* Add cloud-init paths of the new root in 'after-*' hooks
This commit enables to run the non chrooted 'after-*' hooks
included in the newly deployed image root. This specially applies to the
install, reset, upgrade and build-disk commands.
Moreover, 'after-disk' command now includes static reference paths to
the new root and working directory, so that those can be used within
the hooks regardless of the choosen output directory.
* Include arm-firwmare feature
This commit introduces an arm-firmware feature adding
the required after-* hooks to ensure the RPi firmware is
copied to the EFI partition.
It could be, eventually, extended to support other boards
and it does not harm systems which are not including RPi
firmware.
* Allow features to be passed as arguments
Signed-off-by: David Cassany <dcassany@suse.com>
* Allow skipping TLS verification on registries
Signed-off-by: David Cassany <dcassany@suse.com>
* Improve error logging
Signed-off-by: David Cassany <dcassany@suse.com>
* Fix flag default value
Signed-off-by: David Cassany <dcassany@suse.com>
* Fix image extractor mock and use default TLS verification for tests
Signed-off-by: David Cassany <dcassany@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
* Make EFI partition size configurable at install time
* Add a custom EFI size test
* Rename efi to bootloader partition in config.yaml
* Rename EFI variable to Boot
* Rename constants
Signed-off-by: David Cassany <dcassany@suse.com>
* Add extra-cmdline flag to build-iso command
The extra-cmdline can be used to customize the kernel commandline used
for the ISO.
Some arbitrary flags were moved to the extra-cmdline in order to support
overriding security and consoles.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
In this commit we add selinux support to the mount command.
During mount we put a list of persistent+ephemeral directories in
/run/systemd/extra-relabel.d/elemental.layout in order to make systemd
relabel the directories before loading the policy.
We also try to chroot into the new sysroot and run setfiles using a find
wrapper to set on deepest files first.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Snapshottable recovery system
Deploy the entire recovery system to the same folder (kernel, initrd and
rootfs).
During upgrade deploy to a transitional folder and then switch it with
the current recovery system and then delete the old one.
This makes sure we clean up old recovery systems and don't risk mixing
systems during upgrade.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Default recovery system to squashfs
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor build-iso
Refactors build-iso command to use the new DeployRecoverySystem method.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor install command
Use DeployRecoverySystem to deploy the recovery system.
Needs some changes to grub.cfg to be fully compatible and also extracts
the bootargs.cfg file into the recovery partition.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor build-disk command
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor upgrade-recovery command
This commit changes the DeployRecoverySystem method to remove any
conflicting boot artifacts before copying the new files.
Also adds power and squashfs compression flags to the command.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* bump elemental-toolkit to v2
Signed-off-by: David Cassany <dcassany@suse.com>
* Move pkg/types/v2 to simply pkg/types
This commit leaves the code with a single set of types
and in refers to it as the types packge instead of
v1 or v2.
For the time being we do not foresee managing more
than one single major version of type within the
same code.
Signed-off-by: David Cassany <dcassany@suse.com>
* Stop referring to mocks package as v2mock in favor of simply 'mocks'
Signed-off-by: David Cassany <dcassany@suse.com>
* Fix leftovers after rebase
Signed-off-by: David Cassany <dcassany@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
* Implement to upgrade-recovery sub command
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Update Upgrade documentation
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
---------
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Implementation of Btrfs snapshotter
* Btrfs based examples
* Refined and adapt features
* Update build-disk to new snapshotter and prevent including State partition on expandable images
* Remove /oem bind mount in initramfs, already mounted by mount command
* Adapt unit tests
* Add mount command unit tests
* Make grubfallback test more generic
* Adding btrfs snapshotter unit tests and fixing default snapshotter config constructor
* Add utils test
* Fix upgrade ENV variables mapping
* Include transactional-update package in example
* Fix persistent bind mounts
* Make sure state is RW mounted upgrading from legacy
* Remove unused passive symlinks for loopdevice
* Fix upgrade from older version
Signed-off-by: David Cassany <dcassany@suse.com>
This commit allows to set specific additional mount
points for block devices in mount command. They can
be set by label, partlabel, uuid and device path.
In addition this commit also introduces some logic
to precompute initial fstab lines for sysroot and
other mounts done in previous stages.
