaml b/nestos-config/manifests/networking-tools.yaml deleted file mode 100644 index 29cf58d1272924acc43edc7058d14b8e0cc8d5b3..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/networking-tools.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# This defines a set of tools that are useful for configuring, debugging, -# or manipulating the network of a system. It is desired to keep this list -# generic enough to be shared downstream with RHCOS. - -packages: - # Standard tools for configuring network/hostname - - NetworkManager hostname - # Interactive Networking configuration during coreos-install - - NetworkManager-tui - # Teaming https://github.com/coreos/fedora-coreos-config/pull/289 - # and http://bugzilla.redhat.com/1758162 - - NetworkManager-team - #teamd - # Support for cloud quirks and dynamic config in real rootfs: - # https://github.com/coreos/fedora-coreos-tracker/issues/320 - #- NetworkManager-cloud-setup - # Route manipulation and QoS - - iproute - # Firewall manipulation - - iptables nftables - # Interactive network tools for admins - - socat net-tools bind-utils diff --git a/nestos-config/manifests/passwd b/nestos-config/manifests/passwd deleted file mode 100644 index 285f5e769eaeadb38db1fc420535a81bd58f4c93..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/passwd +++ /dev/null @@ -1,33 +0,0 @@ -root:x:0:0:root:/root:/bin/bash -bin:x:1:1:bin:/bin:/sbin/nologin -daemon:x:2:2:daemon:/sbin:/sbin/nologin -adm:x:3:4:adm:/var/adm:/sbin/nologin -lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin -sync:x:5:0:sync:/sbin:/bin/sync -shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown -halt:x:7:0:halt:/sbin:/sbin/halt -mail:x:8:12:mail:/var/spool/mail:/sbin/nologin -operator:x:11:0:operator:/root:/sbin/nologin -games:x:12:100:games:/usr/games:/sbin/nologin -ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin -nobody:x:99:99:Nobody:/:/sbin/nologin -dbus:x:81:81:System message bus:/:/sbin/nologin -polkitd:x:999:998:User for polkitd:/:/sbin/nologin -etcd:x:998:997:etcd user:/var/lib/etcd:/sbin/nologin -tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin -avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin -rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin -sssd:x:995:993:User for sssd:/:/sbin/nologin -dockerroot:x:997:986:Docker User:/var/lib/docker:/sbin/nologin -rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin -nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin -kube:x:996:994:Kubernetes user:/:/sbin/nologin -sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin -chrony:x:994:992::/var/lib/chrony:/sbin/nologin -tcpdump:x:72:72::/:/sbin/nologin -ceph:x:167:167:Ceph daemons:/var/lib/ceph:/sbin/nologin -systemd-timesync:x:993:991:systemd Time Synchronization:/:/sbin/nologin -systemd-network:x:991:990:systemd Network Management:/:/sbin/nologin -systemd-resolve:x:990:989:systemd Resolver:/:/sbin/nologin -systemd-bus-proxy:x:989:988:systemd Bus Proxy:/:/sbin/nologin -cockpit-ws:x:988:987:User for cockpit-ws:/:/sbin/nologin \ No newline at end of file diff --git a/nestos-config/manifests/shared-workarounds.yaml b/nestos-config/manifests/shared-workarounds.yaml deleted file mode 100644 index 29ff05a0b5d74509749fca19fcee3d2898087b13..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/shared-workarounds.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# This manifest is a list of shared workarounds that are needed in both Fedora CoreOS -# and downstreams (i.e. Red Hat CoreOS). - -postprocess: - # Put in the fix for multipathd.socket on releases that haven't been fixed yet. - # https://bugzilla.redhat.com/show_bug.cgi?id=2008098 - # https://github.com/coreos/fedora-coreos-config/pull/1246 - - | - #!/usr/bin/env bash - set -xeuo pipefail - # Operate on RHCOS and FCOS. - source /etc/os-release - if [[ ${NAME} =~ "Fedora" ]]; then - # FCOS: Only operate on releases before F36. The fix has landed - # in F36+ and there is no need for a workaround. - [ ${VERSION_ID} -le 35 ] || exit 0 - else - # RHCOS: The fix hasn't landed in any version of RHEL yet - true - fi - mkdir /usr/lib/systemd/system/multipathd.socket.d - cat > /usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf <<'EOF' - # Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2008098 - [Unit] - ConditionKernelCommandLine=!multipath=off - ConditionKernelCommandLine=!nompath - ConditionPathExists=/etc/multipath.conf - ConditionVirtualization=!container - EOF - - # Put in the fix for multipathd.service in dracut on releases that haven't - # been fixed yet. - # https://github.com/dracutdevs/dracut/pull/1606 - # https://github.com/coreos/fedora-coreos-config/pull/1233 - - | - #!/usr/bin/env bash - set -xeuo pipefail - source /etc/os-release - if [[ ${NAME} =~ "Fedora" ]]; then - # FCOS: This fix hasn't landed in rawhide (F36) yet, - # but hopefully will soon. - [ ${VERSION_ID} -le 36 ] || exit 0 - else - # RHCOS: The fix hasn't landed in any version of RHEL yet - true - fi - mkdir /usr/lib/dracut/modules.d/36coreos-multipath-fix - cat > /usr/lib/dracut/modules.d/36coreos-multipath-fix/90-multipathd-remove-execstop.conf <<'EOF' - # Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606. - [Service] - ExecStop= - EOF - cat > /usr/lib/dracut/modules.d/36coreos-multipath-fix/module-setup.sh <<'EOF' - #!/bin/bash - # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- - # ex: ts=8 sw=4 sts=4 et filetype=sh - install() { - # Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606. - mkdir -p "$systemdsystemunitdir/multipathd.service.d" - inst_simple "$moddir/90-multipathd-remove-execstop.conf" \ - "$systemdsystemunitdir/multipathd.service.d/90-multipathd-remove-execstop.conf" - } - EOF - chmod +x /usr/lib/dracut/modules.d/36coreos-multipath-fix/module-setup.sh diff --git a/nestos-config/manifests/system-configuration.yaml b/nestos-config/manifests/system-configuration.yaml deleted file mode 100644 index 8c219546fa5302167fc0782aa5f78c62f2d65fe7..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/system-configuration.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# These are packages that are related to configuring parts of the system. -# It is intended to be kept generic so that it may be shared downstream with -# RHCOS. - -packages: - # Configuring SSH keys, cloud provider check-in, etc - - afterburn - # NTP support - - chrony - # Installing CoreOS itself - - nestos-installer nestos-installer-bootinfra - # Storage configuration/management - ## cloud-utils-growpart - For growing root partition - - cifs-utils - - cloud-utils-growpart - - cryptsetup - - device-mapper-multipath - - e2fsprogs - #- open-iscsi - - lvm2 - - mdadm - - sg3_utils - - xfsprogs - # User configuration - - passwd - - shadow-utils - # SELinux policy - - selinux-policy-targeted - # There are things that write outside of the journal still (such as the - # classic wtmp, etc.). auditd also writes outside the journal but it has its - # own log rotation. - # Anything package layered will also tend to expect files dropped in - # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't - # have it then people's disks will slowly fill up with logs. - - logrotate - # Boost starving threads - # https://github.com/coreos/fedora-coreos-tracker/issues/753 - - stalld - - bc diff --git a/nestos-config/manifests/user-experience.yaml b/nestos-config/manifests/user-experience.yaml deleted file mode 100644 index b24b9117ade8b1428b5d74c7f549e9fccf586e67..0000000000000000000000000000000000000000 --- a/nestos-config/manifests/user-experience.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# These packages are either widely used utilities/services or -# are targeted for improving the general CoreOS user experience. -# It is intended to be kept generic so that it may be shared downstream with -# RHCOS. - -packages: - # Basic user tools - ## jq - parsing/interacting with JSON data - - bash-completion - - coreutils - - jq - #- nano - - less - - sudo - - vim-minimal - # File compression/decompression - ## bsdtar - dependency of 35coreos-live dracut module - - bsdtar - - bzip2 - - gzip - - tar - - xz - # Improved MOTD experience - - console-login-helper-messages-issuegen - - console-login-helper-messages-profile - # kdump support - # https://github.com/coreos/fedora-coreos-tracker/issues/622 - - kexec-tools - # Remote Access - - openssh-clients openssh-server - # Container tooling - - podman - - crio - - cri-tools - - docker-runc - - skopeo - - toolbox diff --git a/nestos-config/nestos-pool.repo b/nestos-config/nestos-pool.repo deleted file mode 100644 index 7986b1bd942b0ce5cbacc24429b0496b85a1fab4..0000000000000000000000000000000000000000 --- a/nestos-config/nestos-pool.repo +++ /dev/null @@ -1,7 +0,0 @@ -[nestos] -name= extra repository - $basearch -baseurl=Դַ -enabled=1 -type=rpm-md -gpgcheck=0 - diff --git a/nestos-config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf b/nestos-config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf deleted file mode 100755 index e946311eaddae3acc9623deade031a1d405f30c6..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf +++ /dev/null @@ -1,3 +0,0 @@ -# We don't ship cracklib dicts, so don't try to use them to validate -# password changes. -dictcheck = 0 diff --git a/nestos-config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group b/nestos-config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group deleted file mode 100755 index 2b3669d4df8ac54124c8a7a419d98979f37e2c91..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group +++ /dev/null @@ -1,2 +0,0 @@ -# https://github.com/openshift/os/issues/96 -%sudo ALL=(ALL) NOPASSWD: ALL diff --git a/nestos-config/overlay.d/05core/statoverride b/nestos-config/overlay.d/05core/statoverride deleted file mode 100755 index 9769b8ccb0a4f22ba660296422eac75b11661f82..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/statoverride +++ /dev/null @@ -1,6 +0,0 @@ -# Config file for overriding permission bits on overlay files/dirs -# Format: = - -# Some security scanners complain if /etc/sudoers.d files have 0044 mode bits -# https://bugzilla.redhat.com/show_bug.cgi?id=1981979 -=384 /etc/sudoers.d/coreos-sudo-group diff --git a/nestos-config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf b/nestos-config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf deleted file mode 100755 index 320ea4a460e3d381e0151f1981cd6525ed20e274..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf +++ /dev/null @@ -1,2 +0,0 @@ -[connection] -ipv4.dhcp-client-id=mac diff --git a/nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh b/nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh deleted file mode 100755 index dd19ad813d081c5a441bf76fc16ca75895599990..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh +++ /dev/null @@ -1,30 +0,0 @@ -# File intended to be sourced by shell script generators shipped with CoreOS systems - -# Generators don't have logging right now -# https://github.com/systemd/systemd/issues/15638 -exec 1>/dev/kmsg; exec 2>&1 - -UNIT_DIR="${1:-/tmp}" - -have_karg() { - local arg="$1" - local cmdline=( $( "$initdir/etc/sysctl.d/10-dont-ratelimit-kmsg.conf" -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh deleted file mode 100755 index e796e89267c8143e88c67be7f2aaeda2ae2438aa..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -# We want to provide Azure udev rules as part of the initrd, so that Ignition -# is able to detect disks and act on them. -# -# If the WALinuxAgent-udev package is changed to install the udev rules as -# part of the initramfs, we should drop this module. -# -# See https://bugzilla.redhat.com/show_bug.cgi?id=1909287 -# See also https://bugzilla.redhat.com/show_bug.cgi?id=1756173 - -install() { - inst_multiple \ - /usr/lib/udev/rules.d/66-azure-storage.rules \ - /usr/lib/udev/rules.d/99-azure-product-uuid.rules -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service deleted file mode 100755 index b51059f008bc1eb4723eef4e94152e928e238af9..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service +++ /dev/null @@ -1,26 +0,0 @@ -# This unit will run late in the initrd process after Ignition is completed -# successfully and temporarily mount /boot read-write to make edits -# (e.g. removing firstboot networking configuration files if necessary). - -[Unit] -Description=CoreOS Boot Edit -ConditionPathExists=/usr/lib/initrd-release -OnFailure=emergency.target -OnFailureJobMode=isolate - -# Since we are mounting /boot, require the device first. This isn't strictly -# necessary since we run late, but on principle let's make clear the dependency. -Requires=dev-disk-by\x2dlabel-boot.device -After=dev-disk-by\x2dlabel-boot.device -# Start after Ignition has finished -After=ignition-files.service -# As above, this isn't strictly necessary, but on principle. -After=coreos-multipath-wait.target - -[Service] -Type=oneshot -ExecStart=/usr/sbin/coreos-boot-edit -RemainAfterExit=yes -# MountFlags=slave is so the umount of /boot is guaranteed to happen. -# /boot will only be mounted for the lifetime of the unit. -MountFlags=slave diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh deleted file mode 100755 index 4116f032176ab28d1965cac8a4d722b6f60a2a24..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# For a description of how this is used, see `coreos-boot-edit.service`. - -cmdline=( $(&2 - exit 1 - fi - rdcore kargs --boot-mount ${bootmnt} --append boot=UUID=${UUID} - # but also put it in /run for the first boot real root mount - mkdir -p /run/coreos - echo "${UUID}" > /run/coreos/bootfs_uuid -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator deleted file mode 100755 index 8c416213315f41c7563a0d8ce30d58841907e96d..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -# Originally this was known as 'ignition-generator' found in ignition-dracut. -# With Ignition v 2.5.0, ignition-dracut was merged into Ignition and the CoreOS -# specific bits were deposited here. - -set -e - -# Generators don't have logging right now -# https://github.com/systemd/systemd/issues/15638 -exec 1>/dev/kmsg; exec 2>&1 - -UNIT_DIR="${1:-/tmp}" - -cmdline=( $( "${UNIT_DIR}/coreos-ignition-setup-user.service.d/diskful.conf" </dev/null || . /lib/dracut-lib.sh - type ip_to_var &>/dev/null || . /lib/net-lib.sh - set -euo pipefail -} - -dracut_func() { - # dracut is not friendly to set -eu - set +euo pipefail - "$@"; local rc=$? - set -euo pipefail - return $rc -} - -# Determine if the generated NM connection profiles match the default -# that would be given to us if the user had provided no additional -# configuration. i.e. did the user give us any network configuration -# other than the default? We determine this by comparing the generated -# output of nm-initrd-generator with a new run of nm-initrd-generator. -# If it matches then it was the default, if not then the user provided -# something extra. -are_default_NM_configs() { - # Make two dirs for storing files to use in the comparison - mkdir -p /run/coreos-teardown-initramfs/connections-compare-{1,2} - # Make another that's just a throwaway for the initrd-data-dir - mkdir -p /run/coreos-teardown-initramfs/initrd-data-dir - # Copy over the previously generated connection(s) profiles - cp /run/NetworkManager/system-connections/* \ - /run/coreos-teardown-initramfs/connections-compare-1/ - # Do a new run with the default input - /usr/libexec/nm-initrd-generator \ - -c /run/coreos-teardown-initramfs/connections-compare-2 \ - -i /run/coreos-teardown-initramfs/initrd-data-dir -- ip=dhcp,dhcp6 - # remove unique identifiers from the files (so our diff can work) - sed -i '/^uuid=/d' /run/coreos-teardown-initramfs/connections-compare-{1,2}/* - # currently the output will differ based on whether rd.neednet=1 - # was part of the kargs. Let's ignore the single difference (wait-device-timeout) - sed -i '/^wait-device-timeout=/d' /run/coreos-teardown-initramfs/connections-compare-{1,2}/* - if diff -r -q /run/coreos-teardown-initramfs/connections-compare-{1,2}/; then - rc=0 # They are the default configs - else - rc=1 # They are not the defaults, user must have added configuration - fi - rm -rf /run/coreos-teardown-initramfs - return $rc -} - -# Propagate initramfs networking if desired. The policy here is: -# -# - If a networking configuration was provided before this point -# (most likely via Ignition) and exists in the real root then -# we do nothing and don't propagate any initramfs networking. -# - If a user did not provide any networking configuration -# then we'll propagate the initramfs networking configuration -# into the real root, but only if it's different than the NM -# defaults (trying dhcp/dhcp6 on everything). If it's just the -# defaults then we want to avoid a slight behavior diff between -# propagating configs and just booting with no configuration. See -# https://github.com/coreos/fedora-coreos-tracker/issues/696 -# -# See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721173 -propagate_initramfs_networking() { - # Check for any real root config in the two locations where a user could have - # provided network configuration. On FCOS we only support keyfiles, but on RHCOS - # we support keyfiles and ifcfg - if [ -n "$(ls -A /sysroot/etc/NetworkManager/system-connections/)" -o \ - -n "$(ls -A /sysroot/etc/sysconfig/network-scripts/)" ]; then - echo "info: networking config is defined in the real root" - realrootconfig=1 - else - echo "info: no networking config is defined in the real root" - realrootconfig=0 - fi - - # Did the user tell us to force initramfs networking config - # propagation even if real root networking config exists? - # Hopefully we only need this in rare circumstances. - # https://github.com/coreos/fedora-coreos-tracker/issues/853 - forcepropagate=0 - if dracut_func getargbool 0 'coreos.force_persist_ip'; then - forcepropagate=1 - echo "info: coreos.force_persist_ip detected: will force network config propagation" - fi - - if [ $realrootconfig == 1 -a $forcepropagate == 0 ]; then - echo "info: will not attempt to propagate initramfs networking" - fi - - if [ $realrootconfig == 0 -o $forcepropagate == 1 ]; then - if [ -n "$(ls -A /run/NetworkManager/system-connections/)" ]; then - if are_default_NM_configs; then - echo "info: skipping propagation of default networking configs" - else - echo "info: propagating initramfs networking config to the real root" - cp -v /run/NetworkManager/system-connections/* /sysroot/etc/NetworkManager/system-connections/ - coreos-relabel /etc/NetworkManager/system-connections/ - fi - else - echo "info: no initramfs networking information to propagate" - fi - fi -} - -# Propagate the ip= karg hostname if desired. The policy here is: -# -# - IF a hostname was detected in ip= kargs by NetworkManager -# - AND no hostname was set via Ignition (realroot `/etc/hostname`) -# - THEN we make the hostname detected by NM apply permanently -# by writing it into `/etc/hostname` -# -propagate_initramfs_hostname() { - if [ -e '/sysroot/etc/hostname' ]; then - echo "info: hostname is defined in the real root" - echo "info: will not attempt to propagate initramfs hostname" - return 0 - fi - - # If any hostname was provided NetworkManager will write it out to - # /run/NetworkManager/initrd/hostname. See - # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/481 - if [ -s /run/NetworkManager/initrd/hostname ]; then - hostname=$( /sysroot/etc/hostname - coreos-relabel /etc/hostname - else - echo "info: no initramfs hostname information to propagate" - fi -} - -down_interface() { - echo "info: taking down network device: $1" - # On recommendation from the NM team let's try to delete the device - # first and if that doesn't work then set it to down and flush any - # associated addresses. Deleting virtual devices (bonds, teams, bridges, - # ip-tunnels, etc) will clean up any associated kernel resources. A real - # device can't be deleted so that will fail and we'll fallback to setting - # it down and flushing addresses. - if ! ip link delete $1; then - ip link set $1 down - ip addr flush dev $1 - fi -} - -# Iterate through the interfaces in the machine and take them down. -# Note that in the futre we would like to possibly use `nmcli` networking off` -# for this. See the following two comments for details: -# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763 -# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599746049 -down_interfaces() { - if ! [ -z "$(ls /sys/class/net)" ]; then - for f in /sys/class/net/*; do - interface=$(basename "$f") - # The `bonding_masters` entry is not a true interface and thus - # cannot be taken down. Also skip local loopback - case "$interface" in - "lo" | "bonding_masters") - continue - ;; - esac - # When we start taking down devices some other devices can - # start to disappear (for example vlan on top of interface). - # If the device we're about to take down has disappeared - # since the start of this loop then skip taking it down. - if [ ! -e "$f" ]; then - echo "info: skipping teardown of ${interface}; no longer exists." - continue - fi - down_interface $interface - done - fi -} - -main() { - # Load libraries from dracut - load_dracut_libs - - # Take down all interfaces set up in the initramfs - down_interfaces - - # Clean up all routing - echo "info: flushing all routing" - ip route flush table main - ip route flush cache - - # Hopefully our logic is sound enough that this is never needed, but - # user's can explicitly disable initramfs network/hostname propagation - # with the coreos.no_persist_ip karg. - if dracut_func getargbool 0 'coreos.no_persist_ip'; then - echo "info: coreos.no_persist_ip karg detected" - echo "info: skipping propagating initramfs settings" - else - propagate_initramfs_hostname - propagate_initramfs_networking - fi - - # Now that the configuration has been propagated (or not) - # clean it up so that no information from outside of the - # real root is passed on to NetworkManager in the real root - rm -rf /run/NetworkManager/ -} - -main diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh deleted file mode 100755 index a42bcc3724f0fe2278f0edc96b74bca1a827f2ac..