packages/KubeOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KubeOS: update to 1.0.7

Browse Source 
Signed-off-by: Yuhang Wei <weiyuhang3@huawei.com>
This commit is contained in:
Yuhang Wei 2024-11-26 13:55:40 +00:00
parent ee4f85074a
commit d274021250
5 changed files with 33 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
0001-KubeOS-add-oci-image-digests-check-when-upgrade-and-.patch
View File

@ -1,116 +0,0 @@
From 42f5a3e38ea6e23f5aff146f65ad20025088fc84 Mon Sep 17 00:00:00 2001
From: liyuanr <liyuanrong1@huawei.com>
Date: Mon, 29 May 2023 11:12:52 +0800
Subject: [PATCH] KubeOS: add oci image digests check when upgrade and fix the
issue with the software version display
add check of digests of the oci image for upgrade after
os-agent pulls image when os upgrading.
Fix the issue where the softwares version is empty
Signed-off-by: liyuanr <liyuanrong1@huawei.com>
---
Makefile | 2 +-
cmd/agent/server/containerd_image.go | 3 ++
cmd/agent/server/docker_image.go | 3 ++
cmd/agent/server/utils.go | 44 ++++++++++++++++++++++++++++
docs/quick-start.md | 8 ++---
5 files changed, 55 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index 9d9fbea..27cf175 100644
--- a/Makefile
+++ b/Makefile
@@ -30,7 +30,7 @@ endif
VERSION_FILE := ./VERSION
VERSION := $(shell cat $(VERSION_FILE))
-PACKAGE:=openeuler.org/saiyan/pkg/version
+PACKAGE:=openeuler.org/KubeOS/pkg/version
BUILDFLAGS = -buildmode=pie -trimpath
LDFLAGS = -w -s -buildid=IdByKubeOS -linkmode=external -extldflags=-static -extldflags=-zrelro -extldflags=-Wl,-z,now -X ${PACKAGE}.Version=${VERSION}
ENV = CGO_CFLAGS="-fstack-protector-all" CGO_CPPFLAGS="-D_FORTIFY_SOURCE=2 -O2"
diff --git a/cmd/agent/server/containerd_image.go b/cmd/agent/server/containerd_image.go
index 0b614b5..b019b72 100644
--- a/cmd/agent/server/containerd_image.go
+++ b/cmd/agent/server/containerd_image.go
@@ -48,6 +48,9 @@ func (c conImageHandler) getRootfsArchive(req *pb.UpdateRequest, neededPath prep
if err := runCommand("crictl", "pull", imageName); err != nil {
return "", err
}
+ if err := checkOCIImageDigestMatch("containerd", imageName, req.CheckSum); err != nil {
+ return "", err
+ }
if err := checkAndCleanMount(mountPath); err != nil {
logrus.Errorln("containerd clean environment error", err)
return "", err
diff --git a/cmd/agent/server/docker_image.go b/cmd/agent/server/docker_image.go
index 2a52634..e6fa9d6 100644
--- a/cmd/agent/server/docker_image.go
+++ b/cmd/agent/server/docker_image.go
@@ -38,6 +38,9 @@ func (d dockerImageHandler) getRootfsArchive(req *pb.UpdateRequest, neededPath p
if err := runCommand("docker", "pull", imageName); err != nil {
return "", err
}
+ if err := checkOCIImageDigestMatch("docker", imageName, req.CheckSum); err != nil {
+ return "", err
+ }
containerName := "kubeos-temp"
dockerPsCmd := "docker ps -a -f=name=" + containerName + "| awk 'NR==2' | awk '{print $1}'"
existId, err := runCommandWithOut("bash", "-c", dockerPsCmd)
diff --git a/cmd/agent/server/utils.go b/cmd/agent/server/utils.go
index 111497c..092417b 100644
--- a/cmd/agent/server/utils.go
+++ b/cmd/agent/server/utils.go
@@ -264,3 +264,47 @@ func checkFileExist(path string) (bool, error) {
return false, err
}
}
+
+func checkOCIImageDigestMatch(containerRuntime string, imageName string, checkSum string) error {
+ var cmdOutput string
+ var err error
+ switch containerRuntime {
+ case "containerd":
+ cmdOutput, err = runCommandWithOut("crictl", "inspecti", "--output", "go-template",
+ "--template", "{{.status.repoDigests}}", imageName)
+ if err != nil {
+ return err
+ }
+ case "docker":
+ cmdOutput, err = runCommandWithOut("docker", "inspect", "--format", "{{.RepoDigests}}", imageName)
+ if err != nil {
+ return err
+ }
+ default:
+ logrus.Errorln("containerRuntime ", containerRuntime, " cannot be recognized")
+ return fmt.Errorf("containerRuntime %s cannot be recognized", containerRuntime)
+ }
+ // cmdOutput format is as follows:
+ // [imageRepository/imageName:imageTag@sha256:digests]
+ // parse the output and get digest
+ var imageDigests string
+ outArray := strings.Split(cmdOutput, "@")
+ if strings.HasPrefix(outArray[len(outArray)-1], "sha256") {
+ pasredArray := strings.Split(strings.TrimSuffix(outArray[len(outArray)-1], "]"), ":")
+ // 2 is the expected length of the array after dividing "imageName:imageTag@sha256:digests" based on ':'
+ rightLen := 2
+ if len(pasredArray) == rightLen {
+ digestIndex := 1 // 1 is the index of digest data in pasredArray
+ imageDigests = pasredArray[digestIndex]
+ }
+ }
+ if imageDigests == "" {
+ logrus.Errorln("error when get ", imageName, " digests")
+ return fmt.Errorf("error when get %s digests", imageName)
+ }
+ if imageDigests != checkSum {
+ logrus.Errorln("checkSumFailed ", imageDigests, " mismatch to ", checkSum)
+ return fmt.Errorf("checkSumFailed %s mismatch to %s", imageDigests, checkSum)
+ }
+ return nil
+}
--
2.33.0.windows.2

