Enhance the clean script

(cherry picked from commit 4907fc9a4d)

Dockerfile.dapper

@@ -64,7 +64,7 @@ ARG DOCKER_BUILD_VERSION=1.10.3
 ARG DOCKER_BUILD_PATCH_VERSION=v${DOCKER_BUILD_VERSION}-ros1
 ARG SELINUX_POLICY_URL=https://github.com/rancher/refpolicy/releases/download/v0.0.3/policy.29
 
-ARG KERNEL_VERSION_amd64=4.14.32-rancher2
+ARG KERNEL_VERSION_amd64=4.14.73-rancher
 ARG KERNEL_URL_amd64=https://github.com/rancher/os-kernel/releases/download/v${KERNEL_VERSION_amd64}/linux-${KERNEL_VERSION_amd64}-x86.tar.gz
 
 ARG DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz
@@ -79,12 +79,12 @@ ARG OS_SERVICES_REPO=https://raw.githubusercontent.com/${OS_REPO}/os-services
 ARG IMAGE_NAME=${OS_REPO}/os
 ARG DFS_IMAGE=${OS_REPO}/docker:v${DOCKER_VERSION}-2
 
-ARG OS_BASE_URL_amd64=https://github.com/rancher/os-base/releases/download/v2018.02-3/os-base_amd64.tar.xz
-ARG OS_BASE_URL_arm64=https://github.com/rancher/os-base/releases/download/v2018.02-3/os-base_arm64.tar.xz
+ARG OS_BASE_URL_amd64=https://github.com/rancher/os-base/releases/download/v2018.02-4/os-base_amd64.tar.xz
+ARG OS_BASE_URL_arm64=https://github.com/rancher/os-base/releases/download/v2018.02-4/os-base_arm64.tar.xz
 
 ARG SYSTEM_DOCKER_VERSION=17.06-ros4
-ARG SYSTEM_DOCKER_URL_amd64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
-ARG SYSTEM_DOCKER_URL_arm64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_amd64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_arm64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
 
 ARG VMWARE_AUTOFORMAT=1
 ARG OPEN_VMTOOLS_VERSION=10.2.5-3
@@ -145,7 +145,7 @@ RUN curl -pfL ${SELINUX_POLICY_URL} > ${DOWNLOADS}/$(basename ${SELINUX_POLICY_U
 
 # Install Go
 RUN wget -O - https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GOARCH}.tar.gz | tar -xzf - -C /usr/local && \
-    go get github.com/rancher/trash && go get github.com/golang/lint/golint
+    go get github.com/rancher/trash && go get golang.org/x/lint/golint
 
 # Install Host Docker
 RUN curl -fL ${!BUILD_DOCKER_URL} > /usr/bin/docker && \

README.md

@@ -14,13 +14,13 @@ it would really be bad if somebody did `docker rm -f $(docker ps -qa)` and delet
 
 ## Release
 
-- **Latest: v1.4.0 - Docker 18.03.1-ce - Linux 4.14.32**
-- **Stable: v1.4.0 - Docker 18.03.1-ce - Linux 4.14.32**
+- **Latest: v1.4.1 - Docker 18.03.1-ce - Linux 4.14.67**
+- **Stable: v1.4.1 - Docker 18.03.1-ce - Linux 4.14.67**
 
 ### ISO
 
 - https://releases.rancher.com/os/latest/rancheros.iso
-- https://releases.rancher.com/os/v1.4.0/rancheros.iso
+- https://releases.rancher.com/os/v1.4.1/rancheros.iso
 
 ### Additional Downloads
 
@@ -38,26 +38,26 @@ it would really be bad if somebody did `docker rm -f $(docker ps -qa)` and delet
 * https://releases.rancher.com/os/latest/vmlinuz
 * https://releases.rancher.com/os/latest/rancheros-vmware.iso
 
-#### v1.4.0 Links
+#### v1.4.1 Links
 
-* https://releases.rancher.com/os/v1.4.0/initrd
-* https://releases.rancher.com/os/v1.4.0/iso-checksums.txt
-* https://releases.rancher.com/os/v1.4.0/rancheros-openstack.img
-* https://releases.rancher.com/os/v1.4.0/rancheros-digitalocean.img
-* https://releases.rancher.com/os/v1.4.0/rancheros-cloudstack.img
-* https://releases.rancher.com/os/v1.4.0/rancheros-aliyun.vhd
-* https://releases.rancher.com/os/v1.4.0/rancheros.ipxe
-* https://releases.rancher.com/os/v1.4.0/rancheros-gce.tar.gz
-* https://releases.rancher.com/os/v1.4.0/rootfs.tar.gz
-* https://releases.rancher.com/os/v1.4.0/vmlinuz
-* https://releases.rancher.com/os/v1.4.0/rancheros-vmware.iso
+* https://releases.rancher.com/os/v1.4.1/initrd
+* https://releases.rancher.com/os/v1.4.1/iso-checksums.txt
+* https://releases.rancher.com/os/v1.4.1/rancheros-openstack.img
+* https://releases.rancher.com/os/v1.4.1/rancheros-digitalocean.img
+* https://releases.rancher.com/os/v1.4.1/rancheros-cloudstack.img
+* https://releases.rancher.com/os/v1.4.1/rancheros-aliyun.vhd
+* https://releases.rancher.com/os/v1.4.1/rancheros.ipxe
+* https://releases.rancher.com/os/v1.4.1/rancheros-gce.tar.gz
+* https://releases.rancher.com/os/v1.4.1/rootfs.tar.gz
+* https://releases.rancher.com/os/v1.4.1/vmlinuz
+* https://releases.rancher.com/os/v1.4.1/rancheros-vmware.iso
 