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -depends() { - echo systemd network ignition coreos-live -} - -install_ignition_unit() { - local unit="$1"; shift - local target="${1:-ignition-complete.target}"; shift - local instantiated="${1:-$unit}"; shift - inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - # note we `|| exit 1` here so we error out if e.g. the units are missing - # see https://github.com/coreos/fedora-coreos-config/issues/799 - systemctl -q --root="$initdir" add-requires "$target" "$instantiated" || exit 1 -} - -install() { - inst_multiple \ - basename \ - diff \ - lsblk \ - sed \ - sgdisk - - inst_simple "$moddir/coreos-diskful-generator" \ - "$systemdutildir/system-generators/coreos-diskful-generator" - - inst_script "$moddir/coreos-gpt-setup.sh" \ - "/usr/sbin/coreos-gpt-setup" - - inst_script "$moddir/coreos-ignition-setup-user.sh" \ - "/usr/sbin/coreos-ignition-setup-user" - - # For consistency tear down the network and persist multipath between the initramfs and - # real root. See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763 - inst_script "$moddir/coreos-teardown-initramfs.sh" \ - "/usr/sbin/coreos-teardown-initramfs" - install_ignition_unit coreos-teardown-initramfs.service - - # units only started when we have a boot disk - # path generated by systemd-escape --path /dev/disk/by-label/root - install_ignition_unit coreos-gpt-setup.service ignition-diskful.target - - # dracut inst_script doesn't allow overwrites and we are replacing - # the default script placed by Ignition - binpath="/usr/sbin/ignition-kargs-helper" - cp "$moddir/coreos-kargs.sh" "$initdir$binpath" - install_ignition_unit coreos-kargs-reboot.service - - inst_script "$moddir/coreos-boot-edit.sh" \ - "/usr/sbin/coreos-boot-edit" - # Only start when the system has disks since we are editing /boot. - install_ignition_unit "coreos-boot-edit.service" \ - "ignition-diskful.target" - - install_ignition_unit coreos-ignition-setup-user.service -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service deleted file mode 100755 index 758bb617af64226f0f263d252603dc8853adea6d..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service +++ /dev/null @@ -1,18 +0,0 @@ -# SSSD caches passwd data from /etc in /var. If we have a persistent /var -# but not a persistent /etc, ignition-files.service can think a user -# already exists when in fact it needs to be (re-)created. Clear the -# cache to avoid this. - -[Unit] -Description=Clear SSSD NSS cache in persistent /var -DefaultDependencies=false -ConditionPathExists=/run/ostree-live -ConditionPathExists=/sysroot/var/lib/sss/mc - -After=ignition-mount.service -Before=ignition-files.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/rm -r /sysroot/var/lib/sss/mc diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service deleted file mode 100755 index de5080f611e367687994abe3b9e0e6f6be311169..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service +++ /dev/null @@ -1,24 +0,0 @@ -# If the user specified a persistent /var, ideally it'd just be mounted -# overtop of our tmpfs /var and everything would be fine. That works -# fine in the initramfs, where ignition-mount handles the mounting. -# But in the real root, the user's mount unit is ignored by systemd, -# since there's already a filesystem mounted on /var. To fix this, we -# notice that the user wants to mount /var, and unmount our tmpfs /var -# before switching roots. - -[Unit] -Description=Unmount live /var if persistent /var is configured -DefaultDependencies=false -ConditionPathExists=/run/ostree-live -ConditionPathExists=|/sysroot/etc/systemd/system/var.mount -ConditionPathExists=|/sysroot/etc/fstab -Before=initrd-switch-root.target - -# Run after Ignition mounts are unmounted, since the Ignition config -# presumably mounted overtop /sysroot/var -After=ignition-mount.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/coreos-live-unmount-tmpfs-var diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh deleted file mode 100755 index 9b61d89914cbfea4846fe0b31e65a81ebd3ccec3..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# If the user specified a persistent /var, ideally it'd just be mounted -# overtop of our tmpfs /var and everything would be fine. That works -# fine in the initramfs, where ignition-mount handles the mounting. -# But in the real root, the user's mount unit is ignored by systemd, -# since there's already a filesystem mounted on /var. To fix this, we -# notice that the user wants to mount /var, and unmount our tmpfs /var -# before switching roots. - -set -euo pipefail - -should_unmount() { - # Did the user specify a mount unit for /var? - if [ -e /sysroot/etc/systemd/system/var.mount ]; then - return 0 - fi - - # Is there an fstab entry for /var? - if [ -e /sysroot/etc/fstab ]; then - # Uncommented entry with mountpoint on /var, without noauto in options - result=$(awk '(! /^\s*#/) && ($2 == "/var") && ($4 !~ /noauto/) {print "found"}' /sysroot/etc/fstab) - if [ -n "$result" ]; then - return 0 - fi - fi - - return 1 -} - -if should_unmount; then - echo "Unmounting /sysroot/var" - umount /sysroot/var -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service deleted file mode 100755 index c6ca7899ce6802d1464095d1a2d893d2265697a0..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Persist osmet files (ISO) -DefaultDependencies=false -ConditionPathExists=/run/ostree-live -ConditionKernelCommandLine=coreos.liveiso -RequiresMountsFor=/run/media/iso -Before=initrd-switch-root.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/mkdir -p /run/nestos-installer/osmet -# bsdtar reads cpio archives, and unlike cpio(1L), knows how to seek over -# members it isn't reading -ExecStart=/usr/bin/bsdtar -x -C /run/nestos-installer/osmet -f /run/media/iso/images/pxeboot/rootfs.img *.osmet diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service deleted file mode 100755 index 75250d2f8fd03df7c795852f5edbda599864cc1f..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Persist osmet files (PXE) -DefaultDependencies=false -ConditionPathExists=/run/ostree-live -ConditionKernelCommandLine=!coreos.liveiso -# Downloads and unpacks the osmet files if not already appended -After=coreos-livepxe-rootfs.service -Before=initrd-switch-root.target - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/mkdir -p /run/nestos-installer/osmet -ExecStart=/usr/bin/sh -c "if ls /*.osmet &>/dev/null; then cp /*.osmet /run/nestos-installer/osmet; fi" diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service deleted file mode 100755 index ed935ba162a7e7ea7e0f1374c4f55dc1f7df7f92..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Acquire live PXE rootfs image -DefaultDependencies=false -ConditionPathExists=/usr/lib/initrd-release -ConditionPathExists=/run/ostree-live -ConditionKernelCommandLine=!coreos.liveiso - -After=basic.target -# Network is enabled here -After=nm-run.service -# compat: remove when everyone is on dracut 053+ -After=dracut-initqueue.service - -# If we fail, the boot will fail. Be explicit about it. -OnFailure=emergency.target -OnFailureJobMode=isolate - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/coreos-livepxe-rootfs diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh deleted file mode 100755 index 9f59a8dbd7a1b1bb62593b29e14f30ba084b7120..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -# Ensure that a PXE-booted system has a valid rootfs. - -set -euo pipefail - -# Get rootfs_url karg -set +euo pipefail -. /usr/lib/dracut-lib.sh -rootfs_url=$(getarg coreos.live.rootfs_url=) -set -euo pipefail - -if [[ -f /etc/coreos-live-rootfs ]]; then - # rootfs image was injected via PXE. Verify that the initramfs and - # rootfs versions match. - initramfs_ver=$(cat /etc/coreos-live-initramfs) - rootfs_ver=$(cat /etc/coreos-live-rootfs) - if [[ $initramfs_ver != $rootfs_ver ]]; then - echo "Found initramfs version $initramfs_ver but rootfs version $rootfs_ver." >&2 - echo "Please fix your PXE configuration." >&2 - exit 1 - fi -elif [[ -n "${rootfs_url}" ]]; then - # rootfs URL was provided as karg. Fetch image, check its hash, and - # unpack it. - echo "Fetching rootfs image from ${rootfs_url}..." - if [[ ${rootfs_url} != http:* && ${rootfs_url} != https:* ]]; then - # Don't commit to supporting protocols we might not want to expose in - # the long term. - echo "Unsupported scheme for image specified by:" >&2 - echo "coreos.live.rootfs_url=${rootfs_url}" >&2 - echo "Only HTTP and HTTPS are supported. Please fix your PXE configuration." >&2 - exit 1 - fi - - # First, reach out to the server to verify connectivity before - # trying to download and pipe content through other programs. - # Doing this allows us to retry all errors (including transient - # "no route to host" errors during startup). Note we can't use - # curl's --retry-all-errors here because it's not in el8's curl yet. - # We retry forever, matching Ignition's semantics. - curl_common_args="--silent --show-error --insecure --location" - while ! curl --head $curl_common_args "${rootfs_url}" >/dev/null; do - echo "Couldn't establish connectivity with the server specified by:" >&2 - echo "coreos.live.rootfs_url=${rootfs_url}" >&2 - echo "Retrying in 5s..." >&2 - sleep 5 - done - - # We don't need to verify TLS certificates because we're checking the - # image hash. - # bsdtar can read cpio archives and we already depend on it for - # coreos-liveiso-persist-osmet.service, so use it instead of cpio. - # We shouldn't need a --retry here since we've just successfully HEADed the - # file, but let's add one just to be safe (e.g. if the connection just went - # online and flickers or something). - if ! curl $curl_common_args --retry 5 "${rootfs_url}" | \ - rdcore stream-hash /etc/coreos-live-want-rootfs | \ - bsdtar -xf - -C / ; then - echo "Couldn't fetch, verify, and unpack image specified by:" >&2 - echo "coreos.live.rootfs_url=${rootfs_url}" >&2 - echo "Check that the URL is correct and that the rootfs version matches the initramfs." >&2 - exit 1 - fi -else - # Nothing. Fail. - echo "No rootfs image found. Modify your PXE configuration to add the rootfs" >&2 - echo "image as a second initrd, or use the coreos.live.rootfs_url kernel parameter" >&2 - echo "to specify an HTTP or HTTPS URL to the rootfs." >&2 - exit 1 -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh deleted file mode 100755 index 318ad0beafcea0ac9f23b4153ef0e3f6fe48357d..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -# Script invoked by ignition-dracut generator to detect whether this is a -# live system without a root device. We can't test for /run/ostree-live -# because it's created by a generator. -# This file is created by coreos-assembler buildextend-live. -test -f /etc/coreos-live-initramfs diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator deleted file mode 100755 index 560b0b6af5d7d5d18248f9e2ec091650d3de7524..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator +++ /dev/null @@ -1,223 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -# Generators don't have logging right now -# https://github.com/systemd/systemd/issues/15638 -exec 1>/dev/kmsg; exec 2>&1 - -command -v getarg >/dev/null || . /usr/lib/dracut-lib.sh - -set -e - -UNIT_DIR="${1:-/tmp}" - -add_requires() { - local name="$1"; shift - local target="$1"; shift - local requires_dir="${UNIT_DIR}/${target}.requires" - mkdir -p "${requires_dir}" - ln -sf "../${name}" "${requires_dir}/${name}" -} - -if ! is-live-image; then - exit 0 -fi - -# Create stamp file that everything else should use to detect a live boot -> /run/ostree-live - -add_requires sysroot.mount initrd-root-fs.target -add_requires sysroot-etc.mount initrd-root-fs.target -add_requires sysroot-var.mount initrd-root-fs.target - -mkdir -p "${UNIT_DIR}/ostree-prepare-root.service.d" -cat > "${UNIT_DIR}/ostree-prepare-root.service.d/10-live.conf" <"${UNIT_DIR}/sysroot.mount" < "${initrd_rootdev_target_d}/50-root-device.conf" <"${UNIT_DIR}/run-media-iso.mount" <"${UNIT_DIR}/sysroot.mount" <"${UNIT_DIR}/sysroot-xfs-ephemeral-mkfs.service" <<'EOF' -[Unit] -DefaultDependencies=false -# Let's be sure we have basic devices, but other than that we -# can run really early. -After=systemd-tmpfiles-setup-dev.service -ConditionPathExists=/usr/lib/initrd-release -# Something seems to be causing us to rerun? -ConditionPathExists=!/run/ephemeral - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/sh -c 'set -euo pipefail; mem=$$(($$(stat -f -c "%%b * %%s / 1024" /run))) && /bin/truncate -s $${mem}k /run/ephemeral.xfsloop' -ExecStart=/sbin/mkfs.xfs /run/ephemeral.xfsloop -ExecStart=/bin/mkdir /run/ephemeral -EOF -add_requires sysroot-xfs-ephemeral-mkfs.service initrd-root-fs.target - -cat >>"${UNIT_DIR}/run-ephemeral.mount" <"${UNIT_DIR}/sysroot-xfs-ephemeral-setup.service" < "${UNIT_DIR}/sysroot-etc.mount" -cat >>"${UNIT_DIR}/sysroot-etc.mount" <"${UNIT_DIR}/sysroot-var.mount" -cat >>"${UNIT_DIR}/sysroot-var.mount" <>"${UNIT_DIR}/sysroot-relabel.service" < /tmp/cmdline - mount --bind /tmp/cmdline /proc/cmdline - ;; - stop) - umount /proc/cmdline - rm /tmp/cmdline - ;; - *) - echo "Usage: $0 {start|stop}" >&2 - exit 1 - ;; -esac diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator deleted file mode 100755 index 7165620fb193a9d7f5c3509c6f54fc2c67a03d2f..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Generators don't have logging right now -# https://github.com/systemd/systemd/issues/15638 -exec 1>/dev/kmsg; exec 2>&1 - -command -v getargbool >/dev/null || . /usr/lib/dracut-lib.sh - -set -e - -if is-live-image; then - exit 0 -fi - -UNIT_DIR="${1:-/tmp}" - -add_requires() { - local name="$1"; shift - local target="$1"; shift - local requires_dir="${UNIT_DIR}/${target}.requires" - mkdir -p "${requires_dir}" - ln -sf "../${name}" "${requires_dir}/${name}" -} - -if getargbool 0 rd.multipath; then - add_requires coreos-multipath-wait.target initrd.target - if ! getargbool 0 ignition.firstboot; then - add_requires coreos-multipath-trigger.service initrd.target - fi -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service deleted file mode 100755 index 524dc9140ea7535aecc2e74b2d5ff62840ba6f9a..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service +++ /dev/null @@ -1,19 +0,0 @@ -# This unit is needed in the LUKS-on-multipath case on subsequent boots. When -# multipathd takes ownership of the individual paths, the by-uuid/ symlink -# which systemd-cryptsetup@.service binds to gets lost. So we retrigger udev -# here to make sure it's re-added. -# -# This is tracked at: -# https://bugzilla.redhat.com/show_bug.cgi?id=1963242 - -[Unit] -Description=CoreOS Trigger Multipath -DefaultDependencies=false -Requires=coreos-multipath-wait.target -After=coreos-multipath-wait.target -Before=cryptsetup-pre.target - -[Service] -Type=oneshot -ExecStart=/usr/sbin/udevadm trigger --settle --subsystem-match block -RemainAfterExit=yes diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target deleted file mode 100755 index b003f4d94bf0170b117d1ed4459c9c21543d9c47..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=CoreOS Wait For Multipathed Boot -DefaultDependencies=false -Before=dracut-initqueue.service -After=dracut-cmdline.service -Requires=dev-disk-by\x2dlabel-dm\x2dmpath\x2dboot.device -After=dev-disk-by\x2dlabel-dm\x2dmpath\x2dboot.device -Requires=multipathd.service -After=multipathd.service - -# This is already enforced transitively by coreos-gpt-setup.service, but -# let's be more explicit and list it directly here too. -Before=coreos-ignition-setup-user.service - -# This is already enforced by coreos-multipath-trigger.service, though ideally -# eventually we can get rid of that one and then we *would* need this. -Before=cryptsetup-pre.target diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service deleted file mode 100755 index 27d1d5e7fa33d319b8bb8d3b925a65842eb12481..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=CoreOS Propagate Multipath Configuration -Before=initrd.target - -# we write to the rootfs, so run after it's ready -After=initrd-root-fs.target - -# That service starts initrd-cleanup.service which will race with us completing -# before we get nuked. Need to get to the bottom of it, but for now we need -# this (XXX: add link to systemd issue here). -Before=initrd-parse-etc.service - -ConditionKernelCommandLine=rd.multipath=default - -OnFailure=emergency.target -OnFailureJobMode=isolate - -[Service] -Type=oneshot -ExecStart=/usr/sbin/coreos-propagate-multipath-conf -RemainAfterExit=yes diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh deleted file mode 100755 index ebf0113737b0ed59f3aa1ba5b76a2ee6c67ff1d8..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# Persist automatic multipath configuration, if any. -# When booting with `rd.multipath=default`, the default multipath -# configuration is written. We need to ensure that the multipath configuration -# is persisted to the final target. - -if [ ! -f /sysroot/etc/multipath.conf ] && [ -f /etc/multipath.conf ]; then - echo "info: propagating automatic multipath configuration" - cp -v /etc/multipath.conf /sysroot/etc/ - mkdir -p /sysroot/etc/multipath/multipath.conf.d - coreos-relabel /etc/multipath.conf - coreos-relabel /etc/multipath/multipath.conf.d -else - echo "info: no initramfs automatic multipath configuration to propagate" -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh deleted file mode 100755 index 4ab4bc4006c2ec5e5d03402625c14e91484351be..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -install_ignition_unit() { - local unit=$1; shift - local target=${1:-complete} - inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - # note we `|| exit 1` here so we error out if e.g. the units are missing - # see https://github.com/coreos/fedora-coreos-config/issues/799 - systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1 -} - -install() { - inst_script "$moddir/coreos-propagate-multipath-conf.sh" \ - "/usr/sbin/coreos-propagate-multipath-conf" - - install_ignition_unit coreos-propagate-multipath-conf.service subsequent - - inst_simple "$moddir/coreos-multipath-generator" \ - "$systemdutildir/system-generators/coreos-multipath-generator" - - # we don't enable these; they're enabled dynamically via the generator - inst_simple "$moddir/coreos-multipath-wait.target" \ - "$systemdsystemunitdir/coreos-multipath-wait.target" - inst_simple "$moddir/coreos-multipath-trigger.service" \ - "$systemdsystemunitdir/coreos-multipath-trigger.service" -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf deleted file mode 100755 index bad6d14047488b517d9dfc321c8b625979434d1b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf +++ /dev/null @@ -1,7 +0,0 @@ -# This contains the default kargs for firstboot network configuration. -# Default values can be dynamically overridden by platform-specific -# logic (e.g. injected via a back-channel). -# https://github.com/coreos/fedora-coreos-tracker/issues/460 - -[Service] -Environment=AFTERBURN_NETWORK_KARGS_DEFAULT='ip=dhcp,dhcp6' diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service deleted file mode 100755 index 7dfbc59c8a47aa347ec71250aa7563152556085e..