Start rngd before format the disk

(cherry picked from commit d7f47925a1)

Dockerfile.dapper

@@ -64,7 +64,7 @@ ARG DOCKER_BUILD_VERSION=1.10.3
 ARG DOCKER_BUILD_PATCH_VERSION=v${DOCKER_BUILD_VERSION}-ros1
 ARG SELINUX_POLICY_URL=https://github.com/rancher/refpolicy/releases/download/v0.0.3/policy.29
 
-ARG KERNEL_VERSION_amd64=4.14.32-rancher2
+ARG KERNEL_VERSION_amd64=4.14.67-rancher2
 ARG KERNEL_URL_amd64=https://github.com/rancher/os-kernel/releases/download/v${KERNEL_VERSION_amd64}/linux-${KERNEL_VERSION_amd64}-x86.tar.gz
 
 ARG DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz
@@ -79,15 +79,15 @@ ARG OS_SERVICES_REPO=https://raw.githubusercontent.com/${OS_REPO}/os-services
 ARG IMAGE_NAME=${OS_REPO}/os
 ARG DFS_IMAGE=${OS_REPO}/docker:v${DOCKER_VERSION}-2
 
-ARG OS_BASE_URL_amd64=https://github.com/rancher/os-base/releases/download/v2018.02-3/os-base_amd64.tar.xz
-ARG OS_BASE_URL_arm64=https://github.com/rancher/os-base/releases/download/v2018.02-3/os-base_arm64.tar.xz
+ARG OS_BASE_URL_amd64=https://github.com/rancher/os-base/releases/download/v2018.02-4/os-base_amd64.tar.xz
+ARG OS_BASE_URL_arm64=https://github.com/rancher/os-base/releases/download/v2018.02-4/os-base_arm64.tar.xz
 
 ARG SYSTEM_DOCKER_VERSION=17.06-ros4
-ARG SYSTEM_DOCKER_URL_amd64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
-ARG SYSTEM_DOCKER_URL_arm64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_amd64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_arm64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
 
 ARG VMWARE_AUTOFORMAT=1
-ARG OPEN_VMTOOLS_VERSION=10.2.5-1
+ARG OPEN_VMTOOLS_VERSION=10.2.5-3
 ######################################################
 
 # Set up environment and export all ARGS as ENV

README.md

@@ -14,13 +14,13 @@ it would really be bad if somebody did `docker rm -f $(docker ps -qa)` and delet
 
 ## Release
 
-- **Latest: v1.3.0 - Docker 17.09.1-ce - Linux 4.9.80**
-- **Stable: v1.2.0 - Docker 17.09.1-ce - Linux 4.9.78**
+- **Latest: v1.4.0 - Docker 18.03.1-ce - Linux 4.14.32**
+- **Stable: v1.4.0 - Docker 18.03.1-ce - Linux 4.14.32**
 
 ### ISO
 
 - https://releases.rancher.com/os/latest/rancheros.iso
-- https://releases.rancher.com/os/v1.2.0/rancheros.iso
+- https://releases.rancher.com/os/v1.4.0/rancheros.iso
 
 ### Additional Downloads
 
@@ -30,30 +30,34 @@ it would really be bad if somebody did `docker rm -f $(docker ps -qa)` and delet
 * https://releases.rancher.com/os/latest/iso-checksums.txt
 * https://releases.rancher.com/os/latest/rancheros-openstack.img
 * https://releases.rancher.com/os/latest/rancheros-digitalocean.img
+* https://releases.rancher.com/os/latest/rancheros-cloudstack.img
 * https://releases.rancher.com/os/latest/rancheros-aliyun.vhd
 * https://releases.rancher.com/os/latest/rancheros.ipxe
 * https://releases.rancher.com/os/latest/rancheros-gce.tar.gz
 * https://releases.rancher.com/os/latest/rootfs.tar.gz
 * https://releases.rancher.com/os/latest/vmlinuz
+* https://releases.rancher.com/os/latest/rancheros-vmware.iso
 
