KubeOS: update to 1.0.7
Signed-off-by: Yuhang Wei <weiyuhang3@huawei.com>
This commit is contained in:
Yuhang Wei
parent
ee4f85074a
commit
d274021250
@ -1,116 +0,0 @@
|
||||
From 42f5a3e38ea6e23f5aff146f65ad20025088fc84 Mon Sep 17 00:00:00 2001
|
||||
From: liyuanr <liyuanrong1@huawei.com>
|
||||
Date: Mon, 29 May 2023 11:12:52 +0800
|
||||
Subject: [PATCH] KubeOS: add oci image digests check when upgrade and fix the
|
||||
issue with the software version display
|
||||
|
||||
add check of digests of the oci image for upgrade after
|
||||
os-agent pulls image when os upgrading.
|
||||
|
||||
Fix the issue where the softwares version is empty
|
||||
|
||||
Signed-off-by: liyuanr <liyuanrong1@huawei.com>
|
||||
---
|
||||
Makefile | 2 +-
|
||||
cmd/agent/server/containerd_image.go | 3 ++
|
||||
cmd/agent/server/docker_image.go | 3 ++
|
||||
cmd/agent/server/utils.go | 44 ++++++++++++++++++++++++++++
|
||||
docs/quick-start.md | 8 ++---
|
||||
5 files changed, 55 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 9d9fbea..27cf175 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -30,7 +30,7 @@ endif
|
||||
|
||||
VERSION_FILE := ./VERSION
|
||||
VERSION := $(shell cat $(VERSION_FILE))
|
||||
-PACKAGE:=openeuler.org/saiyan/pkg/version
|
||||
+PACKAGE:=openeuler.org/KubeOS/pkg/version
|
||||
BUILDFLAGS = -buildmode=pie -trimpath
|
||||
LDFLAGS = -w -s -buildid=IdByKubeOS -linkmode=external -extldflags=-static -extldflags=-zrelro -extldflags=-Wl,-z,now -X ${PACKAGE}.Version=${VERSION}
|
||||
ENV = CGO_CFLAGS="-fstack-protector-all" CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -O2"
|
||||
diff --git a/cmd/agent/server/containerd_image.go b/cmd/agent/server/containerd_image.go
|
||||
index 0b614b5..b019b72 100644
|
||||
--- a/cmd/agent/server/containerd_image.go
|
||||
+++ b/cmd/agent/server/containerd_image.go
|
||||
@@ -48,6 +48,9 @@ func (c conImageHandler) getRootfsArchive(req *pb.UpdateRequest, neededPath prep
|
||||
if err := runCommand("crictl", "pull", imageName); err != nil {
|
||||
return "", err
|
||||
}
|
||||
+ if err := checkOCIImageDigestMatch("containerd", imageName, req.CheckSum); err != nil {
|
||||
+ return "", err
|
||||
+ }
|
||||
if err := checkAndCleanMount(mountPath); err != nil {
|
||||
logrus.Errorln("containerd clean environment error", err)
|
||||
return "", err
|
||||
diff --git a/cmd/agent/server/docker_image.go b/cmd/agent/server/docker_image.go
|
||||
index 2a52634..e6fa9d6 100644
|
||||
--- a/cmd/agent/server/docker_image.go
|
||||
+++ b/cmd/agent/server/docker_image.go
|
||||
@@ -38,6 +38,9 @@ func (d dockerImageHandler) getRootfsArchive(req *pb.UpdateRequest, neededPath p
|
||||
if err := runCommand("docker", "pull", imageName); err != nil {
|
||||
return "", err
|
||||
}
|
||||
+ if err := checkOCIImageDigestMatch("docker", imageName, req.CheckSum); err != nil {
|
||||
+ return "", err
|
||||
+ }
|
||||
containerName := "kubeos-temp"
|
||||
dockerPsCmd := "docker ps -a -f=name=" + containerName + "| awk 'NR==2' | awk '{print $1}'"
|
||||
existId, err := runCommandWithOut("bash", "-c", dockerPsCmd)
|
||||
diff --git a/cmd/agent/server/utils.go b/cmd/agent/server/utils.go
|
||||
index 111497c..092417b 100644
|
||||
--- a/cmd/agent/server/utils.go
|
||||
+++ b/cmd/agent/server/utils.go
|
||||
@@ -264,3 +264,47 @@ func checkFileExist(path string) (bool, error) {
|
||||
return false, err
|
||||
}
|
||||
}
|
||||
+
|
||||
+func checkOCIImageDigestMatch(containerRuntime string, imageName string, checkSum string) error {
|
||||
+ var cmdOutput string
|
||||
+ var err error
|
||||
+ switch containerRuntime {
|
||||
+ case "containerd":
|
||||