 #### ARM Links
 
 * https://releases.rancher.com/os/latest/rootfs_arm64.tar.gz
 * https://releases.rancher.com/os/latest/rancheros-raspberry-pi64.zip
-* https://releases.rancher.com/os/v1.4.0/rootfs_arm64.tar.gz
-* https://releases.rancher.com/os/v1.4.0/rancheros-raspberry-pi64.zip
+* https://releases.rancher.com/os/v1.4.1/rootfs_arm64.tar.gz
+* https://releases.rancher.com/os/v1.4.1/rancheros-raspberry-pi64.zip
 
 **Note**: you can use `http` instead of `https` in the above URLs, e.g. for iPXE.
 
@@ -69,23 +69,23 @@ SSH keys are added to the **`rancher`** user, so you must log in using the **ran
 
 Region | Type | AMI
 -------|------|------
-ap-south-1 | HVM | [ami-f4426c9b](https://ap-south-1.console.aws.amazon.com/ec2/home?region=ap-south-1#launchInstanceWizard:ami=ami-f4426c9b)
-eu-west-3 | HVM | [ami-6444f519](https://eu-west-3.console.aws.amazon.com/ec2/home?region=eu-west-3#launchInstanceWizard:ami=ami-6444f519)
-eu-west-2 | HVM | [ami-1e7f9379](https://eu-west-2.console.aws.amazon.com/ec2/home?region=eu-west-2#launchInstanceWizard:ami=ami-1e7f9379)
-eu-west-1 | HVM | [ami-447a7f3d](https://eu-west-1.console.aws.amazon.com/ec2/home?region=eu-west-1#launchInstanceWizard:ami=ami-447a7f3d)
-ap-northeast-2 | HVM | [ami-5492393a](https://ap-northeast-2.console.aws.amazon.com/ec2/home?region=ap-northeast-2#launchInstanceWizard:ami=ami-5492393a)
-ap-northeast-1 | HVM | [ami-96e218e9](https://ap-northeast-1.console.aws.amazon.com/ec2/home?region=ap-northeast-1#launchInstanceWizard:ami=ami-96e218e9)
-sa-east-1 | HVM | [ami-1a217876](https://sa-east-1.console.aws.amazon.com/ec2/home?region=sa-east-1#launchInstanceWizard:ami=ami-1a217876)
-ca-central-1 | HVM | [ami-eef6758a](https://ca-central-1.console.aws.amazon.com/ec2/home?region=ca-central-1#launchInstanceWizard:ami=ami-eef6758a)
-ap-southeast-1 | HVM | [ami-0716287b](https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1#launchInstanceWizard:ami=ami-0716287b)
-ap-southeast-2 | HVM | [ami-4ae73528](https://ap-southeast-2.console.aws.amazon.com/ec2/home?region=ap-southeast-2#launchInstanceWizard:ami=ami-4ae73528)
-eu-central-1 | HVM | [ami-1686b3fd](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#launchInstanceWizard:ami=ami-1686b3fd)
-us-east-1 | HVM | [ami-99c5ade6](https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#launchInstanceWizard:ami=ami-99c5ade6)
-us-east-2 | HVM | [ami-504b7435](https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#launchInstanceWizard:ami=ami-504b7435)
-us-west-1 | HVM | [ami-1e63797e](https://us-west-1.console.aws.amazon.com/ec2/home?region=us-west-1#launchInstanceWizard:ami=ami-1e63797e)
-us-west-2 | HVM | [ami-e59ae09d](https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#launchInstanceWizard:ami=ami-e59ae09d)
-cn-north-1 | HVM | [ami-0a5d8367](https://cn-north-1.console.amazonaws.cn/ec2/home?region=cn-north-1#launchInstanceWizard:ami=ami-0a5d8367)
-cn-northwest-1 | HVM | [ami-40a1b522](https://cn-northwest-1.console.amazonaws.cn/ec2/home?region=cn-northwest-1#launchInstanceWizard:ami=ami-40a1b522)
+ap-south-1 | HVM | [ami-04d97a73fdcdabe8e](https://ap-south-1.console.aws.amazon.com/ec2/home?region=ap-south-1#launchInstanceWizard:ami=ami-04d97a73fdcdabe8e)
+eu-west-3 | HVM | [ami-08f45f3779ca44473](https://eu-west-3.console.aws.amazon.com/ec2/home?region=eu-west-3#launchInstanceWizard:ami=ami-08f45f3779ca44473)
+eu-west-2 | HVM | [ami-0b5a34a6083949cc7](https://eu-west-2.console.aws.amazon.com/ec2/home?region=eu-west-2#launchInstanceWizard:ami=ami-0b5a34a6083949cc7)
+eu-west-1 | HVM | [ami-0c728496e40cbbfe1](https://eu-west-1.console.aws.amazon.com/ec2/home?region=eu-west-1#launchInstanceWizard:ami=ami-0c728496e40cbbfe1)
+ap-northeast-2 | HVM | [ami-064ddff6473c71358](https://ap-northeast-2.console.aws.amazon.com/ec2/home?region=ap-northeast-2#launchInstanceWizard:ami=ami-064ddff6473c71358)
+ap-northeast-1 | HVM | [ami-04bbdaca8d13e10de](https://ap-northeast-1.console.aws.amazon.com/ec2/home?region=ap-northeast-1#launchInstanceWizard:ami=ami-04bbdaca8d13e10de)
+sa-east-1 | HVM | [ami-0f0bb79a2bba86d08](https://sa-east-1.console.aws.amazon.com/ec2/home?region=sa-east-1#launchInstanceWizard:ami=ami-0f0bb79a2bba86d08)
+ca-central-1 | HVM | [ami-04182ecaef9229e34](https://ca-central-1.console.aws.amazon.com/ec2/home?region=ca-central-1#launchInstanceWizard:ami=ami-04182ecaef9229e34)
+ap-southeast-1 | HVM | [ami-0fbd73c274a69b114](https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1#launchInstanceWizard:ami=ami-0fbd73c274a69b114)
+ap-southeast-2 | HVM | [ami-083381ed58ee6b977](https://ap-southeast-2.console.aws.amazon.com/ec2/home?region=ap-southeast-2#launchInstanceWizard:ami=ami-083381ed58ee6b977)
+eu-central-1 | HVM | [ami-0155d2d2fef357438](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#launchInstanceWizard:ami=ami-0155d2d2fef357438)
+us-east-1 | HVM | [ami-0c12f597c80a17156](https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#launchInstanceWizard:ami=ami-0c12f597c80a17156)
+us-east-2 | HVM | [ami-05b7deb6b4d12a114](https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#launchInstanceWizard:ami=ami-05b7deb6b4d12a114)
+us-west-1 | HVM | [ami-0055d680575e2ec03](https://us-west-1.console.aws.amazon.com/ec2/home?region=us-west-1#launchInstanceWizard:ami=ami-0055d680575e2ec03)
+us-west-2 | HVM | [ami-08ca2e89d91d17cfe](https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#launchInstanceWizard:ami=ami-08ca2e89d91d17cfe)
+cn-north-1 | HVM | [ami-00fcdc82b09cb88a0](https://cn-north-1.console.amazonaws.cn/ec2/home?region=cn-north-1#launchInstanceWizard:ami=ami-00fcdc82b09cb88a0)
+cn-northwest-1 | HVM | [ami-079ddb61f42d0a298](https://cn-northwest-1.console.amazonaws.cn/ec2/home?region=cn-northwest-1#launchInstanceWizard:ami=ami-079ddb61f42d0a298)
 