-#### v1.2.0 Links
+#### v1.4.0 Links
 
-* https://releases.rancher.com/os/v1.2.0/initrd
-* https://releases.rancher.com/os/v1.2.0/iso-checksums.txt
-* https://releases.rancher.com/os/v1.2.0/rancheros-openstack.img
-* https://releases.rancher.com/os/v1.2.0/rancheros-digitalocean.img
-* https://releases.rancher.com/os/v1.2.0/rancheros-aliyun.vhd
-* https://releases.rancher.com/os/v1.2.0/rancheros.ipxe
-* https://releases.rancher.com/os/v1.2.0/rancheros-gce.tar.gz
-* https://releases.rancher.com/os/v1.2.0/rootfs.tar.gz
-* https://releases.rancher.com/os/v1.2.0/vmlinuz
+* https://releases.rancher.com/os/v1.4.0/initrd
+* https://releases.rancher.com/os/v1.4.0/iso-checksums.txt
+* https://releases.rancher.com/os/v1.4.0/rancheros-openstack.img
+* https://releases.rancher.com/os/v1.4.0/rancheros-digitalocean.img
+* https://releases.rancher.com/os/v1.4.0/rancheros-cloudstack.img
+* https://releases.rancher.com/os/v1.4.0/rancheros-aliyun.vhd
+* https://releases.rancher.com/os/v1.4.0/rancheros.ipxe
+* https://releases.rancher.com/os/v1.4.0/rancheros-gce.tar.gz
+* https://releases.rancher.com/os/v1.4.0/rootfs.tar.gz
+* https://releases.rancher.com/os/v1.4.0/vmlinuz
+* https://releases.rancher.com/os/v1.4.0/rancheros-vmware.iso
 
 #### ARM Links
 
 * https://releases.rancher.com/os/latest/rootfs_arm64.tar.gz
 * https://releases.rancher.com/os/latest/rancheros-raspberry-pi64.zip
-* https://releases.rancher.com/os/v1.2.0/rootfs_arm64.tar.gz
-* https://releases.rancher.com/os/v1.2.0/rancheros-raspberry-pi64.zip
+* https://releases.rancher.com/os/v1.4.0/rootfs_arm64.tar.gz
+* https://releases.rancher.com/os/v1.4.0/rancheros-raspberry-pi64.zip
 
 **Note**: you can use `http` instead of `https` in the above URLs, e.g. for iPXE.
 
@@ -63,27 +67,27 @@ SSH keys are added to the **`rancher`** user, so you must log in using the **ran
 