30
0002-KubeOS-support-generate-coredump.patch
View File

@ -1,30 +0,0 @@
From 20d0487753b045a0a0af19dffd0d5deec25fd672 Mon Sep 17 00:00:00 2001
From: liyuanr <liyuanrong1@huawei.com>
Date: Wed, 14 Jun 2023 16:00:03 +0800
Subject: [PATCH] KubeOS:support generate coredump
For Go language applications, generating coredump
requires declaring the environment variable GOTRACEBACK=crash,
so the service of os agent adds Environment=GOTRACEBACK=crash
to support generating coredump
Signed-off-by: liyuanr <liyuanrong1@huawei.com>
---
files/os-agent.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/files/os-agent.service b/files/os-agent.service
index cf71d08..f778804 100644
--- a/files/os-agent.service
+++ b/files/os-agent.service
@@ -12,6 +12,7 @@
Description=Agent For KubeOS
[Service]
+Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/os-agent
KillMode=process
Restart=on-failure
--
2.33.0.windows.2

98
KubeOS.spec
View File

@ -1,16 +1,16 @@
# Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. # Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
Name: KubeOS Name: KubeOS
Version: 1.0.3 Version: 1.0.7
Release: 3 Release: 1
Summary: O&M platform used to update the whole OS as an entirety Summary: O&M platform used to update the whole OS as an entirety
License: Mulan PSL v2 License: Mulan PSL v2
Source0: https://gitee.com/openeuler/KubeOS/repository/archive/v%{version}.tar.gz Source0: https://gitee.com/openeuler/KubeOS/repository/archive/v%{version}.tar.gz
Patch1: 0001-KubeOS-add-oci-image-digests-check-when-upgrade-and-.patch
Patch2: 0002-KubeOS-support-generate-coredump.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: make BuildRequires: make rust cargo openssl-devel
BuildRequires: golang >= 1.13 BuildRequires: golang >= 1.13
%description %description
This is an O&M platform used to update the whole OS as an entirety, This is an O&M platform used to update the whole OS as an entirety,
it should be running in kubernetes environment. it should be running in kubernetes environment.
@ -19,10 +19,10 @@ it should be running in kubernetes environment.
%autosetup -n %{name}-v%{version} -p1 %autosetup -n %{name}-v%{version} -p1
%package scripts %package scripts
Summary: Scripts to build the os image and binaries of os-proxy and os-operator Summary: CLI tool to build various type of KubeOS image and binaries of os-proxy and os-operator
Requires: qemu-img, parted, bc, tar, docker, dosfstools Requires: qemu-img, parted, bc, tar, docker, dosfstools
%description scripts %description scripts
The scripts package includes scripts which could build the os image and binaries of os-proxy and os-operator The scripts package includes a cli tool which could build various type of KubeOS image and binaries of os-proxy and os-operator
%define debug_package %{nil} %define debug_package %{nil}
