diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh index 3606a7211d..e7a966b75b 100644 --- a/build_library/vm_image_util.sh +++ b/build_library/vm_image_util.sh @@ -256,8 +256,9 @@ IMG_iso_MEM=2048 ## gce, image tarball IMG_gce_DISK_LAYOUT=vm IMG_gce_CONF_FORMAT=gce -IMG_gce_OEM_PACKAGE=oem-gce -IMG_gce_OEM_ACI=gce +IMG_gce_OEM_PACKAGE=common-oem-files +IMG_gce_OEM_USE=gce +IMG_gce_OEM_SYSEXT=oem-gce ## rackspace IMG_rackspace_OEM_PACKAGE=oem-rackspace diff --git a/changelog/changes/2023-11-29-sysext-for-gce-oem.md b/changelog/changes/2023-11-29-sysext-for-gce-oem.md new file mode 100644 index 0000000000..6db7dd694a --- /dev/null +++ b/changelog/changes/2023-11-29-sysext-for-gce-oem.md @@ -0,0 +1 @@ +- GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of `/usr` and being part of the OEM A/B updates ([flatcar#1146](https://github.com/flatcar/Flatcar/issues/1146)) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r5.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r4.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r5.ebuild index 67336f3219..f353d713de 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r4.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/common-oem-files-0-r5.ebuild @@ -31,6 +31,7 @@ fi COMMON_OEMIDS=( ami azure + gce openstack packet qemu diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/grub.cfg b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/gce/grub.cfg.frag similarity index 80% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/grub.cfg rename to sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/gce/grub.cfg.frag index 8366e12a55..d292e2faf0 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/grub.cfg +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/common-oem-files/files/gce/grub.cfg.frag @@ -1,7 +1,3 @@ -# Flatcar GRUB settings - -set oem_id="gce" - # GCE only has a serial console. set linux_console="console=ttyS0,115200n8" serial com0 --speed=115200 --word=8 --parity=no diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r6.ebuild deleted file mode 120000 index 348c68c571..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1-r6.ebuild +++ /dev/null @@ -1 +0,0 @@ -coreos-oem-gce-0.0.1.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild deleted file mode 100644 index 062aa7eebf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/coreos-oem-gce-0.0.1.ebuild +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2016 CoreOS, Inc.. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -DESCRIPTION="CoreOS OEM suite for Google Compute Engine (meta package)" -HOMEPAGE="" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64" -IUSE="" - -RDEPEND=" - app-emulation/google-compute-engine - app-shells/bash - sys-apps/gentoo-functions - sys-libs/glibc - sys-libs/nss-usrfiles -" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manifest.in b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manifest.in deleted file mode 100644 index b7a8896f85..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manifest.in +++ /dev/null @@ -1,33 +0,0 @@ -{ - "acKind": "ImageManifest", - "acVersion": "0.8.6", - "name": "@ACI_NAME@", - "labels": [ - {"name": "arch", "value": "@ACI_ARCH@"}, - {"name": "os", "value": "linux"}, - {"name": "version", "value": "@ACI_VERSION@"} - ], - "app": { - "exec": [ "/init.sh" ], - "user": "0", - "group": "0", - - "mountPoints": [ - { - "name": "etc", - "path": "/etc", - "readOnly": false - }, - { - "name": "home", - "path": "/home", - "readOnly": false - }, - { - "name": "runsystemd", - "path": "/run/systemd", - "readOnly": false - } - ] - } -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/metadata.xml b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/metadata.xml deleted file mode 100644 index 097975e3ad..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/metadata.xml +++ /dev/null @@ -1,4 +0,0 @@ - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/oems/gce b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/oems/gce new file mode 100644 index 0000000000..4f4deb00af --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/oems/gce @@ -0,0 +1,13 @@ +/etc/systemd/system/multi-user.target.wants/oem-cloudinit.service +/etc/systemd/system/multi-user.target.wants/oem-gce.service +/etc/systemd/system/oem-cloudinit.service +/etc/systemd/system/oem-gce-enable-oslogin.service +/etc/systemd/system/oem-gce.service +/etc/systemd/system/sysinit.target.wants/oem-gce-enable-oslogin.service +/oem/base/ +/oem/bin/ +/oem/files/ +/oem/flatcar-oem-gce.aci +/oem/units/ +/var/lib/flatcar-oem-gce +/var/lib/flatcar-oem-gce.img diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/README b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/README deleted file mode 100644 index d128309fef..