 **HVM**
 
-Region | Type | AMI(Stable) | AMI(Latest)
--------|------|------|------
-ap-south-1 | HVM | [ami-12db887d](https://ap-south-1.console.aws.amazon.com/ec2/home?region=ap-south-1#launchInstanceWizard:ami=ami-12db887d) | [ami-7e227811](https://ap-south-1.console.aws.amazon.com/ec2/home?region=ap-south-1#launchInstanceWizard:ami=ami-7e227811)
-eu-west-3 | HVM | [ami-d5a315a8](https://eu-west-3.console.aws.amazon.com/ec2/home?region=eu-west-3#launchInstanceWizard:ami=ami-d5a315a8) | [ami-662d9b1b](https://eu-west-3.console.aws.amazon.com/ec2/home?region=eu-west-3#launchInstanceWizard:ami=ami-662d9b1b)
-eu-west-2 | HVM | [ami-80bd58e7](https://eu-west-2.console.aws.amazon.com/ec2/home?region=eu-west-2#launchInstanceWizard:ami=ami-80bd58e7) | [ami-89bb5aee](https://eu-west-2.console.aws.amazon.com/ec2/home?region=eu-west-2#launchInstanceWizard:ami=ami-89bb5aee)
-eu-west-1 | HVM | [ami-69187010](https://eu-west-1.console.aws.amazon.com/ec2/home?region=eu-west-1#launchInstanceWizard:ami=ami-69187010) | [ami-386b3841](https://eu-west-1.console.aws.amazon.com/ec2/home?region=eu-west-1#launchInstanceWizard:ami=ami-386b3841)
-ap-northeast-2 | HVM | [ami-57dd7f39](https://ap-northeast-2.console.aws.amazon.com/ec2/home?region=ap-northeast-2#launchInstanceWizard:ami=ami-57dd7f39) | [ami-7da90613](https://ap-northeast-2.console.aws.amazon.com/ec2/home?region=ap-northeast-2#launchInstanceWizard:ami=ami-7da90613)
-ap-northeast-1 | HVM | [ami-a3c2b5c5](https://ap-northeast-1.console.aws.amazon.com/ec2/home?region=ap-northeast-1#launchInstanceWizard:ami=ami-a3c2b5c5) | [ami-14070f68](https://ap-northeast-1.console.aws.amazon.com/ec2/home?region=ap-northeast-1#launchInstanceWizard:ami=ami-14070f68)
-sa-east-1 | HVM | [ami-6c2f6100](https://sa-east-1.console.aws.amazon.com/ec2/home?region=sa-east-1#launchInstanceWizard:ami=ami-6c2f6100) | [ami-7345121f](https://sa-east-1.console.aws.amazon.com/ec2/home?region=sa-east-1#launchInstanceWizard:ami=ami-7345121f)
-ca-central-1 | HVM | [ami-b8a622dc](https://ca-central-1.console.aws.amazon.com/ec2/home?region=ca-central-1#launchInstanceWizard:ami=ami-b8a622dc) | [ami-1ea3257a](https://ca-central-1.console.aws.amazon.com/ec2/home?region=ca-central-1#launchInstanceWizard:ami=ami-1ea3257a)
-ap-southeast-1 | HVM | [ami-0f5a1b73](https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1#launchInstanceWizard:ami=ami-0f5a1b73) | [ami-4b4d1437](https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1#launchInstanceWizard:ami=ami-4b4d1437)
-ap-southeast-2 | HVM | [ami-edc73c8f](https://ap-southeast-2.console.aws.amazon.com/ec2/home?region=ap-southeast-2#launchInstanceWizard:ami=ami-edc73c8f) | [ami-e4498586](https://ap-southeast-2.console.aws.amazon.com/ec2/home?region=ap-southeast-2#launchInstanceWizard:ami=ami-e4498586)
-eu-central-1 | HVM | [ami-28422647](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#launchInstanceWizard:ami=ami-28422647) | [ami-bc386557](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#launchInstanceWizard:ami=ami-bc386557)
-us-east-1 | HVM | [ami-a7151cdd](https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#launchInstanceWizard:ami=ami-a7151cdd) | [ami-38964e45](https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#launchInstanceWizard:ami=ami-38964e45)
-us-east-2 | HVM | [ami-a383b6c6](https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#launchInstanceWizard:ami=ami-a383b6c6) | [ami-a0d7e6c5](https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#launchInstanceWizard:ami=ami-a0d7e6c5)
-us-west-1 | HVM | [ami-c4b3bca4](https://us-west-1.console.aws.amazon.com/ec2/home?region=us-west-1#launchInstanceWizard:ami=ami-c4b3bca4) | [ami-a4a0b6c4](https://us-west-1.console.aws.amazon.com/ec2/home?region=us-west-1#launchInstanceWizard:ami=ami-a4a0b6c4)
-us-west-2 | HVM | [ami-6e1a9e16](https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#launchInstanceWizard:ami=ami-6e1a9e16) | [ami-c60c94be](https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#launchInstanceWizard:ami=ami-c60c94be)
-cn-north-1 | HVM | [ami-18c11e75](https://cn-north-1.console.amazonaws.cn/ec2/home?region=cn-north-1#launchInstanceWizard:ami=ami-18c11e75) | [ami-07a37d6a](https://cn-north-1.console.amazonaws.cn/ec2/home?region=cn-north-1#launchInstanceWizard:ami=ami-07a37d6a)
-cn-northwest-1 | HVM | [ami-bcedf9de](https://cn-northwest-1.console.amazonaws.cn/ec2/home?region=cn-northwest-1#launchInstanceWizard:ami=ami-bcedf9de) | [ami-8f8094ed](https://cn-northwest-1.console.amazonaws.cn/ec2/home?region=cn-northwest-1#launchInstanceWizard:ami=ami-8f8094ed)
+Region | Type | AMI
+-------|------|------
+ap-south-1 | HVM | [ami-f4426c9b](https://ap-south-1.console.aws.amazon.com/ec2/home?region=ap-south-1#launchInstanceWizard:ami=ami-f4426c9b)
+eu-west-3 | HVM | [ami-6444f519](https://eu-west-3.console.aws.amazon.com/ec2/home?region=eu-west-3#launchInstanceWizard:ami=ami-6444f519)
+eu-west-2 | HVM | [ami-1e7f9379](https://eu-west-2.console.aws.amazon.com/ec2/home?region=eu-west-2#launchInstanceWizard:ami=ami-1e7f9379)
+eu-west-1 | HVM | [ami-447a7f3d](https://eu-west-1.console.aws.amazon.com/ec2/home?region=eu-west-1#launchInstanceWizard:ami=ami-447a7f3d)
+ap-northeast-2 | HVM | [ami-5492393a](https://ap-northeast-2.console.aws.amazon.com/ec2/home?region=ap-northeast-2#launchInstanceWizard:ami=ami-5492393a)
+ap-northeast-1 | HVM | [ami-96e218e9](https://ap-northeast-1.console.aws.amazon.com/ec2/home?region=ap-northeast-1#launchInstanceWizard:ami=ami-96e218e9)
+sa-east-1 | HVM | [ami-1a217876](https://sa-east-1.console.aws.amazon.com/ec2/home?region=sa-east-1#launchInstanceWizard:ami=ami-1a217876)
+ca-central-1 | HVM | [ami-eef6758a](https://ca-central-1.console.aws.amazon.com/ec2/home?region=ca-central-1#launchInstanceWizard:ami=ami-eef6758a)
+ap-southeast-1 | HVM | [ami-0716287b](https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1#launchInstanceWizard:ami=ami-0716287b)
+ap-southeast-2 | HVM | [ami-4ae73528](https://ap-southeast-2.console.aws.amazon.com/ec2/home?region=ap-southeast-2#launchInstanceWizard:ami=ami-4ae73528)
+eu-central-1 | HVM | [ami-1686b3fd](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#launchInstanceWizard:ami=ami-1686b3fd)
+us-east-1 | HVM | [ami-99c5ade6](https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#launchInstanceWizard:ami=ami-99c5ade6)
+us-east-2 | HVM | [ami-504b7435](https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#launchInstanceWizard:ami=ami-504b7435)
+us-west-1 | HVM | [ami-1e63797e](https://us-west-1.console.aws.amazon.com/ec2/home?region=us-west-1#launchInstanceWizard:ami=ami-1e63797e)
+us-west-2 | HVM | [ami-e59ae09d](https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#launchInstanceWizard:ami=ami-e59ae09d)
+cn-north-1 | HVM | [ami-0a5d8367](https://cn-north-1.console.amazonaws.cn/ec2/home?region=cn-north-1#launchInstanceWizard:ami=ami-0a5d8367)
+cn-northwest-1 | HVM | [ami-40a1b522](https://cn-northwest-1.console.amazonaws.cn/ec2/home?region=cn-northwest-1#launchInstanceWizard:ami=ami-40a1b522)
 