%define __debug_install_post \ %define __debug_install_post \
@ -30,85 +30,53 @@ The scripts package includes scripts which could build the os image and binaries
%{nil} %{nil}
%build %build
mkdir ./.cargo
cat << EOF >> ./.cargo/config.toml
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "KubeOS-Rust/vendor"
EOF
make make
%install %install
install -d %{buildroot}%{_bindir} install -d %{buildroot}%{_bindir}
#install binary #install binary
install -d -m 0740 %{buildroot}/opt/kubeOS/bin install -d -m 0740 %{buildroot}/opt/kubeOS/bin
install -p -m 0500 ./bin/os-agent %{buildroot}/opt/kubeOS/bin install -p -m 0500 ./bin/rust/release/os-agent %{buildroot}/opt/kubeOS/bin
install -p -m 0500 ./bin/proxy %{buildroot}/opt/kubeOS/bin install -p -m 0500 ./bin/rust/release/proxy %{buildroot}/opt/kubeOS/bin
install -p -m 0500 ./bin/operator %{buildroot}/opt/kubeOS/bin install -p -m 0500 ./bin/operator %{buildroot}/opt/kubeOS/bin
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts
install -p -m 0500 ./bin/rust/release/kbimg %{buildroot}/opt/kubeOS/scripts
#install artifacts #install artifacts
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts install -p -m 0600 ./KubeOS-Rust/kbimg/kbimg.toml %{buildroot}/opt/kubeOS/scripts
install -p -m 0600 ./scripts/rpmlist %{buildroot}/opt/kubeOS/scripts
install -p -m 0500 ./scripts/kbimg.sh %{buildroot}/opt/kubeOS/scripts
install -p -m 0500 ./scripts/set_in_chroot.sh %{buildroot}/opt/kubeOS/scripts
install -p -m 0600 ./scripts/grub.cfg %{buildroot}/opt/kubeOS/scripts
install -p -m 0500 ./scripts/bootloader.sh %{buildroot}/opt/kubeOS/scripts
install -p -m 0500 ./scripts/Dockerfile %{buildroot}/opt/kubeOS/scripts
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/common
install -p -m 0500 ./scripts/common/globalVariables.sh %{buildroot}/opt/kubeOS/scripts/common
install -p -m 0500 ./scripts/common/log.sh %{buildroot}/opt/kubeOS/scripts/common
install -p -m 0500 ./scripts/common/utils.sh %{buildroot}/opt/kubeOS/scripts/common
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/create
install -p -m 0500 ./scripts/create/imageCreate.sh %{buildroot}/opt/kubeOS/scripts/create
install -p -m 0500 ./scripts/create/rootfsCreate.sh %{buildroot}/opt/kubeOS/scripts/create
install -d -m 0740 %{buildroot}/opt/kubeOS/scripts/00bootup
install -p -m 0600 ./scripts/00bootup/Global.cfg %{buildroot}/opt/kubeOS/scripts/00bootup
install -p -m 0500 ./scripts/00bootup/module-setup.sh %{buildroot}/opt/kubeOS/scripts/00bootup
install -p -m 0500 ./scripts/00bootup/mount.sh %{buildroot}/opt/kubeOS/scripts/00bootup
install -d -m 0740 %{buildroot}/opt/kubeOS/files
install -p -m 0600 ./files/boot-efi.mount %{buildroot}/opt/kubeOS/files
install -p -m 0600 ./files/etc.mount %{buildroot}/opt/kubeOS/files
install -p -m 0600 ./files/persist.mount %{buildroot}/opt/kubeOS/files