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service +++ /dev/null @@ -1,61 +0,0 @@ -# This unit will run early in boot and detect if the user copied -# in firstboot networking config files into the installed system -# (most likely by using `coreos-installer install --copy-network`). -# Since this unit is modifying network configuration there are some -# dependencies that we have: -# -# - Need to look for networking configuration on the /boot partition -# - i.e. after /dev/disk/by-label/boot is available -# - and after the ignition-dracut GPT generator (see below) -# - Need to run before networking is brought up. -# - This is done in nm-initrd.service [1] -# - i.e. Before=nm-initrd.service -# - Need to make sure karg networking configuration isn't applied -# - There are two ways to do this. -# - One is to run *before* the nm-config.sh [2] that runs as part of -# dracut-cmdline [3] and `ln -sf /bin/true /usr/libexec/nm-initrd-generator`. -# - i.e. Before=dracut-cmdline.service -# - Another is to run *after* nm-config.sh [2] in dracut-cmdline [3] -# and just delete all the files created by nm-initrd-generator. -# - i.e. After=dracut-cmdline.service, but Before=nm-initrd.service -# - We'll go with the second option here because the need for the /boot -# device (mentioned above) means we can't start before dracut-cmdline.service -# -# [1] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-initrd.service -# [2] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/nm-config.sh -# [3] https://github.com/dracutdevs/dracut/blob/master/modules.d/35network-manager/module-setup.sh#L34 -# -[Unit] -Description=Copy CoreOS Firstboot Networking Config -ConditionPathExists=/usr/lib/initrd-release -DefaultDependencies=false -Before=ignition-diskful.target -Before=nm-initrd.service -# compat: remove when everyone is on dracut 054+ -Before=dracut-initqueue.service -After=dracut-cmdline.service -# Any services looking at mounts need to order after this -# because it causes device re-probing. -After=coreos-gpt-setup.service -# Since we are mounting /boot/, require the device first -Requires=dev-disk-by\x2dlabel-boot.device -After=dev-disk-by\x2dlabel-boot.device -# And since the boot device may be on multipath; optionally wait for it to -# appear via the dynamic target. -After=coreos-multipath-wait.target -# Need to run after coreos-enable-network since it may re-run the NM cmdline -# hook which will generate NM configs from the network kargs, but we want to -# have precedence. -After=coreos-enable-network.service -# We've seen races with ignition-kargs.service, which accesses /boot rw. -# Let's introduce some ordering here. Need to use `Before` because otherwise -# we get a systemd ordering cycle. https://github.com/coreos/fedora-coreos-tracker/issues/883 -Before=ignition-kargs.service - -[Service] -Type=oneshot -RemainAfterExit=yes -# The MountFlags=slave is so the umount of /boot is guaranteed to happen -# /boot will only be mounted for the lifetime of the unit. -MountFlags=slave -ExecStart=/usr/sbin/coreos-copy-firstboot-network diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh deleted file mode 100755 index 61c486c89c37810899817fea6908b070c8777332..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# For a description of how this is used see coreos-copy-firstboot-network.service - -bootmnt=/mnt/boot_partition -mkdir -p ${bootmnt} -bootdev=/dev/disk/by-label/boot -firstboot_network_dir_basename="coreos-firstboot-network" -initramfs_firstboot_network_dir="${bootmnt}/${firstboot_network_dir_basename}" -initramfs_network_dir="/run/NetworkManager/system-connections/" -realroot_firstboot_network_dir="/boot/${firstboot_network_dir_basename}" - -# Mount /boot. Note that we mount /boot but we don't unmount boot because we -# are run in a systemd unit with MountFlags=slave so it is unmounted for us. -# Mount as read-only since we don't strictly need write access and we may be -# running alongside other code that also has it mounted ro -mount -o ro ${bootdev} ${bootmnt} - -if [ -n "$(ls -A ${initramfs_firstboot_network_dir} 2>/dev/null)" ]; then - # Clear out any files that may have already been generated from - # kargs by nm-initrd-generator - rm -f ${initramfs_network_dir}/* - # Copy files that were placed into boot (most likely by coreos-installer) - # to the appropriate location for NetworkManager to use the configuration. - echo "info: copying files from ${initramfs_firstboot_network_dir} to ${initramfs_network_dir}" - mkdir -p ${initramfs_network_dir} - cp -v ${initramfs_firstboot_network_dir}/* ${initramfs_network_dir}/ -else - echo "info: no files to copy from ${initramfs_firstboot_network_dir}. skipping" -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service deleted file mode 100755 index 92c4829cd1331e57185d7a6c7143328c621c4bc6..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=CoreOS Enable Network -ConditionPathExists=/etc/initrd-release -DefaultDependencies=false -After=basic.target - -# Triggering conditions for cases where we need network: -# * when Ignition signals that it is required for provisioning. -# * on live systems fetching the remote rootfs in initramfs. -# * on Azure and Azure Stack Hub, for hostname fetching (metadata endpoint) and boot check-in (wireserver). -ConditionPathExists=|/run/ignition/neednet -ConditionKernelCommandLine=|coreos.live.rootfs_url -ConditionKernelCommandLine=|ignition.platform.id=azure -ConditionKernelCommandLine=|ignition.platform.id=azurestack - -# Creates /run/ignition/neednet -After=ignition-fetch-offline.service -# Needs networking -Before=ignition-fetch.service - -# See hack in coreos-enable-network, as well as coreos-copy-firstboot-network.service. -After=dracut-cmdline.service -Before=nm-initrd.service -# compat: remove when everyone is on dracut 054+ -Before=dracut-initqueue.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/coreos-enable-network diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh deleted file mode 100755 index 6c54f49abbb32b0a2b02679f8df5ded989d000e8..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -set -euo pipefail - -set +euo pipefail -. /usr/lib/dracut-lib.sh -set -euo pipefail - -dracut_func() { - # dracut is not friendly to set -eu - set +euo pipefail - "$@"; local rc=$? - set -euo pipefail - return $rc -} - -# If networking hasn't been requested yet, request it. -if ! dracut_func getargbool 0 'rd.neednet'; then - echo "rd.neednet=1" > /etc/cmdline.d/40-coreos-neednet.conf - - # Hack: we need to rerun the NM cmdline hook because we run after - # dracut-cmdline.service because we need udev. We should be able to move - # away from this once we run NM as a systemd unit. See also: - # https://github.com/coreos/fedora-coreos-config/pull/346#discussion_r409843428 - set +euo pipefail - . /usr/lib/dracut/hooks/cmdline/99-nm-config.sh - set -euo pipefail -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh deleted file mode 100755 index 7c910b1b749ef1cc34cff579fbab9c7672da7322..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh +++ /dev/null @@ -1,28 +0,0 @@ -install_and_enable_unit() { - unit="$1"; shift - target="$1"; shift - inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - # note we `|| exit 1` here so we error out if e.g. the units are missing - # see https://github.com/coreos/fedora-coreos-config/issues/799 - systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 -} - -install() { - inst_simple "$moddir/coreos-enable-network.sh" \ - "/usr/sbin/coreos-enable-network" - install_and_enable_unit "coreos-enable-network.service" \ - "initrd.target" - - inst_simple "$moddir/coreos-copy-firstboot-network.sh" \ - "/usr/sbin/coreos-copy-firstboot-network" - # Only run this when ignition runs and only when the system - # has disks. ignition-diskful.target should suffice. - install_and_enable_unit "coreos-copy-firstboot-network.service" \ - "ignition-diskful.target" - - # Dropin with firstboot network configuration kargs, applied via - # Afterburn. - inst_simple "$moddir/50-afterburn-network-kargs-default.conf" \ - "/usr/lib/systemd/system/afterburn-network-kargs.service.d/50-afterburn-network-kargs-default.conf" - -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign deleted file mode 100755 index 3ddac11f3a9068f39f3f7d6b367692ad001ae727..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign +++ /dev/null @@ -1,19 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "passwd": { - "users": [ - { - "name": "core", - "gecos": "CoreOS Admin", - "groups": [ - "adm", - "sudo", - "systemd-journal", - "wheel" - ] - } - ] - } -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md deleted file mode 100755 index 793e519232c8026de1468790c8ab4f4e06347156..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md +++ /dev/null @@ -1 +0,0 @@ -`00-core.ign` is the base config shared between FCOS and RHCOS. The configs specific to FCOS are in [50ignition-conf-fcos](../../../../../../15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos). \ No newline at end of file diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh deleted file mode 100755 index 7e06855bf603949b456c8564077a8f5820d67866..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -depends() { - echo ignition -} - -install() { - mkdir -p "$initdir/usr/lib/ignition/base.d" - inst "$moddir/00-core.ign" \ - "/usr/lib/ignition/base.d/00-core.ign" -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size deleted file mode 100755 index 2c320bed93924aa5740fb86cdba0a96d001fd4a7..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# See also ignition-ostree-check-rootfs-size.service -# https://github.com/coreos/fedora-coreos-tracker/issues/586#issuecomment-777220000 - -srcdev=$(findmnt -nvr -o SOURCE /sysroot | tail -n1) -size=$(lsblk --nodeps --noheadings --bytes -o SIZE "${srcdev}") - -MINIMUM_GB=8 -MINIMUM_BYTES=$((1024 * 1024 * 1024 * MINIMUM_GB)) - -MOTD_DROPIN=/etc/motd.d/60-coreos-rootfs-size.motd - -YELLOW=$(echo -e '\033[0;33m') -RESET=$(echo -e '\033[0m') - -if [ "${size}" -lt "${MINIMUM_BYTES}" ]; then - mkdir -p "/sysroot/$(dirname "${MOTD_DROPIN}")" - cat > "/sysroot/${MOTD_DROPIN}" <&2 -} - -fatal() { - err "$@" - exit 1 -} - -if [ $# -eq 0 ]; then - err "Usage: $0 [PATTERN...]" - err " e.g.: $0 /etc/passwd '/etc/group*'" -fi - -if [ ! -f /sysroot/etc/selinux/config ]; then - exit 0 -fi - -source /sysroot/etc/selinux/config - -if [ -z "${SELINUXTYPE:-}" ]; then - fatal "Couldn't find SELINUXTYPE in /sysroot/etc/selinux/config" -fi - -file_contexts="/sysroot/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" - -prefixed_patterns=() -while [ $# -ne 0 ]; do - pattern=$1; shift - prefixed_patterns+=("/sysroot/$pattern") -done -setfiles -vFi0 -r /sysroot "$file_contexts" "${prefixed_patterns[@]}" diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh deleted file mode 100755 index 1a7c0a299660ee751e6247e2669efed7408e79d2..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# see related comment block in transposefs.sh re. inspecting the config directly -ignition_cfg=/run/ignition.json -rootpath=/dev/disk/by-label/root - -query_rootfs() { - local filter=$1 - jq -re ".storage?.filesystems? // [] | - map(select(.label == \"root\" and .wipeFilesystem == true)) | - .[0] | $filter" "${ignition_cfg}" -} - -# If the rootfs was reprovisioned, then the mountOptions from the Ignition -# config has priority. -if [ -d /run/ignition-ostree-transposefs/root ]; then - if query_rootfs 'has("mountOptions")' >/dev/null; then - query_rootfs '.mountOptions | join(",")' - exit 0 - fi -fi - -eval $(blkid -o export ${rootpath}) -if [ "${TYPE}" == "xfs" ]; then - # We use prjquota on XFS by default to aid multi-tenant Kubernetes (and - # other container) clusters. See - # https://github.com/coreos/coreos-assembler/pull/303/commits/6103effbd006bb6109467830d6a3e42dd847668d - echo "prjquota" -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service deleted file mode 100755 index 5802f49de9e42c45cbf057df0a41e9a33cdce8e6..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Ignition OSTree: Check Root Filesystem Size -Documentation=https://docs.fedoraproject.org/en-US/fedora-coreos/storage/ -DefaultDependencies=false -ConditionKernelCommandLine=ostree -ConditionPathExists=!/run/ostree-live -After=ignition-ostree-growfs.service -After=ostree-prepare-root.service - -[Service] -Type=oneshot -ExecStart=/usr/libexec/coreos-check-rootfs-size -RemainAfterExit=yes diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid deleted file mode 100755 index b2177352e8784325cdee735c40201b0ddb0f7558..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -set -euo pipefail -# https://github.com/coreos/fedora-coreos-tracker/issues/465 -# coreos-assembler generates disk images which are installed bit-for-bit -# or booted directly in the cloud. -# Generate new UUID on firstboot; this is general best practice, but in the future -# we may use this for mounting by e.g. adding a boot= and root= kernel args. - -label=$1 - -# Keep this in sync with https://github.com/coreos/coreos-assembler/blob/e3905fd2e138de04184c1cd86b99b0fd83cbe5cf/src/create_disk.sh#L17 -bootfs_uuid="96d15588-3596-4b3c-adca-a2ff7279ea63" -rootfs_uuid="910678ff-f77e-4a7d-8d53-86f2ac47a823" - -target=/dev/disk/by-label/${label} -if ! [ -b "${target}" ]; then - echo "$0: Failed to find block device ${target}" 1>&2 - exit 1 -fi - -eval $(blkid -o export ${target}) -case "${label}" in - root) orig_uuid="${rootfs_uuid}"; orig_type=xfs ;; - boot) orig_uuid="${bootfs_uuid}"; orig_type=ext4 ;; - *) echo "unexpected ${label}"; exit 1 ;; -esac - -if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then - case "${TYPE}" in - ext4) - # If the filesystem supports metadata_csum_seed then the UUID is stored - # in the superblock and there is no need to worry with an fsck. For the - # boot filesystem this FS feature wasn't supported by GRUB until recently. - # https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00031.html - # Once grub is updated in all systems we care about we can standardize - # on the metadata_csum_seed and delete the `else` code block. - if tune2fs -l ${target} | grep 'metadata_csum_seed'; then - tune2fs -U random "${target}" - else - # Run an fsck since tune2fs -U requires the FS to be clean - e2fsck -fy "${target}" - # We just ran an fsck, but there is a bug where tune2fs -U will still - # complain. It will still error if the last checked timestamp (just - # set by the e2fsck above) is older than the last mount timestamp (happens - # on systems with out of date or non-functioning hardware clocks). - # See https://github.com/coreos/fedora-coreos-tracker/issues/735#issuecomment-859605953 - # Potentially fixed in future by: https://www.spinics.net/lists/linux-ext4/msg78012.html - tune2fsinfo="$(tune2fs -l ${target})" - lastmount=$(echo "$tune2fsinfo" | grep '^Last mount time:' | cut -d ':' -f 2,3,4) - lastfsck=$(echo "$tune2fsinfo" | grep '^Last checked:' | cut -d ':' -f 2,3,4) - lastmountsse=$(date --date="$lastmount" +%s) - lastfscksse=$(date --date="$lastfsck" +%s) - if (( lastfscksse < lastmountsse )); then - echo "Detected timestamp of last fsck is older than timestamp of last mount." - echo "Setting "${target}" timestamp of last fsck to same time as last mount." - tune2fs -T $(date --date="$lastmount" +%Y%m%d%H%M%S) "${target}" - fi - # Finally, we can randomize the UUID - tune2fs -U random "${target}" - fi ;; - xfs) xfs_admin -U generate "${target}" ;; - *) echo "unexpected filesystem type ${TYPE}" 1>&2; exit 1 ;; - esac - udevadm settle || : - echo "Regenerated UUID for ${target}" -else - echo "No changes required for ${target} TYPE=${TYPE} UUID=${UUID}" -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service deleted file mode 100755 index 8704894f3b18133c23847bee66a3e3cebc6a0b6e..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Ignition OSTree: Grow root filesystem -DefaultDependencies=false -ConditionKernelCommandLine=ostree -ConditionPathExists=!/run/ostree-live -Before=initrd-root-fs.target -After=sysroot.mount ignition-ostree-mount-firstboot-sysroot.service -# This shouldn't be strictly necessary, but it's cleaner to not have OSTree muck -# around with moving mounts while we're still resizing the filesystem. -Before=ostree-prepare-root.service - -[Service] -Type=oneshot -ExecStart=/usr/sbin/ignition-ostree-growfs -RemainAfterExit=yes diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh deleted file mode 100755 index d20b6a08d984e0c217168d7b67f3b76b44bb38a8..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# This script is run by ignition-ostree-growfs.service. It grows the root -# partition, unless it determines that either the rootfs was moved or the -# partition was already resized (e.g. via Ignition). - -# If root reprovisioning was triggered, this file contains state of the root -# partition *before* ignition-disks. -saved_partstate=/run/ignition-ostree-rootfs-partstate.sh - -# We run after the rootfs is mounted at /sysroot, but before ostree-prepare-root -# moves it to /sysroot/sysroot. -path=/sysroot - -# The use of tail is to avoid errors from duplicate mounts; -# this shouldn't happen for us but we're being conservative. -src=$(findmnt -nvr -o SOURCE "$path" | tail -n1) - -if [ ! -f "${saved_partstate}" ]; then - partition=$(realpath /dev/disk/by-label/root) -else - # The rootfs was reprovisioned. Our rule in this case is: we only grow if - # the partition backing the rootfs is the same and its size didn't change - # (IOW, it was an in-place reprovisioning; e.g. LUKS or xfs -> btrfs). - source "${saved_partstate}" - if [ "${TYPE}" != "part" ]; then - # this really should never happen; but play nice - echo "$0: original rootfs blockdev not of type 'part'; not auto-growing" - exit 0 - fi - partition=$(realpath "${NAME}") - if [ "${SIZE}" != "$(lsblk --nodeps -bno SIZE "${partition}")" ]; then - echo "$0: original root partition changed size; not auto-growing" - exit 0 - fi - if ! lsblk -no MOUNTPOINT "${partition}" | grep -q '^/sysroot$'; then - echo "$0: original root partition no longer backing rootfs; not auto-growing" - exit 0 - fi -fi - -# Go through each blockdev in the hierarchy and verify we know how to grow them -lsblk -no TYPE "${partition}" | while read dev; do - case "${dev}" in - part|crypt) ;; - *) echo "error: Unsupported blockdev type ${dev}" 1>&2; exit 1 ;; - esac -done - -# Get the filesystem type before extending the partition. This matters -# because the partition, once extended, might include leftover superblocks -# from the previous contents of the disk (notably ZFS), causing blkid to -# refuse to return any filesystem type at all. -eval $(blkid -o export "${src}") -ROOTFS_TYPE=${TYPE:-} -case "${ROOTFS_TYPE}" in - xfs|ext4|btrfs) ;; - *) echo "error: Unsupported filesystem for ${path}: '${ROOTFS_TYPE}'" 1>&2; exit 1 ;; -esac - -# Now, go through the hierarchy, growing everything. Note we go one device at a -# time using --nodeps, because ordering is buggy in el8: -# https://bugzilla.redhat.com/show_bug.cgi?id=1940607 -current_blkdev=${partition} -while true; do - eval "$(lsblk --paths --nodeps --pairs -o NAME,TYPE,PKNAME "${current_blkdev}")" - MAJMIN=$(echo $(lsblk -dno MAJ:MIN "${NAME}")) - case "${TYPE}" in - part) - eval $(udevadm info --query property --export "${current_blkdev}" | grep ^DM_ || :) - if [ -n "${DM_MPATH:-}" ]; then - # Since growpart does not understand device mapper, we have to use sfdisk. - echo ", +" | sfdisk --no-reread --no-tell-kernel --force -N "${DM_PART}" "/dev/mapper/${DM_MPATH}" - udevadm settle || : # Wait for udev-triggered kpartx to update mappings - else - partnum=$(cat "/sys/dev/block/${MAJMIN}/partition") - # XXX: ideally this'd be idempotent and we wouldn't `|| :` - growpart "${PKNAME}" "${partnum}" || : - fi - ;; - crypt) - # XXX: yuck... we need to expose this sanely in clevis - (. /usr/bin/clevis-luks-common-functions - eval $(udevadm info --query=property --export "${NAME}") - # lsblk doesn't print PKNAME of crypt devices with --nodeps - PKNAME=/dev/$(ls "/sys/dev/block/${MAJMIN}/slaves") - clevis_luks_unlock_device "${PKNAME}" | cryptsetup resize -d- "${DM_NAME}" - ) - ;; - # already checked - *) echo "unreachable" 1>&2; exit 1 ;; - esac - holders="/sys/dev/block/${MAJMIN}/holders" - [ -d "${holders}" ] || break - nholders="$(ls "${holders}" | wc -l)" - if [ "${nholders}" -eq 0 ]; then - break - elif [ "${nholders}" -gt 1 ]; then - # this shouldn't happen since we've checked the partition types already - echo "error: Unsupported block device with multiple children: ${NAME}" 1>&2 - exit 1 - fi - current_blkdev=/dev/$(ls "${holders}") -done - -# Wipe any filesystem signatures from the extended partition that don't -# correspond to the FS type we detected earlier. -wipefs -af -t "no${ROOTFS_TYPE}" "${src}" - -# TODO: Add XFS to https://github.com/systemd/systemd/blob/master/src/partition/growfs.c -# and use it instead. -case "${ROOTFS_TYPE}" in - xfs) xfs_growfs "${path}" ;; - ext4) resize2fs "${src}" ;; - btrfs) btrfs filesystem resize max ${path} ;; -esac - -# this is useful for tests -touch /run/ignition-ostree-growfs.stamp diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service deleted file mode 100755 index 3ba677d0e3f9953fb14748178a1b539eec9f6b14..