Signed-off-by: David Cassany <dcassany@suse.com>
* Refactor to switch to snapshotter interface
This commit adopts snapshotter interface in install,
reset and upgrade commands. The change implies changes
to the respective specs, grub configuration and dracut
modules.
This commit also changes the behavior of recovery system
upgrades. Now recovery upgrades are an optional step
of a system upgrade. Recovery image can't be upgraded
without upgrading the active system.
Finally build-disk command is also changed to be better
aligned with upgrade and install procedures. Expandable
disks are an unprivileged build and non expandable ones
require privileges as they relay on snapshotter.
* Attempting to fix integration tests
* Adding a migration path from legacy deployments
* Omit /etc/resolv.conf for dir:// paths
* Adaptations after rebase
* Make sure we also mount EFI in upgrades if it was not already mounted
* Default maximum number of snapshots is 2
* Upgrade grub to EFI partition
* Improve recovery management
* Recovery back to ext2 by default
* Adapt upgrade after rebase
Signed-off-by: David Cassany <dcassany@suse.com>
Specifically bumping from v1.7.2 to v4.3.0. We were pretty outdated.
This commit could not get rid of the old version dependency completely
because yip requires a vfs v1 within the plugin API and we implement
a yip plugin for partitioning in elemental-toolkit. Because of that
both versions are coexisting.
Signed-off-by: David Cassany <dcassany@suse.com>
* Load mount-layout from .env-files
Adds code to load environment variables OVERLAY, RW_PATHS,
PERSISTENT_STATE_PATHS and PERSISTENT_STATE_BINDS during mounting.
The variables are read from /run/cos/cos-layout.env and
/run/elemental/mount-layout.env if they exist.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add mount command
The mount command mounts the system and is meant to run in an initrd to
actually mount the root filesystem and use systemd to switch-root into
it.
It also optionally writes an /etc/fstab file to the newly mounted
system so that systemd will mount the system after switching root.
The command is used in the new dracut module elemental-rootfs, which
will coexist with immutable-rootfs (they are functionally the same)
until immutable-rootfs can be deprecated.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add tmpfs overlay mount
Mounts a tmpfs to /run/elemental/overlay with size= flag set
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Examples use the new elemental-rootfs
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add persistent overlay mounts
Persistent mounts use the /run/elemental/persistent/.state directory to
store upper and work dirs.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add sentinel files
Write sentinel file (active_mode, passive_mode, recovery_mode) to
/run/cos or /run/elemental based on which kernel cmdline is used
(cos-img/filename or elemental.image)
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Read kernel cmdline for mount
This commit adds capabilities to the mount command to read configuration
from the kernel cmdline. The supported parameters are:
* elemental.disable + rd.cos.disable
* elemental.image + cos-img/filename
* elemental.oemlabel + rd.cos.oemlabel
In the new elemental.image parameter we can specify
active|passive|recovery instead of the path to the image.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Enable recovery booting and reset
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Load env vars
Currently supported:
* OVERLAY
* RW_PATHS
* PERSISTENT_STATE_PATHS
* PERSISTENT_STATE_BIND
Loaded from files (if they exist):
* /run/elemental/layout.env
* /run/cos/cos-layout.env
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Run rootfs stage inside mount command
Since the rootfs stage should be run between mounting the image and
mounting the rest of the system I added a call to RunStage that takes
care of this and then uses godotenv dependency to actually load
/run/elemental/layout.env and /run/cos/cos-layout.env.
This means the old way of generating layout files will still work with
the new mount-command.
The caveat here is that in the current implementation the rootfs stage
will run twice, once from the elemental-setup-rootfs service and once
from this command. I would say the easiest way forward is to remove the
elemental-setup-rootfs when switching to elemental-rootfs as the default
mounting module.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add persistent bind mounts
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add block overlay
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Use registry.opensuse.org for example images
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Minor changes to get tests working
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fsck partitions before mounting
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fix for fsck
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
More mount tests
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Comment mount example configuration
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add elemental-setup services to elemental-rootfs
The elemental-setup and rootfs features are heavily dependent on each
other.