install -p -m 0600 ./files/var.mount %{buildroot}/opt/kubeOS/files
install -p -m 0600 ./files/os-agent.service %{buildroot}/opt/kubeOS/files
install -p -m 0600 ./files/os-release %{buildroot}/opt/kubeOS/files
%files %files
%attr(0500,root,root) /opt/kubeOS/bin/os-agent
%defattr(-,root,root,0500) %defattr(-,root,root,0500)
%attr(0600,root,root) /opt/kubeOS/files/boot-efi.mount %attr(0500,root,root) /opt/kubeOS/bin/os-agent
%attr(0600,root,root) /opt/kubeOS/files/etc.mount
%attr(0600,root,root) /opt/kubeOS/files/persist.mount
%attr(0600,root,root) /opt/kubeOS/files/var.mount
%attr(0600,root,root) /opt/kubeOS/files/os-agent.service
%attr(0600,root,root) /opt/kubeOS/files/os-release
%files scripts %files scripts
%attr(0500,root,root) /opt/kubeOS/bin/proxy %attr(0500,root,root) /opt/kubeOS/bin/proxy
%attr(0500,root,root) /opt/kubeOS/bin/operator %attr(0500,root,root) /opt/kubeOS/bin/operator
%defattr(-,root,root,0500) %defattr(-,root,root,0500)
%attr(0600,root,root) /opt/kubeOS/scripts/rpmlist %attr(0600,root,root) /opt/kubeOS/scripts/kbimg.toml
%attr(0500,root,root) /opt/kubeOS/scripts/kbimg.sh %attr(0500,root,root) /opt/kubeOS/scripts/kbimg
%attr(0500,root,root) /opt/kubeOS/scripts/set_in_chroot.sh
%attr(0600,root,root) /opt/kubeOS/scripts/grub.cfg
%attr(0500,root,root) /opt/kubeOS/scripts/bootloader.sh
%attr(0500,root,root) /opt/kubeOS/scripts/Dockerfile
%attr(0500,root,root) /opt/kubeOS/scripts/common/globalVariables.sh
%attr(0500,root,root) /opt/kubeOS/scripts/common/log.sh
%attr(0500,root,root) /opt/kubeOS/scripts/common/utils.sh
%attr(0500,root,root) /opt/kubeOS/scripts/create/imageCreate.sh
%attr(0500,root,root) /opt/kubeOS/scripts/create/rootfsCreate.sh
%attr(0600,root,root) /opt/kubeOS/scripts/00bootup/Global.cfg
%attr(0500,root,root) /opt/kubeOS/scripts/00bootup/module-setup.sh
%attr(0500,root,root) /opt/kubeOS/scripts/00bootup/mount.sh
%clean %clean
rm -rfv %{buildroot} rm -rfv %{buildroot}
%changelog %changelog
* Wed June 14 2023 liyuanrong<liyuanrong1@huawei.com> - 1.0.3-3 * Tue Nov 26 2024 Yuhang Wei<weiyuhang3@huawei.com> - 1.0.7-1
- Type:requirement
- CVE:NA
- SUG:restart
- DESC:update version to 1.0.7
* Wed Jun 14 2023 liyuanrong<liyuanrong1@huawei.com> - 1.0.3-3
- Type:requirement - Type:requirement
- CVE:NA - CVE:NA
- SUG:restart - SUG:restart
@ -198,7 +166,7 @@ rm -rfv %{buildroot}
- SUG:restart - SUG:restart
- DESC:fix bugs of checks in generate.sh and change module path - DESC:fix bugs of checks in generate.sh and change module path
* Fri Oct 30 2021 liyuanrong<liyuanrong1@huawei.com> - 1.0.1-2 * Sat Oct 30 2021 liyuanrong<liyuanrong1@huawei.com> - 1.0.1-2
- Type:requirement - Type:requirement
- CVE:NA - CVE:NA
- SUG:restart - SUG:restart

BIN
v1.0.3.tar.gz
View File

Binary file not shown.

BIN
v1.0.7.tar.gz Normal file
View File

Binary file not shown.