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Ignition OSTree: Mount (firstboot) /sysroot -# These dependencies should match the "other" in -# ignition-ostree-mount-subsequent-sysroot.service -DefaultDependencies=false -# If root is specified, then systemd's generator will win -ConditionKernelCommandLine=!root -ConditionKernelCommandLine=ostree -# This is redundant since we're queued on -diskful.target, but eh. -ConditionPathExists=!/run/ostree-live -# There can be only one, Highlander style -Conflicts=ignition-ostree-mount-subsequent-sysroot.service -Before=initrd-root-fs.target -After=ignition-disks.service -# Note we don't have a Requires: /dev/disk/by-label/root here like -# the -subsequent service does because ignition-disks may have -# regenerated it. -Requires=ignition-disks.service -# These have an explicit dependency on After=sysroot.mount today -Before=ostree-prepare-root.service ignition-remount-sysroot.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/ignition-ostree-mount-sysroot diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service deleted file mode 100755 index 92dde886f0987c5e801452295085e53aa2d4d69a..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service +++ /dev/null @@ -1,24 +0,0 @@ -# Note this unit is conditionally enabled by ignition-ostree-generator -[Unit] -Description=CoreOS: Mount (subsequent) /sysroot -# These dependencies should match the "other" in -# ignition-ostree-mount-firsboot-sysroot.service -DefaultDependencies=false -# If root is specified, then systemd's generator will win -ConditionKernelCommandLine=!root -ConditionKernelCommandLine=ostree -ConditionPathExists=!/run/ostree-live -# There can be only one, Highlander style -Conflicts=ignition-ostree-mount-firstboot-sysroot.service -# And in contrast to the firstboot, we expect -# the root device to be ready. -Requires=dev-disk-by\x2dlabel-root.device -After=dev-disk-by\x2dlabel-root.device -Before=initrd-root-fs.target -# This has an explicit dependency on After=sysroot.mount today -Before=ostree-prepare-root.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/ignition-ostree-mount-sysroot diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh deleted file mode 100755 index a51c4b26fec62b166f817904fab190a8c02ca217..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# Note that on *new machines* this script is now only ever used on firstboot. On -# subsequent boots, systemd-fstab-generator mounts /sysroot from the -# root=UUID=... and rootflags=... kargs. - -# We may do a migration window at some point where older machines have these -# kargs injected so that we can simplify the model further. - -rootpath=/dev/disk/by-label/root -if ! [ -b "${rootpath}" ]; then - echo "ignition-ostree-mount-sysroot: Failed to find ${rootpath}" 1>&2 - exit 1 -fi - -echo "Mounting ${rootpath} ($(realpath "${rootpath}")) to /sysroot" -mount -o "$(coreos-rootflags)" "${rootpath}" /sysroot diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service deleted file mode 100755 index 09d6c15ab31bc4b1b19ce861085435341b65d8cf..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Mount OSTree /var -DefaultDependencies=false -ConditionKernelCommandLine=ostree -ConditionPathExists=!/run/ostree-live - -# Make sure ExecStop= runs before we switch root -Before=initrd-switch-root.target - -# Make sure if ExecStop= fails, the boot fails -OnFailure=emergency.target -OnFailureJobMode=isolate - -# Make sure /sysroot is mounted first, since we're mounting under there -Requires=initrd-root-fs.target -After=initrd-root-fs.target - -# Need to do this before Ignition mounts any other filesystems (potentially -# shadowing our own bind mount). -Before=ignition-mount.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/ignition-ostree-mount-var mount -ExecStop=/usr/sbin/ignition-ostree-mount-var umount diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh deleted file mode 100755 index 885598e2a7db944c414d46d2003b3ea738498033..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -set -euo pipefail - -fatal() { - echo "$@" >&2 - exit 1 -} - -if [ $# -ne 1 ] || { [[ $1 != mount ]] && [[ $1 != umount ]]; }; then - fatal "Usage: $0 " -fi - -get_ostree_arg() { - # yes, this doesn't account for spaces within args, e.g. myarg="my val", but - # it still works for our purposes - ( - IFS=$' ' - # shellcheck disable=SC2013 - for arg in $(cat /proc/cmdline); do - if [[ $arg == ostree=* ]]; then - echo "${arg#ostree=}" - fi - done - ) -} - -do_mount() { - ostree=$(get_ostree_arg) - if [ -z "${ostree}" ]; then - fatal "No ostree= kernel argument in /proc/cmdline" - fi - - deployment_path=/sysroot/${ostree} - if [ ! -L "${deployment_path}" ]; then - fatal "${deployment_path} is not a symlink" - fi - - stateroot_var_path=$(realpath "${deployment_path}/../../var") - if [ ! -d "${stateroot_var_path}" ]; then - fatal "${stateroot_var_path} is not a directory" - fi - - echo "Mounting $stateroot_var_path" - mount --bind "$stateroot_var_path" /sysroot/var -} - -do_umount() { - echo "Unmounting /sysroot/var" - umount /sysroot/var -} - -"do_$1" diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service deleted file mode 100755 index d7aa622caec80f5b99c3f0839d29e2ca233a659c..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Populate OSTree /var -DefaultDependencies=false -ConditionKernelCommandLine=|ostree -ConditionPathExists=|/run/ostree-live - -# Need to do this with all mount points active -After=ignition-mount.service - -# But *before* we start dumping files in there -Before=ignition-files.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/ignition-ostree-populate-var diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh deleted file mode 100755 index 01212db7d5c0a54d58e2a630edf17bd5747e175c..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash -set -euo pipefail - -fatal() { - echo "$@" >&2 - exit 1 -} - -if [ $# -ne 0 ]; then - fatal "Usage: $0" -fi - -# See the similar code block in Anaconda, which handles this today for Atomic -# Host and Silverblue: -# https://github.com/rhinstaller/anaconda/blob/b9ea8ce4e68196b30a524c1cc5680dcdc4b89371/pyanaconda/payload/rpmostreepayload.py#L332 - -for varsubdir in lib log home roothome opt srv usrlocal mnt media; do - - # If the directory already existed, just ignore. This addresses the live - # image case with persistent `/var`; we don't want to relabel all the files - # there on each boot. - if [ -d "/sysroot/var/${varsubdir}" ]; then - continue - fi - - if [[ $varsubdir == lib ]] || [[ $varsubdir == log ]]; then - # Simply manually mkdir /var/{lib,log}; the tmpfiles.d entries otherwise - # reference users/groups which we don't have access to from here - # (though... we *could* import them from the sysroot, and have - # nss-altfiles in the initrd, but meh... let's just wait for - # systemd-sysusers which will make this way easier: - # https://github.com/coreos/fedora-coreos-config/pull/56/files#r262592361). - mkdir -p /sysroot/var/${varsubdir} - else - systemd-tmpfiles --create --boot --root=/sysroot --prefix="/var/${varsubdir}" - fi - - if [[ $varsubdir == roothome ]]; then - # TODO move this to tmpfiles.d once systemd-tmpfiles handles C! with --root correctly. - # See https://github.com/coreos/fedora-coreos-config/pull/137 - cp /sysroot/etc/skel/.bash* /sysroot/var/${varsubdir} - fi - - coreos-relabel "/var/${varsubdir}" -done diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service deleted file mode 100755 index 389dc9eedf644f449307ae88abae07cb591b41e6..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Ignition OSTree: Detect Partition Transposition -DefaultDependencies=false -After=ignition-fetch.service -Before=ignition-disks.service -Before=initrd-root-fs.target -Before=sysroot.mount -ConditionKernelCommandLine=ostree -OnFailure=emergency.target -OnFailureJobMode=isolate - -# This stage requires udevd to detect disks -Requires=systemd-udevd.service -After=systemd-udevd.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/libexec/ignition-ostree-transposefs detect -ExecStop=/usr/libexec/ignition-ostree-transposefs cleanup diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service deleted file mode 100755 index 4eca578934571af45dbc659cce9761151ca1e72e..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Ignition OSTree: Restore Partitions -DefaultDependencies=false -After=ignition-disks.service -# Avoid racing with UUID regeneration -After=ignition-ostree-uuid-root.service -Before=ignition-ostree-growfs.service -Before=ignition-ostree-mount-firstboot-sysroot.service -OnFailure=emergency.target -OnFailureJobMode=isolate - -ConditionKernelCommandLine=ostree -ConditionPathIsDirectory=/run/ignition-ostree-transposefs - -[Service] -Type=oneshot -RemainAfterExit=yes -# So we can transiently mount sysroot -MountFlags=slave -ExecStart=/usr/libexec/ignition-ostree-transposefs restore diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service deleted file mode 100755 index bc03499ecbfee558ab229f9d8f93fefa8d4727c8..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=Ignition OSTree: Save Partitions -DefaultDependencies=false -After=ignition-ostree-transposefs-detect.service -Before=ignition-disks.service -ConditionKernelCommandLine=ostree -ConditionPathIsDirectory=/run/ignition-ostree-transposefs -# Any services looking at mounts need to order after this -# because it causes device re-probing. -After=coreos-gpt-setup.service -OnFailure=emergency.target -OnFailureJobMode=isolate - -[Service] -Type=oneshot -RemainAfterExit=yes -# So we can transiently mount sysroot -MountFlags=slave -ExecStart=/usr/libexec/ignition-ostree-transposefs save diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh deleted file mode 100755 index 18224c363c8a095c9916f8e094797e2f6f194110..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ /dev/null @@ -1,244 +0,0 @@ -#!/bin/bash -set -euo pipefail - -boot_sector_size=440 -esp_typeguid=c12a7328-f81f-11d2-ba4b-00a0c93ec93b -bios_typeguid=21686148-6449-6e6f-744e-656564454649 -prep_typeguid=9e1a2d38-c612-4316-aa26-8b49521e5a8b - -# This is implementation details of Ignition; in the future, we should figure -# out a way to ask Ignition directly whether there's a filesystem with label -# "root" being set up. -ignition_cfg=/run/ignition.json -root_part=/dev/disk/by-label/root -boot_part=/dev/disk/by-label/boot -esp_part=/dev/disk/by-label/EFI-SYSTEM -bios_part=/dev/disk/by-partlabel/BIOS-BOOT -prep_part=/dev/disk/by-partlabel/PowerPC-PReP-boot -saved_data=/run/ignition-ostree-transposefs -saved_root=${saved_data}/root -saved_boot=${saved_data}/boot -saved_esp=${saved_data}/esp -saved_bios=${saved_data}/bios -saved_prep=${saved_data}/prep -zram_dev=${saved_data}/zram_dev -partstate_root=/run/ignition-ostree-rootfs-partstate.sh - -# Print jq query string for wiped filesystems with label $1 -query_fslabel() { - echo ".storage?.filesystems? // [] | map(select(.label == \"$1\" and .wipeFilesystem == true))" -} - -# Print jq query string for partitions with type GUID $1 -query_parttype() { - echo ".storage?.disks? // [] | map(.partitions?) | flatten | map(select(try .typeGuid catch \"\" | ascii_downcase == \"$1\"))" -} - -# Print partition labels for partitions with type GUID $1 -get_partlabels_for_parttype() { - jq -r "$(query_parttype $1) | .[].label" "${ignition_cfg}" -} - -# Mounts device to directory, with extra logging of the src device -mount_verbose() { - local srcdev=$1; shift - local destdir=$1; shift - echo "Mounting ${srcdev} ($(realpath "$srcdev")) to $destdir" - mkdir -p "${destdir}" - mount "${srcdev}" "${destdir}" -} - -# Sometimes, for some reason the by-label symlinks aren't updated. Detect these -# cases, and explicitly `udevadm trigger`. -# See: https://bugzilla.redhat.com/show_bug.cgi?id=1908780 -udev_trigger_on_label_mismatch() { - local label=$1; shift - local expected_dev=$1; shift - local actual_dev - expected_dev=$(realpath "${expected_dev}") - actual_dev=$(realpath "/dev/disk/by-label/$label") - if [ "$actual_dev" != "$expected_dev" ]; then - echo "Expected /dev/disk/by-label/$label to point to $expected_dev, but points to $actual_dev; triggering udev" - udevadm trigger --settle "$expected_dev" - fi -} - -# Print partition offset for device node $1 -get_partition_offset() { - local devpath=$(udevadm info --query=path "$1") - cat "/sys${devpath}/start" -} - -mount_and_restore_filesystem_by_label() { - local label=$1; shift - local mountpoint=$1; shift - local saved_fs=$1; shift - local new_dev - new_dev=$(jq -r "$(query_fslabel "${label}") | .[0].device" "${ignition_cfg}") - udev_trigger_on_label_mismatch "${label}" "${new_dev}" - mount_verbose "/dev/disk/by-label/${label}" "${mountpoint}" - find "${saved_fs}" -mindepth 1 -maxdepth 1 -exec mv -t "${mountpoint}" {} \; -} - -case "${1:-}" in - detect) - # Mounts are not in a private namespace so we can mount ${saved_data} - wipes_root=$(jq "$(query_fslabel root) | length" "${ignition_cfg}") - wipes_boot=$(jq "$(query_fslabel boot) | length" "${ignition_cfg}") - creates_esp=$(jq "$(query_parttype ${esp_typeguid}) | length" "${ignition_cfg}") - creates_bios=$(jq "$(query_parttype ${bios_typeguid}) | length" "${ignition_cfg}") - creates_prep=$(jq "$(query_parttype ${prep_typeguid}) | length" "${ignition_cfg}") - if [ "${wipes_root}${wipes_boot}${creates_esp}${creates_bios}${creates_prep}" = "00000" ]; then - exit 0 - fi - echo "Detected partition replacement in fetched Ignition config: /run/ignition.json" - # verify all ESP, BIOS, and PReP partitions have non-null unique labels - unique_esp=$(jq -r "$(query_parttype ${esp_typeguid}) | [.[].label | values] | unique | length" "${ignition_cfg}") - unique_bios=$(jq -r "$(query_parttype ${bios_typeguid}) | [.[].label | values] | unique | length" "${ignition_cfg}") - unique_prep=$(jq -r "$(query_parttype ${prep_typeguid}) | [.[].label | values] | unique | length" "${ignition_cfg}") - if [ "${creates_esp}" != "${unique_esp}" -o "${creates_bios}" != "${unique_bios}" -o "${creates_prep}" != "${unique_prep}" ]; then - echo "Found duplicate or missing ESP, BIOS-BOOT, or PReP labels in config" >&2 - exit 1 - fi - mem_available=$(grep MemAvailable /proc/meminfo | awk '{print $2}') - # Just error out early if we don't even have 1G to work with. This - # commonly happens if you `cosa run` but forget to add `--memory`. That - # way you get a nicer error instead of the spew of EIO errors from `cp`. - # The amount we need is really dependent on a bunch of factors, but just - # ballpark it at 3G. - if [ "${mem_available}" -lt $((1*1024*1024)) ] && [ "${wipes_root}" != 0 ]; then - echo "Root reprovisioning requires at least 3G of RAM" >&2 - exit 1 - fi - modprobe zram num_devices=0 - read dev < /sys/class/zram-control/hot_add - # disksize is set arbitrarily large, as zram is capped by mem_limit - echo 10G > /sys/block/zram"${dev}"/disksize - # Limit zram to 90% of available RAM: we want to be greedy since the - # boot breaks anyway, but we still want to leave room for everything - # else so it hits ENOSPC and doesn't invoke the OOM killer - echo $(( mem_available * 90 / 100 ))K > /sys/block/zram"${dev}"/mem_limit - mkfs.xfs -q /dev/zram"${dev}" - mkdir "${saved_data}" - mount /dev/zram"${dev}" "${saved_data}" - # save the zram device number created for when called to cleanup - echo "${dev}" > "${zram_dev}" - - if [ "${wipes_root}" != "0" ]; then - mkdir "${saved_root}" - fi - if [ "${wipes_boot}" != "0" ]; then - mkdir "${saved_boot}" - fi - if [ "${creates_esp}" != "0" ]; then - mkdir "${saved_esp}" - fi - if [ "${creates_bios}" != "0" ]; then - mkdir "${saved_bios}" - fi - if [ "${creates_prep}" != "0" ]; then - mkdir "${saved_prep}" - fi - ;; - save) - # Mounts happen in a private mount namespace since we're not "offically" mounting - if [ -d "${saved_root}" ]; then - echo "Moving rootfs to RAM..." - mount_verbose "${root_part}" /sysroot - cp -aT /sysroot "${saved_root}" - # also store the state of the partition - lsblk "${root_part}" --nodeps --pairs -b --paths -o NAME,TYPE,SIZE > "${partstate_root}" - fi - if [ -d "${saved_boot}" ]; then - echo "Moving bootfs to RAM..." - mount_verbose "${boot_part}" /sysroot/boot - cp -aT /sysroot/boot "${saved_boot}" - fi - if [ -d "${saved_esp}" ]; then - echo "Moving EFI System Partition to RAM..." - mount_verbose "${esp_part}" /sysroot/boot/efi - cp -aT /sysroot/boot/efi "${saved_esp}" - fi - if [ -d "${saved_bios}" ]; then - echo "Moving BIOS Boot partition and boot sector to RAM..." - # save partition - cat "${bios_part}" > "${saved_bios}/partition" - # save boot sector - bios_disk=$(lsblk --noheadings --output PKNAME --paths "${bios_part}") - dd if="${bios_disk}" of="${saved_bios}/boot-sector" bs="${boot_sector_size}" count=1 status=none - # store partition start offset so we can check it later - get_partition_offset "${bios_part}" > "${saved_bios}/start" - fi - if [ -d "${saved_prep}" ]; then - echo "Moving PReP partition to RAM..." - cat "${prep_part}" > "${saved_prep}/partition" - fi - echo "zram usage:" - read dev < "${zram_dev}" - cat /sys/block/zram"${dev}"/mm_stat - ;; - restore) - # Mounts happen in a private mount namespace since we're not "offically" mounting - if [ -d "${saved_root}" ]; then - echo "Restoring rootfs from RAM..." - mount_and_restore_filesystem_by_label root /sysroot "${saved_root}" - chcon -v --reference "${saved_root}" /sysroot # the root of the fs itself - chattr +i $(ls -d /sysroot/ostree/deploy/*/deploy/*/) - fi - if [ -d "${saved_boot}" ]; then - echo "Restoring bootfs from RAM..." - mount_and_restore_filesystem_by_label boot /sysroot/boot "${saved_boot}" - chcon -v --reference "${saved_boot}" /sysroot/boot # the root of the fs itself - fi - if [ -d "${saved_esp}" ]; then - echo "Restoring EFI System Partition from RAM..." - get_partlabels_for_parttype "${esp_typeguid}" | while read label; do - # Don't use mount_and_restore_filesystem_by_label because: - # 1. We're mounting by partlabel, not FS label - # 2. We need to copy the contents to each partition, not move - # them once - # 3. We don't need the by-label symlink to be correct and - # nothing later in boot will be mounting the filesystem - mountpoint="/mnt/esp-${label}" - mount_verbose "/dev/disk/by-partlabel/${label}" "${mountpoint}" - find "${saved_esp}" -mindepth 1 -maxdepth 1 -exec cp -a {} "${mountpoint}" \; - done - fi - if [ -d "${saved_bios}" ]; then - echo "Restoring BIOS Boot partition and boot sector from RAM..." - expected_start=$(cat "${saved_bios}/start") - get_partlabels_for_parttype "${bios_typeguid}" | while read label; do - cur_part="/dev/disk/by-partlabel/${label}" - # boot sector hardcodes the partition start; ensure it matches - cur_start=$(get_partition_offset "${cur_part}") - if [ "${cur_start}" != "${expected_start}" ]; then - echo "Partition ${cur_part} starts at ${cur_start}; expected ${expected_start}" >&2 - exit 1 - fi - # copy partition contents - cat "${saved_bios}/partition" > "${cur_part}" - # copy boot sector - cur_disk=$(lsblk --noheadings --output PKNAME --paths "${cur_part}") - cat "${saved_bios}/boot-sector" > "${cur_disk}" - done - fi - if [ -d "${saved_prep}" ]; then - echo "Restoring PReP partition from RAM..." - get_partlabels_for_parttype "${prep_typeguid}" | while read label; do - cat "${saved_prep}/partition" > "/dev/disk/by-partlabel/${label}" - done - fi - ;; - cleanup) - # Mounts are not in a private namespace so we can unmount ${saved_data} - if [ -d "${saved_data}" ]; then - read dev < "${zram_dev}" - umount "${saved_data}" - rm -rf "${saved_data}" "${partstate_root}" - echo "${dev}" > /sys/class/zram-control/hot_remove - fi - ;; - *) - echo "Unsupported operation: ${1:-}" 1>&2; exit 1 - ;; -esac diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service deleted file mode 100755 index cde3b1629653b83d976dbda4cb1f63edf50a21f5..