project-machine · hallyn · Nov 2, 2023 · Oct 16, 2023 · Oct 28, 2023 · Oct 30, 2023
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -17,96 +17,27 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: 1.21
-      - name: install dependencies
-        run: |
-          sudo apt-get update
-          sudo add-apt-repository -y ppa:puzzleos/dev
-          sudo apt-get -y install \
-            bats cryptsetup-bin expect libacl1-dev libarchive-tools \
-            libcryptsetup-dev libgpgme-dev libcap-dev \
-            libdevmapper-dev liblxc-dev libpam0g-dev \
-            libseccomp-dev libsquashfs-dev lxc lxc-dev make mtools\
-            openssl pip pkgconf skopeo socat squashfuse swtpm jq \
-            uidmap umoci qemu-utils qemu-system-x86 xorriso \
-            ubuntu-dev-tools make gcc squashfs-tools sbsigntool \
-            python3-yaml
-          sudo modprobe kvm
-          sudo adduser $(whoami) kvm
-          sudo chmod o+rw /dev/kvm
-          sudo systemctl restart user@$(id -u runner)
-          sudo systemctl start dbus
-          sudo pip install virt-firmware
-          echo "XXX some debug"
-          cat /proc/self/status
-          ls -l /run/user
-          ls -l /dev/kvm
-          id -u
-          id -u runner
-          ps -ef
-      - name: setup lxc
-        run: |
-          chmod ugo+x $HOME
-          cat /etc/subuid /etc/subgid
-          u=$(id -un) && g=$(id -gn)
-          echo "u=$u g=$g"
-          uidmap=$(awk -F: '$1 == u { print $2, $3 }' "u=$u" /etc/subuid)
-          gidmap=$(awk -F: '$1 == g { print $2, $3 }' "g=$g" /etc/subgid)
-          if [ "$u" = "runner" ] && [ -z "$gidmap" ]; then
-            # 'id -gn' shows docker, but 'runner' is in subgid
-            g="runner"
-            gidmap=$(awk -F: '$1 == g { print $2, $3 }' "g=$g" /etc/subgid)
-          fi
-          echo "uidmap=$uidmap."
-          echo "gidmap=$gidmap."
-          [ -n "$uidmap" ] && [ -n "$gidmap" ] ||
-              { echo "did not get uidmap or gidmap for u=$u g=$g"; exit 1; }
-          mkdir -p ~/.config/lxc/
-          echo "writing .config/lxc/default.conf"
-          tee ~/.config/lxc/default.conf <<EOF
-          lxc.include = /etc/lxc/default.conf
-          lxc.idmap = u 0 $uidmap
-          lxc.idmap = g 0 $gidmap
-          EOF
-          set -x
-          cat ~/.config/lxc/default.conf
-          cat /etc/subuid
 
-          echo "writing /etc/lxc/lxc-usernet"
-          echo "$u veth lxcbr0 100" | sudo tee -a /etc/lxc/lxc-usernet
-      - name: install stacker
-        run: |
-          wget -O ~/bin/stacker --progress=dot:mega https://github.com/project-stacker/stacker/releases/download/v1.0.0-rc5/stacker
-          chmod 755 ~/bin/stacker
-      - name: install skopeo
+      - name: setup host
         run: |
-          wget -O ~/bin/skopeo --progress=dot:mega https://github.com/project-machine/tools/releases/download/v0.0.1/skopeo
-          chmod 755 ~/bin/skopeo
-          sudo cp -f ~/bin/skopeo /usr/bin/skopeo
+          bash ./tools/setup-host.bash
+
       - name: lint
         run: |
           make gofmt
+
       - name: make
         run: |
           go get -v ./...
           make
 
