Start rngd before format the disk

(cherry picked from commit d7f47925a1)

Dockerfile.dapper

@@ -64,7 +64,7 @@ ARG DOCKER_BUILD_VERSION=1.10.3
 ARG DOCKER_BUILD_PATCH_VERSION=v${DOCKER_BUILD_VERSION}-ros1
 ARG SELINUX_POLICY_URL=https://github.com/rancher/refpolicy/releases/download/v0.0.3/policy.29
 
-ARG KERNEL_VERSION_amd64=4.14.32-rancher2
+ARG KERNEL_VERSION_amd64=4.14.67-rancher2
 ARG KERNEL_URL_amd64=https://github.com/rancher/os-kernel/releases/download/v${KERNEL_VERSION_amd64}/linux-${KERNEL_VERSION_amd64}-x86.tar.gz
 
 ARG DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz
@@ -79,12 +79,12 @@ ARG OS_SERVICES_REPO=https://raw.githubusercontent.com/${OS_REPO}/os-services
 ARG IMAGE_NAME=${OS_REPO}/os
 ARG DFS_IMAGE=${OS_REPO}/docker:v${DOCKER_VERSION}-2
 
-ARG OS_BASE_URL_amd64=https://github.com/rancher/os-base/releases/download/v2018.02-3/os-base_amd64.tar.xz
-ARG OS_BASE_URL_arm64=https://github.com/rancher/os-base/releases/download/v2018.02-3/os-base_arm64.tar.xz
+ARG OS_BASE_URL_amd64=https://github.com/rancher/os-base/releases/download/v2018.02-4/os-base_amd64.tar.xz
+ARG OS_BASE_URL_arm64=https://github.com/rancher/os-base/releases/download/v2018.02-4/os-base_arm64.tar.xz
 
 ARG SYSTEM_DOCKER_VERSION=17.06-ros4
-ARG SYSTEM_DOCKER_URL_amd64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
-ARG SYSTEM_DOCKER_URL_arm64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_amd64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_arm64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
 
 ARG VMWARE_AUTOFORMAT=1
 ARG OPEN_VMTOOLS_VERSION=10.2.5-3

cmd/cloudinitsave/cloudinitsave.go

@@ -182,6 +182,11 @@ func fetchAndSave(ds datasource.Datasource) error {
 		log.Errorf("Failed fetching user-data from datasource: %v", err)
 		return err
 	}
+	userDataBytes, err = decompressIfGzip(userDataBytes)
+	if err != nil {
+		log.Errorf("Failed decompressing user-data from datasource: %v", err)
+		return err
+	}
 	log.Infof("Fetching meta-data from datasource of type %v", ds.Type())
 	metadata, err = ds.FetchMetadata()
 	if err != nil {
@@ -367,3 +372,13 @@ func composeToCloudConfig(bytes []byte) ([]byte, error) {
 		},
 	})
 }
+
+const gzipMagicBytes = "\x1f\x8b"
+
+func decompressIfGzip(userdataBytes []byte) ([]byte, error) {
+	if !bytes.HasPrefix(userdataBytes, []byte(gzipMagicBytes)) {
+		return userdataBytes, nil
+	}
+
+	return config.DecompressGzip(userdataBytes)
+}

cmd/control/bootstrap.go

@@ -23,6 +23,13 @@ func BootstrapMain() {
 	log.Debugf("bootstrapAction: loadingConfig")
 	cfg := config.LoadConfig()
 
+	log.Debugf("bootstrapAction: Rngd(%v)", cfg.Rancher.State.Rngd)
+	if cfg.Rancher.State.Rngd {
+		if err := runRngd(); err != nil {
+			log.Errorf("Failed to run rngd: %v", err)
+		}
+	}
+
 	log.Debugf("bootstrapAction: MdadmScan(%v)", cfg.Rancher.State.MdadmScan)
 	if cfg.Rancher.State.MdadmScan {
 		if err := mdadmScan(); err != nil {
@@ -68,6 +75,13 @@ func mdadmScan() error {
 	return cmd.Run()
 }
 
+func runRngd() error {
+	cmd := exec.Command("rngd", "-q")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
 func runStateScript(script string) error {
 	f, err := ioutil.TempFile("", "")
 	if err != nil {

cmd/control/console_init.go

@@ -11,6 +11,8 @@ import (
 	"strings"
 	"syscall"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/codegangsta/cli"
 	"github.com/rancher/os/cmd/cloudinitexecute"
 	"github.com/rancher/os/config"
@@ -108,6 +110,14 @@ func consoleInitFunc() error {
 		}
 	}
 