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/README +++ /dev/null @@ -1,4 +0,0 @@ -These Ignition configs are part of the OEM configuration. Do not modify -them. If you want to write an Ignition config directly to disk, put it in -../config.ign and it will be applied at first boot instead of a config -in userdata. diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/base.ign b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/base.ign deleted file mode 100644 index ee30505752..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/base/base.ign +++ /dev/null @@ -1,57 +0,0 @@ -{ - "ignition": { - "version": "2.2.0" - }, - "storage": { - "files": [ - { - "filesystem": "root", - "path": "/etc/systemd/system/oem-gce.service", - "contents": { - "source": "oem:///units/oem-gce.service" - }, - "mode": 292 - }, - { - "filesystem": "root", - "path": "/etc/systemd/system/oem-gce-enable-oslogin.service", - "contents": { - "source": "oem:///units/oem-gce-enable-oslogin.service" - }, - "mode": 292 - }, - { - "filesystem": "root", - "path": "/etc/hosts", - "contents": { - "source": "oem:///files/hosts" - }, - "mode": 292 - }, - { - "filesystem": "root", - "path": "/etc/profile.d/google-cloud-sdk.sh", - "contents": { - "source": "oem:///files/google-cloud-sdk.sh" - }, - "mode": 292 - } - ] - }, - "systemd": { - "units": [ - { - "name": "coreos-metadata-sshkeys@.service", - "enabled": true - }, - { - "name": "oem-gce.service", - "enabled": true - }, - { - "name": "oem-gce-enable-oslogin.service", - "enabled": true - } - ] - } -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/init.sh similarity index 71% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh rename to sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/init.sh index eab042ad0d..1b6c56e5b3 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-oem-gce/files/manglefs.sh +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/init.sh @@ -1,11 +1,7 @@ -#!/bin/sh -set -e - +#!/bin/bash -ex # GCE can work with our normal file system, but it needs an "init system". # Here is a better place to install this script so it doesn't get put in real # images built from the GCE Python package. -cat << 'EOF' > init.sh && chmod 755 init.sh -#!/bin/bash -ex # Write a configuration template if it does not exist. [ -e /etc/default/instance_configs.cfg.template ] || @@ -38,20 +34,3 @@ test -n "$stopping" || exit 1 # Otherwise, run the shutdown script before quitting. exec /usr/bin/google_metadata_script_runner --script-type shutdown -EOF - -# Disable PAM checks in the container. -rm -f usr/lib/pam.d/* -cat << 'EOF' > usr/lib/pam.d/other -account optional pam_permit.so -auth optional pam_permit.so -password optional pam_permit.so -session optional pam_permit.so -EOF - -# Don't bundle these paths, since they are useless to us. -mv usr/lib/systemd/lib*.so* usr/lib64/ -rm -fr boot etc/* usr/lib/systemd var/db/pkg - -# Remove test stuff from python - it's quite large. -rm -rf usr/lib/python*/test diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/oem-release b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/oem-release deleted file mode 100644 index 92a20acf95..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/oem-release +++ /dev/null @@ -1,5 +0,0 @@ -ID=gce -VERSION_ID=@@OEM_VERSION_ID@@ -NAME="Google Compute Engine" -HOME_URL="https://cloud.google.com/products/compute-engine/" -BUG_REPORT_URL="https://issues.flatcar.org" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/10-oem-gce.conf b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/10-oem-gce.conf new file mode 100644 index 0000000000..59b5fa8e1f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/10-oem-gce.conf @@ -0,0 +1,2 @@ +[Unit] +Upholds=oem-gce-enable-oslogin.service setup-oem.service oem-gce.service diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce-enable-oslogin.