-Additionally, images are available with support for Amazon EC2 Container Service (ECS) [here](https://docs.rancher.com/os/amazon-ecs/#amazon-ecs-enabled-amis).
+Additionally, images are available with support for Amazon EC2 Container Service (ECS) [here](https://rancher.com/docs/os/v1.x/en/installation/amazon-ecs/#amazon-ecs-enabled-amis).
 
 ### Google Compute Engine
 
@@ -91,13 +95,13 @@ We are providing a disk image that users can download and import for use in Goog
 
 [Download Latest Image](https://releases.rancher.com/os/latest/rancheros-gce.tar.gz)
 
-[Download Stable Image](https://releases.rancher.com/os/v1.2.0/rancheros-gce.tar.gz)
+[Download Stable Image](https://releases.rancher.com/os/v1.4.0/rancheros-gce.tar.gz)
 
-Please follow the directions at our [docs to launch in GCE](http://docs.rancher.com/os/running-rancheros/cloud/gce/).
+Please follow the directions at our [docs to launch in GCE](https://rancher.com/docs/os/v1.x/en/installation/running-rancheros/cloud/gce/).
 
 ## Documentation for RancherOS
 
-Please refer to our [RancherOS Documentation](http://docs.rancher.com/os/) website to read all about RancherOS. It has detailed information on how RancherOS works, getting-started and other details.
+Please refer to our [RancherOS Documentation](https://rancher.com/docs/os/v1.x/en/) website to read all about RancherOS. It has detailed information on how RancherOS works, getting-started and other details.
 