-      - name: test preparation
-        run: |
-          wget -O ~/bin/machine --progress=dot:mega https://github.com/project-machine/machine/releases/download/v0.1.2/machine-linux-amd64
-          wget -O ~/bin/machined --progress=dot:mega https://github.com/project-machine/machine/releases/download/v0.1.2/machined-linux-amd64
-          chmod 755 ~/bin/machine ~/bin/machined
-          mkdir -p ~/.config/systemd/user/
-          export  PATH=~/bin:$PATH
       - name: test
         run: |
-          id
-          mkdir -p /run/user/$(id -u)/containers
-          chmod go+rx /run/user/$(id -u)
-          chmod go+rx /run/user/$(id -u)/containers
           nohup ~/bin/machined > /tmp/machined.out 2>&1 &
-          timeout 20m make test
+          timeout 60m make test
           timeout 20m bats tests/livecd1.bats
           timeout 20m bats tests/livecd2.bats
+
       - name: show journal output
         if: always()
         run: |
@@ -131,7 +62,7 @@ jobs:
           file: 'layers/stacker.yaml'
           build-args: |
             ZOT_VERSION=2.0.0-rc5
-            ROOTFS_VERSION=v0.0.15.230901
+            ROOTFS_VERSION=v0.0.17.231018
           url: docker://zothub.io/machine/bootstrap
           tags: ${{ github.event.release.tag_name }}
           username: ${{ secrets.ZOTHUB_USERNAME }}

diff --git a/Makefile b/Makefile
@@ -10,7 +10,11 @@ ORAS_VERSION := 1.0.0-rc.1
 REGCTL := $(TOOLSDIR)/bin/regctl
 REGCTL_VERSION := 0.5.0
 TOPDIR := $(shell git rev-parse --show-toplevel)
-BOOTKIT_VERSION ?= "v0.0.15.230901"
+#BOOTKIT_VERSION ?= "v0.0.17.231018"
+# We need a bootkit with new mosctl which knows about the new network.
+# So use a manually built one.  Then we can auot-build new bootkit,
+# then update the below to the real v0.0.18.2311XX version.
+BOOTKIT_VERSION ?= "v0.0.18.tmp"
 ROOTFS_VERSION = $(BOOTKIT_VERSION)
 
 archout = $(shell arch)
@@ -33,7 +37,7 @@ all: mosctl mosb trust $(ZOT) $(ORAS) $(REGCTL)
 
 VERSION_LDFLAGS=-X github.com/project-machine/mos/pkg/mosconfig.Version=$(MAIN_VERSION) \
 	-X github.com/project-machine/mos/pkg/trust.Version=$(MAIN_VERSION) \
-	-X github.com/project-machine/mos/pkg/mosconfig.LayerVersion=0.0.3 \
+	-X github.com/project-machine/mos/pkg/mosconfig.LayerVersion=0.0.4 \
 	-X github.com/project-machine/mos/pkg/trust.BootkitVersion=$(BOOTKIT_VERSION)
 
 mosctl: .made-gofmt $(GO_SRC)

diff --git a/cmd/mosb/main.go b/cmd/mosb/main.go
@@ -1,11 +1,13 @@
 package main
 
 import (
+	"fmt"
 	"os"
 
 	"github.com/apex/log"
 	"github.com/project-machine/mos/pkg/mosconfig"
 	"github.com/urfave/cli"
+	"gopkg.in/yaml.v2"
 )
 
 func main() {
@@ -16,6 +18,7 @@ func main() {
 		manifestCmd,
 		mkBootCmd,
 		mkProvisionCmd,
+		readSpec,
 	}
 	app.Flags = []cli.Flag{
 		cli.BoolFlag{
@@ -35,3 +38,30 @@ func main() {
 		log.Fatalf("%v\n", err)
 	}
 }
+
+var readSpec = cli.Command{
+	Name:   "readspec",
+	Usage:  "read a manifest.yaml and print out resulting struct",
+	Action: doReadSpec,
+	Hidden: true,
+	UsageText: `in-file
+		  in-file: file to read`,
+}
+
+func doReadSpec(ctx *cli.Context) error {
+	args := ctx.Args()
+	if len(args) < 1 {
+		return fmt.Errorf("input file is a required positional argument")
+	}
+
+	bytes, err := os.ReadFile(args[0])
+	if err != nil {
+		return err
+	}
+	var manifest mosconfig.ImportFile
+	if err = yaml.Unmarshal(bytes, &manifest); err != nil {
+		return err
+	}
+	fmt.Printf("result: %#v", manifest)
+	return nil
+}
diff --git a/cmd/mosctl/boot.go b/cmd/mosctl/boot.go
@@ -0,0 +1,28 @@
+package main
+
+import (
+	"github.com/pkg/errors"
+	"github.com/project-machine/mos/pkg/mosconfig"
+	"github.com/urfave/cli"
+)
+
+var bootCmd = cli.Command{
+	Name:   "boot",
+	Usage:  "start all services listed in mos manifest",
+	Action: doBootCmd,
+}
+
+func doBootCmd(ctx *cli.Context) error {
+	opts := mosconfig.DefaultMosOptions()
+	mos, err := mosconfig.OpenMos(opts)
+	if err != nil {
+		return errors.Wrapf(err, "Failed opening mos")
+	}
+
+	err = mos.Boot()
+	if err != nil {
+		return errors.Wrapf(err, "Failed to boot")
+	}
+
+	return nil
+}
diff --git a/cmd/mosctl/main.go b/cmd/mosctl/main.go
@@ -17,6 +17,7 @@ func main() {
 	app.Commands = []cli.Command{
 		createBootFsCmd,
 		activateCmd,
+		bootCmd,
 		installCmd,
 		mountCmd,
 		updateCmd,