 Additionally, images are available with support for Amazon EC2 Container Service (ECS) [here](https://rancher.com/docs/os/v1.x/en/installation/amazon-ecs/#amazon-ecs-enabled-amis).
 
@@ -95,7 +95,7 @@ We are providing a disk image that users can download and import for use in Goog
 
 [Download Latest Image](https://releases.rancher.com/os/latest/rancheros-gce.tar.gz)
 
-[Download Stable Image](https://releases.rancher.com/os/v1.4.0/rancheros-gce.tar.gz)
+[Download Stable Image](https://releases.rancher.com/os/v1.4.1/rancheros-gce.tar.gz)
 
 Please follow the directions at our [docs to launch in GCE](https://rancher.com/docs/os/v1.x/en/installation/running-rancheros/cloud/gce/).
 

cmd/cloudinitsave/cloudinitsave.go

@@ -182,6 +182,11 @@ func fetchAndSave(ds datasource.Datasource) error {
 		log.Errorf("Failed fetching user-data from datasource: %v", err)
 		return err
 	}
+	userDataBytes, err = decompressIfGzip(userDataBytes)
+	if err != nil {
+		log.Errorf("Failed decompressing user-data from datasource: %v", err)
+		return err
+	}
 	log.Infof("Fetching meta-data from datasource of type %v", ds.Type())
 	metadata, err = ds.FetchMetadata()
 	if err != nil {
@@ -367,3 +372,13 @@ func composeToCloudConfig(bytes []byte) ([]byte, error) {
 		},
 	})
 }
+
+const gzipMagicBytes = "\x1f\x8b"
+
+func decompressIfGzip(userdataBytes []byte) ([]byte, error) {
+	if !bytes.HasPrefix(userdataBytes, []byte(gzipMagicBytes)) {
+		return userdataBytes, nil
+	}
+
+	return config.DecompressGzip(userdataBytes)
+}

cmd/control/bootstrap.go

@@ -23,6 +23,13 @@ func BootstrapMain() {
 	log.Debugf("bootstrapAction: loadingConfig")
 	cfg := config.LoadConfig()
 
+	log.Debugf("bootstrapAction: Rngd(%v)", cfg.Rancher.State.Rngd)
+	if cfg.Rancher.State.Rngd {
+		if err := runRngd(); err != nil {
+			log.Errorf("Failed to run rngd: %v", err)
+		}
+	}
+
 	log.Debugf("bootstrapAction: MdadmScan(%v)", cfg.Rancher.State.MdadmScan)
 	if cfg.Rancher.State.MdadmScan {
 		if err := mdadmScan(); err != nil {
@@ -68,6 +75,13 @@ func mdadmScan() error {
 	return cmd.Run()
 }
 
+func runRngd() error {
+	cmd := exec.Command("rngd", "-q")
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
+
 func runStateScript(script string) error {
 	f, err := ioutil.TempFile("", "")
 	if err != nil {

cmd/control/config.go

@@ -1,6 +1,7 @@
 package control
 
 import (
+	"bufio"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -14,6 +15,7 @@ import (
 	"github.com/rancher/os/log"
 