 ## Support, Discussion, and Community
 If you need any help with RancherOS or Rancher, please join us at either our [Rancher forums](http://forums.rancher.com) or [#rancher IRC channel](http://webchat.freenode.net/?channels=rancher) where most of our team hangs out at.

cmd/cloudinitsave/cloudinitsave.go

@@ -182,6 +182,11 @@ func fetchAndSave(ds datasource.Datasource) error {
 		log.Errorf("Failed fetching user-data from datasource: %v", err)
 		return err
 	}
+	userDataBytes, err = decompressIfGzip(userDataBytes)
+	if err != nil {
+		log.Errorf("Failed decompressing user-data from datasource: %v", err)
+		return err
+	}
 	log.Infof("Fetching meta-data from datasource of type %v", ds.Type())
 	metadata, err = ds.FetchMetadata()
 	if err != nil {
@@ -367,3 +372,13 @@ func composeToCloudConfig(bytes []byte) ([]byte, error) {
 		},
 	})
 }
+
+const gzipMagicBytes = "\x1f\x8b"
+
+func decompressIfGzip(userdataBytes []byte) ([]byte, error) {
+	if !bytes.HasPrefix(userdataBytes, []byte(gzipMagicBytes)) {
+		return userdataBytes, nil
+	}
+
+	return config.DecompressGzip(userdataBytes)
+}

cmd/control/bootstrap.go

@@ -23,6 +23,13 @@ func BootstrapMain() {
 	log.Debugf("bootstrapAction: loadingConfig")
 	cfg := config.LoadConfig()
 
+	log.Debugf("bootstrapAction: Rngd(%v)", cfg.Rancher.State.Rngd)
+	if cfg.Rancher.State.Rngd {
+		if err := runRngd(); err != nil {
+			log.Errorf("Failed to run rngd: %v", err)
+		}
+	}
+
 	log.Debugf("bootstrapAction: MdadmScan(%v)", cfg.Rancher.State.MdadmScan)
 	if cfg.Rancher.State.MdadmScan {
 		if err := mdadmScan(); err != nil {
@@ -68,6 +75,13 @@ func mdadmScan() error {
 	return cmd.Run()
 }
 
+func runRngd() error {
+	cmd := exec.Command("rngd", "-q")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
 func runStateScript(script string) error {
 	f, err := ioutil.TempFile("", "")
 	if err != nil {

cmd/control/console_init.go

@@ -11,6 +11,8 @@ import (
 	"strings"
 	"syscall"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/codegangsta/cli"
 	"github.com/rancher/os/cmd/cloudinitexecute"
 	"github.com/rancher/os/config"
@@ -108,6 +110,14 @@ func consoleInitFunc() error {
 		}
 	}
 
+	// mount systemd cgroups
+	if err := os.MkdirAll("/sys/fs/cgroup/systemd", 0555); err != nil {
+		log.Error(err)
+	}
+	if err := unix.Mount("cgroup", "/sys/fs/cgroup/systemd", "cgroup", 0, "none,name=systemd"); err != nil {
+		log.Error(err)
+	}
+
 	// font backslashes need to be escaped for when issue is output! (but not the others..)
 	if err := ioutil.WriteFile("/etc/issue", []byte(config.Banner), 0644); err != nil {
 		log.Error(err)

cmd/control/docker_init.go

@@ -70,8 +70,8 @@ func dockerInitAction(c *cli.Context) error {
 	}
 
 	for _, mount := range strings.Split(string(mountInfo), "\n") {
-		if strings.Contains(mount, "/var/lib/docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
-			os.Setenv("DOCKER_RAMDISK", "1")
+		if strings.Contains(mount, "/var/lib/user-docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
+			os.Setenv("DOCKER_RAMDISK", "true")
 		}
 	}
 

config/cloudinit/config/decode.go

@@ -18,7 +18,12 @@ func DecodeBase64Content(content string) ([]byte, error) {
 }
 
 func DecodeGzipContent(content string) ([]byte, error) {
-	gzr, err := gzip.NewReader(bytes.NewReader([]byte(content)))
+	byteContent := []byte(content)
+	return DecompressGzip(byteContent)
+}
+
+func DecompressGzip(content []byte) ([]byte, error) {
+	gzr, err := gzip.NewReader(bytes.NewReader(content))
 
