From c38afe52f4b26c2d76ec2dbb3d546571dc41d48d Mon Sep 17 00:00:00 2001 From: Andrew Battat Date: Fri, 24 May 2024 20:49:08 +0000 Subject: [PATCH] Feat(NODE-1353): Consolidate rootfs utils #10 --- ic-os/rootfs/boundary-guestos.bzl | 2 +- ic-os/rootfs/guestos.bzl | 183 ++++++++++-------- ic-os/rootfs/hostos.bzl | 79 ++++---- .../tmpfiles.d => misc/guestos}/ic-node.conf | 0 .../{guestos/etc => misc/guestos}/sudoers | 0 .../rules.d => misc/hostos}/20-ipmi.rules | 0 .../tmpfiles.d => misc/hostos}/ic-node.conf | 0 .../{hostos/etc => misc/hostos}/sudoers | 0 .../vsock/10-vhost-vsock.rules | 0 .../vsock/vsock-agent.service | 0 .../guestos}/filebeat/filebeat.fc | 0 .../guestos}/filebeat/filebeat.if | 0 .../guestos}/filebeat/filebeat.te | 0 .../fscontext-fixes/fscontext-fixes.fc | 0 .../fscontext-fixes/fscontext-fixes.if | 0 .../fscontext-fixes/fscontext-fixes.te | 0 .../prep => prep/guestos}/ic-node/ic-node.fc | 0 .../prep => prep/guestos}/ic-node/ic-node.if | 0 .../prep => prep/guestos}/ic-node/ic-node.te | 0 .../guestos}/infogetty/infogetty.fc | 0 .../guestos}/infogetty/infogetty.te | 0 .../guestos}/manageboot/manageboot.fc | 0 .../guestos}/manageboot/manageboot.if | 0 .../guestos}/manageboot/manageboot.te | 0 .../guestos}/misc-fixes/misc-fixes.if | 0 .../guestos}/misc-fixes/misc-fixes.te | 0 .../guestos}/node_exporter/node_exporter.fc | 0 .../guestos}/node_exporter/node_exporter.if | 0 .../guestos}/node_exporter/node_exporter.te | 0 .../{guestos/prep => prep/guestos}/prep.sh | 0 .../guestos}/setup-var/setup-var.if | 0 .../guestos}/setup-var/setup-var.te | 0 .../guestos}/systemd-fixes/systemd-fixes.if | 0 .../guestos}/systemd-fixes/systemd-fixes.te | 0 .../fscontext-fixes/fscontext-fixes.fc | 0 .../fscontext-fixes/fscontext-fixes.if | 0 .../fscontext-fixes/fscontext-fixes.te | 0 .../setupos}/misc-fixes/misc-fixes.if | 0 .../setupos}/misc-fixes/misc-fixes.te | 0 .../{setupos/prep => prep/setupos}/prep.sh | 0 .../setupos}/systemd-fixes/systemd-fixes.if | 0 .../setupos}/systemd-fixes/systemd-fixes.te | 0 ic-os/rootfs/setupos.bzl | 50 +++-- .../{misc => upgrade}/install-upgrade.sh | 0 44 files changed, 174 insertions(+), 140 deletions(-) rename ic-os/rootfs/{guestos/etc/tmpfiles.d => misc/guestos}/ic-node.conf (100%) rename ic-os/rootfs/{guestos/etc => misc/guestos}/sudoers (100%) rename ic-os/rootfs/{hostos/etc/udev/rules.d => misc/hostos}/20-ipmi.rules (100%) rename ic-os/rootfs/{hostos/etc/tmpfiles.d => misc/hostos}/ic-node.conf (100%) rename ic-os/rootfs/{hostos/etc => misc/hostos}/sudoers (100%) rename ic-os/rootfs/{hostos-scripts => misc}/vsock/10-vhost-vsock.rules (100%) rename ic-os/rootfs/{hostos-scripts => misc}/vsock/vsock-agent.service (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/filebeat/filebeat.fc (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/filebeat/filebeat.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/filebeat/filebeat.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/fscontext-fixes/fscontext-fixes.fc (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/fscontext-fixes/fscontext-fixes.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/fscontext-fixes/fscontext-fixes.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/ic-node/ic-node.fc (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/ic-node/ic-node.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/ic-node/ic-node.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/infogetty/infogetty.fc (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/infogetty/infogetty.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/manageboot/manageboot.fc (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/manageboot/manageboot.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/manageboot/manageboot.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/misc-fixes/misc-fixes.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/misc-fixes/misc-fixes.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/node_exporter/node_exporter.fc (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/node_exporter/node_exporter.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/node_exporter/node_exporter.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/prep.sh (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/setup-var/setup-var.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/setup-var/setup-var.te (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/systemd-fixes/systemd-fixes.if (100%) rename ic-os/rootfs/{guestos/prep => prep/guestos}/systemd-fixes/systemd-fixes.te (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/fscontext-fixes/fscontext-fixes.fc (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/fscontext-fixes/fscontext-fixes.if (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/fscontext-fixes/fscontext-fixes.te (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/misc-fixes/misc-fixes.if (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/misc-fixes/misc-fixes.te (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/prep.sh (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/systemd-fixes/systemd-fixes.if (100%) rename ic-os/rootfs/{setupos/prep => prep/setupos}/systemd-fixes/systemd-fixes.te (100%) rename ic-os/rootfs/{misc => upgrade}/install-upgrade.sh (100%) diff --git a/ic-os/rootfs/boundary-guestos.bzl