 	"github.com/codegangsta/cli"
+	"github.com/pkg/errors"
 	"github.com/rancher/os/config"
 	"github.com/rancher/os/util"
 )
@@ -153,6 +155,22 @@ func env2map(env []string) map[string]string {
 }
 
 func editSyslinux(c *cli.Context) error {
+	// check whether is Raspberry Pi or not
+	bytes, err := ioutil.ReadFile("/proc/device-tree/model")
+	if err == nil && strings.Contains(strings.ToLower(string(bytes)), "raspberry") {
+		buf := bufio.NewWriter(os.Stdout)
+		fmt.Fprintln(buf, "raspberry pi can not use this command")
+		buf.Flush()
+		return errors.New("raspberry pi can not use this command")
+	}
+
+	if _, err := os.Stat("/proc/1/root/boot/global.cfg"); os.IsNotExist(err) {
+		buf := bufio.NewWriter(os.Stdout)
+		fmt.Fprintln(buf, "global.cfg can not be found")
+		buf.Flush()
+		return errors.New("global.cfg can not be found")
+	}
+
 	cmd := exec.Command("system-docker", "run", "--rm", "-it",
 		"-v", "/:/host",
 		"-w", "/host",

cmd/control/console_init.go

@@ -11,6 +11,8 @@ import (
 	"strings"
 	"syscall"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/codegangsta/cli"
 	"github.com/rancher/os/cmd/cloudinitexecute"
 	"github.com/rancher/os/config"
@@ -108,6 +110,14 @@ func consoleInitFunc() error {
 		}
 	}
 
+	// mount systemd cgroups
+	if err := os.MkdirAll("/sys/fs/cgroup/systemd", 0555); err != nil {
+		log.Error(err)
+	}
+	if err := unix.Mount("cgroup", "/sys/fs/cgroup/systemd", "cgroup", 0, "none,name=systemd"); err != nil {
+		log.Error(err)
+	}
+
 	// font backslashes need to be escaped for when issue is output! (but not the others..)
 	if err := ioutil.WriteFile("/etc/issue", []byte(config.Banner), 0644); err != nil {
 		log.Error(err)

cmd/control/docker_init.go

@@ -70,8 +70,8 @@ func dockerInitAction(c *cli.Context) error {
 	}
 
 	for _, mount := range strings.Split(string(mountInfo), "\n") {
-		if strings.Contains(mount, "/var/lib/docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
-			os.Setenv("DOCKER_RAMDISK", "1")
+		if strings.Contains(mount, "/var/lib/user-docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
+			os.Setenv("DOCKER_RAMDISK", "true")
 		}
 	}
 

cmd/control/install.go

@@ -527,6 +527,11 @@ func layDownOS(image, installType, cloudConfig, device, partition, statedir, kap
 		if err := os.MkdirAll(filepath.Join(baseName, statedir), 0755); err != nil {
 			return err
 		}
+		err = seedData(baseName, cloudConfig, FILES)
+		if err != nil {
+			log.Errorf("seedData %s", err)
+			return err
+		}
 	case "raid":
 		var err error
 		device, partition, err = install.MountDevice(baseName, device, partition, false)
@@ -601,12 +606,42 @@ func seedData(baseName, cloudData string, files []string) error {
 		return err
 	}
 
-	if err = os.MkdirAll(filepath.Join(baseName, "/var/lib/rancher/conf/cloud-config.d"), 0700); err != nil {
+	stateSeedDir := "state_seed"
+	cloudConfigBase := "/var/lib/rancher/conf/cloud-config.d"
+	cloudConfigDir := ""
+
+	// If there is a separate boot partition, cloud-config should be written to RANCHER_STATE partition.
+	bootPartition, _, err := util.Blkid("RANCHER_BOOT")
+	if err != nil {
+		log.Errorf("Failed to run blkid: %s", err)
+	}
+	if bootPartition != "" {
+		stateSeedFullPath := filepath.Join(baseName, stateSeedDir)
+		if err = os.MkdirAll(stateSeedFullPath, 0700); err != nil {
+			return err
+		}
+
+		defer util.Unmount(stateSeedFullPath)
+
+		statePartition := install.GetStatePartition()
+		cmd := exec.Command("mount", statePartition, stateSeedFullPath)
+		//cmd.Stdout, cmd.Stderr = os.Stdout, os.Stderr
+		log.Debugf("seedData: mount %s to %s", statePartition, stateSeedFullPath)
+		if err = cmd.Run(); err != nil {
+			return err
+		}
+
+		cloudConfigDir = filepath.Join(baseName, stateSeedDir, cloudConfigBase)
+	} else {
+		cloudConfigDir = filepath.Join(baseName, cloudConfigBase)
+	}
+
+	if err = os.MkdirAll(cloudConfigDir, 0700); err != nil {
 		return err
 	}
 
 	if !strings.HasSuffix(cloudData, "empty.yml") {
-		if err = dfs.CopyFile(cloudData, baseName+"/var/lib/rancher/conf/cloud-config.d/", filepath.Base(cloudData)); err != nil {
+		if err = dfs.CopyFile(cloudData, cloudConfigDir, filepath.Base(cloudData)); err != nil {
 			return err
 		}
 	}

cmd/control/install/install.go

@@ -46,7 +46,6 @@ func MountDevice(baseName, device, partition string, raw bool) (string, string,
 		//rootfs := partition
 		// Don't use ResolveDevice - it can fail, whereas `blkid -L LABEL` works more often
 
