This prevents errors with non chrooted setfiles calls
in which fail due to policy divergences between host and
target.
For that purpose a new option to chroot utility has
been included to allow chroot without setting the default
bind mounts for /dev/, /sys and /proc.
Signed-off-by: David Cassany <dcassany@suse.com>
(cherry picked from commit a8982b16ce)
* Fixes squashfs images creation (bsc#1233289)
If upgrading from a container including the root of the host
mounted in /host the upgrade process does not exclude the /host
path and other stateful paths such as /run.
This commit sets the default excludes used in rsync calls
to also apply for mksquashfs.
Signed-off-by: David Cassany <dcassany@suse.com>
* Define static method for default exclude relative paths
This commit defines static methods for excluded paths in
sync operations. One method for relative paths and
another one with the same result rooted to a given path.
It also uses wildcards to only exclude certain directories
content while keeping the directory itself.
Signed-off-by: David Cassany <dcassany@suse.com>
* Add some additional unit tests for rsync wrappers
Signed-off-by: David Cassany <dcassany@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
* Add cloud-init paths of the new root in 'after-*' hooks
This commit enables to run the non chrooted 'after-*' hooks
included in the newly deployed image root. This specially applies to the
install, reset, upgrade and build-disk commands.
Moreover, 'after-disk' command now includes static reference paths to
the new root and working directory, so that those can be used within
the hooks regardless of the choosen output directory.
* Include arm-firwmare feature
This commit introduces an arm-firmware feature adding
the required after-* hooks to ensure the RPi firmware is
copied to the EFI partition.
It could be, eventually, extended to support other boards
and it does not harm systems which are not including RPi
firmware.
* Allow features to be passed as arguments
Signed-off-by: David Cassany <dcassany@suse.com>
* Enable SELinux for tumbleweed and rename it to green
Signed-off-by: David Cassany <dcassany@suse.com>
* Disable SELinux on recovery and refine relabelling
Signed-off-by: David Cassany <dcassany@suse.com>
* Remove k3s-selinux, not needed for examples
Signed-off-by: David Cassany <dcassany@suse.com>
* Improve SELinux labelling
Signed-off-by: David Cassany <dcassany@suse.com>
* Fix unit tests
Signed-off-by: David Cassany <dcassany@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
* Snapshottable recovery system
Deploy the entire recovery system to the same folder (kernel, initrd and
rootfs).
During upgrade deploy to a transitional folder and then switch it with
the current recovery system and then delete the old one.
This makes sure we clean up old recovery systems and don't risk mixing
systems during upgrade.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Default recovery system to squashfs
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor build-iso
Refactors build-iso command to use the new DeployRecoverySystem method.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor install command
Use DeployRecoverySystem to deploy the recovery system.
Needs some changes to grub.cfg to be fully compatible and also extracts
the bootargs.cfg file into the recovery partition.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor build-disk command
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor upgrade-recovery command
This commit changes the DeployRecoverySystem method to remove any
conflicting boot artifacts before copying the new files.
Also adds power and squashfs compression flags to the command.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Allow both cos.setup and elemental.setup in kernel cmdline.
* Use elemental.setup and elemental.disable in ISO grub config.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* bump elemental-toolkit to v2
Signed-off-by: David Cassany <dcassany@suse.com>
* Move pkg/types/v2 to simply pkg/types
This commit leaves the code with a single set of types
and in refers to it as the types packge instead of
v1 or v2.
For the time being we do not foresee managing more
than one single major version of type within the
same code.
Signed-off-by: David Cassany <dcassany@suse.com>
* Stop referring to mocks package as v2mock in favor of simply 'mocks'
Signed-off-by: David Cassany <dcassany@suse.com>
* Fix leftovers after rebase
Signed-off-by: David Cassany <dcassany@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
* Exclude default system paths when deploying images
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Use constants.RunningStateDir when updating install state file
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Implementation of Btrfs snapshotter
* Btrfs based examples
* Refined and adapt features
* Update build-disk to new snapshotter and prevent including State partition on expandable images
* Remove /oem bind mount in initramfs, already mounted by mount command
* Adapt unit tests
* Add mount command unit tests
* Make grubfallback test more generic
* Adding btrfs snapshotter unit tests and fixing default snapshotter config constructor
* Add utils test
* Fix upgrade ENV variables mapping
* Include transactional-update package in example
* Fix persistent bind mounts
* Make sure state is RW mounted upgrading from legacy
* Remove unused passive symlinks for loopdevice
* Fix upgrade from older version
Signed-off-by: David Cassany <dcassany@suse.com>
* Refactor to switch to snapshotter interface
This commit adopts snapshotter interface in install,
reset and upgrade commands. The change implies changes
to the respective specs, grub configuration and dracut
modules.
This commit also changes the behavior of recovery system
upgrades. Now recovery upgrades are an optional step
of a system upgrade. Recovery image can't be upgraded
without upgrading the active system.
Finally build-disk command is also changed to be better
aligned with upgrade and install procedures. Expandable
disks are an unprivileged build and non expandable ones
require privileges as they relay on snapshotter.
