From 4e5d2482980b614480d99ff3c4de33c4562502c5 Mon Sep 17 00:00:00 2001 From: Olli Janatuinen Date: Sat, 21 Nov 2020 21:33:56 +0200 Subject: [PATCH] Fixed issues found from v1.9.0-beta2 - Replaced default console with Debian console - Included Project Burmilla to ros command info - Fixed docker-machine compability - Bump up kernel to 4.14.207 - Include /etc/lsb-release file to Debian console - Updated ifconfig parsing command to match Debian console syntax - Corrected Burmilla URLs - Use fixed version of open-vm-tools - Create /var/log/wtmp file on first boot so "last" command will works - Use /etc/issue file as motd - Support to create ISO file without firmware files --- .github/workflows/add-platform-specific.yml | 1 - .github/workflows/create-release.yml | 14 +++---- Dockerfile.dapper | 4 +- Makefile | 10 ++--- cmd/control/autologin.go | 4 +- cmd/control/cli.go | 2 +- cmd/control/config_test.go | 4 +- cmd/control/console.go | 2 +- cmd/control/console_init.go | 36 ++++++++++++------ cmd/control/install.go | 4 +- cmd/power/shutdown.go | 4 +- cmd/respawn/respawn.go | 4 +- config/types.go | 4 +- images/02-console/Dockerfile | 42 +++++++++++++++------ images/02-console/prebuild.sh | 17 +-------- images/02-console/prompt.sh | 1 - images/02-console/sshd_config.append.tpl | 23 +++++++++++ os-config.tpl.yml | 9 +++-- scripts/layout-initrd | 6 +-- scripts/release-amd64 | 13 +++++-- 20 files changed, 121 insertions(+), 83 deletions(-) delete mode 100644 images/02-console/prompt.sh create mode 100644 images/02-console/sshd_config.append.tpl diff --git a/.github/workflows/add-platform-specific.yml b/.github/workflows/add-platform-specific.yml index 0dca0a5f1..44ff18c89 100644 --- a/.github/workflows/add-platform-specific.yml +++ b/.github/workflows/add-platform-specific.yml @@ -29,7 +29,6 @@ jobs: exit 1 fi export ARCH=amd64 - export APPEND_SYSTEM_IMAGES="burmilla/os-debianconsole:$VERSION" make ${{ github.event.inputs.platform }} - name: Login to DockerHub diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index c019b32a0..58a34030b 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -3,9 +3,9 @@ name: release on: workflow_dispatch: inputs: - arch: - description: 'Architecture' - default: 'amd64' + firmware: + description: 'Include firmwares' + default: 'true' required: true jobs: @@ -28,14 +28,10 @@ jobs: echo "Build is not started from tag. Will exit..." exit 1 fi - export ARCH=${{ github.event.inputs.arch }} - export APPEND_SYSTEM_IMAGES="burmilla/os-debianconsole:$VERSION" + export OS_FIRMWARE=${{ github.event.inputs.firmware }} + export ARCH=amd64 make release - if [ "$ARCH" == "arm64" ]; then - make rpi64 - fi - - name: Login to DockerHub uses: docker/login-action@v1 with: diff --git a/Dockerfile.dapper b/Dockerfile.dapper index fca252cfd..ea61a9da8 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -60,7 +60,7 @@ ARG DISTRIB_ID=BurmillaOS ARG SELINUX_POLICY_URL=https://github.com/burmilla/refpolicy/releases/download/v0.0.3/policy.29 -ARG KERNEL_VERSION=4.14.206-burmilla +ARG KERNEL_VERSION=4.14.207-burmilla ARG KERNEL_URL_amd64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-x86.tar.gz ARG KERNEL_URL_arm64=https://github.com/burmilla/os-kernel/releases/download/v${KERNEL_VERSION}/linux-${KERNEL_VERSION}-arm64.tar.gz @@ -72,7 +72,7 @@ ARG OS_RELEASES_YML=https://raw.githubusercontent.com/burmilla/releases/kernel-4 ARG OS_SERVICES_REPO=https://raw.githubusercontent.com/${OS_REPO}/os-services ARG IMAGE_NAME=${OS_REPO}/os -ARG OS_CONSOLE=debian +ARG OS_CONSOLE=default ARG OS_AUTOFORMAT=false ARG OS_FIRMWARE=true diff --git a/Makefile