+ cmdOutput, err = runCommandWithOut("crictl", "inspecti", "--output", "go-template",
|
||||
+ "--template", "{{.status.repoDigests}}", imageName)
|
||||
+ if err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ case "docker":
|
||||
+ cmdOutput, err = runCommandWithOut("docker", "inspect", "--format", "{{.RepoDigests}}", imageName)
|
||||
+ if err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ default:
|
||||
+ logrus.Errorln("containerRuntime ", containerRuntime, " cannot be recognized")
|
||||
+ return fmt.Errorf("containerRuntime %s cannot be recognized", containerRuntime)
|
||||
+ }
|
||||
+ // cmdOutput format is as follows:
|
||||
+ // [imageRepository/imageName:imageTag@sha256:digests]
|
||||
+ // parse the output and get digest
|
||||
+ var imageDigests string
|
||||
+ outArray := strings.Split(cmdOutput, "@")
|
||||
+ if strings.HasPrefix(outArray[len(outArray)-1], "sha256") {
|
||||
+ pasredArray := strings.Split(strings.TrimSuffix(outArray[len(outArray)-1], "]"), ":")
|
||||
+ // 2 is the expected length of the array after dividing "imageName:imageTag@sha256:digests" based on ':'
|
||||
+ rightLen := 2
|
||||
+ if len(pasredArray) == rightLen {
|
||||
+ digestIndex := 1 // 1 is the index of digest data in pasredArray
|
||||
+ imageDigests = pasredArray[digestIndex]
|
||||
+ }
|
||||
+ }
|
||||
+ if imageDigests == "" {
|
||||
+ logrus.Errorln("error when get ", imageName, " digests")
|
||||
+ return fmt.Errorf("error when get %s digests", imageName)
|
||||
+ }
|
||||
+ if imageDigests != checkSum {
|
||||
+ logrus.Errorln("checkSumFailed ", imageDigests, " mismatch to ", checkSum)
|
||||
+ return fmt.Errorf("checkSumFailed %s mismatch to %s", imageDigests, checkSum)
|
||||
+ }
|
||||
+ return nil
|
||||
+}
|
||||
--
|
||||
2.33.0.windows.2
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
From 20d0487753b045a0a0af19dffd0d5deec25fd672 Mon Sep 17 00:00:00 2001
|
||||
From: liyuanr <liyuanrong1@huawei.com>
|
||||
Date: Wed, 14 Jun 2023 16:00:03 +0800
|
||||
Subject: [PATCH] KubeOS:support generate coredump
|
||||
|
||||
For Go language applications, generating coredump
|
||||
requires declaring the environment variable GOTRACEBACK=crash,
|
||||
so the service of os agent adds Environment=GOTRACEBACK=crash
|
||||
to support generating coredump
|
||||
|
||||
Signed-off-by: liyuanr <liyuanrong1@huawei.com>
|
||||
---
|
||||
files/os-agent.service | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/files/os-agent.service b/files/os-agent.service
|
||||
index cf71d08..f778804 100644
|
||||
--- a/files/os-agent.service
|
||||
+++ b/files/os-agent.service
|
||||
@@ -12,6 +12,7 @@
|
||||
Description=Agent For KubeOS
|
||||
|
||||
[Service]
|
||||
+Environment=GOTRACEBACK=crash
|
||||
ExecStart=/usr/bin/os-agent
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
--
|
||||
2.33.0.windows.2
|
||||
|
||||
98
KubeOS.spec
98
KubeOS.spec
@ -1,16 +1,16 @@
|
||||
# Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
|
||||
|
||||
Name: KubeOS
|
||||
Version: 1.0.3
|
||||
Release: 3
|
||||
Version: 1.0.7
|
||||
Release: 1
|
||||
Summary: O&M platform used to update the whole OS as an entirety
|
||||
License: Mulan PSL v2
|
||||
Source0: https://gitee.com/openeuler/KubeOS/repository/archive/v%{version}.tar.gz
|
||||
Patch1: 0001-KubeOS-add-oci-image-digests-check-when-upgrade-and-.patch
|
||||
Patch2: 0002-KubeOS-support-generate-coredump.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: make
|
||||
BuildRequires: make rust cargo openssl-devel
|
||||
BuildRequires: golang >= 1.13
|
||||
|
||||
%description
|
||||
This is an O&M platform used to update the whole OS as an entirety,
|
||||
it should be running in kubernetes environment.