* Attempting to fix integration tests
* Adding a migration path from legacy deployments
* Omit /etc/resolv.conf for dir:// paths
* Adaptations after rebase
* Make sure we also mount EFI in upgrades if it was not already mounted
* Default maximum number of snapshots is 2
* Upgrade grub to EFI partition
* Improve recovery management
* Recovery back to ext2 by default
* Adapt upgrade after rebase
Signed-off-by: David Cassany <dcassany@suse.com>
Specifically bumping from v1.7.2 to v4.3.0. We were pretty outdated.
This commit could not get rid of the old version dependency completely
because yip requires a vfs v1 within the plugin API and we implement
a yip plugin for partitioning in elemental-toolkit. Because of that
both versions are coexisting.
Signed-off-by: David Cassany <dcassany@suse.com>
* Add mount command
The mount command mounts the system and is meant to run in an initrd to
actually mount the root filesystem and use systemd to switch-root into
it.
It also optionally writes an /etc/fstab file to the newly mounted
system so that systemd will mount the system after switching root.
The command is used in the new dracut module elemental-rootfs, which
will coexist with immutable-rootfs (they are functionally the same)
until immutable-rootfs can be deprecated.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add tmpfs overlay mount
Mounts a tmpfs to /run/elemental/overlay with size= flag set
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Examples use the new elemental-rootfs
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add persistent overlay mounts
Persistent mounts use the /run/elemental/persistent/.state directory to
store upper and work dirs.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add sentinel files
Write sentinel file (active_mode, passive_mode, recovery_mode) to
/run/cos or /run/elemental based on which kernel cmdline is used
(cos-img/filename or elemental.image)
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Read kernel cmdline for mount
This commit adds capabilities to the mount command to read configuration
from the kernel cmdline. The supported parameters are:
* elemental.disable + rd.cos.disable
* elemental.image + cos-img/filename
* elemental.oemlabel + rd.cos.oemlabel
In the new elemental.image parameter we can specify
active|passive|recovery instead of the path to the image.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Enable recovery booting and reset
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Load env vars
Currently supported:
* OVERLAY
* RW_PATHS
* PERSISTENT_STATE_PATHS
* PERSISTENT_STATE_BIND
Loaded from files (if they exist):
* /run/elemental/layout.env
* /run/cos/cos-layout.env
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Run rootfs stage inside mount command
Since the rootfs stage should be run between mounting the image and
mounting the rest of the system I added a call to RunStage that takes
care of this and then uses godotenv dependency to actually load
/run/elemental/layout.env and /run/cos/cos-layout.env.
This means the old way of generating layout files will still work with
the new mount-command.
The caveat here is that in the current implementation the rootfs stage
will run twice, once from the elemental-setup-rootfs service and once
from this command. I would say the easiest way forward is to remove the
elemental-setup-rootfs when switching to elemental-rootfs as the default
mounting module.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add persistent bind mounts
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add block overlay
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Use registry.opensuse.org for example images
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Minor changes to get tests working
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fsck partitions before mounting
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fix for fsck
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
More mount tests
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Comment mount example configuration
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add elemental-setup services to elemental-rootfs
The elemental-setup and rootfs features are heavily dependent on each
other.
This commit copies the elemental-setup feature into elemental-rootfs,
and changes the mount-command to actually start the
elemental-setup-rootfs service during mount to not run the yip rootfs
stage twice.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fix lint goconst
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add elemental-sysroot feature
The features elemental-sysroot, elemental-rootfs and elemental-setup are
used for mounting the root filesystem and all overlays.
elemental-sysroot is used for mounting state/recovery partition to
/run/elemental/state, and then mounting the image from the partition
based on kernel parameters.
elemental-setup actually runs the different stages of boot using
elemental run-stage command.
elemental-rootfs runs the 'elemental mount' command to mount tmpfs
overlays, persistent overlays and then writes the /etc/fstab to actually
mount when pivoting to the new root.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update sysroot, setup and rootfs dracut modules
This commit goes through the early systemd services run in dracut and
adds Wants,Before,Requires to each step to make them run during the
correct stage of the bootup (man dracut.bootup).
We also change all the /run/cos and /run/initramfs/cos-state to the new
/run/elemental and /run/initramfs/elemental-state directories.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Test compatibility
Tests still use /run/cos, this commit adds back
/run/cos/active|passive|recovery_mode files
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update to latest ele-testhelpers
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Forwards compatibility for immutable-rootfs feat
This commit makes the immutable-rootfs module forwards compatible with
the other changes in mount, elemental-sysroot and elemental-setup.
It uses the new elemental.image and elemental.oemlabel cmdline paramters
if found, otherwise falls back to the old parameters and also sets the
/run/elemental/active|passive|recovery_mode files.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update init features for green and tumbleweed
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Remove oem mounts from elemental-setup-initramfs
This should fix installer-tests in CI since the /oem might not exist
when booting from ISO.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This commit moves grub logic into its own bootloader interface.
In addition it adds helper methods to find EFI binaries, kernel and
initrd based on patterns. No longer a distro detection is required.