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service +++ /dev/null @@ -1,22 +0,0 @@ -[Unit] -Description=Ignition OSTree: Regenerate Filesystem UUID (boot) -DefaultDependencies=false -ConditionPathExists=/usr/lib/initrd-release -ConditionKernelCommandLine=ostree -ConditionPathExists=!/run/ostree-live -# We run pretty early -Before=coreos-copy-firstboot-network.service -Before=coreos-ignition-setup-user.service -Before=ignition-fetch-offline.service -# Any services looking at mounts need to order after this -# because it causes device re-probing. -After=coreos-gpt-setup.service - -Before=systemd-fsck@dev-disk-by\x2dlabel-boot.service -Requires=dev-disk-by\x2dlabel-boot.device -After=dev-disk-by\x2dlabel-boot.device - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/ignition-ostree-firstboot-uuid boot diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service deleted file mode 100755 index 7164aaf5c3bf9840a47f2aad50d1b0764bca0dab..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service +++ /dev/null @@ -1,24 +0,0 @@ -[Unit] -Description=Ignition OSTree: Regenerate Filesystem UUID (root) -# These conditions match mount-firstboot-sysroot.service -DefaultDependencies=false -ConditionKernelCommandLine=ostree -ConditionPathExists=!/run/ostree-live -Before=initrd-root-fs.target -After=ignition-disks.service -# If we've reprovisioned the rootfs, then there's no need to restamp -ConditionPathExists=!/run/ignition-ostree-transposefs - -After=dev-disk-by\x2dlabel-root.device -# Avoid racing with fsck -Before=systemd-fsck@dev-disk-by\x2dlabel-root.service - -# Note we don't have a Requires: /dev/disk/by-label/root here like -# the -subsequent service does because ignition-disks may have -# regenerated it. -Before=ignition-ostree-mount-firstboot-sysroot.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/sbin/ignition-ostree-firstboot-uuid root diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh deleted file mode 100755 index bf9a7872abc14f91a94e3e30275b04baa8b6450b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -depends() { - echo ignition rdcore -} - -install_ignition_unit() { - local unit=$1; shift - local target=${1:-complete} - inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - # note we `|| exit 1` here so we error out if e.g. the units are missing - # see https://github.com/coreos/fedora-coreos-config/issues/799 - systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1 -} - -installkernel() { - # Used by ignition-ostree-transposefs - instmods -c zram -} - -install() { - inst_multiple \ - realpath \ - setfiles \ - chcon \ - systemd-sysusers \ - systemd-tmpfiles \ - sort \ - uniq - - # ignition-ostree-growfs deps - inst_multiple \ - basename \ - blkid \ - cat \ - dirname \ - findmnt \ - growpart \ - realpath \ - resize2fs \ - tail \ - tune2fs \ - touch \ - xfs_admin \ - xfs_growfs \ - wc \ - wipefs - - # growpart deps - # Mostly generated from the following command: - # $ bash --rpm-requires /usr/bin/growpart | sort | uniq | grep executable - # with a few false positives (rq, rqe, -v) and one missed (mktemp) - inst_multiple \ - awk \ - cat \ - dd \ - grep \ - mktemp \ - partx \ - rm \ - sed \ - sfdisk \ - sgdisk \ - find - - for x in mount populate; do - install_ignition_unit ignition-ostree-${x}-var.service - inst_script "$moddir/ignition-ostree-${x}-var.sh" "/usr/sbin/ignition-ostree-${x}-var" - done - - inst_simple \ - /usr/lib/udev/rules.d/90-coreos-device-mapper.rules - - inst_multiple jq chattr - inst_script "$moddir/ignition-ostree-transposefs.sh" "/usr/libexec/ignition-ostree-transposefs" - for x in detect save restore; do - install_ignition_unit ignition-ostree-transposefs-${x}.service - done - - # Disk support - install_ignition_unit ignition-ostree-mount-firstboot-sysroot.service diskful - for p in boot root; do - install_ignition_unit ignition-ostree-uuid-${p}.service diskful - done - inst_script "$moddir/ignition-ostree-firstboot-uuid" \ - "/usr/sbin/ignition-ostree-firstboot-uuid" - install_ignition_unit ignition-ostree-mount-subsequent-sysroot.service diskful-subsequent - inst_script "$moddir/ignition-ostree-mount-sysroot.sh" \ - "/usr/sbin/ignition-ostree-mount-sysroot" - inst_script "$moddir/coreos-rootflags.sh" \ - "/usr/sbin/coreos-rootflags" - - install_ignition_unit ignition-ostree-growfs.service - inst_script "$moddir/ignition-ostree-growfs.sh" \ - /usr/sbin/ignition-ostree-growfs - - install_ignition_unit ignition-ostree-check-rootfs-size.service - inst_script "$moddir/coreos-check-rootfs-size" \ - /usr/libexec/coreos-check-rootfs-size - - inst_script "$moddir/coreos-relabel" /usr/bin/coreos-relabel -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service deleted file mode 100755 index ce8a0ac524a5ee848e2a759bfdd045e0c54a4fae..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Check that initrd matches kernel -DefaultDependencies=false -Before=sysinit.target systemd-modules-load.service -ConditionPathIsDirectory=!/usr/lib/modules/%v - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/false diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh deleted file mode 100755 index cac7b643f4536ce304e4446b8315f43adb69b048..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh +++ /dev/null @@ -1,15 +0,0 @@ -install_unit() { - unit="$1"; shift - target="$1"; shift - inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - # note we `|| exit 1` here so we error out if e.g. the units are missing - # see https://github.com/coreos/fedora-coreos-config/issues/799 - systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 -} - -install() { - inst_multiple \ - false - - install_unit "coreos-check-kernel.service" "sysinit.target" -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service deleted file mode 100755 index 743670ea0bf3d64c615e90ca7811ac58250edc69..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service +++ /dev/null @@ -1,12 +0,0 @@ -# Temporary hack to work around agetty SELinux denials. -# https://github.com/coreos/fedora-coreos-config/pull/859#issuecomment-783713383 -# https://bugzilla.redhat.com/show_bug.cgi?id=1932053 -[Unit] -Description=CoreOS: Touch /run/agetty.reload -Documentation=https://bugzilla.redhat.com/show_bug.cgi?id=1932053 -DefaultDependencies=false - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/bin/touch /run/agetty.reload diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh deleted file mode 100755 index 1423fd5a42ad334a2bd3421f65c489c229c928ef..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1932053. - -install_unit() { - local unit=$1; shift - inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - # note we `|| exit 1` here so we error out if e.g. the units are missing - # see https://github.com/coreos/fedora-coreos-config/issues/799 - systemctl -q --root="$initdir" add-requires initrd.target "$unit" || exit 1 -} - -install() { - inst_multiple \ - touch - - # TODO f35: check if we can drop this whole module - install_unit coreos-touch-run-agetty.service -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service deleted file mode 100755 index 18a964cef98b94512ac5dd42e4990e8f0bf501fd..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Dump journal to virtio port -ConditionPathExists=/etc/initrd-release -DefaultDependencies=false -ConditionVirtualization=|kvm -ConditionVirtualization=|qemu -Requires=systemd-journald.service -After=systemd-journald.service -After=basic.target - -[Service] -Type=oneshot -RemainAfterExit=yes -EnvironmentFile=/run/ignition.env -ExecStart=/usr/bin/ignition-virtio-dump-journal diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh deleted file mode 100755 index 806b374e413df1d11fbca6dda9172c7be9ddf1f3..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -euo pipefail - -port=/dev/virtio-ports/com.coreos.ignition.journal -if [ -e "${port}" ]; then - # Sync to backing filesystem before dumping what's there - journalctl --sync - journalctl -o json > "${port}" - # And this signals end of stream - echo '{}' > "${port}" -else - echo "Didn't find virtio port ${port}" -fi diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh deleted file mode 100755 index 63907da41266ecbdce76cb0c2dcea51b1813ef88..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -install_unit_wants() { - local unit="$1"; shift - local target="$1"; shift - local instantiated="${1:-$unit}"; shift - inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" - # note we `|| exit 1` here so we error out if e.g. the units are missing - # see https://github.com/coreos/fedora-coreos-config/issues/799 - systemctl -q --root="$initdir" add-wants "$target" "$instantiated" || exit 1 -} - -install() { - inst_multiple \ - cut \ - date - - inst_hook emergency 99 "${moddir}/timeout.sh" - - inst_script "$moddir/ignition-virtio-dump-journal.sh" "/usr/bin/ignition-virtio-dump-journal" - install_unit_wants ignition-virtio-dump-journal.service emergency.target -} diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh deleted file mode 100755 index 85fb3d761de729d2679e269875adbafa0ed69744..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh +++ /dev/null @@ -1,99 +0,0 @@ -# Before starting the emergency shell, prompt the user to press Enter. -# If they don't, reboot the system. -# -# Assumes /bin/sh is bash. - -# _wait_for_journalctl_to_stop will block until either: -# - no messages have appeared in journalctl for the past 5 seconds -# - 15 seconds have elapsed -_wait_for_journalctl_to_stop() { - local time_since_last_log=0 - - local time_started="$(date '+%s')" - local now="$(date '+%s')" - - while [ ${time_since_last_log} -lt 5 -a $((now-time_started)) -lt 15 ]; do - sleep 1 - - local last_log_timestamp="$(journalctl -e -n 1 -q -o short-unix | cut -d '.' -f 1)" - local now="$(date '+%s')" - - local time_since_last_log=$((now-last_log_timestamp)) - done -} - -_prompt_for_timeout() { - local timeout=300 - local interval=15 - - if [[ -e /.emergency-shell-confirmed ]]; then - return - fi - failed=$(systemctl --failed --no-legend --plain | cut -f 1 -d ' ') - if [ -n "${failed}" ]; then - # Something failed, suppress kernel logs so that it's more likely - # the useful bits from the journal are available. - dmesg --console-off - - # There's a couple straggler systemd messages. Wait until it's been 5 - # seconds since something was written to the journal. - _wait_for_journalctl_to_stop - - # Print Ignition logs - if echo ${failed} | grep -qFe 'ignition-'; then - cat < 0 ]]; do - local m=$(( $timeout / 60 )) - local s=$(( $timeout % 60 )) - local m_label="minutes" - if [[ $m = 1 ]]; then - m_label="minute" - fi - - if [[ $s != 0 ]]; then - echo -n -e "Press Enter for emergency shell or wait $m $m_label $s seconds for reboot. \r" - else - echo -n -e "Press Enter for emergency shell or wait $m $m_label for reboot. \r" - fi - - local anything - if read -t $interval anything; then - > /.emergency-shell-confirmed - return - fi - timeout=$(( $timeout - $interval )) - done - - echo -e "\nRebooting." - # This is not very nice, but since reboot.target likely conflicts with - # the existing goal target wrt the desired state of shutdown.target, - # there doesn't seem to be a better option. - systemctl reboot --force - exit 0 -} - -# If we're invoked from a dracut breakpoint rather than -# dracut-emergency.service, we won't have a controlling terminal and stdio -# won't be connected to it. Explicitly read/write /dev/console. -_prompt_for_timeout < /dev/console > /dev/console diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf deleted file mode 100755 index 091a114d5cea1bf90ec2c2f2cbce28fb9c45a1a2..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf +++ /dev/null @@ -1,12 +0,0 @@ -[Journal] -# For now we are using kmsg for multiplexing output to -# multiple console devices during early boot. -# -# We do not want to use kmsg in the future as there may be sensitive -# ignition data that leaks to non-root users (by reading the kernel -# ring buffer using `dmesg`). In the future we will rely on kernel -# console multiplexing (link below) for this and will not use kmsg. -# -# https://github.com/coreos/fedora-coreos-tracker/issues/136 -ForwardToKMsg=yes -MaxLevelKMsg=info diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh deleted file mode 100755 index e6626b28995f01467e6df940ef93f58f470f0d0c..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -depends() { - echo systemd -} - -install() { - inst_simple "$moddir/00-journal-log-forwarding.conf" \ - "/etc/systemd/journald.conf.d/00-journal-log-forwarding.conf" -} diff --git a/nestos-config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf b/nestos-config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf deleted file mode 100755 index e605a61c6cb5aecef2e77bd4645ed0e2cd8388bb..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf +++ /dev/null @@ -1,3 +0,0 @@ -# See also 10coreos-sysctl dracut module, which turns off ratelimiting in the -# initrd. -kernel.printk_devkmsg = ratelimit diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf deleted file mode 100755 index 7910c16785a23f5efff7c90da61dc1f781ae4819..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf +++ /dev/null @@ -1,6 +0,0 @@ -# Hardcode persistent journal by default. journald has this "auto" behaviour -# that only makes logs persistent if `/var/log/journal` exists, which it won't -# on first boot because `/var` isn't fully populated. We should be able to get -# rid of this once we move to sysusers and create the dir in the initrd. -[Journal] -Storage=persistent diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator deleted file mode 100755 index 5724fdcb26eac07285b97982a1d3fd00ae239a4a..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash -export PATH="/usr/bin:/usr/sbin:${PATH}" -set -euo pipefail - -. /usr/lib/coreos/generator-lib.sh - -# Turn out if you boot with "root=..." $UNIT_DIR is not writable. -[ -w "${UNIT_DIR}" ] || { - echo "skipping coreos-boot-mount-generator: ${UNIT_DIR} is not writable" - exit 0 -} - -# If there's already an /etc/fstab entries for /boot, then this is is a non-FCOS -# system, likely RHCOS pre-4.3 (which still used Anaconda). In that case, we -# don't want to overwrite what the systemd-fstab-generator will do. -if findmnt --fstab /boot &>/dev/null; then - exit 0 -fi - -# Don't create mount units for /boot on live systems. -# ConditionPathExists won't work here because conditions don't affect -# the dependency on the underlying device unit. -if [ -f /run/ostree-live ]; then - exit 0 -fi - -add_wants() { - local name="$1"; shift - local wants_dir="${UNIT_DIR}/local-fs.target.wants" - mkdir -p "${wants_dir}" - ln -sf "../${name}" "${wants_dir}/${name}" -} - -# Generate mount units that work with device mapper. The traditional -# device unit (dev-disk-by\x2dlabel...) does not work since it is not the -# device that systemd will fsck. This code ensures that if the label -# is backed by a device-mapper target the dev-mapper.*.device is used. -mk_mount() { - local mount_pt="${1}"; shift - local path="${1}"; shift - local options="${1}"; shift - - local devservice=$(systemd-escape -p ${path} --suffix=service) - local unit_name=$(systemd-escape -p ${mount_pt} --suffix=mount) - - cat > "${UNIT_DIR}/${unit_name}" < "${out_dir}/10-autologin.conf" < /etc/sysctl.d/20-coreos-autologin-kernel-printk.conf -# Raise console message logging level from DEBUG (7) to WARNING (4) -# so that kernel debug message don't get interspersed on the console -# that -# may frustrate a user trying to interactively do an install with -# nmtui and coreos-installer. -kernel.printk=4 -EOF -} - -write_interactive_live_motd() { - # Write motd to a tmp file and not directly to /etc/motd because - # SELinux denies write from init_t to etc_t - cat < /run/interactive-live-motd - -########################################################################### -Welcome to the NestOS live environment. This system is running completely -from memory, making it a good candidate for hardware discovery and -installing persistently to disk. Here is an example of running an install -to disk via nestos-installer: - -sudo nestos-installer install /dev/sda \\ - --ignition-url https://example.com/example.ign - -You may configure networking via 'sudo nmcli' or 'sudo nmtui' and have -that configuration persist into the installed system by passing the -'--copy-network' argument to 'nestos-installer install'. Please run -'nestos-installer install --help' for more information on the possible -install options. -########################################################################### - -EOF - # Create coreos-cp-interactive-live-motd.service to copy over the motd in - # place. Note this intentionally overwrites the existing motd, which is - # blank on FCOS and populated on RHCOS. - service="coreos-cp-interactive-live-motd.service" - cat < "${UNIT_DIR}/${service}" -# generated by coreos-liveiso-autologin-generator -[Unit] -Description=Copy CoreOS Interactive Live MOTD -Before=systemd-user-sessions.service -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/cp -v /run/interactive-live-motd /etc/motd -EOF - mkdir -p "${UNIT_DIR}/multi-user.target.wants" - ln -sf "../${service}" "${UNIT_DIR}/multi-user.target.wants/" -} - -# Only allow automatic autologin on live systems -if [ ! -e /run/ostree-live ]; then - exit 0 -fi - -# Autologin on ISO boots but not PXE boots. The only way to tell the -# difference is a kernel argument. -if ! have_karg coreos.liveiso; then - exit 0 -fi - -# If the user supplied an Ignition config, they have the ability to enable -# autologin themselves. Don't automatically render them insecure, since -# they might be running in production and booting via e.g. IPMI. -if jq -e .userConfigProvided /etc/.ignition-result.json &>/dev/null; then - exit 0 -fi - -write_dropin "getty@.service" "--noclear" -# Also autologin on serial console if someone enables that -write_dropin "serial-getty@.service" "--keep-baud 115200,38400,9600" - -# When the installer runs a lot of things happen on the system (audit -# messages from running via sudo, re-reading partition table messages, -# mounting filesystem messages, etc.). Quieting the verbosity of the -# kernel console will help us keep our sanity. -quiet_kernel_console_messages - - -# Write an motd that will let the user know about the live environment -# and what is possible. -write_interactive_live_motd diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset deleted file mode 100755 index a242ebaaa1c0c69bee0257ac2af230ce9a341b8c..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset +++ /dev/null @@ -1,16 +0,0 @@ -# This file contains overrides for systemd services that are -# enabled by default, but conflict with things we ship. - -# We don't have swap by default, and systemd-oomd hard requires it. -disable systemd-oomd.service - -# Disable systemd-firstboot because it conflicts with Ignition. -# In most cases this is handled via the remove-from-packages -# bits in the manifest (ignition-and-ostree.yaml), but -# we want to support overlaying builds of systemd from git. -disable systemd-firstboot.service - -# This hasn't been tested with ostree/rpm-ostree and heavily overlaps -# with the latter. Preemptively disable the service; it will hopefully -# be subpackaged though for Fedora. -disable systemd-sysext.service diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset deleted file mode 100755 index 13963ef789d83d4114890bb9487697679f08c5d0..