diff --git a/go.mod b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/opencontainers/umoci v0.4.8-0.20220412065115-12453f247749
 	github.com/pkg/errors v0.9.1
 	github.com/plus3it/gorecurcopy v0.0.1
-	github.com/project-machine/bootkit v0.0.15
+	github.com/project-machine/bootkit v0.0.0-20230906152517-964838ab8d93
 	github.com/project-machine/machine v0.1.2
 	github.com/project-stacker/stacker v0.21.2
 	github.com/rekby/gpt v0.0.0-20200219180433-a930afbc6edc

diff --git a/go.sum b/go.sum
@@ -2691,8 +2691,8 @@ github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQ
 github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
 github.com/proglottis/gpgme v0.1.3 h1:Crxx0oz4LKB3QXc5Ea0J19K/3ICfy3ftr5exgUK1AU0=
 github.com/proglottis/gpgme v0.1.3/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0=
-github.com/project-machine/bootkit v0.0.15 h1:EAeilYMiBnsliLc+3BejqIwN8seir2fQ8aL8Lg93mkY=
-github.com/project-machine/bootkit v0.0.15/go.mod h1:02BdQ6/ClxWdwPOIVYxpRNJIJD2eFcg8iz2Q1phJchU=
+github.com/project-machine/bootkit v0.0.0-20230906152517-964838ab8d93 h1:OfYRKrxfjxyYUOUNCY8bpNaEhE6xk4QcZb+1rRfZmaw=
+github.com/project-machine/bootkit v0.0.0-20230906152517-964838ab8d93/go.mod h1:02BdQ6/ClxWdwPOIVYxpRNJIJD2eFcg8iz2Q1phJchU=
 github.com/project-machine/machine v0.1.2 h1:/detDExvftlN+PvJWP57tUS6NFLPtHWc+m3b4/NhFq4=
 github.com/project-machine/machine v0.1.2/go.mod h1:pjru0EkLoBhdLQ1szLxJIqiMkUgezdwMjsaq/ijBZOw=
 github.com/project-machine/qcli v0.2.1 h1:rIRItjdkeBbD4NIxYyTkxCeJIolGHdniJ51Phfg2Ols=

diff --git a/layers/install/load-mos-modules b/layers/install/load-mos-modules
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+mountpoint /lib/modules && { echo "already mounted"; exit 0; }
+
+mkdir -p /bootkit
+mosctl --debug mount --target=bootkit --dest=/bootkit
+mkdir -p /lib/modules
+mount /bootkit/bootkit/modules.squashfs /lib/modules/
+
+systemctl restart systemd-udev-trigger.service
+modprobe virtio-net
+modprobe br_netfilter
+modprobe iptables_nat
+modprobe iptables_mangle
+dhclient
+systemctl start lxc-net
diff --git a/layers/install/mos-boot-setup.service b/layers/install/mos-boot-setup.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=mos-boot-setup
+After=local-fs.target
+After=systemd-journal-flush.service logs.mount
+Requires=local-fs.target
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/mosctl boot
+StandardOutput=journal+console
+StandardError=journal+console
+
+# Journal namespaces implementation also affects the mount namespaces.
+# Assigning a separate journal namespace to Atomix process hides mount points
+# like /config and /tmp from the "main" user namespace.
+# LogNamespace=atomix
+[Install]
+WantedBy=multi-user.target
diff --git a/layers/install/mos-install b/layers/install/mos-install
@@ -29,7 +29,7 @@ EOF
 cat > /etc/systemd/system/zot.service << EOF
 [Unit]
 Description=OCI Distribution Registry
-After=network.target local-fs.target
+After=network-online.target local-fs.target
 