 	if err != nil {
 		return nil, fmt.Errorf("Unable to decode gzip: %q", err)

config/schema.go

@@ -169,6 +169,7 @@ var schema = `{
         "required": {"type": "boolean"},
         "autoformat": {"$ref": "#/definitions/list_of_strings"},
         "mdadm_scan": {"type": "boolean"},
+        "rngd": {"type": "boolean"},
         "script": {"type": "string"},
         "oem_fstype": {"type": "string"},
         "oem_dev": {"type": "string"}

config/types.go

@@ -200,6 +200,7 @@ type StateConfig struct {
 	Required   bool     `yaml:"required,omitempty"`
 	Autoformat []string `yaml:"autoformat,omitempty"`
 	MdadmScan  bool     `yaml:"mdadm_scan,omitempty"`
+	Rngd       bool     `yaml:"rngd,omitempty"`
 	Script     string   `yaml:"script,omitempty"`
 	OemFsType  string   `yaml:"oem_fstype,omitempty"`
 	OemDev     string   `yaml:"oem_dev,omitempty"`

dfs/scratch.go

@@ -570,7 +570,6 @@ func firstPrepare() error {
 		"/etc/selinux/ros",
 		"/etc/selinux/ros/policy",
 		"/etc/selinux/ros/contexts",
-		"/var/lib/cni",
 	); err != nil {
 		return err
 	}

init/init.go

@@ -362,6 +362,7 @@ func RunInit() error {
 		config.CfgFuncData{"read cfg and log files", func(cfg *config.CloudConfig) (*config.CloudConfig, error) {
 			filesToCopy := []string{
 				config.CloudConfigInitFile,
+				config.CloudConfigScriptFile,
 				config.CloudConfigBootFile,
 				config.CloudConfigNetworkFile,
 				config.MetaDataFile,
@@ -418,7 +419,11 @@ func RunInit() error {
 				if strings.HasPrefix(name, "/var/lib/rancher/conf/") {
 					// only make the conf files harder to get to
 					dirMode = os.ModeDir | 0700
-					fileMode = os.FileMode(0400)
+					if name == config.CloudConfigScriptFile {
+						fileMode = os.FileMode(0755)
+					} else {
+						fileMode = os.FileMode(0400)
+					}
 				}
 				if err := os.MkdirAll(filepath.Dir(name), dirMode); err != nil {
 					log.Error(err)
@@ -443,6 +448,32 @@ func RunInit() error {
 
 			log.Debugf("memory Resolve.conf == [%s]", configFiles["/etc/resolv.conf"])
 
+			// this code make sure the open-vm-tools service can be started correct when there is no network
+			if hypervisor == "vmware" {
+				// make sure the cache directory exist
+				if err := os.MkdirAll("/var/lib/rancher/cache/", os.ModeDir|0755); err != nil {
+					log.Errorf("Create service cache diretory error: %v", err)
+				}
+
+				// move os-services cache file
+				if _, err := os.Stat("/usr/share/ros/services-cache"); err == nil {
+					files, err := ioutil.ReadDir("/usr/share/ros/services-cache/")
+					if err != nil {
+						log.Errorf("Read file error: %v", err)
+					}
+					for _, f := range files {
+						err := os.Rename("/usr/share/ros/services-cache/"+f.Name(), "/var/lib/rancher/cache/"+f.Name())
+						if err != nil {
+							log.Errorf("Rename file error: %v", err)
+						}
+					}
+					if err := os.Remove("/usr/share/ros/services-cache"); err != nil {
+						log.Errorf("Remove file error: %v", err)
+					}
+				}
+
+			}
+
 			if boot2DockerEnvironment {
 				if err := config.Set("rancher.state.dev", cfg.Rancher.State.Dev); err != nil {
 					log.Errorf("Failed to update rancher.state.dev: %v", err)

netconf/netconf_linux.go

@@ -114,8 +114,8 @@ func findMatch(link netlink.Link, netCfg *NetworkConfig) (InterfaceConfig, bool)
 				continue
 			}
 