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ /dev/null @@ -1,27 +0,0 @@ -# Presets here that eventually should live in the generic fedora presets - -# console-login-helper-messages - https://github.com/coreos/console-login-helper-messages -enable console-login-helper-messages-gensnippet-os-release.service -enable console-login-helper-messages-gensnippet-ssh-keys.service -# CA certs (probably to add to base fedora eventually) -enable coreos-update-ca-trust.service -# https://github.com/coreos/ignition/issues/1125 -enable coreos-ignition-firstboot-complete.service -# Boot checkin services for cloud providers. -enable afterburn-checkin.service -enable afterburn-firstboot-checkin.service -# Target to write SSH key snippets from cloud providers. -enable afterburn-sshkeys.target -# Update agent -enable zincati.service -# Testing aid -enable coreos-liveiso-success.service -# See bootupd.yaml -enable bootupd.socket -# Enable rtas_errd for ppc64le to discover dynamically attached pci devices - https://bugzilla.redhat.com/show_bug.cgi?id=1811537 -# The event for the attached device comes as a diag event. -# Ideally it should have been added as part of base Fedora - but since it was arch specific, it was not added: https://bugzilla.redhat.com/show_bug.cgi?id=1433859 -enable rtas_errd.service -enable clevis-luks-askpass.path -# Provide information if no ignition is provided -enable coreos-check-ignition-config.service diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service deleted file mode 100755 index 569de69eee8700835c5db9fffced2f16d06574f4..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service +++ /dev/null @@ -1,14 +0,0 @@ -# This service is used for printing a message if -# no Ignition config is provided. -[Unit] -Description=Check if Ignition config is provided -Before=systemd-user-sessions.service -ConditionPathExists=/etc/.ignition-result.json - -[Service] -Type=oneshot -ExecStart=/usr/libexec/coreos-check-ignition-config -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service deleted file mode 100755 index 42adf1e6b061f8ac616a3c1395362dcbbb4b9857..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=CoreOS Mark Ignition Boot Complete -Documentation=https://docs.fedoraproject.org/en-US/fedora-coreos/ -ConditionKernelCommandLine=ignition.firstboot -ConditionPathExists=!/run/ostree-live -RequiresMountsFor=/boot - -[Service] -Type=oneshot -RemainAfterExit=yes -# The MountFlags=slave is so we remount /boot temporarily writable; -# see https://github.com/ostreedev/ostree/issues/1265 for the bigger picture. -# This option creates a new mount namespace; from the point of view of -# everything else, /boot stays readonly. We only have a transient writable mount -# for the lifetime of the unit. -MountFlags=slave -ExecStart=/usr/libexec/coreos-ignition-firstboot-complete - -[Install] -# Part of basic.target so this happens early on in firstboot -WantedBy=basic.target diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service deleted file mode 100755 index d148d12cb207480282edb762a79cdc946c3cfce6..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service +++ /dev/null @@ -1,26 +0,0 @@ -# This is used by our test framework in coreos-assembler -# since for the "live ISO without Ignition" case we -# don't have an easy way to test it. -[Unit] -Description=CoreOS Live ISO virtio success -Documentation=https://github.com/coreos/fedora-coreos-config -# Only run on the Live ISO, and only if there's no Ignition config -ConditionKernelCommandLine=coreos.liveiso -ConditionPathExists=!/config.ign -ConditionVirtualization=|kvm -ConditionVirtualization=|qemu -# Start running late to help ensure that the below conditional works -After=systemd-user-sessions.service -ConditionPathExists=/dev/virtio-ports/coreos.liveiso-success - -[Service] -Type=simple -# Wait for a user session to start, then write a static message to the -# virtio channel, which https://github.com/coreos/coreos-assembler/pull/1330 -# knows how to read. We previously did "journalctl -f ... | head -1" here, -# but RHEL 8 has systemd 239, which has -# https://github.com/systemd/systemd/issues/9374. -ExecStart=/bin/sh -c 'while [ -z "$(loginctl list-sessions --no-legend)" ]; do sleep 1; done; echo coreos-liveiso-success > /dev/virtio-ports/coreos.liveiso-success' - -[Install] -WantedBy=multi-user.target diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service deleted file mode 100755 index d5e811f85b9224fe20de7af2fbec642e74c2cdf4..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service +++ /dev/null @@ -1,31 +0,0 @@ -# This service is currently specific to Fedora CoreOS, -# but we may want to add it to the base OS in the future. -# The idea here is to allow users to just drop in CA roots -# via Ignition without having to know to run the special -# update command. -[Unit] -Description=Run update-ca-trust -ConditionFirstBoot=true -# All services which use ConditionFirstBoot=yes should use -# Before=first-boot-complete.target, which is a target that -# was introduced in https://github.com/systemd/systemd/issues/4511 -# and hasn't propagated everywhere yet. Once the target propagates -# everywhere, we can drop the systemd-machine-id-commit.service -# from the Before= line. -Before=first-boot-complete.target systemd-machine-id-commit.service -Wants=first-boot-complete.target -ConditionDirectoryNotEmpty=/etc/pki/ca-trust/source/anchors/ -# We want to run quite early, in particular before anything -# that may speak TLS to external services. In the future, -# it may make sense to do this in the initramfs too. -DefaultDependencies=no -After=local-fs.target -Requires=local-fs.target - -[Service] -ExecStart=/usr/bin/update-ca-trust extract -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=basic.target diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf deleted file mode 100755 index 390f72723f0c94f4edef92a4f1eda67bf5607644..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf +++ /dev/null @@ -1,7 +0,0 @@ -# https://github.com/coreos/coreos-installer/commit/15a79263d0bd5d72056a6080f6687dc10cba2dda -# https://github.com/systemd/systemd/pull/10397 -# We want things like `systemd.unit=emergency.target` and `single` on the -# kernel command line to just work even with our locked root account. -# This file is used as an override for both emergency.target and rescue.target. -[Service] -Environment=SYSTEMD_SULOGIN_FORCE=1 diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf deleted file mode 100755 index a8a1f7adb7eeca4bd5e21ca0ee834efbf72396b5..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf +++ /dev/null @@ -1 +0,0 @@ -../emergency.service.d/coreos-sulogin-force.conf \ No newline at end of file diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf deleted file mode 100755 index fc1c8218a4ddd3bab76239d9d4234834daa8df23..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Temporary fix for https://github.com/coreos/fedora-coreos-tracker/issues/975 -# until https://github.com/ostreedev/ostree/issues/2115 is fixed. -[Unit] -After=ostree-remount.service diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf deleted file mode 100755 index fc7f00518b3a66b3df8a49a804502abbb86ee0ab..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf +++ /dev/null @@ -1,5 +0,0 @@ -# See the comment in 40-coreos-systemd.preset; we're -# keeping this even stronger disable override for now, -# but it may not really be necessary. -[Unit] -ConditionPathExists=/run/nosuchfile diff --git a/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules deleted file mode 100755 index e19c1c5b91040c470743915049f1fb9d75380883..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2016 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Name the attached disks as the specified by deviceName. - -ACTION!="add|change", GOTO="gce_disk_naming_end" -SUBSYSTEM!="block", GOTO="gce_disk_naming_end" - -# SCSI naming -KERNEL=="sd*|vd*", ENV{ID_VENDOR}=="Google", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode" - -# NVME naming -KERNEL=="nvme0n1*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-0" -KERNEL=="nvme0n2*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-1" -KERNEL=="nvme0n3*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-2" -KERNEL=="nvme0n4*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-3" -KERNEL=="nvme0n5*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-4" -KERNEL=="nvme0n6*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-5" -KERNEL=="nvme0n7*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-6" -KERNEL=="nvme0n8*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-7" -KERNEL=="nvme*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL}="Google_EphemeralDisk_$env{ID_SERIAL_SHORT}" - -# Symlinks -KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="disk", ENV{ID_VENDOR}=="Google", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}" -KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="partition", ENV{ID_VENDOR}=="Google", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}-part%n" - -LABEL="gce_disk_naming_end" diff --git a/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules deleted file mode 100755 index 59cf73bb0a424596836dd13efb4e0ea2f4d6aefd..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules +++ /dev/null @@ -1,4 +0,0 @@ -# Accelerated Networking on Azure exposes a new SRIOV interface to the VM. -# This interface is transparently bonded to the synthetic interface, -# so NetworkManager should just ignore any SRIOV interfaces. -SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1" diff --git a/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules deleted file mode 100755 index 385f262437206bb464771e16b899e1d543b96366..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules +++ /dev/null @@ -1,27 +0,0 @@ -# CoreOS-specific symlinks for dm-multipath filesystem labels, -# used for `label=boot` and `label=root`. - -ACTION=="remove", GOTO="dm_label_end" -SUBSYSTEM!="block", GOTO="dm_label_end" -KERNEL!="dm-*", GOTO="dm_label_end" - -# Ensure that the device mapper target is active -ENV{DM_SUSPENDED}=="1", GOTO="dm_label_end" - -# Only act on filesystems. This should prevent layered devices -# such as Raid on Multipath devices from appearing. -ENV{ID_FS_USAGE}!="filesystem", GOTO="dm_label_end" - -# And if the filesystem doesn't have a label+uuid, we're done. -ENV{ID_FS_LABEL_ENC}!="?*", GOTO="dm_label_end" -ENV{ID_FS_UUID_ENC}!="?*", GOTO="dm_label_end" - -# Setup up Multipath labels and UUID's. Match on DM_UUID which -# is stable regardless of whether friendly names are used or not. -# 66-kpartx.rules use DM_UUID to match for linear mappings on multipath -# targets. -ENV{DM_UUID}=="*mpath*" \ - , SYMLINK+="disk/by-label/dm-mpath-$env{ID_FS_LABEL_ENC}" \ - , SYMLINK+="disk/by-uuid/dm-mpath-$env{ID_FS_UUID_ENC}" - -LABEL="dm_label_end" diff --git a/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config b/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config deleted file mode 100755 index 794efe974eecb7b7b2e47db248f349a997939159..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/bash -set -euo pipefail - -IGNITION_RESULT=/etc/.ignition-result.json - -WARN='\033[0;33m' # yellow -RESET='\033[0m' # reset - -mkdir -p /run/issue.d -touch /run/issue.d/30_coreos_ignition_provisioning.issue - -d=$(date --date "$(jq -r .provisioningDate "${IGNITION_RESULT}")" +"%Y/%m/%d %H:%M:%S %Z") -ignitionBoot=$(jq -r .provisioningBootID "${IGNITION_RESULT}") -if [ $(cat /proc/sys/kernel/random/boot_id) = "${ignitionBoot}" ]; then - echo "Ignition: ran on ${d} (this boot)" \ - > /run/issue.d/30_coreos_ignition_provisioning.issue - - # checking for /run/ostree-live as the live system with persistent storage can run Ignition more than once - if ! test -f /run/ostree-live && jq -e .previousReport.provisioningDate "${IGNITION_RESULT}" &>/dev/null; then - prevdate=$(date --date "$(jq -r .previousReport.provisioningDate "${IGNITION_RESULT}")" +"%Y/%m/%d %H:%M:%S %Z") - cat << EOF > /etc/issue.d/30_coreos_ignition_run_more_than_once.issue -${WARN} -############################################################################ -WARNING: Ignition previously ran on ${prevdate}. Unexpected -behavior may occur. Ignition is not designed to run more than once per system. -############################################################################ -${RESET} -EOF - fi -else - nreboots=$(($(journalctl --list-boots | wc -l) - 1)) - [ "${nreboots}" -eq 1 ] && boot="boot" || boot="boots" - echo "Ignition: ran on ${d} (at least $nreboots $boot ago)" \ - > /run/issue.d/30_coreos_ignition_provisioning.issue -fi - -if jq -e .userConfigProvided "${IGNITION_RESULT}" &>/dev/null; then - echo "Ignition: user-provided config was applied" \ - >> /run/issue.d/30_coreos_ignition_provisioning.issue -else - echo -e "${WARN}Ignition: no config provided by user${RESET}" \ - >> /run/issue.d/30_coreos_ignition_provisioning.issue -fi - -# Our makeshift way of getting /run/issue.d semantics. See: -# https://github.com/coreos/console-login-helper-messages/blob/e06fc88ae8fbcc3a422bc8c686f70c15aebb9d9a/usr/lib/console-login-helper-messages/issue.defs#L8-L17 -ln -sf /run/issue.d/30_coreos_ignition_provisioning.issue /etc/issue.d/ diff --git a/nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete b/nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete deleted file mode 100755 index 3973d11e04a538a62ed8c542f96e21d814676506..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -euo pipefail - -mount -o remount,rw /boot - -if [[ $(uname -m) = s390x ]]; then - zipl -fi - -# We're done provisioning. Remove the whole /boot/ignition directory if present, -# which may include a baked Ignition config. See -# https://github.com/coreos/fedora-coreos-tracker/issues/889. -rm -rf /boot/ignition - -# Regarding the lack of `-f` for rm ; we should have only run if GRUB detected -# this file. Fail if we are unable to remove it, rather than risking rerunning -# Ignition at next boot. -rm /boot/ignition.firstboot diff --git a/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE deleted file mode 100755 index b81e261c59cc56e339a5d3b475b9ba43200b0395..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -Copyright 2018 Fedora CoreOS Authors. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - diff --git a/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md deleted file mode 100755 index ba7a3261a9a2bb2ad142891dd2b42445c38c1eeb..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# fedora-coreos-config - -Today most components of Fedora CoreOS are built as RPMs; this -is the main exception. fedora-coreos-config is "architecture-independent glue" -and the overhead of building an RPM for each change is onerous. - -It's also *the* central point of management (e.g. it contains lockfiles), so having it be -an RPM too would become circular. Instead, coreos-assembler directly consumes it. - -The upstream git repository is: https://github.com/coreos/fedora-coreos-config - -From a running system, to find the source commit use: -``` -$ rpm-ostree status -b --json | jq -r '.deployments[0]."base-commit-meta"."coreos-assembler.config-gitrev"' -c8dbed9ce223bf86737c82dd763670c8a34e950f -$ -``` diff --git a/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf b/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf deleted file mode 100755 index 0cc994e48b318ea4538fc983c6689920f23f1284..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf +++ /dev/null @@ -1,2 +0,0 @@ -# See https://bugzilla.redhat.com/show_bug.cgi?id=1700056 -blacklist nouveau diff --git a/nestos-config/overlay.d/08nouveau/statoverride b/nestos-config/overlay.d/08nouveau/statoverride deleted file mode 100755 index 27a95affe231775fe6dfa01c7fdf79a5f184575b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/08nouveau/statoverride +++ /dev/null @@ -1,2 +0,0 @@ -# Config file for overriding permission bits on overlay files/dirs -# Format: = diff --git a/nestos-config/overlay.d/09misc/etc/sysconfig/README b/nestos-config/overlay.d/09misc/etc/sysconfig/README deleted file mode 100755 index 4d8d9bb9304b579697fc757d5c9eaa64f0b98471..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/09misc/etc/sysconfig/README +++ /dev/null @@ -1,9 +0,0 @@ -This directory is a legacy of Red Hat Linux days. -Do not write new software that uses configuration -files here. Instead your software should use a regular -config file in `/etc/foo.conf`, a configuration directory -such as `/etc/foo/`. - -Where appropriate, it's also best practice to use "systemd style config" -where default config files live in `/usr/lib/foo` that can be -overridden in `/etc` and `/run`. diff --git a/nestos-config/overlay.d/09misc/statoverride b/nestos-config/overlay.d/09misc/statoverride deleted file mode 100755 index 27a95affe231775fe6dfa01c7fdf79a5f184575b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/09misc/statoverride +++ /dev/null @@ -1,2 +0,0 @@ -# Config file for overriding permission bits on overlay files/dirs -# Format: = diff --git a/nestos-config/overlay.d/14NetworkManager-plugins/statoverride b/nestos-config/overlay.d/14NetworkManager-plugins/statoverride deleted file mode 100755 index 27a95affe231775fe6dfa01c7fdf79a5f184575b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/14NetworkManager-plugins/statoverride +++ /dev/null @@ -1,2 +0,0 @@ -# Config file for overriding permission bits on overlay files/dirs -# Format: = diff --git a/nestos-config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf b/nestos-config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf deleted file mode 100755 index 3182f6702711be53476df04d635a4d21750b0394..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf +++ /dev/null @@ -1,9 +0,0 @@ -# Stop NetworkManager from trying to load the ifcfg-rh plugin by default, -# which we don't ship. This actually disables all default plugins, of which -# ifcfg-rh is currently the only one. -# -# Note that we must do this for now because `-=` syntax doesn't work -# with compiled-in defaults. Proposed upstream fix: -# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/491 -[main] -plugins= diff --git a/nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf b/nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf deleted file mode 100755 index 5785acd256888ee630a4c246975acaa5f7f5eed4..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Disable password logins by default. -# https://github.com/coreos/fedora-coreos-tracker/issues/138 -# This file must sort before 50-redhat.conf, which enables -# PasswordAuthentication. -PasswordAuthentication no diff --git a/nestos-config/overlay.d/15fcos/statoverride b/nestos-config/overlay.d/15fcos/statoverride deleted file mode 100755 index 27a95affe231775fe6dfa01c7fdf79a5f184575b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/statoverride +++ /dev/null @@ -1,2 +0,0 @@ -# Config file for overriding permission bits on overlay files/dirs -# Format: = diff --git a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign deleted file mode 100755 index 0d39b1686c192c34ab2a5ada5e5acceb73acebfe..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign +++ /dev/null @@ -1,16 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "storage": { - "files": [ - { - "path": "/etc/systemd/system/nm-cloud-setup.service.d/env-aws.conf", - "contents": { - "source": "data:,%5BService%5D%0AEnvironment%3DNM_CLOUD_SETUP_EC2%3Dyes%0A" - }, - "mode": 420 - } - ] - } -} diff --git a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign deleted file mode 100755 index ed2a5c5ac8e17c1a85209dce72acadbcffec60c6..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign +++ /dev/null @@ -1,16 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "storage": { - "files": [ - { - "path": "/etc/systemd/system/nm-cloud-setup.service.d/env-azure.conf", - "contents": { - "source": "data:,%5BService%5D%0AEnvironment%3DNM_CLOUD_SETUP_AZURE%3Dyes%0A" - }, - "mode": 420 - } - ] - } -} diff --git a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign deleted file mode 100755 index 22966dd36b0a1c5190b4d6430a62b4648b85541b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign +++ /dev/null @@ -1,16 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "storage": { - "files": [ - { - "path": "/etc/systemd/system/nm-cloud-setup.service.d/env-gcp.conf", - "contents": { - "source": "data:,%5BService%5D%0AEnvironment%3DNM_CLOUD_SETUP_GCP%3Dyes%0A" - }, - "mode": 420 - } - ] - } -} diff --git a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign deleted file mode 100755 index 98fc47ad332156ce52fa3907a9335660d94833a7..