b/Makefile index 0b11f27d4..45cce022b 100755 --- a/Makefile +++ b/Makefile @@ -49,32 +49,32 @@ rpi64: .dapper vmware: .dapper mkdir -p dist OS_FIRMWARE="false" \ - APPEND_SYSTEM_IMAGES="$(APPEND_SYSTEM_IMAGES) burmilla/os-openvmtools:11.2.0-1" \ + APPEND_SYSTEM_IMAGES="burmilla/os-openvmtools:11.2.0-5" \ ./.dapper release-vmware hyperv: .dapper mkdir -p dist OS_FIRMWARE="false" \ - APPEND_SYSTEM_IMAGES="$(APPEND_SYSTEM_IMAGES) burmilla/os-hypervvmtools:v4.14.206-burmilla-1" \ + APPEND_SYSTEM_IMAGES="burmilla/os-hypervvmtools:v4.14.206-burmilla-1" \ ./.dapper release-hyperv azurebase: .dapper mkdir -p dist AZURE_SERVICE="true" \ OS_FIRMWARE="false" \ - APPEND_SYSTEM_IMAGES="$(APPEND_SYSTEM_IMAGES) burmilla/os-hypervvmtools:v4.14.206-burmilla-1 burmilla/os-waagent:v2.2.49.2-1" \ + APPEND_SYSTEM_IMAGES="burmilla/os-hypervvmtools:v4.14.206-burmilla-1 burmilla/os-waagent:v2.2.49.2-1" \ ./.dapper release-azurebase 4glte: .dapper mkdir -p dist - APPEND_SYSTEM_IMAGES="$(APPEND_SYSTEM_IMAGES) burmilla/os-modemmanager:v1.6.4-1" \ + APPEND_SYSTEM_IMAGES="burmilla/os-modemmanager:v1.6.4-1" \ ./.dapper release-4glte proxmoxve: .dapper mkdir -p dist PROXMOXVE_SERVICE="true" \ OS_FIRMWARE="false" \ - APPEND_SYSTEM_IMAGES="$(APPEND_SYSTEM_IMAGES) burmilla/os-qemuguestagent:v3.1.0-1" \ + APPEND_SYSTEM_IMAGES="burmilla/os-qemuguestagent:v3.1.0-1" \ ./.dapper release-proxmoxve help: diff --git a/cmd/control/autologin.go b/cmd/control/autologin.go index ad95c83e1..98716a2bd 100644 --- a/cmd/control/autologin.go +++ b/cmd/control/autologin.go @@ -21,8 +21,8 @@ func AutologinMain() { app.Name = os.Args[0] app.Usage = "autologin console" app.Version = config.Version - app.Author = "Rancher Labs, Inc." - app.Email = "sven@rancher.com" + app.Author = "Project Burmilla\n\tRancher Labs, Inc." + app.Email = "burmilla@localhost.local" app.EnableBashCompletion = true app.Action = autologinAction app.HideHelp = true diff --git a/cmd/control/cli.go b/cmd/control/cli.go index 0cf49babe..ee5cf47f5 100644 --- a/cmd/control/cli.go +++ b/cmd/control/cli.go @@ -23,7 +23,7 @@ func Main() { app.Name = os.Args[0] app.Usage = fmt.Sprintf("Control and configure BurmillaOS\nbuilt: %s", config.BuildDate) app.Version = config.Version - app.Author = "Rancher Labs, Inc." + app.Author = "Project Burmilla\n\tRancher Labs, Inc." app.EnableBashCompletion = true app.Before = func(c *cli.Context) error { if os.Geteuid() != 0 { diff --git a/cmd/control/config_test.go b/cmd/control/config_test.go index f89c94e27..e61dfa98d 100644 --- a/cmd/control/config_test.go +++ b/cmd/control/config_test.go @@ -15,7 +15,7 @@ func TestGenTpl(t *testing.T) { services: {{if eq "amd64" .ARCH -}} acpid: - image: rancher/os-acpid:0.x.x + image: burmilla/os-acpid:0.x.x labels: io.rancher.os.scope: system net: host @@ -34,7 +34,7 @@ func TestGenTpl(t *testing.T) { {"amd64", ` services: acpid: - image: rancher/os-acpid:0.x.x + image: burmilla/os-acpid:0.x.x labels: io.rancher.os.scope: system net: host diff --git a/cmd/control/console.go b/cmd/control/console.go index 4cf79f65e..447ed920e 100644 --- a/cmd/control/console.go +++ b/cmd/control/console.go @@ -199,6 +199,6 @@ func CurrentConsole() (console string) { console = "default" return } - console = strings.TrimPrefix(strings.TrimSuffix(image.Name(), "console"), "rancher/os-") + console = strings.TrimPrefix(strings.TrimSuffix(image.Name(), "console"), "burmilla/os-") return } diff --git a/cmd/control/console_init.go b/cmd/control/console_init.go index a7cc05781..50719e527 100644 --- a/cmd/control/console_init.go +++ b/cmd/control/console_init.go @@ -75,6 +75,15 @@ func