-		cfg := config.LoadConfig()
 		d, _, err := util.Blkid("RANCHER_BOOT")
 		if err != nil {
 			log.Errorf("Failed to run blkid: %s", err)
@@ -55,18 +54,7 @@ func MountDevice(baseName, device, partition string, raw bool) (string, string,
 			partition = d
 			baseName = filepath.Join(baseName, BootDir)
 		} else {
-			if dev := util.ResolveDevice(cfg.Rancher.State.Dev); dev != "" {
-				// try the rancher.state.dev setting
-				partition = dev
-			} else {
-				d, _, err := util.Blkid("RANCHER_STATE")
-				if err != nil {
-					log.Errorf("Failed to run blkid: %s", err)
-				}
-				if d != "" {
-					partition = d
-				}
-			}
+			partition = GetStatePartition()
 		}
 		cmd := exec.Command("lsblk", "-no", "pkname", partition)
 		log.Debugf("Run(%v)", cmd)
@@ -82,3 +70,17 @@ func MountDevice(baseName, device, partition string, raw bool) (string, string,
 	log.Debugf("mountdevice return2 -> d: %s, p: %s", device, partition)
 	return device, partition, cmd.Run()
 }
+
+func GetStatePartition() string {
+	cfg := config.LoadConfig()
+
+	if dev := util.ResolveDevice(cfg.Rancher.State.Dev); dev != "" {
+		// try the rancher.state.dev setting
+		return dev
+	}
+	d, _, err := util.Blkid("RANCHER_STATE")
+	if err != nil {
+		log.Errorf("Failed to run blkid: %s", err)
+	}
+	return d
+}

config/cloudinit/config/decode.go

@@ -18,7 +18,12 @@ func DecodeBase64Content(content string) ([]byte, error) {
 }
 
 func DecodeGzipContent(content string) ([]byte, error) {
-	gzr, err := gzip.NewReader(bytes.NewReader([]byte(content)))
+	byteContent := []byte(content)
+	return DecompressGzip(byteContent)
+}
+
+func DecompressGzip(content []byte) ([]byte, error) {
+	gzr, err := gzip.NewReader(bytes.NewReader(content))
 
 	if err != nil {
 		return nil, fmt.Errorf("Unable to decode gzip: %q", err)

config/cloudinit/datasource/metadata/ec2/metadata.go

@@ -37,6 +37,10 @@ const (
 	defaultNVMeRootDisk = "/dev/nvme0n1"
 )
 
+var (
+	nvmeInstanceTypes = []string{"c5", "c5d", "i3.metal", "m5", "m5d", "r5", "r5d", "t3", "z1d"}
+)
+
 type MetadataService struct {
 	metadata.Service
 }
@@ -144,8 +148,11 @@ func (ms MetadataService) FetchMetadata() (datasource.Metadata, error) {
 	// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
 	metadata.RootDisk = defaultXVRootDisk
 	if instanceType, err := ms.FetchAttribute("instance-type"); err == nil {
-		if strings.HasPrefix(instanceType, "m5") || strings.HasPrefix(instanceType, "c5") {
-			metadata.RootDisk = defaultNVMeRootDisk
+		for _, nvmeType := range nvmeInstanceTypes {
+			if strings.HasPrefix(instanceType, nvmeType) {
+				metadata.RootDisk = defaultNVMeRootDisk
+				break
+			}
 		}
 	} else if _, ok := err.(pkg.ErrNotFound); !ok {
 		return metadata, err

config/schema.go

@@ -1,208 +1,210 @@
 package config
 
 var schema = `{
-  "type": "object",
-  "additionalProperties": false,
+	"type": "object",
+	"additionalProperties": false,
 
-  "properties": {
-    "ssh_authorized_keys": {"$ref": "#/definitions/list_of_strings"},
-    "write_files": {
-      "type": "array",
-      "items": {"$ref": "#/definitions/file_config"}
-    },
-    "hostname": {"type": "string"},
-    "mounts": {"type": "array"},
-    "rancher": {"$ref": "#/definitions/rancher_config"},
-    "runcmd": {"type": "array"},
-    "bootcmd": {"type": "array"}
-  },
+	"properties": {
+		"ssh_authorized_keys": {"$ref": "#/definitions/list_of_strings"},
+		"write_files": {
+			"type": "array",
+			"items": {"$ref": "#/definitions/file_config"}
+		},
+		"hostname": {"type": "string"},
+		"mounts": {"type": "array"},
+		"rancher": {"$ref": "#/definitions/rancher_config"},
+		"runcmd": {"type": "array"},
+		"bootcmd": {"type": "array"}
+	},
 