+	// mount systemd cgroups
+	if err := os.MkdirAll("/sys/fs/cgroup/systemd", 0555); err != nil {
+		log.Error(err)
+	}
+	if err := unix.Mount("cgroup", "/sys/fs/cgroup/systemd", "cgroup", 0, "none,name=systemd"); err != nil {
+		log.Error(err)
+	}
+
 	// font backslashes need to be escaped for when issue is output! (but not the others..)
 	if err := ioutil.WriteFile("/etc/issue", []byte(config.Banner), 0644); err != nil {
 		log.Error(err)

cmd/control/docker_init.go

@@ -70,8 +70,8 @@ func dockerInitAction(c *cli.Context) error {
 	}
 
 	for _, mount := range strings.Split(string(mountInfo), "\n") {
-		if strings.Contains(mount, "/var/lib/docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
-			os.Setenv("DOCKER_RAMDISK", "1")
+		if strings.Contains(mount, "/var/lib/user-docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
+			os.Setenv("DOCKER_RAMDISK", "true")
 		}
 	}
 

config/cloudinit/config/decode.go

@@ -18,7 +18,12 @@ func DecodeBase64Content(content string) ([]byte, error) {
 }
 
 func DecodeGzipContent(content string) ([]byte, error) {
-	gzr, err := gzip.NewReader(bytes.NewReader([]byte(content)))
+	byteContent := []byte(content)
+	return DecompressGzip(byteContent)
+}
+
+func DecompressGzip(content []byte) ([]byte, error) {
+	gzr, err := gzip.NewReader(bytes.NewReader(content))
 
 	if err != nil {
 		return nil, fmt.Errorf("Unable to decode gzip: %q", err)

config/schema.go

@@ -169,6 +169,7 @@ var schema = `{
         "required": {"type": "boolean"},
         "autoformat": {"$ref": "#/definitions/list_of_strings"},
         "mdadm_scan": {"type": "boolean"},
+        "rngd": {"type": "boolean"},
         "script": {"type": "string"},
         "oem_fstype": {"type": "string"},
         "oem_dev": {"type": "string"}

config/types.go

@@ -200,6 +200,7 @@ type StateConfig struct {
 	Required   bool     `yaml:"required,omitempty"`
 	Autoformat []string `yaml:"autoformat,omitempty"`
 	MdadmScan  bool     `yaml:"mdadm_scan,omitempty"`
+	Rngd       bool     `yaml:"rngd,omitempty"`
 	Script     string   `yaml:"script,omitempty"`
 	OemFsType  string   `yaml:"oem_fstype,omitempty"`
 	OemDev     string   `yaml:"oem_dev,omitempty"`

dfs/scratch.go

@@ -570,7 +570,6 @@ func firstPrepare() error {
 		"/etc/selinux/ros",
 		"/etc/selinux/ros/policy",
 		"/etc/selinux/ros/contexts",
-		"/var/lib/cni",
 	); err != nil {
 		return err
 	}

init/init.go

@@ -362,6 +362,7 @@ func RunInit() error {
 		config.CfgFuncData{"read cfg and log files", func(cfg *config.CloudConfig) (*config.CloudConfig, error) {
 			filesToCopy := []string{
 				config.CloudConfigInitFile,
+				config.CloudConfigScriptFile,
 				config.CloudConfigBootFile,
 				config.CloudConfigNetworkFile,
 				config.MetaDataFile,
@@ -418,7 +419,11 @@ func RunInit() error {
 				if strings.HasPrefix(name, "/var/lib/rancher/conf/") {
 					// only make the conf files harder to get to
 					dirMode = os.ModeDir | 0700
-					fileMode = os.FileMode(0400)
+					if name == config.CloudConfigScriptFile {
+						fileMode = os.FileMode(0755)
+					} else {
+						fileMode = os.FileMode(0400)
+					}
 				}
 				if err := os.MkdirAll(filepath.Dir(name), dirMode); err != nil {
 					log.Error(err)

os-config.tpl.yml

@@ -82,6 +82,7 @@ rancher:
     fstype: auto
     oem_fstype: auto
     oem_dev: LABEL=RANCHER_OEM
+    rngd: true
   sysctl:
     fs.file-max: 1000000000
   services:

scripts/images/raspberry-pi-hypriot64/Dockerfile.dapper

@@ -1,5 +1,5 @@
 FROM rancher/os-debianconsole-base
-# FROM amd64=debian:jessie arm64=aarch64/debian:jessie arm=armhf/debian:jessie
+# FROM amd64=ubuntu:xenial arm64=arm64v8/ubuntu:xenial
 
 ENV DAPPER_RUN_ARGS --privileged
 ENV DAPPER_OUTPUT dist

scripts/images/raspberry-pi-hypriot64/scripts/build.sh

@@ -18,7 +18,7 @@ BOOT_PARTITION_SIZE=25
 BOOT_PARTITION_OFFSET="$((BOOT_PARTITION_START*512))"
 BOOT_PARTITION_BYTES="$((BOOT_PARTITION_SIZE*1024*1024))"
 BOOT_PARTITION_SECTORS="$((BOOT_PARTITION_SIZE*1024*2))"
-ROOT_PARTITION_START="$((BOOT_PARTITION_START+BOOT_PARTITION_SECTORS))"
+ROOT_PARTITION_START="$((BOOT_PARTITION_START+BOOT_PARTITION_SECTORS+1))"
 ROOT_PARTITION_OFFSET="$((ROOT_PARTITION_START*512))"
 #---don't change here---
 

scripts/layout-initrd

@@ -2,7 +2,7 @@
 echo Create initrd layout in $INITRD_DIR
 
 rm -rf ${INITRD_DIR}
-mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros,var/lib/cni/bin}
+mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros}
 
 ./scripts/template