-			// Don't match mac address of the bond because it is the same as the slave
-			if bytes.Compare(haAddr, link.Attrs().HardwareAddr) == 0 && link.Attrs().Name != netConf.Bond {
+			// Don't match mac address of a bond or VLAN interface because it is the same address as the slave or parent.
+			if bytes.Compare(haAddr, link.Attrs().HardwareAddr) == 0 && link.Attrs().Name != netConf.Bond && link.Type() != "vlan" {
 				// MAC address match is used over all other matches
 				return netConf, true
 			}

os-config.tpl.yml

@@ -8,10 +8,10 @@ rancher:
     hostname: {{.HOSTNAME_DEFAULT}}
     {{if eq "amd64" .ARCH -}}
     docker:
-      engine: docker-17.09.1-ce
+      engine: docker-18.03.1-ce
     {{else -}}
     docker:
-      engine: docker-17.09.1-ce
+      engine: docker-18.03.1-ce
     {{end -}}
     network:
       dns:
@@ -82,6 +82,7 @@ rancher:
     fstype: auto
     oem_fstype: auto
     oem_dev: LABEL=RANCHER_OEM
+    rngd: true
   sysctl:
     fs.file-max: 1000000000
   services:
@@ -138,7 +139,7 @@ rancher:
       privileged: true
       read_only: true
       volumes:
-      - /var/lib/docker:/var/lib/docker
+      - /var/lib/user-docker:/var/lib/docker
     user-volumes:
       image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
       command: echo
@@ -343,9 +344,9 @@ rancher:
       - system-volumes
     docker:
       {{if eq "amd64" .ARCH -}}
-      image: {{.OS_REPO}}/os-docker:17.09.1{{.SUFFIX}}
+      image: {{.OS_REPO}}/os-docker:18.03.1{{.SUFFIX}}
       {{else -}}
-      image: {{.OS_REPO}}/os-docker:17.09.1{{.SUFFIX}}
+      image: {{.OS_REPO}}/os-docker:18.03.1{{.SUFFIX}}
       {{end -}}
       command: ros user-docker
       environment:
@@ -386,9 +387,9 @@ rancher:
     image: {{.OS_REPO}}/os
   docker:
     {{if eq "amd64" .ARCH -}}
-    engine: docker-17.09.1-ce
+    engine: docker-18.03.1-ce
     {{else -}}
-    engine: docker-17.09.1-ce
+    engine: docker-18.03.1-ce
     {{end -}}
     group: docker
     host: ["unix:///var/run/docker.sock"]

scripts/images/raspberry-pi-hypriot64/Dockerfile.dapper

@@ -1,5 +1,5 @@
 FROM rancher/os-debianconsole-base
-# FROM amd64=debian:jessie arm64=aarch64/debian:jessie arm=armhf/debian:jessie
+# FROM amd64=ubuntu:xenial arm64=arm64v8/ubuntu:xenial
 
 ENV DAPPER_RUN_ARGS --privileged
 ENV DAPPER_OUTPUT dist

scripts/images/raspberry-pi-hypriot64/scripts/build.sh

@@ -18,7 +18,7 @@ BOOT_PARTITION_SIZE=25
 BOOT_PARTITION_OFFSET="$((BOOT_PARTITION_START*512))"
 BOOT_PARTITION_BYTES="$((BOOT_PARTITION_SIZE*1024*1024))"
 BOOT_PARTITION_SECTORS="$((BOOT_PARTITION_SIZE*1024*2))"
-ROOT_PARTITION_START="$((BOOT_PARTITION_START+BOOT_PARTITION_SECTORS))"
+ROOT_PARTITION_START="$((BOOT_PARTITION_START+BOOT_PARTITION_SECTORS+1))"
 ROOT_PARTITION_OFFSET="$((ROOT_PARTITION_START*512))"
 #---don't change here---
 

scripts/layout-initrd

@@ -2,12 +2,11 @@
 echo Create initrd layout in $INITRD_DIR
 
 rm -rf ${INITRD_DIR}
-mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros,var/lib/cni/bin}
+mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros}
 