-  "definitions": {
-    "rancher_config": {
-      "id": "#/definitions/rancher_config",
-      "type": "object",
-      "additionalProperties": false,
+	"definitions": {
+		"rancher_config": {
+			"id": "#/definitions/rancher_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "console": {"type": "string"},
-        "environment": {"type": "object"},
-        "cloud_init_services": {"type": "object"},
-        "services": {"type": "object"},
-        "bootstrap": {"type": "object"},
-        "autoformat": {"type": "object"},
-        "bootstrap_docker": {"$ref": "#/definitions/docker_config"},
-        "cloud_init": {"$ref": "#/definitions/cloud_init_config"},
-        "debug": {"type": "boolean"},
-        "rm_usr": {"type": "boolean"},
-        "no_sharedroot": {"type": "boolean"},
-        "log": {"type": "boolean"},
-        "force_console_rebuild": {"type": "boolean"},
-        "recovery": {"type": "boolean"},
-        "disable": {"$ref": "#/definitions/list_of_strings"},
-        "services_include": {"type": "object"},
-        "modules": {"$ref": "#/definitions/list_of_strings"},
-        "network": {"$ref": "#/definitions/network_config"},
-        "default_network": {"type": "object"},
-        "repositories": {"type": "object"},
-        "ssh": {"$ref": "#/definitions/ssh_config"},
-        "state": {"$ref": "#/definitions/state_config"},
-        "system_docker": {"$ref": "#/definitions/docker_config"},
-        "upgrade": {"$ref": "#/definitions/upgrade_config"},
-        "docker": {"$ref": "#/definitions/docker_config"},
-        "registry_auths": {"type": "object"},
-        "defaults": {"$ref": "#/definitions/defaults_config"},
-        "resize_device": {"type": "string"},
-        "sysctl": {"type": "object"},
-        "restart_services": {"type": "array"},
-	"hypervisor_service": {"type": "boolean"},
-        "shutdown_timeout": {"type": "integer"},
-	"preload_wait": {"type": "boolean"}
-      }
-    },
+			"properties": {
+				"console": {"type": "string"},
+				"environment": {"type": "object"},
+				"cloud_init_services": {"type": "object"},
+				"services": {"type": "object"},
+				"bootstrap": {"type": "object"},
+				"autoformat": {"type": "object"},
+				"bootstrap_docker": {"$ref": "#/definitions/docker_config"},
+				"cloud_init": {"$ref": "#/definitions/cloud_init_config"},
+				"debug": {"type": "boolean"},
+				"rm_usr": {"type": "boolean"},
+				"no_sharedroot": {"type": "boolean"},
+				"log": {"type": "boolean"},
+				"force_console_rebuild": {"type": "boolean"},
+				"recovery": {"type": "boolean"},
+				"disable": {"$ref": "#/definitions/list_of_strings"},
+				"services_include": {"type": "object"},
+				"modules": {"$ref": "#/definitions/list_of_strings"},
+				"network": {"$ref": "#/definitions/network_config"},
+				"default_network": {"type": "object"},
+				"repositories": {"type": "object"},
+				"ssh": {"$ref": "#/definitions/ssh_config"},
+				"state": {"$ref": "#/definitions/state_config"},
+				"system_docker": {"$ref": "#/definitions/docker_config"},
+				"upgrade": {"$ref": "#/definitions/upgrade_config"},
+				"docker": {"$ref": "#/definitions/docker_config"},
+				"registry_auths": {"type": "object"},
+				"defaults": {"$ref": "#/definitions/defaults_config"},
+				"resize_device": {"type": "string"},
+				"sysctl": {"type": "object"},
+				"restart_services": {"type": "array"},
+				"hypervisor_service": {"type": "boolean"},
+				"shutdown_timeout": {"type": "integer"},
+				"preload_wait": {"type": "boolean"}
+			}
+		},
 
-    "file_config": {
-      "id": "#/definitions/file_config",
-      "type": "object",
-      "additionalProperties": false,
+		"file_config": {
+			"id": "#/definitions/file_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "encoding": {"type": "string"},
-        "container": {"type": "string"},
-        "content": {"type": "string"},
-        "owner": {"type": "string"},
-        "path": {"type": "string"},
-        "permissions": {"type": "string"}
-      }
-    },
+			"properties": {
+				"encoding": {"type": "string"},
+				"container": {"type": "string"},
+				"content": {"type": "string"},
+				"owner": {"type": "string"},
+				"path": {"type": "string"},
+				"permissions": {"type": "string"}
+			}
+		},
 
-    "network_config": {
-      "id": "#/definitions/network_config",
-      "type": "object",
-      "additionalProperties": false,
+		"network_config": {
+			"id": "#/definitions/network_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "pre_cmds": {"$ref": "#/definitions/list_of_strings"},
-        "dns": {"type": "object"},
-        "interfaces": {"type": "object"},
-        "post_cmds": {"$ref": "#/definitions/list_of_strings"},
-        "http_proxy": {"type": "string"},
-        "https_proxy": {"type": "string"},
-        "no_proxy": {"type": "string"}
-      }
-    },
+			"properties": {
+				"pre_cmds": {"$ref": "#/definitions/list_of_strings"},
+				"dns": {"type": "object"},
+				"interfaces": {"type": "object"},
+				"post_cmds": {"$ref": "#/definitions/list_of_strings"},
+				"http_proxy": {"type": "string"},
+				"https_proxy": {"type": "string"},
+				"no_proxy": {"type": "string"}
+			}
+		},
 
-    "upgrade_config": {
-      "id": "#/definitions/upgrade_config",
-      "type": "object",
-      "additionalProperties": false,
+		"upgrade_config": {
+			"id": "#/definitions/upgrade_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "url": {"type": "string"},
-        "image": {"type": "string"},
-        "rollback": {"type": "string"}
-      }
-    },
+			"properties": {
+				"url": {"type": "string"},
+				"image": {"type": "string"},
+				"rollback": {"type": "string"}
+			}
+		},
 