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign +++ /dev/null @@ -1,13 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "systemd": { - "units": [ - { - "enabled": true, - "name": "afterburn-sshkeys@core.service" - } - ] - } -} diff --git a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md deleted file mode 100755 index a9a2be9129e7e30b71842a52dd3252bebe94ae16..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md +++ /dev/null @@ -1 +0,0 @@ -FCOS enables `afterburn-sshkeys@core.service` from `30-afterburn-sshkeys-core.ign`, allowing the user to prevent Ignition from enabling the service with a user config if the user wants to change the username. Unlike FCOS, RHCOS doesn't fetch SSH keys from cloud providers and thus doesn't need `afterburn-sshkeys@core.service`. diff --git a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh deleted file mode 100755 index 8e9f9d923dab24aaca440d03ade8165a2cdeb469..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- -# ex: ts=8 sw=4 sts=4 et filetype=sh - -depends() { - echo ignition -} - -install() { - mkdir -p "$initdir/usr/lib/ignition/base.d" - mkdir -p "$initdir/usr/lib/ignition/base.platform.d" - - # Common entries - inst "$moddir/30-afterburn-sshkeys-core.ign" \ - "/usr/lib/ignition/base.d/30-afterburn-sshkeys-core.ign" - - # Platform specific: aws - mkdir -p "$initdir/usr/lib/ignition/base.platform.d/aws" - inst "$moddir/20-aws-nm-cloud-setup.ign" \ - "/usr/lib/ignition/base.platform.d/aws/20-aws-nm-cloud-setup.ign" - - # Platform specific: azure - mkdir -p "$initdir/usr/lib/ignition/base.platform.d/azure" - inst "$moddir/20-azure-nm-cloud-setup.ign" \ - "/usr/lib/ignition/base.platform.d/azure/20-azure-nm-cloud-setup.ign" - - # Platform specific: gcp - mkdir -p "$initdir/usr/lib/ignition/base.platform.d/gcp" - inst "$moddir/20-gcp-nm-cloud-setup.ign" \ - "/usr/lib/ignition/base.platform.d/gcp/20-gcp-nm-cloud-setup.ign" -} diff --git a/nestos-config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd b/nestos-config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd deleted file mode 100755 index 837cc57ccfbfbbb07cfe22f4541f00d890ec44fe..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd +++ /dev/null @@ -1,3 +0,0 @@ -Tracker: https://github.com/coreos/fedora-coreos-tracker -Discuss: https://discussion.fedoraproject.org/c/server/coreos/ - diff --git a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset deleted file mode 100755 index ad082ac3674f1d336c504abab1400e1607585ab6..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ /dev/null @@ -1,8 +0,0 @@ -# User metrics client -enable fedora-coreos-pinger.service -enable coreos-check-ssh-keys.service -# Check if cgroupsv1 is still being used -enable coreos-check-cgroups.service -# Clean up injected Ignition config in /boot on upgrade -# https://github.com/coreos/fedora-coreos-tracker/issues/889 -enable coreos-cleanup-ignition-config.service diff --git a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service deleted file mode 100755 index 18e4b85ad7501bede7a66bba73ffff0fc6c6b5ed..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service +++ /dev/null @@ -1,11 +0,0 @@ -# This service is used for printing a message if -# cgroups v1 is still being used -[Unit] -Description=Check if cgroupsv1 is still being used -ConditionControlGroupController=v1 -[Service] -Type=oneshot -ExecStart=/usr/libexec/coreos-check-cgroups -RemainAfterExit=yes -[Install] -WantedBy=multi-user.target diff --git a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service deleted file mode 100755 index 858e7ed693d05eb2b9a4ea30c050b425ed1d28c8..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service +++ /dev/null @@ -1,24 +0,0 @@ -# This service is used for printing a message if no ssh keys were added -# by Ignition/Afterburn -[Unit] -Description=Check that ssh-keys are added by Afterburn/Ignition -# It allows other units to synchronize around any instance -# of `afterburn-sshkeys@` and not just the `core` user. -# See https://github.com/coreos/afterburn/pull/481 -After=afterburn-sshkeys.target -# Only perform checks on the first (Ignition) boot as they are -# mostly useful only on that boot. This ensures systems started -# before Ignition/Afterburn started logging structured data don't -# get misleading messages. Also handles the case where the journal -# gets rotated and no longer has the structured log messages. -ConditionKernelCommandLine=ignition.firstboot -# Run before user sessions to avoid reloading agetty -Before=systemd-user-sessions.service - -[Service] -Type=oneshot -ProtectHome=read-only -ExecStart=/usr/libexec/coreos-check-ssh-keys -RemainAfterExit=yes -[Install] -WantedBy=multi-user.target diff --git a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service deleted file mode 100755 index bb923418ddf303f0cf6b191ad9bbc9fa09fe4a53..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Clean Up Injected Ignition Config in /boot -Documentation=https://github.com/coreos/fedora-coreos-tracker/issues/889 -# Newer Ignition will handle this on first boot; we only want to clean up -# leftover configs on upgrade. Disambiguate those two code paths for tests. -ConditionKernelCommandLine=!ignition.firstboot -RequiresMountsFor=/boot -ConditionPathExists=/boot/ignition - -[Service] -Type=oneshot -ExecStart=/usr/libexec/coreos-cleanup-ignition-config -RemainAfterExit=yes -# MountFlags=slave ensures the rw mount of /boot is private to the unit -MountFlags=slave - -[Install] -WantedBy=multi-user.target diff --git a/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups deleted file mode 100755 index 39a68b7178e610646801ca1fcd96703720103c5d..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/bash -# This script checks if the system is still using cgroups v1 -# and prints a message to the serial console. - -# Change the output color to yellow -warn=$(echo -e '\033[0;33m') -# No color -nc=$(echo -e '\033[0m') - -motd_path=/run/motd.d/30_cgroupsv1_warning.motd - -cat << EOF > "${motd_path}" -${warn} -############################################################################ -WARNING: This system is using cgroups v1. For increased reliability -it is strongly recommended to migrate this system and your workloads -to use cgroups v2. For instructions on how to adjust kernel arguments -to use cgroups v2, see: -https://docs.fedoraproject.org/en-US/fedora-coreos/kernel-args/ - -To disable this warning, use: -sudo systemctl disable coreos-check-cgroups.service -############################################################################ -${nc} -EOF diff --git a/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys deleted file mode 100755 index 7a7bc350793f11bc37da08237cd7c8b41139e36d..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/bash -# This script will print a message in the serial console -# if no ssh keys were added by Ignition/Afterburn. -main() { - # Change the output color to yellow - warn='\033[0;33m' - # No color - nc='\033[0m' - - # See https://github.com/coreos/ignition/pull/964 for the MESSAGE_ID - # source. It will track the authorized-ssh-keys entries in journald - # provided via Ignition. - ignitionusers=$( - journalctl -o json-pretty MESSAGE_ID=225067b87bbd4a0cb6ab151f82fa364b | \ - jq -r '.MESSAGE' | \ - xargs -I{} echo "Ignition: {}") - - # See https://github.com/coreos/afterburn/pull/397 for the MESSAGE_ID - # source. It will track the authorized-ssh-keys entries in journald - # provided via Afterburn. - afterburnusers=$( - journalctl -o json-pretty MESSAGE_ID=0f7d7a502f2d433caa1323440a6b4190 | \ - jq -r '.MESSAGE' | \ - xargs -I{} echo "Afterburn: {}") - - output='' - if [ -n "$ignitionusers" ]; then - output+="$ignitionusers" - fi - if [ -n "$afterburnusers" ]; then - # add newline if needed - if [ -n "$output" ]; then - output+=$'\n' - fi - output+="$afterburnusers" - fi - - if [ -n "$output" ]; then - echo "$output" > /etc/issue.d/30_ssh_authorized_keys.issue - else - echo -e "${warn}No SSH authorized keys provided by Ignition or Afterburn${nc}" \ - > /etc/issue.d/30_ssh_authorized_keys.issue - fi -} - -main diff --git a/nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config deleted file mode 100755 index ee76687c0ab0b807e23843d8a738848ac197e92b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/bash -# -# Clean up existing nodes that have a world-readable /boot/ignition/config.ign. -# Remove this after the next barrier release on all streams. -# https://github.com/coreos/fedora-coreos-tracker/issues/889 - -set -euo pipefail - -mount -o remount,rw /boot -rm -rf /boot/ignition diff --git a/nestos-config/overlay.d/20platform-chrony/statoverride b/nestos-config/overlay.d/20platform-chrony/statoverride deleted file mode 100755 index 27a95affe231775fe6dfa01c7fdf79a5f184575b..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/20platform-chrony/statoverride +++ /dev/null @@ -1,2 +0,0 @@ -# Config file for overriding permission bits on overlay files/dirs -# Format: = diff --git a/nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony b/nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony deleted file mode 100755 index 958c6e1732a30943c182303f09d9a846ed31c498..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash -set -euo pipefail -# Configuring the timeserver for the platform is often handled -# by pre-baking a config into a particular image for a platform, but -# that doesn't work for us because we have a single update stream. Hence -# this generator dynamically inspects the platform and reconfigures chrony. -# -# AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html -# Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync -# GCP: https://cloud.google.com/compute/docs/instances/managing-instances#configure-ntp -# -# Originally spawned from discussion in https://github.com/openshift/installer/pull/3513 - -# Generators don't have logging right now -# https://github.com/systemd/systemd/issues/15638 -exec 1>/dev/kmsg; exec 2>&1 - -self=$(basename $0) -confpath=/run/coreos-platform-chrony.conf - -# Yeah this isn't a completely accurate kernel argument parser but -# we don't have one shared across shell services at the moment. -platform="$(grep -Eo ' ignition.platform.id=[a-z]+' /proc/cmdline | cut -f 2 -d =)" -case "${platform}" in - azure|aws|gcp) ;; # OK, this is a platform we know how to support - *) exit 0 ;; -esac - -# Exit early if we have already been run once -if [[ -f "${confpath}" ]]; then - echo "$self: ${confpath} already exists; skipping" - exit 0 -fi - -# Exit early if chrony configuration as been changed from the image default -if ! cmp {/usr,}/etc/chrony.conf >/dev/null; then - echo "$self: /etc/chrony.conf is modified; not changing the default" - exit 0 -fi - -# If not set already (by host customization or this script), set -# PEERNTP=no so that DHCP-provided NTP servers are not added to chrony. -# By doing this we assume the better NTP server choice is the -# platform-provided link-local NTP server rather than others from DHCP. -# TODO: once https://bugzilla.redhat.com/show_bug.cgi?id=1828434 is -# resolved, this won't be required. -if [ ! -e /etc/sysconfig/network ] || ! grep -q "PEERNTP" /etc/sysconfig/network; then - cat <> /etc/sysconfig/network -# PEERNTP=no is automatically added by default when a platform-provided time -# source is available, but this behavior may be overridden through an Ignition -# config specifying PEERNTP=yes. See https://github.com/coreos/fedora-coreos-config/pull/412. -PEERNTP=no -EOF -fi - -(echo "# Generated by $self - do not edit directly" - sed -e s,'^makestep,#makestep,' -e s,'^pool,#pool,' -e s,'^leapsectz,#leapsectz,' < /etc/chrony.conf -cat < "${confpath}" -case "${platform}" in - azure) - (echo '# See also https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync' - echo 'refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0' - echo 'leapsectz right/UTC' - ) >> "${confpath}" ;; - aws) - (echo '# See also https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html' - echo 'server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4' - ) >> "${confpath}" ;; - gcp) - (echo '# See also https://cloud.google.com/compute/docs/instances/managing-instances#configure-ntp' - echo '# and https://cloud.google.com/compute/docs/images/configuring-imported-images' - echo 'server metadata.google.internal prefer iburst' - ) >> "${confpath}" ;; - *) echo "should not be reached" 1>&2; exit 1 ;; -esac -# Policy doesn't allow chronyd to read run_t -chcon --reference=/etc/chrony.conf "${confpath}" - -UNIT_DIR="${1:-/tmp}" - -unitconfpath="${UNIT_DIR}/chronyd.service.d/coreos-platform-chrony.conf" -mkdir -p $(dirname "${unitconfpath}") -cat >"${unitconfpath}" << EOF -[Service] -ExecStart= -ExecStart=/usr/sbin/chronyd -f ${confpath} \$OPTIONS -EOF - -echo "$self: Updated chrony to use ${platform} configuration ${confpath}" diff --git a/nestos-config/overlay.d/README.md b/nestos-config/overlay.d/README.md deleted file mode 100755 index 384112faec6be6209bddf12df54b2583bfc0e689..0000000000000000000000000000000000000000 --- a/nestos-config/overlay.d/README.md +++ /dev/null @@ -1,43 +0,0 @@ -05core ------ - -This overlay matches `fedora-coreos-base.yaml`; core Ignition+ostree bits. - -08nouveau ---------- - -Blacklist the nouveau driver because it causes issues with some NVidia GPUs in EC2, -and we don't have a use case for FCOS with nouveau. - -"Cannot boot an p3.2xlarge instance with RHCOS (g3.4xlarge is working)" -https://bugzilla.redhat.com/show_bug.cgi?id=1700056 - -09misc ------- - -Warning about `/etc/sysconfig`. - -14NetworkManager-plugins ------------------------- - -Disables the Red Hat Linux legacy `ifcfg` format. - -15fcos ------- - -Things that are more closely "Fedora CoreOS": - -* disable password logins by default over SSH -* enable SSH keys written by Ignition and Afterburn -* branding (MOTD) -* enable services by default (fedora-coreos-pinger) -* display warnings on the console if no ignition config was provided or no ssh - key found. - -20platform-chrony ------------------ - -Add static chrony configuration for NTP servers provided on platforms -such as `azure`, `aws`, `gcp`. The chrony config for these NTP servers -should override other chrony configuration (e.g. DHCP-provided) -configuration. diff --git "a/test/NestOS 22.03 \347\211\210\346\234\254\346\265\213\350\257\225\347\255\226\347\225\245.md" "b/release/NestOS-22.03/QA/NestOS 22.03 \347\211\210\346\234\254\346\265\213\350\257\225\347\255\226\347\225\245.md" similarity index 100% rename from "test/NestOS 22.03 \347\211\210\346\234\254\346\265\213\350\257\225\347\255\226\347\225\245.md" rename to "release/NestOS-22.03/QA/NestOS 22.03 \347\211\210\346\234\254\346\265\213\350\257\225\347\255\226\347\225\245.md" diff --git "a/test/openEuler 22.03 LTS\347\211\210\346\234\254NestOS\347\211\271\346\200\247\346\265\213\350\257\225\346\212\245\345\221\212.md" "b/release/NestOS-22.03/QA/openEuler 22.03 LTS\347\211\210\346\234\254NestOS\347\211\271\346\200\247\346\265\213\350\257\225\346\212\245\345\221\212.md" similarity index 100% rename from "test/openEuler 22.03 LTS\347\211\210\346\234\254NestOS\347\211\271\346\200\247\346\265\213\350\257\225\346\212\245\345\221\212.md" rename to "release/NestOS-22.03/QA/openEuler 22.03 LTS\347\211\210\346\234\254NestOS\347\211\271\346\200\247\346\265\213\350\257\225\346\212\245\345\221\212.md" diff --git "a/test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/container.ign" "b/release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/container.ign" similarity index 100% rename from "test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/container.ign" rename to "release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/container.ign" diff --git "a/test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/file.ign" "b/release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/file.ign" similarity index 100% rename from "test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/file.ign" rename to "release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/file.ign" diff --git "a/test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/hostname.ign" "b/release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/hostname.ign" similarity index 100% rename from "test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/hostname.ign" rename to "release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/hostname.ign" diff --git "a/test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/kernel.ign" "b/release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/kernel.ign" similarity index 100% rename from "test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/kernel.ign" rename to "release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/kernel.ign" diff --git "a/test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/network.ign" "b/release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/network.ign" similarity index 100% rename from "test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/network.ign" rename to "release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/network.ign" diff --git "a/test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/storage.ign" "b/release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/storage.ign" similarity index 100% rename from "test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/storage.ign" rename to "release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/storage.ign" diff --git "a/test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/time.ign" "b/release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/time.ign" similarity index 100% rename from "test/ignition\346\265\213\350\257\225\347\224\250\344\276\213/time.ign" rename to "release/NestOS-22.03/QA/\346\265\213\350\257\225\347\224\250\344\276\213/time.ign" diff --git a/release/NestOS-22.03/package_list/nestos-22.03.20220329.json b/release/NestOS-22.03/package_list/nestos-22.03.20220329.json new file mode 100644 index 0000000000000000000000000000000000000000..03c3104d24bf14dfae15c81ef322df2d02b34e50 --- /dev/null +++ b/release/NestOS-22.03/package_list/nestos-22.03.20220329.json @@ -0,0 +1,1140 @@ +{ + "packages": { + "ModemManager-glib": { + "evra": "1.14.8-1.oe2203.x86_64" + }, + "NetworkManager": { + "evra": "1:1.32.12-8.oe2203.x86_64" + }, + "NetworkManager-libnm": { + "evra": "1:1.32.12-8.oe2203.x86_64" + }, + "WALinuxAgent-udev": { + "evra": "2.2.52-1.oe2203.noarch" + }, + "abseil-cpp": { + "evra": "20210324.2-1.oe2203.x86_64" + }, + "acl": { + "evra": "2.3.1-1.oe2203.x86_64" + }, + "adcli": { + "evra": "0.9.1-2.oe2203.x86_64" + }, + "afterburn": { + "evra": "5.1.0-1.oe2203.x86_64" + }, + "afterburn-dracut": { + "evra": "5.1.0-1.oe2203.x86_64" + }, + "attr": { + "evra": "2.5.1-2.oe2203.x86_64" + }, + "audit-libs": { + "evra": "1:3.0.1-3.oe2203.x86_64" + }, + "avahi-libs": { + "evra": "0.8-12.oe2203.x86_64" + }, + "basesystem": { + "evra": "12-2.oe2203.noarch" + }, + "bash": { + "evra": "5.1.8-1.oe2203.x86_64" + }, + "bash-completion": { + "evra": "1:2.11-1.oe2203.noarch" + }, + "bc": { + "evra": "1.07.1-10.oe2203.x86_64" + }, + "bind-libs": { + "evra": "32:9.16.23-6.oe2203.x86_64" + }, + "bind-license": { + "evra": "32:9.16.23-6.oe2203.noarch" + }, + "bind-utils": { + "evra": "32:9.16.23-6.oe2203.x86_64" + }, + "bluez-libs": { + "evra": "5.54-13.oe2203.x86_64" + }, + "bootupd": { + "evra": "0.2.5-1.oe2203.x86_64" + }, + "brotli": { + "evra": "1.0.9-2.oe2203.x86_64" + }, + "bsdtar": { + "evra": "3.5.2-1.oe2203.x86_64" + }, + "btrfs-progs": { + "evra": "5.15-1.oe2203.x86_64" + }, + "bubblewrap": { + "evra": "0.4.1-1.oe2203.x86_64" + }, + "bzip2": { + "evra": "1.0.8-4.oe2203.x86_64" + }, + "c-ares": { + "evra": "1.18.1-1.oe2203.x86_64" + }, + "ca-certificates": { + "evra": "2021.2.52-1.oe2203.noarch" + }, + "catatonit": { + "evra": "0.1.7-2.oe2203.x86_64" + }, + "chkconfig": { + "evra": "1.20-1.oe2203.x86_64" + }, + "chrony": { + "evra": "4.1-1.oe2203.x86_64" + }, + "cifs-utils": { + "evra": "6.14-2.oe2203.x86_64" + }, + "clevis": { + "evra": "18-1.oe2203.x86_64" + }, + "clevis-dracut": { + "evra": "18-1.oe2203.x86_64" + }, + "clevis-systemd": { + "evra": "18-1.oe2203.x86_64" + }, + "clibcni": { + "evra": "2.0.7-1.oe2203.x86_64" + }, + "cloud-utils-growpart": { + "evra": "0.32-1.oe2203.x86_64" + }, + "conmon": { + "evra": "2:2.0.2-4.oe2203.x86_64" + }, + "console-login-helper-messages": { + "evra": "0.21.2-1.oe2203.noarch" + }, + "console-login-helper-messages-issuegen": { + "evra": "0.21.2-1.oe2203.noarch" + }, + "console-login-helper-messages-motdgen": { + "evra": "0.21.2-1.oe2203.noarch" + }, + "console-login-helper-messages-profile": { + "evra": "0.21.2-1.oe2203.noarch" + }, + "container-selinux": { + "evra": "2:2.138-4.oe2203.noarch" + }, + "containernetworking-plugins": { + "evra": "1.0.1-2.oe2203.x86_64" + }, + "containers-common": { + "evra": "1:1.5.2-1.oe2203.x86_64" + }, + "coreutils": { + "evra": "9.0-3.oe2203.x86_64" + }, + "cpio": { + "evra": "2.13-6.oe2203.x86_64" + }, + "cracklib": { + "evra": "2.9.7-8.oe2203.x86_64" + }, + "cri-o": { + "evra": "1.22.1-1.oe2203.x86_64" + }, + "cri-tools": { + "evra": "1.22.0-1.oe2203.x86_64" + }, + "criu": { + "evra": "3.16.1-3.oe2203.x86_64" + }, + "crontabs": { + "evra": "1.11-22.oe2203.noarch" + }, + "crun": { + "evra": "1.4.3-1.oe2203.x86_64" + }, + "crypto-policies": { + "evra": "20200619-3.git781bbd4.oe2203.noarch" + }, + "cryptsetup": { + "evra": "2.4.1-1.oe2203.x86_64" + }, + "cups-libs": { + "evra": "1:2.4.0-1.oe2203.x86_64" + }, + "curl": { + "evra": "7.79.1-4.oe2203.x86_64" + }, + "cyrus-sasl": { + "evra": "2.1.27-13.oe2203.x86_64" + }, + "cyrus-sasl-lib": { + "evra": "2.1.27-13.oe2203.x86_64" + }, + "dbus": { + "evra": "1:1.12.20-6.oe2203.x86_64" + }, + "dbus-common": { + "evra": "1:1.12.20-6.oe2203.noarch" + }, + "dbus-daemon": { + "evra": "1:1.12.20-6.oe2203.x86_64" + }, + "dbus-libs": { + "evra": "1:1.12.20-6.oe2203.x86_64" + }, + "dbus-tools": { + "evra": "1:1.12.20-6.oe2203.x86_64" + }, + "dbxtool": { + "evra": "8-10.oe2203.x86_64" + }, + "device-mapper": { + "evra": "8:1.02.181-4.oe2203.x86_64" + }, + "device-mapper-event": { + "evra": "8:1.02.181-4.oe2203.x86_64" + }, + "dhcp": { + "evra": "12:4.4.2-11.oe2203.x86_64" + }, + "diffutils": { + "evra": "3.8-2.oe2203.x86_64" + }, + "ding-libs": { + "evra": "0.6.1-42.oe2203.x86_64" + }, + "dnsmasq": { + "evra": "2.86-1.oe2203.x86_64" + }, + "docker-engine": { + "evra": "18.09.0-119.oe2203.x86_64" + }, + "docker-runc": { + "evra": "1.0.0.rc3-116.oe2203.x86_64" + }, + "dosfstools": { + "evra": "4.2-1.oe2203.x86_64" + }, + "dracut": { + "evra": "055-4.oe2203.x86_64" + }, + "dracut-network": { + "evra": "055-4.oe2203.x86_64" + }, + "dracut-squash": { + "evra": "055-4.oe2203.x86_64" + }, + "e2fsprogs": { + "evra": "1.46.4-7.oe2203.x86_64" + }, + "efi-filesystem": { + "evra": "4-3.oe2203.noarch" + }, + "efibootmgr": { + "evra": "17-1.oe2203.x86_64" + }, + "efivar": { + "evra": "37-7.oe2203.x86_64" + }, + "efivar-libs": { + "evra": "37-7.oe2203.x86_64" + }, + "elfutils": { + "evra": "0.185-5.oe2203.x86_64" + }, + "emacs-filesystem": { + "evra": "1:27.2-4.oe2203.noarch" + }, + "ethtool": { + "evra": "2:5.15-1.oe2203.x86_64" + }, + "expat": { + "evra": "2.4.1-5.oe2203.x86_64" + }, + "file": { + "evra": "5.41-1.oe2203.x86_64" + }, + "file-libs": { + "evra": "5.41-1.oe2203.x86_64" + }, + "filesystem": { + "evra": "3.16-4.oe2203.x86_64" + }, + "findutils": { + "evra": "2:4.8.0-3.oe2203.x86_64" + }, + "freetype": { + "evra": "2.11.0-1.oe2203.x86_64" + }, + "fuse": { + "evra": "2.9.9-9.oe2203.x86_64" + }, + "fuse-common": { + "evra": "3.10.5-3.oe2203.x86_64" + }, + "fuse-overlayfs": { + "evra": "1.5.0-1.oe2203.x86_64" + }, + "fuse-sshfs": { + "evra": "3.7.1-1.oe2203.x86_64" + }, + "fuse3": { + "evra": "3.10.5-3.oe2203.x86_64" + }, + "fwupd": { + "evra": "1.2.9-4.oe2203.x86_64" + }, + "gawk": { + "evra": "5.1.1-1.oe2203.x86_64" + }, + "gcab": { + "evra": "1.4-2.oe2203.x86_64" + }, + "gdbm": { + "evra": "1:1.22-3.oe2203.x86_64" + }, + "gdisk": { + "evra": "1.0.8-2.oe2203.x86_64" + }, + "gettext": { + "evra": "0.21-4.oe2203.x86_64" + }, + "gflags": { + "evra": "2.2.2-2.oe2203.x86_64" + }, + "git-core": { + "evra": "2.33.0-2.oe2203.x86_64" + }, + "glib-networking": { + "evra": "2.68.1-2.oe2203.x86_64" + }, + "glib2": { + "evra": "2.68.1-10.oe2203.x86_64" + }, + "glibc": { + "evra": "2.34-69.oe2203.x86_64" + }, + "glibc-common": { + "evra": "2.34-69.oe2203.x86_64" + }, + "gmp": { + "evra": "1:6.2.1-1.oe2203.x86_64" + }, + "gnupg2": { + "evra": "2.2.32-1.oe2203.x86_64" + }, + "gnutls": { + "evra": "3.7.2-2.oe2203.x86_64" + }, + "gpgme": { + "evra": "1.16.0-1.oe2203.x86_64" + }, + "grep": { + "evra": "3.7-3.oe2203.x86_64" + }, + "groff-base": { + "evra": "1.22.4-9.oe2203.x86_64" + }, + "grpc": { + "evra": "1.41.1-2.oe2203.x86_64" + }, + "grub2-common": { + "evra": "1:2.04-19.oe2203.noarch" + }, + "grub2-efi-x64": { + "evra": "1:2.04-19.oe2203.x86_64" + }, + "grub2-pc": { + "evra": "1:2.04-19.oe2203.x86_64" + }, + "grub2-pc-modules": { + "evra": "1:2.04-19.oe2203.noarch" + }, + "grub2-tools": { + "evra": "1:2.04-19.oe2203.x86_64" + }, + "grub2-tools-extra": { + "evra": "1:2.04-19.oe2203.x86_64" + }, + "grub2-tools-minimal": { + "evra": "1:2.04-19.oe2203.x86_64" + }, + "grubby": { + "evra": "8.40-28.oe2203.x86_64" + }, + "gsettings-desktop-schemas": { + "evra": "41.0-1.oe2203.x86_64" + }, + "gzip": { + "evra": "1.11-3.oe2203.x86_64" + }, + "hostname": { + "evra": "3.21-2.oe2203.x86_64" + }, + "http-parser": { + "evra": "2.9.4-1.oe2203.x86_64" + }, + "iSulad": { + "evra": "2.0.11-6.oe2203.x86_64" + }, + "ignition": { + "evra": "2.9.0-1.oe2203.x86_64" + }, + "ima-evm-utils-libs": { + "evra": "1.3.2-3.oe2203.x86_64" + }, + "info": { + "evra": "6.8-3.oe2203.x86_64" + }, + "inih": { + "evra": "49-1.oe2203.x86_64" + }, + "initscripts": { + "evra": "10.12-1.oe2203.x86_64" + }, + "initscripts-service": { + "evra": "10.12-1.oe2203.noarch" + }, + "ipcalc": { + "evra": "1.0.1-1.oe2203.x86_64" + }, + "iproute": { + "evra": "5.15.0-3.oe2203.x86_64" + }, + "iptables": { + "evra": "1.8.7-6.oe2203.x86_64" + }, + "iptables-libs": { + "evra": "1.8.7-6.oe2203.x86_64" + }, + "iputils": { + "evra": "20210722-4.oe2203.x86_64" + }, + "irqbalance": { + "evra": "3:1.8.0-7.oe2203.x86_64" + }, + "jansson": { + "evra": "2.14-1.oe2203.x86_64" + }, + "jose": { + "evra": "11-1.oe2203.x86_64" + }, + "jq": { + "evra": "1.6-2.oe2203.x86_64" + }, + "json-c": { + "evra": "0.15-1.oe2203.x86_64" + }, + "json-glib": { + "evra": "1.6.2-2.oe2203.x86_64" + }, + "kbd": { + "evra": "2.4.0-1.oe2203.x86_64" + }, + "kbd-legacy": { + "evra": "2.4.0-1.oe2203.noarch" + }, + "kbd-misc": { + "evra": "2.4.0-1.oe2203.noarch" + }, + "kernel": { + "evra": "5.10.0-52.0.0.26.oe2203.x86_64" + }, + "kexec-tools": { + "evra": "2.0.23-4.oe2203.x86_64" + }, + "keyutils": { + "evra": "1.6.3-3.oe2203.x86_64" + }, + "keyutils-libs": { + "evra": "1.6.3-3.oe2203.x86_64" + }, + "kmod": { + "evra": "29-4.oe2203.x86_64" + }, + "kmod-libs": { + "evra": "29-4.oe2203.x86_64" + }, + "kpartx": { + "evra": "0.8.7-2.oe2203.x86_64" + }, + "krb5-libs": { + "evra": "1.19.2-2.oe2203.x86_64" + }, + "lcr": { + "evra": "2.0.7-2.oe2203.x86_64" + }, + "less": { + "evra": "590-1.oe2203.x86_64" + }, + "lib-shim-v2": { + "evra": "0.0.1-3.oe2203.x86_64" + }, + "libacl": { + "evra": "2.3.1-1.oe2203.x86_64" + }, + "libaio": { + "evra": "0.3.112-2.oe2203.x86_64" + }, + "libarchive": { + "evra": "3.5.2-1.oe2203.x86_64" + }, + "libargon2": { + "evra": "20190702-1.oe2203.x86_64" + }, + "libassuan": { + "evra": "2.5.5-1.oe2203.x86_64" + }, + "libblkid": { + "evra": "2.37.2-3.oe2203.x86_64" + }, + "libbpf": { + "evra": "2:0.3-1.h0.oe2203.x86_64" + }, + "libcap": { + "evra": "2.61-1.oe2203.x86_64" + }, + "libcap-ng": { + "evra": "0.8.2-1.oe2203.x86_64" + }, + "libcgroup": { + "evra": "0.42.2-1.oe2203.x86_64" + }, + "libcurl": { + "evra": "7.79.1-4.oe2203.x86_64" + }, + "libdaemon": { + "evra": "0.14-20.oe2203.x86_64" + }, + "libedit": { + "evra": "3.1-28.oe2203.x86_64" + }, + "libev": { + "evra": "4.33-2.oe2203.x86_64" + }, + "libevent": { + "evra": "2.1.12-4.oe2203.x86_64" + }, + "libfdisk": { + "evra": "2.37.2-3.oe2203.x86_64" + }, + "libffi": { + "evra": "3.4.2-2.oe2203.x86_64" + }, + "libgcc": { + "evra": "10.3.1-10.oe2203.x86_64" + }, + "libgcrypt": { + "evra": "1.9.4-1.oe2203.x86_64" + }, + "libgomp": { + "evra": "10.3.1-10.oe2203.x86_64" + }, + "libgpg-error": { + "evra": "1.43-1.oe2203.x86_64" + }, + "libgudev": { + "evra": "237-1.oe2203.x86_64" + }, + "libgusb": { + "evra": "0.3.8-1.oe2203.x86_64" + }, + "libicu": { + "evra": "69.1-1.oe2203.x86_64" + }, + "libidn2": { + "evra": "2.3.2-2.oe2203.x86_64" + }, + "libipa_hbac": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "libkcapi": { + "evra": "1.3.1-3.oe2203.x86_64" + }, + "libksba": { + "evra": "1.6.0-1.oe2203.x86_64" + }, + "libldb": { + "evra": "2.4.1-1.oe2203.x86_64" + }, + "libmnl": { + "evra": "1.0.4-10.oe2203.x86_64" + }, + "libmodulemd": { + "evra": "2.13.0-1.oe2203.x86_64" + }, + "libmount": { + "evra": "2.37.2-3.oe2203.x86_64" + }, + "libndp": { + "evra": "1.8-1.oe2203.x86_64" + }, + "libnet": { + "evra": "1.2-1.oe2203.x86_64" + }, + "libnetfilter_conntrack": { + "evra": "1.0.8-2.oe2203.x86_64" + }, + "libnfnetlink": { + "evra": "1.0.1-15.oe2203.x86_64" + }, + "libnfsidmap": { + "evra": "1:2.5.4-3.oe2203.x86_64" + }, + "libnftnl": { + "evra": "1.2.0-1.oe2203.x86_64" + }, + "libnghttp2": { + "evra": "1.46.0-1.oe2203.x86_64" + }, + "libnl3": { + "evra": "3.5.0-4.oe2203.x86_64" + }, + "libnsl2": { + "evra": "2.0.0-3.oe2203.x86_64" + }, + "libpcap": { + "evra": "14:1.10.1-2.oe2203.x86_64" + }, + "libpipeline": { + "evra": "1.5.4-1.oe2203.x86_64" + }, + "libpng": { + "evra": "2:1.6.37-2.oe2203.x86_64" + }, + "libproxy": { + "evra": "0.4.17-1.oe2203.x86_64" + }, + "libpsl": { + "evra": "0.21.1-4.oe2203.x86_64" + }, + "libpwquality": { + "evra": "1.4.4-1.oe2203.x86_64" + }, + "librepo": { + "evra": "1.14.2-2.oe2203.x86_64" + }, + "libseccomp": { + "evra": "2.5.3-1.oe2203.x86_64" + }, + "libselinux": { + "evra": "3.3-1.oe2203.x86_64" + }, + "libsemanage": { + "evra": "3.3-3.oe2203.x86_64" + }, + "libsepol": { + "evra": "3.3-2.oe2203.x86_64" + }, + "libsigsegv": { + "evra": "2.13-1.oe2203.x86_64" + }, + "libslirp": { + "evra": "4.4.0-1.oe2203.x86_64" + }, + "libsmartcols": { + "evra": "2.37.2-3.oe2203.x86_64" + }, + "libsmbclient": { + "evra": "4.15.3-4.oe2203.x86_64" + }, + "libsmbios": { + "evra": "2.4.2-3.oe2203.x86_64" + }, + "libsolv": { + "evra": "0.7.20-1.oe2203.x86_64" + }, + "libsoup": { + "evra": "2.74.2-1.oe2203.x86_64" + }, + "libssh": { + "evra": "0.9.6-2.oe2203.x86_64" + }, + "libsss_certmap": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "libsss_idmap": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "libsss_nss_idmap": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "libsss_sudo": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "libstdc++": { + "evra": "10.3.1-10.oe2203.x86_64" + }, + "libtalloc": { + "evra": "2.3.3-1.oe2203.x86_64" + }, + "libtasn1": { + "evra": "4.17.0-1.oe2203.x86_64" + }, + "libtdb": { + "evra": "1.4.5-1.oe2203.x86_64" + }, + "libteam": { + "evra": "1.31-1.oe2203.x86_64" + }, + "libtevent": { + "evra": "0.11.0-1.oe2203.x86_64" + }, + "libtirpc": { + "evra": "1.3.2-1.oe2203.x86_64" + }, + "libtool-ltdl": { + "evra": "2.4.6-34.oe2203.x86_64" + }, + "libunistring": { + "evra": "0.9.10-8.oe2203.x86_64" + }, + "libusbx": { + "evra": "1.0.24-1.oe2203.x86_64" + }, + "libuser": { + "evra": "0.63-4.oe2203.x86_64" + }, + "libutempter": { + "evra": "1.2.1-2.oe2203.x86_64" + }, + "libuuid": { + "evra": "2.37.2-3.oe2203.x86_64" + }, + "libuv": { + "evra": "1:1.42.0-1.oe2203.x86_64" + }, + "libvarlink-util": { + "evra": "21-1.oe2203.x86_64" + }, + "libverto": { + "evra": "0.3.2-1.oe2203.x86_64" + }, + "libwbclient": { + "evra": "4.15.3-4.oe2203.x86_64" + }, + "libwebsockets": { + "evra": "4.3.0-2.oe2203.x86_64" + }, + "libxcrypt": { + "evra": "4.4.26-2.oe2203.x86_64" + }, + "libxml2": { + "evra": "2.9.12-5.oe2203.x86_64" + }, + "libxmlb": { + "evra": "0.1.13-2.oe2203.x86_64" + }, + "libyaml": { + "evra": "0.2.5-2.oe2203.x86_64" + }, + "linux-firmware": { + "evra": "20201218-1.oe2203.noarch" + }, + "lmdb": { + "evra": "0.9.29-1.oe2203.x86_64" + }, + "logrotate": { + "evra": "3.18.1-1.oe2203.x86_64" + }, + "lsof": { + "evra": "4.94.0-1.oe2203.x86_64" + }, + "lua": { + "evra": "5.4.3-3.oe2203.x86_64" + }, + "luksmeta": { + "evra": "9-5.oe2203.x86_64" + }, + "lvm2": { + "evra": "8:2.03.14-4.oe2203.x86_64" + }, + "lxc": { + "evra": "4.0.3-2022031701.oe2203.x86_64" + }, + "lxc-libs": { + "evra": "4.0.3-2022031701.oe2203.x86_64" + }, + "lz4": { + "evra": "1.9.3-2.oe2203.x86_64" + }, + "lzo": { + "evra": "2.10-1.oe2203.x86_64" + }, + "man-db": { + "evra": "2.9.4-3.oe2203.x86_64" + }, + "mdadm": { + "evra": "4.1-5.oe2203.x86_64" + }, + "microcode_ctl": { + "evra": "2.1-33.oe2203.x86_64" + }, + "mokutil": { + "evra": "1:0.5.0-1.oe2203.x86_64" + }, + "mozjs78": { + "evra": "78.15.0-1.oe2203.x86_64" + }, + "mpfr": { + "evra": "4.1.0-1.oe2203.x86_64" + }, + "multipath-tools": { + "evra": "0.8.7-2.oe2203.x86_64" + }, + "nano": { + "evra": "4.9.3-1.oe2203.x86_64" + }, + "ncurses": { + "evra": "6.3-1.oe2203.x86_64" + }, + "ncurses-base": { + "evra": "6.3-1.oe2203.noarch" + }, + "ncurses-libs": { + "evra": "6.3-1.oe2203.x86_64" + }, + "nestos-installer": { + "evra": "0.10.0-1.oe2203.x86_64" + }, + "nestos-installer-bootinfra": { + "evra": "0.10.0-1.oe2203.x86_64" + }, + "net-tools": { + "evra": "2.10-1.oe2203.x86_64" + }, + "nettle": { + "evra": "3.7.3-2.oe2203.x86_64" + }, + "newt": { + "evra": "0.52.21-4.oe2203.x86_64" + }, + "nfs-utils-nestos": { + "evra": "1:2.5.4-3.oe2203.x86_64" + }, + "nftables": { + "evra": "1:1.0.0-1.oe2203.x86_64" + }, + "npth": { + "evra": "1.6-2.oe2203.x86_64" + }, + "nss-altfiles": { + "evra": "2.23.0-2.oe2203.x86_64" + }, + "numactl-libs": { + "evra": "2.0.14-2.oe2203.x86_64" + }, + "nvme-cli": { + "evra": "1.16-1.oe2203.x86_64" + }, + "oniguruma": { + "evra": "6.9.6-1.oe2203.x86_64" + }, + "openEuler-gpg-keys": { + "evra": "1.0-4.0.oe2203.x86_64" + }, + "openEuler-release-common": { + "evra": "LTS-1.oe2203.x86_64" + }, + "openEuler-release-identity-nestos": { + "evra": "LTS-1.oe2203.x86_64" + }, + "openEuler-release-nestos": { + "evra": "LTS-1.oe2203.x86_64" + }, + "openEuler-repos": { + "evra": "1.0-4.0.oe2203.x86_64" + }, + "openEuler-repos-archive": { + "evra": "1.0-4.0.oe2203.x86_64" + }, + "openEuler-repos-modular": { + "evra": "1.0-4.0.oe2203.x86_64" + }, + "openEuler-repos-ostree": { + "evra": "1.0-4.0.oe2203.x86_64" + }, + "openldap": { + "evra": "2.6.0-2.oe2203.x86_64" + }, + "openssh": { + "evra": "8.8p1-3.oe2203.x86_64" + }, + "openssh-clients": { + "evra": "8.8p1-3.oe2203.x86_64" + }, + "openssh-server": { + "evra": "8.8p1-3.oe2203.x86_64" + }, + "openssl": { + "evra": "1:1.1.1m-3.oe2203.x86_64" + }, + "openssl-libs": { + "evra": "1:1.1.1m-3.oe2203.x86_64" + }, + "os-prober": { + "evra": "1.79-1.oe2203.x86_64" + }, + "ostree": { + "evra": "2021.6-1.oe2203.x86_64" + }, + "p11-kit": { + "evra": "0.24.0-1.oe2203.x86_64" + }, + "p11-kit-trust": { + "evra": "0.24.0-1.oe2203.x86_64" + }, + "pam": { + "evra": "1.5.2-2.oe2203.x86_64" + }, + "passwd": { + "evra": "0.80-9.oe2203.x86_64" + }, + "pcre": { + "evra": "8.45-1.oe2203.x86_64" + }, + "pcre2": { + "evra": "10.39-1.oe2203.x86_64" + }, + "pkgconf": { + "evra": "1.8.0-1.oe2203.x86_64" + }, + "podman": { + "evra": "1:0.10.1-11.oe2203.x86_64" + }, + "policycoreutils": { + "evra": "3.3-1.oe2203.x86_64" + }, + "polkit": { + "evra": "0.120-3.oe2203.x86_64" + }, + "polkit-libs": { + "evra": "0.120-3.oe2203.x86_64" + }, + "polkit-pkla-compat": { + "evra": "0.1-17.oe2203.x86_64" + }, + "popt": { + "evra": "1.18-1.oe2203.x86_64" + }, + "procps-ng": { + "evra": "3.3.17-2.oe2203.x86_64" + }, + "protobuf": { + "evra": "3.14.0-3.oe2203.x86_64" + }, + "protobuf-c": { + "evra": "1.4.0-1.oe2203.x86_64" + }, + "protobuf-compiler": { + "evra": "3.14.0-3.oe2203.x86_64" + }, + "psmisc": { + "evra": "23.4-1.oe2203.x86_64" + }, + "publicsuffix-list": { + "evra": "20211113-1.oe2203.noarch" + }, + "re2": { + "evra": "20211101-1.oe2203.x86_64" + }, + "readline": { + "evra": "8.1-1.oe2203.x86_64" + }, + "rpcbind": { + "evra": "1.2.6-3.oe2203.x86_64" + }, + "rpm": { + "evra": "4.17.0-5.oe2203.x86_64" + }, + "rpm-libs": { + "evra": "4.17.0-5.oe2203.x86_64" + }, + "rpm-ostree": { + "evra": "2022.1-1.oe2203.x86_64" + }, + "rsync": { + "evra": "3.2.3-2.oe2203.x86_64" + }, + "samba-client": { + "evra": "4.15.3-4.oe2203.x86_64" + }, + "samba-common": { + "evra": "4.15.3-4.oe2203.x86_64" + }, + "samba-libs": { + "evra": "4.15.3-4.oe2203.x86_64" + }, + "sed": { + "evra": "4.8-2.oe2203.x86_64" + }, + "selinux-policy": { + "evra": "35.5-3.oe2203.noarch" + }, + "selinux-policy-targeted": { + "evra": "35.5-3.oe2203.noarch" + }, + "setup": { + "evra": "2.13.9.1-1.oe2203.noarch" + }, + "sg3_utils": { + "evra": "1.46-4.oe2203.x86_64" + }, + "shadow": { + "evra": "2:4.9-2.oe2203.x86_64" + }, + "shared-mime-info": { + "evra": "2.1-1.oe2203.x86_64" + }, + "shim": { + "evra": "15.4-2.oe2203.x86_64" + }, + "skopeo": { + "evra": "1:1.5.2-1.oe2203.x86_64" + }, + "slang": { + "evra": "2.3.2-8.oe2203.x86_64" + }, + "slirp4netns": { + "evra": "1.1.9-1.oe2203.x86_64" + }, + "snappy": { + "evra": "1.1.9-1.oe2203.x86_64" + }, + "socat": { + "evra": "1.7.3.2-8.oe2203.x86_64" + }, + "sqlite": { + "evra": "3.36.0-2.oe2203.x86_64" + }, + "squashfs-tools": { + "evra": "4.5-1.oe2203.x86_64" + }, + "ssh-key-dir": { + "evra": "0.1.2-1.oe2203.x86_64" + }, + "sssd-ad": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "sssd-client": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "sssd-common": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "sssd-common-pac": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "sssd-ipa": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "sssd-krb5": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "sssd-krb5-common": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "sssd-ldap": { + "evra": "2.6.1-2.oe2203.x86_64" + }, + "stalld": { + "evra": "1.14.1-1.oe2203.x86_64" + }, + "sudo": { + "evra": "1.9.8p2-2.oe2203.x86_64" + }, + "systemd": { + "evra": "249-11.oe2203.x86_64" + }, + "systemd-container": { + "evra": "249-11.oe2203.x86_64" + }, + "systemd-libs": { + "evra": "249-11.oe2203.x86_64" + }, + "systemd-udev": { + "evra": "249-11.oe2203.x86_64" + }, + "tar": { + "evra": "2:1.34-1.oe2203.x86_64" + }, + "tcl": { + "evra": "1:8.6.10-3.oe2203.x86_64" + }, + "thin-provisioning-tools": { + "evra": "0.9.0-3.oe2203.x86_64" + }, + "timedatex": { + "evra": "0.6-2.oe2203.x86_64" + }, + "toolbox": { + "evra": "0.0.99-1.oe2203.x86_64" + }, + "tpm2-tools": { + "evra": "5.0-4.oe2203.x86_64" + }, + "tpm2-tools-help": { + "evra": "5.0-4.oe2203.noarch" + }, + "tpm2-tss": { + "evra": "3.1.0-1.oe2203.x86_64" + }, + "tzdata": { + "evra": "2021e-2.oe2203.noarch" + }, + "userspace-rcu": { + "evra": "0.13.0-2.oe2203.x86_64" + }, + "util-linux": { + "evra": "2.37.2-3.oe2203.x86_64" + }, + "vim-minimal": { + "evra": "2:8.2-29.oe2203.x86_64" + }, + "which": { + "evra": "2.21-14.oe2203.x86_64" + }, + "wireguard-tools": { + "evra": "1.0.20210424-1.oe2203.x86_64" + }, + "xfsprogs": { + "evra": "5.14.1-1.oe2203.x86_64" + }, + "xz": { + "evra": "5.2.5-1.oe2203.x86_64" + }, + "xz-libs": { + "evra": "5.2.5-1.oe2203.x86_64" + }, + "yajl": { + "evra": "2.1.0-15.oe2203.x86_64" + }, + "zincati": { + "evra": "0.0.18-1.oe2203.x86_64" + }, + "zlib": { + "evra": "1.2.11-19.oe2203.x86_64" + }, + "zram-generator": { + "evra": "0.3.2-1.oe2203.x86_64" + }, + "zstd": { + "evra": "1.5.0-1.oe2203.x86_64" + } + }, + "metadata": { + "generated": "2022-04-01T07:12:19Z", + "rpmmd_repos": { + "nestos": { + "generated": "2022-03-30T06:12:32Z" + } + } + } +} diff --git a/release/NestOS-22.03/releasenote.txt b/release/NestOS-22.03/releasenote.txt new file mode 100644 index 0000000000000000000000000000000000000000..09a19703d387fbd5475705212608329b27136ca7 --- /dev/null +++ b/release/NestOS-22.03/releasenote.txt @@ -0,0 +1 @@ +本文介绍云底座操作系统NestOS的安装部署与各个特性说明和使用方法,使用户能够快速了解并使用NestOS。NestOS搭载iSulad、docker、podman等主流容器基础平台,克服了由于用户修改系统内容、用户服务对系统组件依赖,以及系统软件包升级时不稳定中间态等种种导致升级过程不可靠的因素,最终以一种轻量级、定制化的操作系统呈现出来,并且具备十分便捷的集群组建能力。 \ No newline at end of file