consoleInitFunc() error { defer f.Close() } + // last command need this file + if _, err := os.Stat("/var/log/wtmp"); os.IsNotExist(err) { + f, err := os.OpenFile("/var/log/wtmp", os.O_RDWR|os.O_CREATE, 0644) + if err != nil { + log.Error(err) + } + defer f.Close() + } + // some software need this dir, like open-iscsi if _, err := os.Stat(runLockDir); os.IsNotExist(err) { if err = os.Mkdir(runLockDir, 0755); err != nil { @@ -145,17 +154,20 @@ func consoleInitFunc() error { }) } - if cfg.Rancher.Console == "default" { - // add iptables symlinks for default console - baseSymlink = append(baseSymlink, []symlink{ - {"/usr/sbin/iptables", "/usr/sbin/iptables-save"}, - {"/usr/sbin/iptables", "/usr/sbin/iptables-restore"}, - {"/usr/sbin/iptables", "/usr/sbin/ip6tables"}, - {"/usr/sbin/iptables", "/usr/sbin/ip6tables-save"}, - {"/usr/sbin/iptables", "/usr/sbin/ip6tables-restore"}, - {"/usr/sbin/iptables", "/usr/bin/iptables-xml"}, - }...) - } + // Disbled because Debian is now default console + /* + if cfg.Rancher.Console == "default" { + // add iptables symlinks for default console + baseSymlink = append(baseSymlink, []symlink{ + {"/usr/sbin/iptables", "/usr/sbin/iptables-save"}, + {"/usr/sbin/iptables", "/usr/sbin/iptables-restore"}, + {"/usr/sbin/iptables", "/usr/sbin/ip6tables"}, + {"/usr/sbin/iptables", "/usr/sbin/ip6tables-save"}, + {"/usr/sbin/iptables", "/usr/sbin/ip6tables-restore"}, + {"/usr/sbin/iptables", "/usr/bin/iptables-xml"}, + }...) + } + */ for _, link := range baseSymlink { syscall.Unlink(link.newname) @@ -211,7 +223,7 @@ func consoleInitFunc() error { } } - cmd = exec.Command("bash", "-c", `echo $(/sbin/ifconfig | grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3}') >> /etc/issue`) + cmd = exec.Command("bash", "-c", `echo $(/sbin/ifconfig | grep -B1 "inet" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $3 == "mtu" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3}') >> /etc/issue`) if err := cmd.Run(); err != nil { log.Error(err) } diff --git a/cmd/control/install.go b/cmd/control/install.go index bb4bf9008..616e94c2d 100644 --- a/cmd/control/install.go +++ b/cmd/control/install.go @@ -31,7 +31,7 @@ var installCommand = cli.Command{ Action: installAction, Flags: []cli.Flag{ cli.StringFlag{ - // TODO: need to validate ? -i rancher/os:v0.3.1 just sat there. + // TODO: need to validate ? -i burmilla/os:v0.3.1 just sat there. Name: "image, i", Usage: `install from a certain image (e.g., 'rancher/os:v0.7.0') use 'ros os list' to see what versions are available.`, @@ -417,7 +417,7 @@ func layDownOS(image, installType, cloudConfig, device, partition, statedir, kap // ENV == installType //[[ "$ARCH" == "arm" && "$ENV" != "upgrade" ]] && ENV=arm - // image == rancher/os:v0.7.0_arm + // image == burmilla/os:v0.7.0_arm // TODO: remove the _arm suffix (but watch out, its not always there..) VERSION := image[strings.Index(image, ":")+1:] diff --git a/cmd/power/shutdown.go b/cmd/power/shutdown.go index 457e2e3e4..320ba2107 100644 --- a/cmd/power/shutdown.go +++ b/cmd/power/shutdown.go @@ -29,9 +29,9 @@ func Shutdown() { app := cli.NewApp() app.Name = filepath.Base(os.Args[0]) - app.Usage = fmt.Sprintf("%s RancherOS\nbuilt: %s", app.Name, config.BuildDate) + app.Usage = fmt.Sprintf("%s BurmillaOS\nbuilt: %s", app.Name, config.BuildDate) app.Version = config.Version - app.Author = "Rancher Labs, Inc." + app.Author = "Project Burmilla\n\tRancher Labs, Inc." app.EnableBashCompletion = true app.Action = shutdown app.Flags = []cli.Flag{ diff --git a/cmd/respawn/respawn.go b/cmd/respawn/respawn.go index 5131aa2a9..aa34eb5f3 100644 --- a/cmd/respawn/respawn.go +++ b/cmd/respawn/respawn.go @@ -32,9 +32,9 @@ func Main() { app := cli.NewApp() app.Name = os.Args[0] - app.Usage = fmt.Sprintf("%s RancherOS\nbuilt: %s", app.Name, config.BuildDate) + app.Usage = fmt.Sprintf("%s BurmillaOS\nbuilt: %s", app.Name, config.BuildDate) app.Version = config.Version - app.Author = "Rancher Labs, Inc." + app.Author = "Project Burmilla\n\tRancher Labs, Inc." app.Flags = []cli.Flag{ cli.StringFlag{ diff --git a/config/types.go b/config/types.go index 47d269d36..6df371343 100644 --- a/config/types.go +++ b/config/types.go @@ -80,8 +80,8 @@ var ( "EXTRA_CMDLINE", } SupportedDinds = []string{ - "rancher/os-dind:17.12.1", - "rancher/os-dind:18.03.1", + "burmilla/os-dind:17.12.1", + "burmilla/os-dind:18.03.1", } ) diff --git a/images/02-console/Dockerfile b/images/02-console/Dockerfile index f7b094ed9..9cd76735b 100644 --- a/images/02-console/Dockerfile +++ b/images/02-console/Dockerfile @@ -1,13 +1,31 @@ -FROM burmilla/os-base -COPY build/lsb-release /etc/ +FROM debian:stable-slim + COPY build/sshd_config.append.tpl /etc/ssh/ -COPY prompt.sh /etc/profile.d/ -RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \ - sed -i 's/docker:!/docker:*/g' /etc/shadow && \ - echo '## allow password less for rancher user' >> /etc/sudoers && \ - echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - echo '## allow password less for docker user' >> /etc/sudoers && \ - echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ - cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.tpl && \ - cat /etc/ssh/sshd_config.append.tpl >> /etc/ssh/sshd_config.tpl && \ - rm -f /etc/ssh/sshd_config.append.tpl /etc/ssh/sshd_config +COPY build/lsb-release /etc/ + +RUN apt-get update \ + && apt-get install -y --no-install-recommends iptables openssh-server rsync locales \ + sudo less curl ca-certificates psmisc htop kmod iproute2 \ + net-tools bash-completion wget \ + nano open-iscsi iputils-ping \ + && rm -rf /var/lib/apt/lists/* \ + && rm -rf /etc/ssh/*key* \ + && echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen \ + && locale-gen \ + && find /usr/share/i18n/charmaps -not -path /usr/share/i18n/charmaps/UTF-8.gz -name '*.gz' -exec rm -rf {} \; \ + && find /usr/share/i18n/locales -not -path /usr/share/i18n/locales/en_US -name '*_*' -exec rm -rf {} \; \ + && addgroup --gid 1100 rancher \ + && addgroup --gid 1101 docker \ + && useradd -u 1100 -g rancher -G docker,sudo -m -s /bin/bash rancher \ + && useradd -u 1101 -g docker -G docker,sudo -m -s /bin/bash docker \ + && echo '## allow password less for rancher user' >> /etc/sudoers \ + && echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers \ + && echo '## allow password less for docker user' >> /etc/sudoers \ + && echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers \ + && ln -s /bin/ps /usr/bin/ps \ + && cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.tpl \ + && cat /etc/ssh/sshd_config.append.tpl >> /etc/ssh/sshd_config.tpl \ + && rm -f /etc/ssh/sshd_config.append.tpl /etc/ssh/sshd_config \ + && rm -f /etc/motd \ + && ln -s /etc/issue /etc/motd +ENTRYPOINT ["/usr/bin/ros", "entrypoint"] diff --git a/images/02-console/prebuild.sh b/images/02-console/prebuild.sh index d0fef867a..ee7f8ee94 100755 --- a/images/02-console/prebuild.sh +++ b/images/02-console/prebuild.sh @@ -7,25 +7,10 @@ cd $(dirname $0) rm -rf ./build mkdir -p ./build +cp sshd_config.append.tpl ./build/ cat > ./build/lsb-release << EOF DISTRIB_ID=${DISTRIB_ID} DISTRIB_RELEASE=${VERSION} DISTRIB_DESCRIPTION="${DISTRIB_ID} ${VERSION}" EOF - -cat > ./build/sshd_config.append.tpl << EOF -{{- if .Port}} -Port {{.Port}} -{{- end}} - -{{- if .ListenAddress}} -ListenAddress {{.ListenAddress}} -{{- end}} - -ClientAliveInterval 180 - -UseDNS no -PermitRootLogin no -AllowGroups docker -EOF diff --git a/images/02-console/prompt.sh b/images/02-console/prompt.sh deleted file mode 100644 index 4438c0108..000000000 --- a/images/02-console/prompt.sh +++ /dev/null @@ -1 +0,0 @@ -export PS1='[\u@\h \W]\$ ' diff --git a/images/02-console/sshd_config.append.tpl b/images/02-console/sshd_config.append.tpl new file mode 100644 index 000000000..c24412a10 --- /dev/null +++ b/images/02-console/sshd_config.append.tpl @@ -0,0 +1,23 @@ + +{{- if .Port}} +Port {{.Port}} +{{- end}} + +{{- if .ListenAddress}} +ListenAddress {{.ListenAddress}} +{{- end}} + +ClientAliveInterval 180 + +UseDNS no + +AllowGroups docker + +# Enforce security settings +Protocol 2 +PermitRootLogin no +MaxAuthTries 4 +IgnoreRhosts yes +HostbasedAuthentication no +PermitEmptyPasswords no +AllowTcpForwarding no diff --git a/os-config.tpl.yml b/os-config.tpl.yml index 82a26ffac..cd97ffffb 100644 --- a/os-config.tpl.yml +++ b/os-config.tpl.yml @@ -230,9 +230,9 @@ rancher: command: ros console-init labels: io.rancher.os.scope: system - io.rancher.os.after: cloud-init-execute - io.docker.compose.rebuild: always - io.rancher.os.console: debian + io.rancher.os.after: network + io.docker.compose.rebuild: "false" + io.rancher.os.console: default environment: - HTTP_PROXY - HTTPS_PROXY @@ -246,7 +246,8 @@ rancher: volumes_from: - all-volumes volumes: - - /usr/bin/iptables:/sbin/iptables:ro + - /media:/media:shared + - /mnt:/mnt:shared logrotate: image: {{.OS_REPO}}/os-logrotate:{{.VERSION}}{{.SUFFIX}} command: /usr/sbin/logrotate -v /etc/logrotate.conf diff --git a/scripts/layout-initrd b/scripts/layout-initrd index 61f832e03..ccdbde550 100755 --- a/scripts/layout-initrd +++ b/scripts/layout-initrd @@ -36,12 +36,12 @@ rm -f ${INITRD_DIR}/usr/bin/system-docker-proxy cat < ${INITRD_DIR}/usr/share/ros/os-release NAME="BurmillaOS" VERSION=${VERSION} -ID=burmillaos +ID=rancheros ID_LIKE= VERSION_ID=${VERSION} PRETTY_NAME="BurmillaOS ${VERSION}" -HOME_URL="https://burmilla.github.io" -SUPPORT_URL="https://github.com/burmilla/os/issues" +HOME_URL="https://burmillaos.org" +SUPPORT_URL="https://github.com/burmilla/os" BUG_REPORT_URL="https://github.com/burmilla/os/issues" BUILD_ID= HERE diff --git a/scripts/release-amd64 b/scripts/release-amd64 index 594a3a4b3..30199eee2 100755 --- a/scripts/release-amd64 +++ b/scripts/release-amd64 @@ -6,14 +6,19 @@ cd $(dirname $0)/.. source ./scripts/version ./scripts/release-build -echo "github-release release --user burmilla --repo os --tag ${VERSION} --pre-release --draft" > dist/publish.sh +touch dist/publish.sh chmod 755 dist/publish.sh -echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file ./dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}.iso" >> dist/publish.sh +if [ "$OS_FIRMWARE" = "false" ]; then + echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file ./dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}-nofirmware.iso" >> dist/publish.sh + exit 0 +else + echo "github-release release --user burmilla --repo os --tag ${VERSION} --pre-release --draft" > dist/publish.sh -echo >> dist/publish.sh + echo "github-release upload --user burmilla --repo os --tag ${VERSION} --file ./dist/artifacts/burmillaos.iso --name burmillaos-${VERSION}.iso" >> dist/publish.sh -cat dist/images | sed 's/^/docker push /' >> dist/publish.sh + cat dist/images | sed 's/^/docker push /' >> dist/publish.sh +fi echo "--- Run dist/publish.sh" cat dist/publish.sh