-    "docker_config": {
-      "id": "#/definitions/docker_config",
-      "type": "object",
-      "additionalProperties": false,
+		"docker_config": {
+			"id": "#/definitions/docker_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "engine": {"type": "string"},
-        "tls": {"type": "boolean"},
-        "tls_args": {"$ref": "#/definitions/list_of_strings"},
-        "args": {"$ref": "#/definitions/list_of_strings"},
-        "extra_args": {"$ref": "#/definitions/list_of_strings"},
-        "server_cert": {"type": "string"},
-        "server_key": {"type": "string"},
-        "ca_cert": {"type": "string"},
-        "ca_key": {"type": "string"},
-        "environment": {"$ref": "#/definitions/list_of_strings"},
-        "storage_context": {"type": "string"},
-        "exec": {"type": ["boolean", "null"]},
-        "bridge": {"type": "string"},
-        "bip": {"type": "string"},
-        "config_file": {"type": "string"},
-        "containerd": {"type": "string"},
-        "debug": {"type": ["boolean", "null"]},
-        "exec_root": {"type": "string"},
-        "group": {"type": "string"},
-        "graph": {"type": "string"},
-        "host": {"type": "array"},
-        "live_restore": {"type": ["boolean", "null"]},
-        "log_driver": {"type": "string"},
-        "log_opts": {"type": "object"},
-        "pid_file": {"type": "string"},
-        "registry_mirror": {"type": "string"},
-        "restart": {"type": ["boolean", "null"]},
-        "selinux_enabled": {"type": ["boolean", "null"]},
-        "storage_driver": {"type": "string"},
-        "userland_proxy": {"type": ["boolean", "null"]},
-        "insecure_registry": {"$ref": "#/definitions/list_of_strings"}
-      }
-    },
+			"properties": {
+				"engine": {"type": "string"},
+				"tls": {"type": "boolean"},
+				"tls_args": {"$ref": "#/definitions/list_of_strings"},
+				"args": {"$ref": "#/definitions/list_of_strings"},
+				"extra_args": {"$ref": "#/definitions/list_of_strings"},
+				"server_cert": {"type": "string"},
+				"server_key": {"type": "string"},
+				"ca_cert": {"type": "string"},
+				"ca_key": {"type": "string"},
+				"environment": {"$ref": "#/definitions/list_of_strings"},
+				"storage_context": {"type": "string"},
+				"exec": {"type": ["boolean", "null"]},
+				"bridge": {"type": "string"},
+				"bip": {"type": "string"},
+				"config_file": {"type": "string"},
+				"containerd": {"type": "string"},
+				"debug": {"type": ["boolean", "null"]},
+				"exec_root": {"type": "string"},
+				"group": {"type": "string"},
+				"graph": {"type": "string"},
+				"host": {"type": "array"},
+				"live_restore": {"type": ["boolean", "null"]},
+				"log_driver": {"type": "string"},
+				"log_opts": {"type": "object"},
+				"pid_file": {"type": "string"},
+				"registry_mirror": {"type": "string"},
+				"restart": {"type": ["boolean", "null"]},
+				"selinux_enabled": {"type": ["boolean", "null"]},
+				"storage_driver": {"type": "string"},
+				"userland_proxy": {"type": ["boolean", "null"]},
+				"insecure_registry": {"$ref": "#/definitions/list_of_strings"}
+			}
+		},
 
-    "ssh_config": {
-      "id": "#/definitions/ssh_config",
-      "type": "object",
-      "additionalProperties": false,
+		"ssh_config": {
+			"id": "#/definitions/ssh_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "keys": {"type": "object"},
-        "daemon": {"type": "boolean"},
-        "port": {"type": "integer"},
-        "listen_address": {"type": "string"}
-      }
-    },
+			"properties": {
+				"keys": {"type": "object"},
+				"daemon": {"type": "boolean"},
+				"port": {"type": "integer"},
+				"listen_address": {"type": "string"}
+			}
+		},
 
-    "state_config": {
-      "id": "#/definitions/state_config",
-      "type": "object",
-      "additionalProperties": false,
+		"state_config": {
+			"id": "#/definitions/state_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "directory": {"type": "string"},
-        "fstype": {"type": "string"},
-        "dev": {"type": "string"},
-        "wait": {"type": "boolean"},
-        "required": {"type": "boolean"},
-        "autoformat": {"$ref": "#/definitions/list_of_strings"},
-        "mdadm_scan": {"type": "boolean"},
-        "script": {"type": "string"},
-        "oem_fstype": {"type": "string"},
-        "oem_dev": {"type": "string"}
-      }
-    },
+			"properties": {
+				"directory": {"type": "string"},
+				"fstype": {"type": "string"},
+				"dev": {"type": "string"},
+				"wait": {"type": "boolean"},
+				"required": {"type": "boolean"},
+				"autoformat": {"$ref": "#/definitions/list_of_strings"},
+				"mdadm_scan": {"type": "boolean"},
+				"rngd": {"type": "boolean"},
+				"script": {"type": "string"},
+				"oem_fstype": {"type": "string"},
+				"oem_dev": {"type": "string"}
+			}
+		},
 
-    "cloud_init_config": {
-      "id": "#/definitions/cloud_init_config",
-      "type": "object",
-      "additionalProperties": false,
+		"cloud_init_config": {
+			"id": "#/definitions/cloud_init_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "datasources": {"$ref": "#/definitions/list_of_strings"}
-      }
-    },
+			"properties": {
+				"datasources": {"$ref": "#/definitions/list_of_strings"}
+			}
+		},
 
-    "defaults_config": {
-      "id": "#/definitions/defaults_config",
-      "type": "object",
-      "additionalProperties": false,
+		"defaults_config": {
+			"id": "#/definitions/defaults_config",
+			"type": "object",
+			"additionalProperties": false,
 
-      "properties": {
-        "hostname": {"type": "string"},
-        "docker": {"type": "object"},
-        "network": {"$ref": "#/definitions/network_config"}
-      }
-    },
+			"properties": {
+				"hostname": {"type": "string"},
+				"docker": {"type": "object"},
+				"network": {"$ref": "#/definitions/network_config"},
+				"system_docker_logs": {"type": "string"}
+			}
+		},
 
-    "list_of_strings": {
-      "type": "array",
-      "items": {"type": "string"},
-      "uniqueItems": true
-    }
-  }
+		"list_of_strings": {
+			"type": "array",
+			"items": {"type": "string"},
+			"uniqueItems": true
+		}
+	}
 }
 
 `

config/types.go

@@ -24,7 +24,6 @@ const (
 	ImagesPattern    = "images*.tar"
 	ModulesArchive   = "/modules.tar"
 	Debug            = false
-	SystemDockerLog  = "/var/log/system-docker.log"
 	SystemDockerBin  = "/usr/bin/system-dockerd"
 