This commit copies the elemental-setup feature into elemental-rootfs,
and changes the mount-command to actually start the
elemental-setup-rootfs service during mount to not run the yip rootfs
stage twice.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fix lint goconst
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add elemental-sysroot feature
The features elemental-sysroot, elemental-rootfs and elemental-setup are
used for mounting the root filesystem and all overlays.
elemental-sysroot is used for mounting state/recovery partition to
/run/elemental/state, and then mounting the image from the partition
based on kernel parameters.
elemental-setup actually runs the different stages of boot using
elemental run-stage command.
elemental-rootfs runs the 'elemental mount' command to mount tmpfs
overlays, persistent overlays and then writes the /etc/fstab to actually
mount when pivoting to the new root.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update sysroot, setup and rootfs dracut modules
This commit goes through the early systemd services run in dracut and
adds Wants,Before,Requires to each step to make them run during the
correct stage of the bootup (man dracut.bootup).
We also change all the /run/cos and /run/initramfs/cos-state to the new
/run/elemental and /run/initramfs/elemental-state directories.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Test compatibility
Tests still use /run/cos, this commit adds back
/run/cos/active|passive|recovery_mode files
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update to latest ele-testhelpers
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Forwards compatibility for immutable-rootfs feat
This commit makes the immutable-rootfs module forwards compatible with
the other changes in mount, elemental-sysroot and elemental-setup.
It uses the new elemental.image and elemental.oemlabel cmdline paramters
if found, otherwise falls back to the old parameters and also sets the
/run/elemental/active|passive|recovery_mode files.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update init features for green and tumbleweed
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Remove oem mounts from elemental-setup-initramfs
This should fix installer-tests in CI since the /oem might not exist
when booting from ISO.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This commit moves grub logic into its own bootloader interface.
In addition it adds helper methods to find EFI binaries, kernel and
initrd based on patterns. No longer a distro detection is required.
It also sets an elemental criteria for those bootloader files. In fact
first place to look at is /usr/lib/elemental/bootloader, which gives a chance
within the OS Dockerfile to prepare EFI binaries if default distro
paths are not matching any of the default Elemental patterns.
Kernel and initrd symlinks as /boot/vmlinuz and /boot/initrd are also
created within the init command. This gives at build time more
confidence that the kernel and initrd are set consistently with
Elemental expectations.
As part of the refactor BIOS firmware and MSDOS partition tables support
is finally dropped.
Signed-off-by: David Cassany <dcassany@suse.com>
* Add target for rpi disk
This commit adds a flavor for tumbleweed raspberry pi image that uses a
after-disk hook to copy firmware into the EFI partition.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add DOCKER_SOCK Makefile variable
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Rebase rpi example to leap
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Remove existing file during build-disk
This commit makes build-disk command behave like build-iso in that it
will remove an existing raw disk before writing the new disk and log a
warning.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Use toolkit image to build isos
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This PR allows the deployment-command used when building expandable
disk-images to be configured by the user.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Use build-disk command
This commit changes the way we build our test disks.
It uses the new build-disk command instead of losetup and the install
command. This means we can run build-disk without privileges and
also build expandable images.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This commit adds in elemental client the build-disk command. With this command we can eventually build an image that includes partitions:
* EFI
* OEM
* Recovery
* State
Having State partition to match the minimum size (to reduce resulting image size), only includes config files no image.
Then the State partition could be expanded on first boot to desired size (build-disk command already pre-appends the required cloud-config files for that to happen) and then the Persistent partition created at the end with all the available space (or some desired specific size too).
This setup can be executed without running a single mount (thanks to squashfs usage), meaning this disk could be built in a container or Dockerfile (like we do with ISOs).
Building full disks including all partitions with an specified size is still possible, however this approach requires mount privileges and because of that it can't be executed inside non privileged containers.
Signed-off-by: David Cassany <dcassany@suse.com>
* Add multi-arch support for pulling images
This commit refactors the image pulling and extracting to be able to
cross-build isos.
In order to do this we make use of go-containerregistry and containerd
to pull and extract the image.
This refactor also removes alot of luet functionality mostly used for
build-disk command which has been deprecated.
* Introduce Platform struct
Keep --arch flag and use both --arch and --platform to parse into new
struct.
The struct keeps both arch and golang-arch, since x86_64 and amd64 are
used in different contexts (grub/efi artifacts vs container platforms).
If both --arch and --platform are specified platform takes precedence.
Platform flags are also added to install-command in order to be able to
cross-arch install to loopback-devices.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fredrik Lönnegren