|
||||
@ -19,10 +19,10 @@ it should be running in kubernetes environment.
|
||||
%autosetup -n %{name}-v%{version} -p1
|
||||
|
||||
%package scripts
|
||||
Summary: Scripts to build the os image and binaries of os-proxy and os-operator
|
||||
Summary: CLI tool to build various type of KubeOS image and binaries of os-proxy and os-operator
|
||||
Requires: qemu-img, parted, bc, tar, docker, dosfstools
|
||||
%description scripts
|
||||
The scripts package includes scripts which could build the os image and binaries of os-proxy and os-operator
|
||||
The scripts package includes a cli tool which could build various type of KubeOS image and binaries of os-proxy and os-operator
|
||||
|
||||
%define debug_package %{nil}
|
||||
%define __debug_install_post \
|
||||
@ -30,85 +30,53 @@ The scripts package includes scripts which could build the os image and binaries
|
||||
%{nil}
|
||||
|
||||
%build
|
||||
mkdir ./.cargo
|
||||
cat << EOF >> ./.cargo/config.toml
|
||||
|
||||
[source.crates-io]
|
||||
replace-with = "vendored-sources"
|
||||
|
||||
[source.vendored-sources]
|
||||
directory = "KubeOS-Rust/vendor"
|
||||
EOF
|
||||
|
||||
make
|
||||
|
||||
%install
|
||||
install -d %{buildroot}%{_bindir}
|
||||
#install binary
|
||||
install -d -m 0740 %{buildroot}/opt/kubeOS/bin
|
||||
install -p -m 0500 ./bin/os-agent %{buildroot}/opt/kubeOS/bin
|
||||
install -p -m 0500 ./bin/proxy %{buildroot}/opt/kubeOS/bin
|
||||
install -p -m 0500 ./bin/rust/release/os-agent %{buildroot}/opt/kubeOS/bin
|
||||
install -p -m 0500 ./bin/rust/release/proxy %{buildroot}/opt/kubeOS/bin
|
||||
install -p -m 0500 ./bin/operator %{buildroot}/opt/kubeOS/bin
|
||||
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts
|
||||
install -p -m 0500 ./bin/rust/release/kbimg %{buildroot}/opt/kubeOS/scripts
|
||||
|
||||
#install artifacts
|
||||
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts
|
||||
install -p -m 0600 ./scripts/rpmlist %{buildroot}/opt/kubeOS/scripts
|
||||
install -p -m 0500 ./scripts/kbimg.sh %{buildroot}/opt/kubeOS/scripts
|
||||
install -p -m 0500 ./scripts/set_in_chroot.sh %{buildroot}/opt/kubeOS/scripts
|
||||
install -p -m 0600 ./scripts/grub.cfg %{buildroot}/opt/kubeOS/scripts
|
||||
install -p -m 0500 ./scripts/bootloader.sh %{buildroot}/opt/kubeOS/scripts
|
||||
install -p -m 0500 ./scripts/Dockerfile %{buildroot}/opt/kubeOS/scripts
|
||||
|
||||
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/common
|
||||
install -p -m 0500 ./scripts/common/globalVariables.sh %{buildroot}/opt/kubeOS/scripts/common
|
||||
install -p -m 0500 ./scripts/common/log.sh %{buildroot}/opt/kubeOS/scripts/common
|
||||
install -p -m 0500 ./scripts/common/utils.sh %{buildroot}/opt/kubeOS/scripts/common
|
||||
|
||||
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/create
|
||||
install -p -m 0500 ./scripts/create/imageCreate.sh %{buildroot}/opt/kubeOS/scripts/create
|
||||
install -p -m 0500 ./scripts/create/rootfsCreate.sh %{buildroot}/opt/kubeOS/scripts/create
|
||||
|
||||
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/00bootup
|
||||
install -p -m 0600 ./scripts/00bootup/Global.cfg %{buildroot}/opt/kubeOS/scripts/00bootup
|
||||
install -p -m 0500 ./scripts/00bootup/module-setup.sh %{buildroot}/opt/kubeOS/scripts/00bootup
|
||||
install -p -m 0500 ./scripts/00bootup/mount.sh %{buildroot}/opt/kubeOS/scripts/00bootup
|
||||
|
||||