 	HashLabel         = "io.rancher.os.hash"
@@ -200,6 +199,7 @@ type StateConfig struct {
 	Required   bool     `yaml:"required,omitempty"`
 	Autoformat []string `yaml:"autoformat,omitempty"`
 	MdadmScan  bool     `yaml:"mdadm_scan,omitempty"`
+	Rngd       bool     `yaml:"rngd,omitempty"`
 	Script     string   `yaml:"script,omitempty"`
 	OemFsType  string   `yaml:"oem_fstype,omitempty"`
 	OemDev     string   `yaml:"oem_dev,omitempty"`
@@ -210,9 +210,10 @@ type CloudInit struct {
 }
 
 type Defaults struct {
-	Hostname string                `yaml:"hostname,omitempty"`
-	Docker   DockerConfig          `yaml:"docker,omitempty"`
-	Network  netconf.NetworkConfig `yaml:"network,omitempty"`
+	Hostname         string                `yaml:"hostname,omitempty"`
+	Docker           DockerConfig          `yaml:"docker,omitempty"`
+	Network          netconf.NetworkConfig `yaml:"network,omitempty"`
+	SystemDockerLogs string                `yaml:"system_docker_logs,omitempty"`
 }
 
 func (r Repositories) ToArray() []string {

dfs/scratch.go

@@ -570,7 +570,6 @@ func firstPrepare() error {
 		"/etc/selinux/ros",
 		"/etc/selinux/ros/policy",
 		"/etc/selinux/ros/contexts",
-		"/var/lib/cni",
 	); err != nil {
 		return err
 	}

init/init.go

@@ -183,7 +183,7 @@ func getLaunchConfig(cfg *config.CloudConfig, dockerCfg *config.DockerConfig) (*
 	launchConfig.Environment = dockerCfg.Environment
 
 	if !cfg.Rancher.Debug {
-		launchConfig.LogFile = config.SystemDockerLog
+		launchConfig.LogFile = cfg.Rancher.Defaults.SystemDockerLogs
 	}
 
 	return &launchConfig, args
@@ -362,6 +362,7 @@ func RunInit() error {
 		config.CfgFuncData{"read cfg and log files", func(cfg *config.CloudConfig) (*config.CloudConfig, error) {
 			filesToCopy := []string{
 				config.CloudConfigInitFile,
+				config.CloudConfigScriptFile,
 				config.CloudConfigBootFile,
 				config.CloudConfigNetworkFile,
 				config.MetaDataFile,
@@ -418,7 +419,11 @@ func RunInit() error {
 				if strings.HasPrefix(name, "/var/lib/rancher/conf/") {
 					// only make the conf files harder to get to
 					dirMode = os.ModeDir | 0700
-					fileMode = os.FileMode(0400)
+					if name == config.CloudConfigScriptFile {
+						fileMode = os.FileMode(0755)
+					} else {
+						fileMode = os.FileMode(0400)
+					}
 				}
 				if err := os.MkdirAll(filepath.Dir(name), dirMode); err != nil {
 					log.Error(err)

os-config.tpl.yml

@@ -16,6 +16,7 @@ rancher:
     network:
       dns:
         nameservers: [8.8.8.8, 8.8.4.4]
+    system_docker_logs: /var/log/system-docker.log
   ssh:
     daemon: true
   hypervisor_service: true
@@ -82,6 +83,7 @@ rancher:
     fstype: auto
     oem_fstype: auto
     oem_dev: LABEL=RANCHER_OEM
+    rngd: true
   sysctl:
     fs.file-max: 1000000000
   services:

scripts/clean

@@ -6,5 +6,6 @@ rm -rf build dist bin images/*/build state
 rm -rf ./scripts/images/openstack/dist
 rm -rf ./scripts/images/vmware/dist
 
-docker rmi $(docker images --format "{{.Repository}}:{{.Tag}}" | grep rancher) || true
-docker rmi $(docker images --filter dangling=true -q) ||true
+docker rmi $(docker images --format "{{.Repository}}:{{.Tag}}" | grep -E "rancher|openstack|kexec|os") || true
+docker rmi $(docker images --filter dangling=true -q) || true
+git clean -dxf

scripts/images/raspberry-pi-hypriot64/Dockerfile.dapper

@@ -1,5 +1,5 @@
 FROM rancher/os-debianconsole-base
-# FROM amd64=debian:jessie arm64=aarch64/debian:jessie arm=armhf/debian:jessie
+# FROM amd64=ubuntu:xenial arm64=arm64v8/ubuntu:xenial
 
 ENV DAPPER_RUN_ARGS --privileged
 ENV DAPPER_OUTPUT dist

scripts/images/raspberry-pi-hypriot64/scripts/build.sh

@@ -18,7 +18,7 @@ BOOT_PARTITION_SIZE=25
 BOOT_PARTITION_OFFSET="$((BOOT_PARTITION_START*512))"
 BOOT_PARTITION_BYTES="$((BOOT_PARTITION_SIZE*1024*1024))"
 BOOT_PARTITION_SECTORS="$((BOOT_PARTITION_SIZE*1024*2))"
-ROOT_PARTITION_START="$((BOOT_PARTITION_START+BOOT_PARTITION_SECTORS))"
+ROOT_PARTITION_START="$((BOOT_PARTITION_START+BOOT_PARTITION_SECTORS+1))"
 ROOT_PARTITION_OFFSET="$((ROOT_PARTITION_START*512))"
 #---don't change here---
 

scripts/layout-initrd

@@ -2,7 +2,7 @@
 echo Create initrd layout in $INITRD_DIR
 
 rm -rf ${INITRD_DIR}
-mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros,var/lib/cni/bin}
+mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros}
 
 ./scripts/template