Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add example RPI image #918

Merged
merged 2 commits into from
Dec 4, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions .github/workflows/multi-arch-embedded-devices-examples.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ jobs:
- tag: "odroid-c2-"
dockerfile: "examples/odroid-c2"
platforms: "linux/arm64"

model: odroid_c2
- tag: "rpi-"
dockerfile: "examples/rpi"
platforms: "linux/arm64"
model: rpi64
steps:
- name: Checkout
uses: actions/checkout@v2
Expand Down Expand Up @@ -79,7 +83,7 @@ jobs:
id: build_image
run: |
mkdir build
sudo ./images/arm-img-builder.sh --docker-image ${{ steps.prep.outputs.current }} build/cOS-example-${{ matrix.tag }}$COS_VERSION.img
sudo ./images/arm-img-builder.sh --model ${{ matrix.model }} --docker-image ${{ steps.prep.outputs.current }} build/cOS-example-${{ matrix.tag }}$COS_VERSION.img
- name: Upload Image
run: |
sudo tar cvf build.tar build
Expand Down
79 changes: 79 additions & 0 deletions examples/rpi/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
ARG LUET_VERSION=0.20.10
FROM quay.io/luet/base:$LUET_VERSION AS luet

FROM opensuse/leap:15.3

ENV COSIGN_EXPERIMENTAL=1
ENV COSIGN_REPOSITORY=raccos/releases-green

RUN zypper ref
RUN zypper in -y \
# RPI
raspberrypi-eeprom \
bcm43xx-firmware \
systemd-sysvinit \
grub2-arm64-efi \
iproute2 \
squashfs \
conntrack-tools \
findutils \
haveged \
lsscsi \
lvm2 \
mdadm \
multipath-tools \
nfs-utils \
open-iscsi \
rng-tools \
systemd \
vim \
parted \
dracut \
e2fsprogs \
dosfstools \
kernel-default \
coreutils \
less \
device-mapper \
grub2 \
which \
curl \
open-vm-tools \
python-azure-agent \
qemu-guest-agent \
wireless-tools \
wpa_supplicant \
iw \
iproute2 \
aaa_base-extras \
iputils \
kmod \
libudev1 \
vim-small \
kernel-firmware-all \
nano \
gawk \
haveged \
tar \
rsync \
timezone \
jq \
gptfdisk

RUN zypper cc

# Copy the luet config file pointing to the upgrade repository
COPY conf/luet.yaml /etc/luet/luet.yaml
RUN curl -L https://github.com/mudler/luet/releases/download/0.20.10/luet-0.20.10-linux-arm64 --output /usr/bin/luet

RUN chmod +x /usr/bin/luet
RUN luet install -y meta/cos-verify

RUN luet install --plugin luet-cosign -y meta/cos-minimal

COPY files/ /


RUN mkinitrd

RUN ln -sf Image /boot/vmlinuz
16 changes: 16 additions & 0 deletions examples/rpi/conf/luet.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
logging:
color: false
enable_emoji: false
general:
debug: false
spinner_charset: 9
repositories:
- name: "cos"
description: "cOS official"
type: "docker"
enable: true
cached: true
priority: 1
verify: false
urls:
- "quay.io/costoolkit/releases-green-arm64"
19 changes: 19 additions & 0 deletions examples/rpi/files/etc/cos/bootargs.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
set kernel=/boot/vmlinuz

# Note on RPI bootargs
# We additionally set modprobe.blacklist=vc4 as certain Displays are not supported by vc4.
# As cOS main target is cloud and not graphics usage, we blacklist it to avoid
# that the HDMI output goes off due to drivers kicking during boot. vc4 is required where graphics
# or video playback is needed, which is not the case in this example here.
# A similar workaround could be applied at config.txt level, by diabling the vc4 overlay.
# See also: https://en.opensuse.org/HCL:Raspberry_Pi3#I_see_HDMI_output_in_U-Boot.2C_but_not_in_Linux ,
# https://en.opensuse.org/HCL:Raspberry_Pi3#DSI_output_not_supported_by_VC4_driver,
# https://bugzilla.opensuse.org/show_bug.cgi?id=1181683 and https://github.com/raspberrypi/linux/issues/4020
if [ -n "$recoverylabel" ]; then

set kernelcmd="console=tty1 console=ttyS0 root=live:LABEL=$recoverylabel rd.live.dir=/ rd.live.squashimg=$img panic=5 modprobe.blacklist=vc4"
else
set kernelcmd="console=tty1 console=ttyS0 root=LABEL=$label cos-img/filename=$img panic=5 security=selinux selinux=1 modprobe.blacklist=vc4"
fi

set initramfs=/boot/initrd
48 changes: 48 additions & 0 deletions examples/rpi/files/etc/cos/config
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# cOS configuration file
# This file allows to tweak cOS configuration such as: default upgrade/recovery image and GRUB menu entry