 [Service]
 Type=simple

diff --git a/layers/install/mos-modules.service b/layers/install/mos-modules.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Load mos modules
+After=local-fs.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/bin/load-mos-modules
+StandardOutput=journal+console
+
+[Install]
+WantedBy=multi-user.target
diff --git a/layers/install/stacker.yaml b/layers/install/stacker.yaml
@@ -15,6 +15,7 @@ install-rootfs-pkg:
         cryptsetup \
         dosfstools \
         e2fsprogs \
+        efibootmgr \
         iproute2 \
         isc-dhcp-client \
         keyutils \
@@ -37,6 +38,25 @@ install-rootfs-pkg:
     DHCP=yes
     END
 
+demo-zot:
+  from:
+    type: built
+    tag: install-rootfs-pkg
+  import:
+    - zot-config.json
+    - start-zot
+    - https://github.com/project-zot/zot/releases/download/v${{ZOT_VERSION}}/zot-linux-amd64-minimal
+  entrypoint: /usr/bin/start-zot
+  run: |
+    #!/bin/sh -ex
+    cp /stacker/imports/zot-config.json /etc/
+
+    cp /stacker/imports/start-zot /usr/bin/start-zot
+    chmod 755 /usr/bin/start-zot
+    cp /stacker/imports/zot-linux-amd64-minimal /usr/bin/zot
+    chmod 755 /usr/bin/zot
+
+
 # The rootfs which we want to run on the system
 # Note this is for demo purposes only.  No one should ever
 # use this as the target layer.
@@ -47,6 +67,9 @@ demo-target-rootfs:
   import:
     - ../../mosctl
     - ../provision/console-helper
+    - load-mos-modules
+    - mos-modules.service
+    - mos-boot-setup.service
   run: |
     #!/bin/sh -ex
     writefile() {
@@ -68,10 +91,21 @@ demo-target-rootfs:
     DHCP=yes
     END
 
+    # lxc needed for mosctl to activate a service \\
+    # git needed for mosctl to read manifest
+    pkgtool install git lxc
+
     cd /stacker/imports
     cp mosctl console-helper /usr/bin
     ( cd /usr/bin && chmod 755 mosctl console-helper )
 
+    cp /stacker/imports/load-mos-modules /usr/bin/
+    chmod 755 /usr/bin/load-mos-modules
+    cp /stacker/imports/mos-modules.service /etc/systemd/system/
+    systemctl enable mos-modules.service
+    cp /stacker/imports/mos-boot-setup.service /etc/systemd/system
+    systemctl enable mos-boot-setup.service
+
     echo root:passw0rd | chpasswd
     systemctl enable serial-getty@ttyS0
   annotations:

diff --git a/layers/install/start-zot b/layers/install/start-zot
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ -n "$IPV4" ]; then
+    sed -i "s/0.0.0.0/${IPV4%/*}/" /etc/zot-config.json
+elif [ -n "$IPV6" ]; then
+    sed -i "s/0.0.0.0/${IPV6%/*}/" /etc/zot-config.json
+fi
+
+# Should mos or lxc be doing this for us?
+ip route add default via 10.0.3.1
+
+exec /usr/bin/zot serve /etc/zot-config.json
diff --git a/layers/install/zot-config.json b/layers/install/zot-config.json
@@ -0,0 +1,14 @@
+{
+  "distSpecVersion": "1.0.1-dev",
+  "storage": {
+    "rootDirectory": "/zot",
+    "gc": false
+  },
+  "http": {
+    "address": "0.0.0.0",
+    "port": "5000"
+  },
+  "log": {
+    "level": "error"
+  }
+}