install -d -m 0740 %{buildroot}/opt/kubeOS/files
|
||||
install -p -m 0600 ./files/boot-efi.mount %{buildroot}/opt/kubeOS/files
|
||||
install -p -m 0600 ./files/etc.mount %{buildroot}/opt/kubeOS/files
|
||||
install -p -m 0600 ./files/persist.mount %{buildroot}/opt/kubeOS/files
|
||||
install -p -m 0600 ./files/var.mount %{buildroot}/opt/kubeOS/files
|
||||
install -p -m 0600 ./files/os-agent.service %{buildroot}/opt/kubeOS/files
|
||||
install -p -m 0600 ./files/os-release %{buildroot}/opt/kubeOS/files
|
||||
install -p -m 0600 ./KubeOS-Rust/kbimg/kbimg.toml %{buildroot}/opt/kubeOS/scripts
|
||||
|
||||
%files
|
||||
%attr(0500,root,root) /opt/kubeOS/bin/os-agent
|
||||
%defattr(-,root,root,0500)
|
||||
%attr(0600,root,root) /opt/kubeOS/files/boot-efi.mount
|
||||
%attr(0600,root,root) /opt/kubeOS/files/etc.mount
|
||||
%attr(0600,root,root) /opt/kubeOS/files/persist.mount
|
||||
%attr(0600,root,root) /opt/kubeOS/files/var.mount
|
||||
%attr(0600,root,root) /opt/kubeOS/files/os-agent.service
|
||||
%attr(0600,root,root) /opt/kubeOS/files/os-release
|
||||
%attr(0500,root,root) /opt/kubeOS/bin/os-agent
|
||||
|
||||
%files scripts
|
||||
%attr(0500,root,root) /opt/kubeOS/bin/proxy
|
||||
%attr(0500,root,root) /opt/kubeOS/bin/operator
|
||||
%defattr(-,root,root,0500)
|
||||
%attr(0600,root,root) /opt/kubeOS/scripts/rpmlist
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/kbimg.sh
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/set_in_chroot.sh
|
||||
%attr(0600,root,root) /opt/kubeOS/scripts/grub.cfg
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/bootloader.sh
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/Dockerfile
|
||||
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/common/globalVariables.sh
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/common/log.sh
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/common/utils.sh
|
||||
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/create/imageCreate.sh
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/create/rootfsCreate.sh
|
||||
|
||||
%attr(0600,root,root) /opt/kubeOS/scripts/00bootup/Global.cfg
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/00bootup/module-setup.sh
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/00bootup/mount.sh
|
||||
|
||||
%attr(0600,root,root) /opt/kubeOS/scripts/kbimg.toml
|
||||
%attr(0500,root,root) /opt/kubeOS/scripts/kbimg
|
||||
|
||||
%clean
|
||||
rm -rfv %{buildroot}
|
||||
|
||||
%changelog
|
||||
* Wed June 14 2023 liyuanrong<liyuanrong1@huawei.com> - 1.0.3-3
|
||||
* Tue Nov 26 2024 Yuhang Wei<weiyuhang3@huawei.com> - 1.0.7-1
|
||||
- Type:requirement
|
||||
- CVE:NA
|
||||
- SUG:restart
|
||||
- DESC:update version to 1.0.7
|
||||
|
||||
* Wed Jun 14 2023 liyuanrong<liyuanrong1@huawei.com> - 1.0.3-3
|
||||
- Type:requirement
|
||||
- CVE:NA
|
||||
- SUG:restart
|
||||
@ -198,7 +166,7 @@ rm -rfv %{buildroot}
|
||||
- SUG:restart
|
||||
- DESC:fix bugs of checks in generate.sh and change module path
|
||||
|
||||
* Fri Oct 30 2021 liyuanrong<liyuanrong1@huawei.com> - 1.0.1-2
|
||||
* Sat Oct 30 2021 liyuanrong<liyuanrong1@huawei.com> - 1.0.1-2
|
||||
- Type:requirement
|
||||
- CVE:NA
|
||||
- SUG:restart
|
||||
|
||||
BIN
v1.0.3.tar.gz
BIN
v1.0.3.tar.gz
Binary file not shown.
BIN
v1.0.7.tar.gz
Normal file
BIN
v1.0.7.tar.gz
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user