Bump kernel to v4.14.65

Fixes #2391

(cherry picked from commit 05c2a40aa5)

Dockerfile.dapper

@@ -64,7 +64,7 @@ ARG DOCKER_BUILD_VERSION=1.10.3
 ARG DOCKER_BUILD_PATCH_VERSION=v${DOCKER_BUILD_VERSION}-ros1
 ARG SELINUX_POLICY_URL=https://github.com/rancher/refpolicy/releases/download/v0.0.3/policy.29
 
-ARG KERNEL_VERSION_amd64=4.14.32-rancher2
+ARG KERNEL_VERSION_amd64=4.14.65-rancher
 ARG KERNEL_URL_amd64=https://github.com/rancher/os-kernel/releases/download/v${KERNEL_VERSION_amd64}/linux-${KERNEL_VERSION_amd64}-x86.tar.gz
 
 ARG DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz
@@ -83,8 +83,8 @@ ARG OS_BASE_URL_amd64=https://github.com/rancher/os-base/releases/download/v2018
 ARG OS_BASE_URL_arm64=https://github.com/rancher/os-base/releases/download/v2018.02-3/os-base_arm64.tar.xz
 
 ARG SYSTEM_DOCKER_VERSION=17.06-ros4
-ARG SYSTEM_DOCKER_URL_amd64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
-ARG SYSTEM_DOCKER_URL_arm64=https://github.com/niusmallnan/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_amd64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-amd64-${SYSTEM_DOCKER_VERSION}.tgz
+ARG SYSTEM_DOCKER_URL_arm64=https://github.com/rancher/os-system-docker/releases/download/${SYSTEM_DOCKER_VERSION}/docker-arm64-${SYSTEM_DOCKER_VERSION}.tgz
 
 ARG VMWARE_AUTOFORMAT=1
 ARG OPEN_VMTOOLS_VERSION=10.2.5-3

cmd/cloudinitsave/cloudinitsave.go

@@ -182,6 +182,11 @@ func fetchAndSave(ds datasource.Datasource) error {
 		log.Errorf("Failed fetching user-data from datasource: %v", err)
 		return err
 	}
+	userDataBytes, err = decompressIfGzip(userDataBytes)
+	if err != nil {
+		log.Errorf("Failed decompressing user-data from datasource: %v", err)
+		return err
+	}
 	log.Infof("Fetching meta-data from datasource of type %v", ds.Type())
 	metadata, err = ds.FetchMetadata()
 	if err != nil {
@@ -367,3 +372,13 @@ func composeToCloudConfig(bytes []byte) ([]byte, error) {
 		},
 	})
 }
+
+const gzipMagicBytes = "\x1f\x8b"
+
+func decompressIfGzip(userdataBytes []byte) ([]byte, error) {
+	if !bytes.HasPrefix(userdataBytes, []byte(gzipMagicBytes)) {
+		return userdataBytes, nil
+	}
+
+	return config.DecompressGzip(userdataBytes)
+}

cmd/control/console_init.go

@@ -11,6 +11,8 @@ import (
 	"strings"
 	"syscall"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/codegangsta/cli"
 	"github.com/rancher/os/cmd/cloudinitexecute"
 	"github.com/rancher/os/config"
@@ -108,6 +110,14 @@ func consoleInitFunc() error {
 		}
 	}
 
+	// mount systemd cgroups
+	if err := os.MkdirAll("/sys/fs/cgroup/systemd", 0555); err != nil {
+		log.Error(err)
+	}
+	if err := unix.Mount("cgroup", "/sys/fs/cgroup/systemd", "cgroup", 0, "none,name=systemd"); err != nil {
+		log.Error(err)
+	}
+
 	// font backslashes need to be escaped for when issue is output! (but not the others..)
 	if err := ioutil.WriteFile("/etc/issue", []byte(config.Banner), 0644); err != nil {
 		log.Error(err)

cmd/control/docker_init.go

@@ -70,8 +70,8 @@ func dockerInitAction(c *cli.Context) error {
 	}
 
 	for _, mount := range strings.Split(string(mountInfo), "\n") {
-		if strings.Contains(mount, "/var/lib/docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
-			os.Setenv("DOCKER_RAMDISK", "1")
+		if strings.Contains(mount, "/var/lib/user-docker /var/lib/docker") && strings.Contains(mount, "rootfs") {
+			os.Setenv("DOCKER_RAMDISK", "true")
 		}
 	}
 

config/cloudinit/config/decode.go

@@ -18,7 +18,12 @@ func DecodeBase64Content(content string) ([]byte, error) {
 }
 
 func DecodeGzipContent(content string) ([]byte, error) {
-	gzr, err := gzip.NewReader(bytes.NewReader([]byte(content)))
+	byteContent := []byte(content)
+	return DecompressGzip(byteContent)
+}
+
+func DecompressGzip(content []byte) ([]byte, error) {
+	gzr, err := gzip.NewReader(bytes.NewReader(content))
 
 	if err != nil {
 		return nil, fmt.Errorf("Unable to decode gzip: %q", err)

dfs/scratch.go

@@ -570,7 +570,6 @@ func firstPrepare() error {
 		"/etc/selinux/ros",
 		"/etc/selinux/ros/policy",
 		"/etc/selinux/ros/contexts",
-		"/var/lib/cni",
 	); err != nil {
 		return err
 	}

init/init.go

@@ -362,6 +362,7 @@ func RunInit() error {
 		config.CfgFuncData{"read cfg and log files", func(cfg *config.CloudConfig) (*config.CloudConfig, error) {
 			filesToCopy := []string{
 				config.CloudConfigInitFile,
+				config.CloudConfigScriptFile,
 				config.CloudConfigBootFile,
 				config.CloudConfigNetworkFile,
 				config.MetaDataFile,
@@ -418,7 +419,11 @@ func RunInit() error {
 				if strings.HasPrefix(name, "/var/lib/rancher/conf/") {
 					// only make the conf files harder to get to
 					dirMode = os.ModeDir | 0700
-					fileMode = os.FileMode(0400)
+					if name == config.CloudConfigScriptFile {
+						fileMode = os.FileMode(0755)
+					} else {
+						fileMode = os.FileMode(0400)
+					}
 				}
 				if err := os.MkdirAll(filepath.Dir(name), dirMode); err != nil {
 					log.Error(err)

scripts/layout-initrd

@@ -2,7 +2,7 @@
 echo Create initrd layout in $INITRD_DIR
 
 rm -rf ${INITRD_DIR}
-mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros,var/lib/cni/bin}
+mkdir -p ${INITRD_DIR}/usr/{etc,lib,bin,share/ros}
 
 ./scripts/template