It also sets an elemental criteria for those bootloader files. In fact
first place to look at is /usr/lib/elemental/bootloader, which gives a chance
within the OS Dockerfile to prepare EFI binaries if default distro
paths are not matching any of the default Elemental patterns.
Kernel and initrd symlinks as /boot/vmlinuz and /boot/initrd are also
created within the init command. This gives at build time more
confidence that the kernel and initrd are set consistently with
Elemental expectations.
As part of the refactor BIOS firmware and MSDOS partition tables support
is finally dropped.
Signed-off-by: David Cassany <dcassany@suse.com>
This commit adds in elemental client the build-disk command. With this command we can eventually build an image that includes partitions:
* EFI
* OEM
* Recovery
* State
Having State partition to match the minimum size (to reduce resulting image size), only includes config files no image.
Then the State partition could be expanded on first boot to desired size (build-disk command already pre-appends the required cloud-config files for that to happen) and then the Persistent partition created at the end with all the available space (or some desired specific size too).
This setup can be executed without running a single mount (thanks to squashfs usage), meaning this disk could be built in a container or Dockerfile (like we do with ISOs).
Building full disks including all partitions with an specified size is still possible, however this approach requires mount privileges and because of that it can't be executed inside non privileged containers.
Signed-off-by: David Cassany <dcassany@suse.com>
The current implementation has a memory leak, use Ticker instead.
Also add `--partial`, `--progress`, `--human-readable` flags to rsync
call.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add multi-arch support for pulling images
This commit refactors the image pulling and extracting to be able to
cross-build isos.
In order to do this we make use of go-containerregistry and containerd
to pull and extract the image.
This refactor also removes alot of luet functionality mostly used for
build-disk command which has been deprecated.
* Introduce Platform struct
Keep --arch flag and use both --arch and --platform to parse into new
struct.
The struct keeps both arch and golang-arch, since x86_64 and amd64 are
used in different contexts (grub/efi artifacts vs container platforms).
If both --arch and --platform are specified platform takes precedence.
Platform flags are also added to install-command in order to be able to
cross-arch install to loopback-devices.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* chore: Updated the content of the file "/tmp/updatecli/github/element...
... al-ci/elemental-cli/go.mod"
Made with ❤️️ by updatecli
* chore: changed lines [1] of file "/tmp/updatecli/github/elemental-ci/...
... elemental-cli/Dockerfile"
Made with ❤️️ by updatecli
* Fix lints
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Co-authored-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Bump to yip v1.0.2
* fix unit tests
* Update cmd/cloud-init_test.go
Signed-off-by: David Cassany <dcassany@suse.com>
Co-authored-by: Francesco Giudici <francesco.giudici@gmail.com>
* Set labels used by grub to find system disks
This commit sets GRUB persistent variables for filesystem labels after
install/upgrade/reset. These labels are used in the new GRUB
configuration when booting the system.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Changes to recovery/system grub-labels
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add grub persisten_label
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Try fixing test panic
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Refactor GRUB labels
Add spec->map conversion and tests.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Use same constants package in install action
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add upgrade tests for grub labels
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add reset test for grub labels
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This commit includes the default cloud-init paths
as part of the default configuration. In addition
the cloud init paths are moved to the main configuration
struct, as the could potentially be used in build
configuration struct too.
In fact, the default cloud-init paths are only applied
for the runtime configuration and not for the build time
configuration (at build time the host is not necessarily an
Elemental based OS).
Signed-off-by: David Cassany <dcassany@suse.com>
In addition this commit also drops setting a tty feature, basically
for three reasons:
* Parsing and changing the grub.cfg is an error prone approach as
elemental-cli does not control grub.cfg contents. Also dynamic changes on
OS files are discouraged.
* There are easier and more robust ways to add extra kernel parameters
using grub2 persistent variables.
* The current approach might not be really functional in all cases as
it is based on host's /dev analysis, which is not necessarily the same
as the target system.
Signed-off-by: David Cassany <dcassany@suse.com>
* Trim spaces and new lines from cos.setup value
* Honor cloud-init-paths from configuration in run-stage subcommand
Signed-off-by: David Cassany <dcassany@suse.com>
* Elemental image deploy refactor
This commit refactors elemental image deploy procedure to always create
and prepare the root tree in a temporary folder before synching it to
a filesystem image most likely as a mounted loop device.
This change has a couple of immediate benefits:
1. We can precompute the root tree size before creating the filesystem
image. Hence image sizes can be adjusted to root-tree size.
2. There is no path differentiation between filesystems. The root tree
is prepared following the same logic independently of the target
filesystem. Squashfs is no longer an exception, building the image
follows the same logic as it was any other writable filesystem.
We also can argue this is a simple, robust and flexible logic compared
with the previous code.
The counter part is having to prepare the root-tree to later on copy it
to the final image, this causes the root-tree to be written twice, one
to prepare it and another one to sync it to the target location.
* Preserve file mode in CopyFile
* Adapt unit tests
* Fix typo
Signed-off-by: David Cassany <dcassany@suse.com>
David Cassany