 ./scripts/template
 
 cp -rf assets/selinux          ${INITRD_DIR}/usr/etc
-cp -rf assets/docker           ${INITRD_DIR}/usr/etc
 cp build/images.tar            ${INITRD_DIR}/usr/share/ros/
 cp bin/ros                     ${INITRD_DIR}/usr/bin/
 ln -s usr/bin/ros              ${INITRD_DIR}/init
@@ -30,6 +29,20 @@ SUPPORT_URL="https://forums.rancher.com/c/rancher-os"
 BUG_REPORT_URL="https://github.com/rancher/os/issues"
 BUILD_ID=
 HERE
+
+# cache os-services yml file
+if [ -e ".make-vmware" ]; then
+    SERVICE_URL=${OS_SERVICES_REPO}/${REPO_VERSION}
+    SERVICE_INDEX_URL="${SERVICE_URL}/index.yml"
+    SERVICE_OPEN_VMTOOLS_URL="${SERVICE_URL}/o/open-vm-tools.yml"
+    SERVICE_INDEX_URL_MD5=$(echo -n ${SERVICE_INDEX_URL}|md5sum|cut -d ' ' -f1)
+    SERVICE_OPEN_VMTOOLS_URL_MD5=$(echo -n ${SERVICE_OPEN_VMTOOLS_URL}|md5sum|cut -d ' ' -f1)
+
+    mkdir -p ${INITRD_DIR}/usr/share/ros/services-cache/
+    wget -O ${INITRD_DIR}/usr/share/ros/services-cache/${SERVICE_INDEX_URL_MD5} ${SERVICE_INDEX_URL}
+    wget -O ${INITRD_DIR}/usr/share/ros/services-cache/${SERVICE_OPEN_VMTOOLS_URL_MD5} ${SERVICE_OPEN_VMTOOLS_URL}
+fi
+
 # TODO: usr/lib dir is overwritten by the kernel modules and firmware
 ln -s ${INITRD_DIR}/usr/share/ros/os-release ${INITRD_DIR}/usr/lib/
 ln -s ${INITRD_DIR}/usr/share/ros/os-release ${INITRD_DIR}/usr/etc/

scripts/release

@@ -4,7 +4,7 @@ set -ex
 cd $(dirname $0)/..
 source ./scripts/version
 export REPO_VERSION=$VERSION
-if [[ -z "$GIT_TAG" ]]; then
+if [[ -n "$DIRTY" || -z "$GIT_TAG" ]]; then
     export REPO_VERSION=master
 fi
 export COMPRESS="xz --format=lzma -9 --memlimit-compress=80% -e"

scripts/version

@@ -16,7 +16,7 @@ if [ -z "$VERSION" ]; then
 fi
 
 INITRD=initrd-${VERSION}
-export VERSION COMMIT INITRD GIT_TAG
+export VERSION COMMIT INITRD GIT_TAG DIRTY
 
 # Suffix
 export SUFFIX=""

trash.conf

@@ -14,7 +14,7 @@ github.com/docker/docker b40c87254f587af7cad8e8128f061a2a7f367343 https://github
 github.com/docker/engine-api v0.3.3
 github.com/docker/go-connections v0.2.0
 github.com/docker/go-units 651fc226e7441360384da338d0fd37f2440ffbe3
-github.com/docker/libcompose b9f88a071f78d49293a8f31ae0d2e339085fd0d7 https://github.com/rancher/libcompose.git
+github.com/docker/libcompose c598536dc130c03c419d74f4c66c9dd0f728338d https://github.com/rancher/libcompose.git
 github.com/docker/libnetwork v0.5.6
 github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
 github.com/docker/machine 4a8e93ac9bc2ced1c3bc4a43c03fdaa1c2749205

vendor/github.com/docker/libcompose/docker/service.go

@@ -94,15 +94,17 @@ func (s *Service) collectContainers(ctx context.Context) ([]*Container, error) {
 		numberLabel := container.Labels[labels.NUMBER.Str()]
 		name := strings.SplitAfter(container.Names[0], "/")
 		if numberLabel == "" {
-			result = append(result, NewContainer(client, name[1], 1, s))
+			result = append(result, NewContainer(client, name[len(name)-1], 1, s))
 			return result, nil
 		}
 		containerNumber, err := strconv.Atoi(numberLabel)
 		if err != nil {
 			return nil, err
 		}
-		// Compose add "/" before name, so Name[1] will store actaul name.
-		result = append(result, NewContainer(client, name[1], containerNumber, s))
+		// Compose add "/" before ordinary container name,
+		// Compose add "/primary-container-name/" before Linked container name,
+		// so use Name[len(name)-1] to store actaul name
+		result = append(result, NewContainer(client, name[len(name)-1], containerNumber, s))
 	}
 
 	return result, nil