b/ic-os/rootfs/boundary-guestos.bzl index 7e4b318f6fb..0ac0ebe81c9 100644 --- a/ic-os/rootfs/boundary-guestos.bzl +++ b/ic-os/rootfs/boundary-guestos.bzl @@ -100,8 +100,8 @@ rootfs_files = { Label("networking/generate-network-config/boundary-guestos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", Label("early-boot/save-machine-id/save-machine-id.sh"): "/opt/ic/bin/save-machine-id.sh", Label("early-boot/save-machine-id/save-machine-id.service"): "/etc/systemd/system/save-machine-id.service", + Label("upgrade/install-upgrade.sh"): "/opt/ic/bin/install-upgrade.sh", Label("misc/metrics.sh"): "/opt/ic/bin/metrics.sh", - Label("misc/install-upgrade.sh"): "/opt/ic/bin/install-upgrade.sh", Label("early-boot/relabel-machine-id/relabel-machine-id.sh"): "/opt/ic/bin/relabel-machine-id.sh", Label("early-boot/relabel-machine-id/relabel-machine-id.service"): "/etc/systemd/system/relabel-machine-id.service", Label("early-boot/setup-hostname/setup-hostname.sh"): "/opt/ic/bin/setup-hostname.sh", diff --git a/ic-os/rootfs/guestos.bzl b/ic-os/rootfs/guestos.bzl index f8f213be5e1..2436ee8439a 100644 --- a/ic-os/rootfs/guestos.bzl +++ b/ic-os/rootfs/guestos.bzl @@ -3,50 +3,15 @@ Enumerate every rootfs file dependency for GuestOS """ rootfs_files = { + # unconsolidated files: Label("//ic-os/rootfs/guestos:dev-certs/canister_http_test_ca.cert"): "/dev-certs/canister_http_test_ca.cert", Label("//ic-os/rootfs/guestos:etc/crypttab"): "/etc/crypttab", - Label("//ic-os/rootfs/guestos:etc/sudoers"): "/etc/sudoers", Label("//ic-os/rootfs/guestos:etc/sysctl.d/dfn-max-map-count.conf"): "/etc/sysctl.d/dfn-max-map-count.conf", Label("//ic-os/rootfs/guestos:etc/sysctl.d/privileged-ports.conf"): "/etc/sysctl.d/privileged-ports.conf", Label("//ic-os/rootfs/guestos:etc/sysfs.d/hugepage.conf"): "/etc/sysfs.d/hugepage.conf", - Label("//ic-os/rootfs/guestos:etc/tmpfiles.d/ic-node.conf"): "/etc/tmpfiles.d/ic-node.conf", - - # prep files: - Label("//ic-os/rootfs/guestos:prep/filebeat/filebeat.fc"): "/prep/filebeat/filebeat.fc", - Label("//ic-os/rootfs/guestos:prep/filebeat/filebeat.if"): "/prep/filebeat/filebeat.if", - Label("//ic-os/rootfs/guestos:prep/filebeat/filebeat.te"): "/prep/filebeat/filebeat.te", - Label("//ic-os/rootfs/guestos:prep/manageboot/manageboot.fc"): "/prep/manageboot/manageboot.fc", - Label("//ic-os/rootfs/guestos:prep/manageboot/manageboot.if"): "/prep/manageboot/manageboot.if", - Label("//ic-os/rootfs/guestos:prep/manageboot/manageboot.te"): "/prep/manageboot/manageboot.te", - Label("//ic-os/rootfs/guestos:prep/fscontext-fixes/fscontext-fixes.fc"): "/prep/fscontext-fixes/fscontext-fixes.fc", - Label("//ic-os/rootfs/guestos:prep/fscontext-fixes/fscontext-fixes.if"): "/prep/fscontext-fixes/fscontext-fixes.if", - Label("//ic-os/rootfs/guestos:prep/fscontext-fixes/fscontext-fixes.te"): "/prep/fscontext-fixes/fscontext-fixes.te", - Label("//ic-os/rootfs/guestos:prep/ic-node/ic-node.fc"): "/prep/ic-node/ic-node.fc", - Label("//ic-os/rootfs/guestos:prep/ic-node/ic-node.if"): "/prep/ic-node/ic-node.if", - Label("//ic-os/rootfs/guestos:prep/ic-node/ic-node.te"): "/prep/ic-node/ic-node.te", - Label("//ic-os/rootfs/guestos:prep/infogetty/infogetty.fc"): "/prep/infogetty/infogetty.fc", - Label("//ic-os/rootfs/guestos:prep/infogetty/infogetty.te"): "/prep/infogetty/infogetty.te", - Label("//ic-os/rootfs/guestos:prep/misc-fixes/misc-fixes.if"): "/prep/misc-fixes/misc-fixes.if", - Label("//ic-os/rootfs/guestos:prep/misc-fixes/misc-fixes.te"): "/prep/misc-fixes/misc-fixes.te", - Label("//ic-os/rootfs/guestos:prep/node_exporter/node_exporter.fc"): "/prep/node_exporter/node_exporter.fc", - Label("//ic-os/rootfs/guestos:prep/node_exporter/node_exporter.if"): "/prep/node_exporter/node_exporter.if", - Label("//ic-os/rootfs/guestos:prep/node_exporter/node_exporter.te"): "/prep/node_exporter/node_exporter.te", - Label("//ic-os/rootfs/guestos:prep/prep.sh"): "/prep/prep.sh", - Label("//ic-os/rootfs/guestos:prep/setup-var/setup-var.if"): "/prep/setup-var/setup-var.if", - Label("//ic-os/rootfs/guestos:prep/setup-var/setup-var.te"): "/prep/setup-var/setup-var.te", - Label("//ic-os/rootfs/guestos:prep/systemd-fixes/systemd-fixes.if"): "/prep/systemd-fixes/systemd-fixes.if", - Label("//ic-os/rootfs/guestos:prep/systemd-fixes/systemd-fixes.te"): "/prep/systemd-fixes/systemd-fixes.te", Label("//ic-os/rootfs/guestos:opt/ic/share/ic.json5.template"): "/opt/ic/share/ic.json5.template", - # consolidated files: - Label("misc/metrics.sh"): "/opt/ic/bin/metrics.sh", - Label("ssh/provision-ssh-keys.sh"): "/opt/ic/bin/provision-ssh-keys.sh", - Label("ssh/setup-ssh-keys/setup-ssh-keys.sh"): "/opt/ic/bin/setup-ssh-keys.sh", - Label("ssh/setup-ssh-keys/setup-ssh-keys.service"): "/etc/systemd/system/setup-ssh-keys.service", - Label("ssh/setup-ssh-account-keys/guestos/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh", - Label("ssh/setup-ssh-account-keys/setup-ssh-account-keys.service"): "/etc/systemd/system/setup-ssh-account-keys.service", - Label("ssh/read-ssh-keys.sh"): "/opt/ic/bin/read-ssh-keys.sh", - Label("networking/generate-network-config/guestos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", + # early-boot Label("early-boot/relabel-machine-id/guestos/relabel-machine-id.sh"): "/opt/ic/bin/relabel-machine-id.sh", Label("early-boot/relabel-machine-id/relabel-machine-id.service"): "/etc/systemd/system/relabel-machine-id.service", Label("early-boot/setup-hostname/setup-hostname.sh"): "/opt/ic/bin/setup-hostname.sh", @@ -54,6 +19,32 @@ rootfs_files = { Label("early-boot/setup-hostname/hostname-empty"): "/etc/hostname", Label("early-boot/save-machine-id/save-machine-id.sh"): "/opt/ic/bin/save-machine-id.sh", Label("early-boot/save-machine-id/save-machine-id.service"): "/etc/systemd/system/save-machine-id.service", + Label("early-boot/fstab/fstab-guestos"): "/etc/fstab", + Label("early-boot/locale"): "/etc/default/locale", + Label("early-boot/initramfs-tools/guestos/hooks/veritysetup"): "/etc/initramfs-tools/hooks/veritysetup", + Label("early-boot/initramfs-tools/guestos/initramfs.conf"): "/etc/initramfs-tools/initramfs.conf", + Label("early-boot/initramfs-tools/guestos/modules"): "/etc/initramfs-tools/modules", + Label("early-boot/initramfs-tools/guestos/scripts/init-bottom/set-machine-id"): "/etc/initramfs-tools/scripts/init-bottom/set-machine-id", + Label("early-boot/initramfs-tools/guestos/scripts/init-premount/verity-root"): "/etc/initramfs-tools/scripts/init-premount/verity-root", + + # ic + Label("ic/ic-btc-adapter/generate-btc-adapter-config.sh"): "/opt/ic/bin/generate-btc-adapter-config.sh", + Label("ic/ic-btc-adapter/ic-btc-mainnet-adapter.service"): "/etc/systemd/system/ic-btc-mainnet-adapter.service", + Label("ic/ic-btc-adapter/ic-btc-mainnet-adapter.socket"): "/etc/systemd/system/ic-btc-mainnet-adapter.socket", + Label("ic/ic-btc-adapter/ic-btc-testnet-adapter.service"): "/etc/systemd/system/ic-btc-testnet-adapter.service", + Label("ic/ic-btc-adapter/ic-btc-testnet-adapter.socket"): "/etc/systemd/system/ic-btc-testnet-adapter.socket", + Label("ic/setup-permissions/setup-permissions.sh"): "/opt/ic/bin/setup-permissions.sh", + Label("ic/setup-permissions/setup-permissions.service"): "/etc/systemd/system/setup-permissions.service", + Label("ic/share/ark.pem"): "/opt/ic/share/ark.pem", + Label("ic/ic-crypto-csp/ic-crypto-csp.service"): "/etc/systemd/system/ic-crypto-csp.service", + Label("ic/ic-crypto-csp/ic-crypto-csp.socket"): "/etc/systemd/system/ic-crypto-csp.socket", + Label("ic/ic-https-outcalls-adapter/ic-https-outcalls-adapter.service"): "/etc/systemd/system/ic-https-outcalls-adapter.service", + Label("ic/ic-https-outcalls-adapter/ic-https-outcalls-adapter.socket"): "/etc/systemd/system/ic-https-outcalls-adapter.socket", + Label("ic/ic-https-outcalls-adapter/generate-https-outcalls-adapter-config.sh"): "/opt/ic/bin/generate-https-outcalls-adapter-config.sh", + Label("ic/ic-replica.service"): "/etc/systemd/system/ic-replica.service", + Label("ic/generate-replica-config.sh"): "/opt/ic/bin/generate-replica-config.sh", + + # init Label("init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh"): "/opt/ic/bin/bootstrap-ic-node.sh", Label("init/bootstrap-ic-node/guestos/bootstrap-ic-node.service"): "/etc/systemd/system/bootstrap-ic-node.service", Label("init/setup-encryption/guestos/setup-encryption.sh"): "/opt/ic/bin/setup-encryption.sh", @@ -61,14 +52,16 @@ rootfs_files = { Label("init/setup-encryption/guestos/setup-var-encryption.sh"): "/opt/ic/bin/setup-var-encryption.sh", Label("init/setup-lvs/setup-lvs.service"): "/etc/systemd/system/setup-lvs.service", Label("init/setup-lvs/guestos/setup-lvs.sh"): "/opt/ic/bin/setup-lvs.sh", - Label("networking/retry-ipv6-config/guestos/retry-ipv6-config.sh"): "/opt/ic/bin/retry-ipv6-config.sh", - Label("networking/retry-ipv6-config/retry-ipv6-config.service"): "/etc/systemd/system/retry-ipv6-config.service", - Label("ic/generate-replica-config.sh"): "/opt/ic/bin/generate-replica-config.sh", - Label("ic/ic-btc-adapter/generate-btc-adapter-config.sh"): "/opt/ic/bin/generate-btc-adapter-config.sh", - Label("ic/ic-btc-adapter/ic-btc-mainnet-adapter.service"): "/etc/systemd/system/ic-btc-mainnet-adapter.service", - Label("ic/ic-btc-adapter/ic-btc-mainnet-adapter.socket"): "/etc/systemd/system/ic-btc-mainnet-adapter.socket", - Label("ic/ic-btc-adapter/ic-btc-testnet-adapter.service"): "/etc/systemd/system/ic-btc-testnet-adapter.service", - Label("ic/ic-btc-adapter/ic-btc-testnet-adapter.socket"): "/etc/systemd/system/ic-btc-testnet-adapter.socket", + + # misc + Label("misc/metrics.sh"): "/opt/ic/bin/metrics.sh", + Label("misc/serial-getty@/guestos/serial-getty@.service"): "/etc/systemd/system/serial-getty@.service", + Label("misc/chrony/chrony.conf"): "/etc/chrony/chrony.conf", + Label("misc/vsock/10-vhost-vsock.rules"): "/etc/udev/rules.d/10-vhost-vsock.rules", + Label("misc/guestos/ic-node.conf"): "/etc/tmpfiles.d/ic-node.conf", + Label("misc/guestos/sudoers"): "/etc/sudoers", + + # monitoring Label("monitoring/filebeat/setup-filebeat-permissions.sh"): "/opt/ic/bin/setup-filebeat-permissions.sh", Label("monitoring/filebeat/generate-filebeat-config.sh"): "/opt/ic/bin/generate-filebeat-config.sh", Label("monitoring/filebeat/filebeat.yml.template"): "/etc/filebeat/filebeat.yml.template", @@ -77,48 +70,10 @@ rootfs_files = { Label("monitoring/ipv4-connectivity-check/ipv4-connectivity-check.service"): "/etc/systemd/system/ipv4-connectivity-check.service", Label("monitoring/ipv4-connectivity-check/ipv4-connectivity-check.timer"): "/etc/systemd/system/ipv4-connectivity-check.timer", Label("monitoring/systemd-user/user@.service"): "/etc/systemd/system/user@.service", - Label("upgrade/manageboot/guestos/manageboot.sh"): "/opt/ic/bin/manageboot.sh", - Label("upgrade/shared-resources/monitor-expand-shared-data/monitor-expand-shared-data.py"): "/opt/ic/bin/monitor-expand-shared-data.py", - Label("upgrade/shared-resources/monitor-expand-shared-data/monitor-expand-shared-data.service"): "/etc/systemd/system/monitor-expand-shared-data.service", - Label("upgrade/shared-resources/upgrade-shared-data-store/upgrade-shared-data-store.sh"): "/opt/ic/bin/upgrade-shared-data-store.sh", - Label("upgrade/shared-resources/upgrade-shared-data-store/upgrade-shared-data-store.service"): "/etc/systemd/system/upgrade-shared-data-store.service", - Label("upgrade/shared-resources/setup-shared-resources/setup-shared-backup.sh"): "/opt/ic/bin/setup-shared-backup.sh", - Label("upgrade/shared-resources/setup-shared-resources/setup-shared-backup.service"): "/etc/systemd/system/setup-shared-backup.service", - Label("upgrade/shared-resources/setup-shared-resources/setup-shared-crypto.sh"): "/opt/ic/bin/setup-shared-crypto.sh", - Label("upgrade/shared-resources/setup-shared-resources/setup-shared-crypto.service"): "/etc/systemd/system/setup-shared-crypto.service", - Label("upgrade/shared-resources/setup-shared-resources/setup-shared-data.sh"): "/opt/ic/bin/setup-shared-data.sh", - Label("upgrade/shared-resources/setup-shared-resources/setup-shared-data.service"): "/etc/systemd/system/setup-shared-data.service", - Label("upgrade/systemd-generators/guestos/mount-generator"): "/etc/systemd/system-generators/mount-generator", - Label("upgrade/systemd-generators/systemd-gpt-auto-generator"): "/etc/systemd/system-generators/systemd-gpt-auto-generator", - Label("ic/setup-permissions/setup-permissions.sh"): "/opt/ic/bin/setup-permissions.sh", - Label("ic/setup-permissions/setup-permissions.service"): "/etc/systemd/system/setup-permissions.service", - Label("ic/share/ark.pem"): "/opt/ic/share/ark.pem", - Label("ic/ic-crypto-csp/ic-crypto-csp.service"): "/etc/systemd/system/ic-crypto-csp.service", - Label("ic/ic-crypto-csp/ic-crypto-csp.socket"): "/etc/systemd/system/ic-crypto-csp.socket", - Label("ic/ic-https-outcalls-adapter/ic-https-outcalls-adapter.service"): "/etc/systemd/system/ic-https-outcalls-adapter.service", - Label("ic/ic-https-outcalls-adapter/ic-https-outcalls-adapter.socket"): "/etc/systemd/system/ic-https-outcalls-adapter.socket", - Label("ic/ic-https-outcalls-adapter/generate-https-outcalls-adapter-config.sh"): "/opt/ic/bin/generate-https-outcalls-adapter-config.sh", - Label("ic/ic-replica.service"): "/etc/systemd/system/ic-replica.service", Label("monitoring/fstrim/fstrim_tool.service"): "/etc/systemd/system/fstrim_tool.service", Label("monitoring/fstrim/fstrim_tool.timer"): "/etc/systemd/system/fstrim_tool.timer", Label("monitoring/fstrim/setup-fstrim-metrics.service"): "/etc/systemd/system/setup-fstrim-metrics.service", - Label("networking/nftables/reload_nftables.path"): "/etc/systemd/system/reload_nftables.path", - Label("networking/nftables/reload_nftables.service"): "/etc/systemd/system/reload_nftables.service", - Label("networking/nftables/nftables-empty.conf"): "/etc/nftables.conf", - Label("misc/serial-getty@/guestos/serial-getty@.service"): "/etc/systemd/system/serial-getty@.service", Label("monitoring/setup-node-gen-status.service"): "/etc/systemd/system/setup-node-gen-status.service", - Label("networking/fallback.conf"): "/etc/systemd/resolved.conf.d/fallback.conf", - Label("networking/resolv.conf"): "/etc/resolv.conf", - Label("networking/network-tweaks.conf"): "/etc/sysctl.d/network-tweaks.conf", - Label("networking/hosts"): "/etc/hosts", - Label("early-boot/fstab/fstab-guestos"): "/etc/fstab", - Label("early-boot/locale"): "/etc/default/locale", - Label("misc/chrony/chrony.conf"): "/etc/chrony/chrony.conf", - Label("early-boot/initramfs-tools/guestos/hooks/veritysetup"): "/etc/initramfs-tools/hooks/veritysetup", - Label("early-boot/initramfs-tools/guestos/initramfs.conf"): "/etc/initramfs-tools/initramfs.conf", - Label("early-boot/initramfs-tools/guestos/modules"): "/etc/initramfs-tools/modules", - Label("early-boot/initramfs-tools/guestos/scripts/init-bottom/set-machine-id"): "/etc/initramfs-tools/scripts/init-bottom/set-machine-id", - Label("early-boot/initramfs-tools/guestos/scripts/init-premount/verity-root"): "/etc/initramfs-tools/scripts/init-premount/verity-root", Label("monitoring/node_exporter/node_exporter.crt"): "/etc/node_exporter/node_exporter.crt", Label("monitoring/node_exporter/node_exporter.key"): "/etc/node_exporter/node_exporter.key", Label("monitoring/node_exporter/web.yml"): "/etc/node_exporter/web.yml", @@ -126,7 +81,67 @@ rootfs_files = { Label("monitoring/node_exporter/node_exporter"): "/etc/default/node_exporter", Label("monitoring/node_exporter/setup-node_exporter-keys/setup-node_exporter-keys.sh"): "/opt/ic/bin/setup-node_exporter-keys.sh", Label("monitoring/node_exporter/setup-node_exporter-keys/setup-node_exporter-keys.service"): "/etc/systemd/system/setup-node_exporter-keys.service", - Label("hostos-scripts/vsock/10-vhost-vsock.rules"): "/etc/udev/rules.d/10-vhost-vsock.rules", Label("monitoring/metrics-proxy/guestos/metrics-proxy.yaml"): "/etc/metrics-proxy.yaml", Label("monitoring/metrics-proxy/metrics-proxy.service"): "/etc/systemd/system/metrics-proxy.service", + + # networking + Label("networking/generate-network-config/guestos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", + Label("networking/retry-ipv6-config/guestos/retry-ipv6-config.sh"): "/opt/ic/bin/retry-ipv6-config.sh", + Label("networking/retry-ipv6-config/retry-ipv6-config.service"): "/etc/systemd/system/retry-ipv6-config.service", + Label("networking/nftables/reload_nftables.path"): "/etc/systemd/system/reload_nftables.path", + Label("networking/nftables/reload_nftables.service"): "/etc/systemd/system/reload_nftables.service", + Label("networking/nftables/nftables-empty.conf"): "/etc/nftables.conf", + Label("networking/fallback.conf"): "/etc/systemd/resolved.conf.d/fallback.conf", + Label("networking/resolv.conf"): "/etc/resolv.conf", + Label("networking/network-tweaks.conf"): "/etc/sysctl.d/network-tweaks.conf", + Label("networking/hosts"): "/etc/hosts", + + # prep + Label("prep/guestos/filebeat/filebeat.fc"): "/prep/filebeat/filebeat.fc", + Label("prep/guestos/filebeat/filebeat.if"): "/prep/filebeat/filebeat.if", + Label("prep/guestos/filebeat/filebeat.te"): "/prep/filebeat/filebeat.te", + Label("prep/guestos/manageboot/manageboot.fc"): "/prep/manageboot/manageboot.fc", + Label("prep/guestos/manageboot/manageboot.if"): "/prep/manageboot/manageboot.if", + Label("prep/guestos/manageboot/manageboot.te"): "/prep/manageboot/manageboot.te", + Label("prep/guestos/fscontext-fixes/fscontext-fixes.fc"): "/prep/fscontext-fixes/fscontext-fixes.fc", + Label("prep/guestos/fscontext-fixes/fscontext-fixes.if"): "/prep/fscontext-fixes/fscontext-fixes.if", + Label("prep/guestos/fscontext-fixes/fscontext-fixes.te"): "/prep/fscontext-fixes/fscontext-fixes.te", + Label("prep/guestos/ic-node/ic-node.fc"): "/prep/ic-node/ic-node.fc", + Label("prep/guestos/ic-node/ic-node.if"): "/prep/ic-node/ic-node.if", + Label("prep/guestos/ic-node/ic-node.te"): "/prep/ic-node/ic-node.te", + Label("prep/guestos/infogetty/infogetty.fc"): "/prep/infogetty/infogetty.fc", + Label("prep/guestos/infogetty/infogetty.te"): "/prep/infogetty/infogetty.te", + Label("prep/guestos/misc-fixes/misc-fixes.if"): "/prep/misc-fixes/misc-fixes.if", + Label("prep/guestos/misc-fixes/misc-fixes.te"): "/prep/misc-fixes/misc-fixes.te", + Label("prep/guestos/node_exporter/node_exporter.fc"): "/prep/node_exporter/node_exporter.fc", + Label("prep/guestos/node_exporter/node_exporter.if"): "/prep/node_exporter/node_exporter.if", + Label("prep/guestos/node_exporter/node_exporter.te"): "/prep/node_exporter/node_exporter.te", + Label("prep/guestos/prep.sh"): "/prep/prep.sh", + Label("prep/guestos/setup-var/setup-var.if"): "/prep/setup-var/setup-var.if", + Label("prep/guestos/setup-var/setup-var.te"): "/prep/setup-var/setup-var.te", + Label("prep/guestos/systemd-fixes/systemd-fixes.if"): "/prep/systemd-fixes/systemd-fixes.if", + Label("prep/guestos/systemd-fixes/systemd-fixes.te"): "/prep/systemd-fixes/systemd-fixes.te", + + # ssh + Label("ssh/provision-ssh-keys.sh"): "/opt/ic/bin/provision-ssh-keys.sh", + Label("ssh/setup-ssh-keys/setup-ssh-keys.sh"): "/opt/ic/bin/setup-ssh-keys.sh", + Label("ssh/setup-ssh-keys/setup-ssh-keys.service"): "/etc/systemd/system/setup-ssh-keys.service", + Label("ssh/setup-ssh-account-keys/guestos/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh", + Label("ssh/setup-ssh-account-keys/setup-ssh-account-keys.service"): "/etc/systemd/system/setup-ssh-account-keys.service", + Label("ssh/read-ssh-keys.sh"): "/opt/ic/bin/read-ssh-keys.sh", + + # upgrade + Label("upgrade/shared-resources/monitor-expand-shared-data/monitor-expand-shared-data.service"): "/etc/systemd/system/monitor-expand-shared-data.service", + Label("upgrade/shared-resources/upgrade-shared-data-store/upgrade-shared-data-store.sh"): "/opt/ic/bin/upgrade-shared-data-store.sh", + Label("upgrade/shared-resources/upgrade-shared-data-store/upgrade-shared-data-store.service"): "/etc/systemd/system/upgrade-shared-data-store.service", + Label("upgrade/shared-resources/setup-shared-resources/setup-shared-backup.sh"): "/opt/ic/bin/setup-shared-backup.sh", + Label("upgrade/shared-resources/setup-shared-resources/setup-shared-backup.service"): "/etc/systemd/system/setup-shared-backup.service", + Label("upgrade/shared-resources/setup-shared-resources/setup-shared-crypto.sh"): "/opt/ic/bin/setup-shared-crypto.sh", + Label("upgrade/shared-resources/setup-shared-resources/setup-shared-crypto.service"): "/etc/systemd/system/setup-shared-crypto.service", + Label("upgrade/shared-resources/setup-shared-resources/setup-shared-data.sh"): "/opt/ic/bin/setup-shared-data.sh", + Label("upgrade/shared-resources/setup-shared-resources/setup-shared-data.service"): "/etc/systemd/system/setup-shared-data.service", + Label("upgrade/systemd-generators/guestos/mount-generator"): "/etc/systemd/system-generators/mount-generator", + Label("upgrade/systemd-generators/systemd-gpt-auto-generator"): "/etc/systemd/system-generators/systemd-gpt-auto-generator", + Label("upgrade/manageboot/guestos/manageboot.sh"): "/opt/ic/bin/manageboot.sh", + Label("upgrade/shared-resources/monitor-expand-shared-data/monitor-expand-shared-data.py"): "/opt/ic/bin/monitor-expand-shared-data.py", } diff --git a/ic-os/rootfs/hostos.bzl b/ic-os/rootfs/hostos.bzl index 9cecc238e4f..b0c18315ed4 100644 --- a/ic-os/rootfs/hostos.bzl +++ b/ic-os/rootfs/hostos.bzl @@ -3,31 +3,7 @@ Enumerate every rootfs file dependency for HostOS """ rootfs_files = { - Label("hostos/etc/sudoers"): "/etc/sudoers", - Label("hostos/etc/tmpfiles.d/ic-node.conf"): "/etc/tmpfiles.d/ic-node.conf", - Label("hostos/etc/udev/rules.d/20-ipmi.rules"): "/etc/udev/rules.d/20-ipmi.rules", - - # consolidated files: - Label("misc/metrics.sh"): "/opt/ic/bin/metrics.sh", - Label("misc/install-upgrade.sh"): "/opt/ic/bin/install-upgrade.sh", - Label("misc/fetch-property/hostos/fetch-property.sh"): "/opt/ic/bin/fetch-property.sh", - Label("ssh/setup-ssh-keys/setup-ssh-keys.sh"): "/opt/ic/bin/setup-ssh-keys.sh", - Label("ssh/setup-ssh-keys/setup-ssh-keys.service"): "/etc/systemd/system/setup-ssh-keys.service", - Label("ssh/setup-ssh-account-keys/hostos/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh", - Label("ssh/setup-ssh-account-keys/hostos/setup-ssh-account-keys.service"): "/etc/systemd/system/setup-ssh-account-keys.service", - Label("ssh/deploy-updated-ssh-account-keys/deploy-updated-ssh-account-keys.sh"): "/opt/ic/bin/deploy-updated-ssh-account-keys.sh", - Label("ssh/deploy-updated-ssh-account-keys/deploy-updated-ssh-account-keys.service"): "/etc/systemd/system/deploy-updated-ssh-account-keys.service", - Label("early-boot/relabel-machine-id/relabel-machine-id.sh"): "/opt/ic/bin/relabel-machine-id.sh", - Label("early-boot/relabel-machine-id/relabel-machine-id.service"): "/etc/systemd/system/relabel-machine-id.service", - Label("early-boot/setup-hostname/hostos/setup-hostname.sh"): "/opt/ic/bin/setup-hostname.sh", - Label("early-boot/setup-hostname/hostos/setup-hostname.service"): "/etc/systemd/system/setup-hostname.service", - Label("early-boot/setup-hostname/hostname-empty"): "/etc/hostname", - Label("early-boot/save-machine-id/save-machine-id.sh"): "/opt/ic/bin/save-machine-id.sh", - Label("early-boot/save-machine-id/save-machine-id.service"): "/etc/systemd/system/save-machine-id.service", - Label("monitoring/systemd-user/user@.service"): "/etc/systemd/system/user@.service", - Label("upgrade/manageboot/hostos/manageboot.sh"): "/opt/ic/bin/manageboot.sh", - Label("upgrade/systemd-generators/hostos/mount-generator"): "/etc/systemd/system-generators/mount-generator", - Label("upgrade/systemd-generators/systemd-gpt-auto-generator"): "/etc/systemd/system-generators/systemd-gpt-auto-generator", + # hostos-scripts Label("hostos-scripts/generate-guestos-config/generate-guestos-config.sh"): "/opt/ic/bin/generate-guestos-config.sh", Label("hostos-scripts/generate-guestos-config/generate-guestos-config.service"): "/etc/systemd/system/generate-guestos-config.service", Label("hostos-scripts/guestos/guestos.service"): "/etc/systemd/system/guestos.service", @@ -50,20 +26,33 @@ rootfs_files = { Label("hostos-scripts/monitoring/monitor-power.sh"): "/opt/ic/bin/monitor-power.sh", Label("hostos-scripts/monitoring/monitor-power.service"): "/etc/systemd/system/monitor-power.service", Label("hostos-scripts/monitoring/monitor-power.timer"): "/etc/systemd/system/monitor-power.timer", - Label("hostos-scripts/vsock/vsock-agent.service"): "/etc/systemd/system/vsock-agent.service", - Label("hostos-scripts/vsock/10-vhost-vsock.rules"): "/etc/udev/rules.d/10-vhost-vsock.rules", - Label("networking/generate-network-config/hostos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", - Label("networking/fallback.conf"): "/etc/systemd/resolved.conf.d/fallback.conf", - Label("networking/resolv.conf"): "/etc/resolv.conf", - Label("networking/network-tweaks.conf"): "/etc/sysctl.d/network-tweaks.conf", - Label("networking/nftables/nftables-hostos.conf"): "/etc/nftables.conf", - Label("networking/hosts"): "/etc/hosts", + + # early-boot + Label("early-boot/relabel-machine-id/relabel-machine-id.sh"): "/opt/ic/bin/relabel-machine-id.sh", + Label("early-boot/relabel-machine-id/relabel-machine-id.service"): "/etc/systemd/system/relabel-machine-id.service", + Label("early-boot/setup-hostname/hostos/setup-hostname.sh"): "/opt/ic/bin/setup-hostname.sh", + Label("early-boot/setup-hostname/hostos/setup-hostname.service"): "/etc/systemd/system/setup-hostname.service", + Label("early-boot/setup-hostname/hostname-empty"): "/etc/hostname", + Label("early-boot/save-machine-id/save-machine-id.sh"): "/opt/ic/bin/save-machine-id.sh", + Label("early-boot/save-machine-id/save-machine-id.service"): "/etc/systemd/system/save-machine-id.service", Label("early-boot/fstab/fstab-hostos"): "/etc/fstab", Label("early-boot/locale"): "/etc/default/locale", - Label("misc/chrony/chrony.conf"): "/etc/chrony/chrony.conf", Label("early-boot/initramfs-tools/hostos/initramfs.conf"): "/etc/initramfs-tools/initramfs.conf", Label("early-boot/initramfs-tools/hostos/modules"): "/etc/initramfs-tools/modules", Label("early-boot/initramfs-tools/hostos/set-machine-id/set-machine-id"): "/etc/initramfs-tools/scripts/init-bottom/set-machine-id/set-machine-id", + + # misc + Label("misc/metrics.sh"): "/opt/ic/bin/metrics.sh", + Label("misc/fetch-property/hostos/fetch-property.sh"): "/opt/ic/bin/fetch-property.sh", + Label("misc/vsock/vsock-agent.service"): "/etc/systemd/system/vsock-agent.service", + Label("misc/vsock/10-vhost-vsock.rules"): "/etc/udev/rules.d/10-vhost-vsock.rules", + Label("misc/chrony/chrony.conf"): "/etc/chrony/chrony.conf", + Label("misc/hostos/sudoers"): "/etc/sudoers", + Label("misc/hostos/ic-node.conf"): "/etc/tmpfiles.d/ic-node.conf", + Label("misc/hostos/20-ipmi.rules"): "/etc/udev/rules.d/20-ipmi.rules", + + # monitoring + Label("monitoring/systemd-user/user@.service"): "/etc/systemd/system/user@.service", Label("monitoring/node_exporter/node_exporter.crt"): "/etc/node_exporter/node_exporter.crt", Label("monitoring/node_exporter/node_exporter.key"): "/etc/node_exporter/node_exporter.key", Label("monitoring/node_exporter/web.yml"): "/etc/node_exporter/web.yml", @@ -73,4 +62,26 @@ rootfs_files = { Label("monitoring/node_exporter/setup-node_exporter-keys/setup-node_exporter-keys.service"): "/etc/systemd/system/setup-node_exporter-keys.service", Label("monitoring/metrics-proxy/hostos/metrics-proxy.yaml"): "/etc/metrics-proxy.yaml", Label("monitoring/metrics-proxy/metrics-proxy.service"): "/etc/systemd/system/metrics-proxy.service", + + # networking + Label("networking/generate-network-config/hostos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", + Label("networking/fallback.conf"): "/etc/systemd/resolved.conf.d/fallback.conf", + Label("networking/resolv.conf"): "/etc/resolv.conf", + Label("networking/network-tweaks.conf"): "/etc/sysctl.d/network-tweaks.conf", + Label("networking/nftables/nftables-hostos.conf"): "/etc/nftables.conf", + Label("networking/hosts"): "/etc/hosts", + + # ssh + Label("ssh/setup-ssh-keys/setup-ssh-keys.sh"): "/opt/ic/bin/setup-ssh-keys.sh", + Label("ssh/setup-ssh-keys/setup-ssh-keys.service"): "/etc/systemd/system/setup-ssh-keys.service", + Label("ssh/setup-ssh-account-keys/hostos/setup-ssh-account-keys.sh"): "/opt/ic/bin/setup-ssh-account-keys.sh", + Label("ssh/setup-ssh-account-keys/hostos/setup-ssh-account-keys.service"): "/etc/systemd/system/setup-ssh-account-keys.service", + Label("ssh/deploy-updated-ssh-account-keys/deploy-updated-ssh-account-keys.sh"): "/opt/ic/bin/deploy-updated-ssh-account-keys.sh", + Label("ssh/deploy-updated-ssh-account-keys/deploy-updated-ssh-account-keys.service"): "/etc/systemd/system/deploy-updated-ssh-account-keys.service", + + # upgrade + Label("upgrade/manageboot/hostos/manageboot.sh"): "/opt/ic/bin/manageboot.sh", + Label("upgrade/systemd-generators/hostos/mount-generator"): "/etc/systemd/system-generators/mount-generator", + Label("upgrade/systemd-generators/systemd-gpt-auto-generator"): "/etc/systemd/system-generators/systemd-gpt-auto-generator", + Label("upgrade/install-upgrade.sh"): "/opt/ic/bin/install-upgrade.sh", } diff --git a/ic-os/rootfs/guestos/etc/tmpfiles.d/ic-node.conf b/ic-os/rootfs/misc/guestos/ic-node.conf similarity index 100% rename from ic-os/rootfs/guestos/etc/tmpfiles.d/ic-node.conf rename to ic-os/rootfs/misc/guestos/ic-node.conf diff --git a/ic-os/rootfs/guestos/etc/sudoers b/ic-os/rootfs/misc/guestos/sudoers similarity index 100% rename from ic-os/rootfs/guestos/etc/sudoers rename to ic-os/rootfs/misc/guestos/sudoers diff --git a/ic-os/rootfs/hostos/etc/udev/rules.d/20-ipmi.rules b/ic-os/rootfs/misc/hostos/20-ipmi.rules similarity index 100% rename from ic-os/rootfs/hostos/etc/udev/rules.d/20-ipmi.rules rename to ic-os/rootfs/misc/hostos/20-ipmi.rules diff --git a/ic-os/rootfs/hostos/etc/tmpfiles.d/ic-node.conf b/ic-os/rootfs/misc/hostos/ic-node.conf similarity index 100% rename from ic-os/rootfs/hostos/etc/tmpfiles.d/ic-node.conf rename to ic-os/rootfs/misc/hostos/ic-node.conf diff --git a/ic-os/rootfs/hostos/etc/sudoers b/ic-os/rootfs/misc/hostos/sudoers similarity index 100% rename from ic-os/rootfs/hostos/etc/sudoers rename to ic-os/rootfs/misc/hostos/sudoers diff --git a/ic-os/rootfs/hostos-scripts/vsock/10-vhost-vsock.rules b/ic-os/rootfs/misc/vsock/10-vhost-vsock.rules similarity index 100% rename from ic-os/rootfs/hostos-scripts/vsock/10-vhost-vsock.rules rename to ic-os/rootfs/misc/vsock/10-vhost-vsock.rules diff --git a/ic-os/rootfs/hostos-scripts/vsock/vsock-agent.service b/ic-os/rootfs/misc/vsock/vsock-agent.service similarity index 100% rename from ic-os/rootfs/hostos-scripts/vsock/vsock-agent.service rename to ic-os/rootfs/misc/vsock/vsock-agent.service diff --git a/ic-os/rootfs/guestos/prep/filebeat/filebeat.fc b/ic-os/rootfs/prep/guestos/filebeat/filebeat.fc similarity index 100% rename from ic-os/rootfs/guestos/prep/filebeat/filebeat.fc rename to ic-os/rootfs/prep/guestos/filebeat/filebeat.fc diff --git a/ic-os/rootfs/guestos/prep/filebeat/filebeat.if b/ic-os/rootfs/prep/guestos/filebeat/filebeat.if similarity index 100% rename from ic-os/rootfs/guestos/prep/filebeat/filebeat.if rename to ic-os/rootfs/prep/guestos/filebeat/filebeat.if diff --git a/ic-os/rootfs/guestos/prep/filebeat/filebeat.te b/ic-os/rootfs/prep/guestos/filebeat/filebeat.te similarity index 100% rename from ic-os/rootfs/guestos/prep/filebeat/filebeat.te rename to ic-os/rootfs/prep/guestos/filebeat/filebeat.te diff --git a/ic-os/rootfs/guestos/prep/fscontext-fixes/fscontext-fixes.fc b/ic-os/rootfs/prep/guestos/fscontext-fixes/fscontext-fixes.fc similarity index 100% rename from ic-os/rootfs/guestos/prep/fscontext-fixes/fscontext-fixes.fc rename to ic-os/rootfs/prep/guestos/fscontext-fixes/fscontext-fixes.fc diff --git a/ic-os/rootfs/guestos/prep/fscontext-fixes/fscontext-fixes.if b/ic-os/rootfs/prep/guestos/fscontext-fixes/fscontext-fixes.if similarity index 100% rename from ic-os/rootfs/guestos/prep/fscontext-fixes/fscontext-fixes.if rename to ic-os/rootfs/prep/guestos/fscontext-fixes/fscontext-fixes.if diff --git a/ic-os/rootfs/guestos/prep/fscontext-fixes/fscontext-fixes.te b/ic-os/rootfs/prep/guestos/fscontext-fixes/fscontext-fixes.te