# Disable/enable image verification during upgrades ( default: true )
VERIFY=false

# Disable cosign by default
COSIGN=false

# Disable/enable upgrades via release channels instead of container images. ( default: true )
CHANNEL_UPGRADES=false

# Default container image used for upgrades. ( defaults to system/cos with channel CHANNEL_UPGRADES enabled )
UPGRADE_IMAGE="quay.io/costoolkit/examples:rpi-latest"

# Default recovery image to use when upgrading the recovery partition
# ( defaults to recovery/cos in vanilla cOS images with channel CHANNEL_UPGRADES enabled. Otherwise it defaults to UPGRADE_IMAGE ).
RECOVERY_IMAGE="quay.io/costoolkit/examples:rpi-latest"

# GRUB entry to display on boot. ( defaults: cOS )
GRUB_ENTRY_NAME="cOS RPI example"

# Space separated list of additional paths that are used to
# source cloud-config from. ( defaults paths are: /system/oem /oem/ /usr/local/cloud-config/ )
CLOUD_INIT_PATHS=""

# This is the directory that can be used to store cloud-init files that can be enabled/disabled in runtime
# by cos-features. ( defaults to /system/features )
COS_FEATURESDIR="/system/features"

# This is the repository that hosts the signature files used by cosign and luet-cosign plugin during upgrade/deploy to
# check the artifact signatures
COSIGN_REPOSITORY="raccos/releases-green"

# This sets keyless verify on building packages with luet and the luet-cosign plugin.
# 1 = enabled keyless, 0 = disabled, uses normal public key verification
COSIGN_EXPERIMENTAL=0

# This sets the location of the public key to use to verify the packages installed by luet during upgrade/deploy
# This can be set to file, URL, KMS URI or Kubernetes Secret
# This is only used if COSIGN_EXPERIMENTAL is set to 0
COSIGN_PUBLIC_KEY_LOCATION=""

# Default size (in MB) of disk image files (.img) created during upgrades
DEFAULT_IMAGE_SIZE=1200

# Path to default configuration grub file
GRUBCONF="/etc/cos/grub.cfg"
2 changes: 2 additions & 0 deletions examples/rpi/files/etc/os-release
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
VERSION="1.0"
PRETTY_NAME="cOS green sample"
16 changes: 16 additions & 0 deletions examples/rpi/files/system/oem/01_layout.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: "Immutable Layout"
stages:
rootfs:
# As the image creation script doesn't set up any COS_PERSISTENT partition
# or we either partition one on boot, or the user has to provide it.
# With this setting we don't require COS_PERSISTENT to be mounted,
# that means that the system will boot only in ephemeral mode with no persistency except
# OEM files.
# To override this behavior, simply overwrite this file OR specify
# a cloud init which is executed after this one in the /oem partition (e.g. 02_custom_layout.yaml ).
- if: '[ ! -f "/run/cos/recovery_mode" ]'
name: "Don't require COS_PERSISTENT"
environment_file: /run/cos/cos-layout.env
environment:
VOLUMES: "LABEL=COS_OEM:/oem"
OVERLAY: "tmpfs:25%"
17 changes: 17 additions & 0 deletions examples/rpi/files/system/oem/04_accounting.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Default cOS OEM configuration file
#
# This file is part of cOS and will get reset during upgrades.
#
# Before you change this file manually,
# consider copying this file to /usr/local/cloud-config or
# copy the file with a prefix starting by 90, e.g. /oem/91_custom.yaml
name: "Default user"
stages:
initramfs:
- name: "Setup users"
ensure_entities:
- path: /etc/shadow
entity: |
kind: "shadow"
username: "root"
password: "cos"