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce-enable-oslogin.service index 8b09d5dd69..6ffe2d37ec 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce-enable-oslogin.service +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce-enable-oslogin.service @@ -10,7 +10,7 @@ Before=sshd.socket Type=oneshot RemainAfterExit=true -ExecStart=/oem/bin/enable-oslogin +ExecStart=/usr/bin/enable-oslogin [Install] WantedBy=sysinit.target diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service index 8fb3a77339..c03bcc740d 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service @@ -12,20 +12,7 @@ RestartSec=5 KillMode=process KillSignal=SIGTERM -ExecStartPre=/usr/bin/rm -f /var/lib/flatcar-oem-gce.img -ExecStartPre=/usr/bin/truncate -s 1G /var/lib/flatcar-oem-gce.img -ExecStartPre=/usr/sbin/mkfs.ext4 /var/lib/flatcar-oem-gce.img -ExecStartPre=/usr/bin/rm -rf /var/lib/flatcar-oem-gce -ExecStartPre=/usr/bin/mkdir -p /var/lib/flatcar-oem-gce -ExecStartPre=-/usr/bin/umount /var/lib/flatcar-oem-gce.img -ExecStartPre=/usr/bin/mount /var/lib/flatcar-oem-gce.img /var/lib/flatcar-oem-gce -ExecStartPre=/usr/bin/tar --directory=/var/lib/flatcar-oem-gce --extract --file=/oem/flatcar-oem-gce.aci --strip-components=1 rootfs -ExecStartPre=/usr/bin/umount /var/lib/flatcar-oem-gce.img -# the container expects to be able to optmize irq settings in /proc/irq and /sys/ -Environment=SYSTEMD_NSPAWN_API_VFS_WRITABLE=1 -ExecStart=/usr/bin/systemd-nspawn --keep-unit --register=no --link-journal=no \ - --machine=oem-gce --capability=CAP_NET_ADMIN --bind=/dev/log --bind=/run/systemd --tmpfs=/run/lock --bind=/etc --bind=/home --bind-ro=/usr/share/google-oslogin/nsswitch.conf \ - --read-only --volatile=overlay --image=/var/lib/flatcar-oem-gce.img --kill-signal=SIGTERM /init.sh +ExecStart=/usr/bin/init.sh [Install] WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/setup-oem.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/setup-oem.service new file mode 100644 index 0000000000..ac7aafedb3 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/setup-oem.service @@ -0,0 +1,12 @@ +[Unit] +Description=Setup OEM +Before=oem-gce-enable-oslogin.service +DefaultDependencies=false + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=-/usr/bin/ln --symbolic --force /usr/share/gce/hosts /etc/hosts +ExecStart=-/usr/bin/ln --symbolic /usr/share/gce/google-cloud-sdk.sh /etc/profile.d/google-cloud-sdk.sh +[Install] +WantedBy=sysinit.target diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r5.ebuild deleted file mode 100644 index e3d66ecfa6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r5.ebuild +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (c) 2013 CoreOS, Inc.. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -DESCRIPTION="OEM suite for Google Compute Engine images" -HOMEPAGE="" -SRC_URI="" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64" -IUSE="" - -# no source directory -S="${WORKDIR}" - -src_prepare() { - default - sed -e "s\\@@OEM_VERSION_ID@@\\${PVR}\\g" \ - "${FILESDIR}/oem-release" > "${T}/oem-release" || die -} - -src_install() { - insinto "/oem" - doins "${FILESDIR}/grub.cfg" - doins "${T}/oem-release" - doins -r "${FILESDIR}/base" - doins -r "${FILESDIR}/files" - doins -r "${FILESDIR}/units" - exeinto "/oem/bin" - doexe "${FILESDIR}/bin/enable-oslogin" -} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild new file mode 100644 index 0000000000..ca82fb0b21 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild @@ -0,0 +1,41 @@ +# Copyright (c) 2013 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 +# Copyright (c) 2020 Kinvolk GmbH. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd + +DESCRIPTION="OEM suite for Google Compute Engine images" +HOMEPAGE="https://cloud.google.com/products/compute-engine/" +SRC_URI="" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64" +IUSE="" + +# no source directory +S="${WORKDIR}" + +RDEPEND=" + app-emulation/google-compute-engine +" + +OEM_NAME="Google Compute Engine" + +src_install() { + systemd_dounit "${FILESDIR}/units/oem-gce.service" + systemd_dounit "${FILESDIR}/units/oem-gce-enable-oslogin.service" + systemd_dounit "${FILESDIR}/units/setup-oem.service" + systemd_install_dropin "multi-user.target" "${FILESDIR}/units/10-oem-gce.conf" + + dobin "${FILESDIR}/bin/enable-oslogin" + dobin "${FILESDIR}/bin/init.sh" + + # These files will be symlinked to /etc via 'setup-oem.service' + insinto /usr/share/gce/ + doins "${FILESDIR}/files/hosts" + doins "${FILESDIR}/files/google-cloud-sdk.sh" +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild index 308ff191e5..5166713cb1 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild @@ -20,8 +20,8 @@ IUSE="" DEPEND="" RDEPEND=" amd64? ( + app-emulation/google-compute-engine app-emulation/open-vm-tools - coreos-base/coreos-oem-gce coreos-base/nova-agent-container coreos-base/nova-agent-watcher )