similarity index 100% rename from ic-os/rootfs/guestos/prep/fscontext-fixes/fscontext-fixes.te rename to ic-os/rootfs/prep/guestos/fscontext-fixes/fscontext-fixes.te diff --git a/ic-os/rootfs/guestos/prep/ic-node/ic-node.fc b/ic-os/rootfs/prep/guestos/ic-node/ic-node.fc similarity index 100% rename from ic-os/rootfs/guestos/prep/ic-node/ic-node.fc rename to ic-os/rootfs/prep/guestos/ic-node/ic-node.fc diff --git a/ic-os/rootfs/guestos/prep/ic-node/ic-node.if b/ic-os/rootfs/prep/guestos/ic-node/ic-node.if similarity index 100% rename from ic-os/rootfs/guestos/prep/ic-node/ic-node.if rename to ic-os/rootfs/prep/guestos/ic-node/ic-node.if diff --git a/ic-os/rootfs/guestos/prep/ic-node/ic-node.te b/ic-os/rootfs/prep/guestos/ic-node/ic-node.te similarity index 100% rename from ic-os/rootfs/guestos/prep/ic-node/ic-node.te rename to ic-os/rootfs/prep/guestos/ic-node/ic-node.te diff --git a/ic-os/rootfs/guestos/prep/infogetty/infogetty.fc b/ic-os/rootfs/prep/guestos/infogetty/infogetty.fc similarity index 100% rename from ic-os/rootfs/guestos/prep/infogetty/infogetty.fc rename to ic-os/rootfs/prep/guestos/infogetty/infogetty.fc diff --git a/ic-os/rootfs/guestos/prep/infogetty/infogetty.te b/ic-os/rootfs/prep/guestos/infogetty/infogetty.te similarity index 100% rename from ic-os/rootfs/guestos/prep/infogetty/infogetty.te rename to ic-os/rootfs/prep/guestos/infogetty/infogetty.te diff --git a/ic-os/rootfs/guestos/prep/manageboot/manageboot.fc b/ic-os/rootfs/prep/guestos/manageboot/manageboot.fc similarity index 100% rename from ic-os/rootfs/guestos/prep/manageboot/manageboot.fc rename to ic-os/rootfs/prep/guestos/manageboot/manageboot.fc diff --git a/ic-os/rootfs/guestos/prep/manageboot/manageboot.if b/ic-os/rootfs/prep/guestos/manageboot/manageboot.if similarity index 100% rename from ic-os/rootfs/guestos/prep/manageboot/manageboot.if rename to ic-os/rootfs/prep/guestos/manageboot/manageboot.if diff --git a/ic-os/rootfs/guestos/prep/manageboot/manageboot.te b/ic-os/rootfs/prep/guestos/manageboot/manageboot.te similarity index 100% rename from ic-os/rootfs/guestos/prep/manageboot/manageboot.te rename to ic-os/rootfs/prep/guestos/manageboot/manageboot.te diff --git a/ic-os/rootfs/guestos/prep/misc-fixes/misc-fixes.if b/ic-os/rootfs/prep/guestos/misc-fixes/misc-fixes.if similarity index 100% rename from ic-os/rootfs/guestos/prep/misc-fixes/misc-fixes.if rename to ic-os/rootfs/prep/guestos/misc-fixes/misc-fixes.if diff --git a/ic-os/rootfs/guestos/prep/misc-fixes/misc-fixes.te b/ic-os/rootfs/prep/guestos/misc-fixes/misc-fixes.te similarity index 100% rename from ic-os/rootfs/guestos/prep/misc-fixes/misc-fixes.te rename to ic-os/rootfs/prep/guestos/misc-fixes/misc-fixes.te diff --git a/ic-os/rootfs/guestos/prep/node_exporter/node_exporter.fc b/ic-os/rootfs/prep/guestos/node_exporter/node_exporter.fc similarity index 100% rename from ic-os/rootfs/guestos/prep/node_exporter/node_exporter.fc rename to ic-os/rootfs/prep/guestos/node_exporter/node_exporter.fc diff --git a/ic-os/rootfs/guestos/prep/node_exporter/node_exporter.if b/ic-os/rootfs/prep/guestos/node_exporter/node_exporter.if similarity index 100% rename from ic-os/rootfs/guestos/prep/node_exporter/node_exporter.if rename to ic-os/rootfs/prep/guestos/node_exporter/node_exporter.if diff --git a/ic-os/rootfs/guestos/prep/node_exporter/node_exporter.te b/ic-os/rootfs/prep/guestos/node_exporter/node_exporter.te similarity index 100% rename from ic-os/rootfs/guestos/prep/node_exporter/node_exporter.te rename to ic-os/rootfs/prep/guestos/node_exporter/node_exporter.te diff --git a/ic-os/rootfs/guestos/prep/prep.sh b/ic-os/rootfs/prep/guestos/prep.sh similarity index 100% rename from ic-os/rootfs/guestos/prep/prep.sh rename to ic-os/rootfs/prep/guestos/prep.sh diff --git a/ic-os/rootfs/guestos/prep/setup-var/setup-var.if b/ic-os/rootfs/prep/guestos/setup-var/setup-var.if similarity index 100% rename from ic-os/rootfs/guestos/prep/setup-var/setup-var.if rename to ic-os/rootfs/prep/guestos/setup-var/setup-var.if diff --git a/ic-os/rootfs/guestos/prep/setup-var/setup-var.te b/ic-os/rootfs/prep/guestos/setup-var/setup-var.te similarity index 100% rename from ic-os/rootfs/guestos/prep/setup-var/setup-var.te rename to ic-os/rootfs/prep/guestos/setup-var/setup-var.te diff --git a/ic-os/rootfs/guestos/prep/systemd-fixes/systemd-fixes.if b/ic-os/rootfs/prep/guestos/systemd-fixes/systemd-fixes.if similarity index 100% rename from ic-os/rootfs/guestos/prep/systemd-fixes/systemd-fixes.if rename to ic-os/rootfs/prep/guestos/systemd-fixes/systemd-fixes.if diff --git a/ic-os/rootfs/guestos/prep/systemd-fixes/systemd-fixes.te b/ic-os/rootfs/prep/guestos/systemd-fixes/systemd-fixes.te similarity index 100% rename from ic-os/rootfs/guestos/prep/systemd-fixes/systemd-fixes.te rename to ic-os/rootfs/prep/guestos/systemd-fixes/systemd-fixes.te diff --git a/ic-os/rootfs/setupos/prep/fscontext-fixes/fscontext-fixes.fc b/ic-os/rootfs/prep/setupos/fscontext-fixes/fscontext-fixes.fc similarity index 100% rename from ic-os/rootfs/setupos/prep/fscontext-fixes/fscontext-fixes.fc rename to ic-os/rootfs/prep/setupos/fscontext-fixes/fscontext-fixes.fc diff --git a/ic-os/rootfs/setupos/prep/fscontext-fixes/fscontext-fixes.if b/ic-os/rootfs/prep/setupos/fscontext-fixes/fscontext-fixes.if similarity index 100% rename from ic-os/rootfs/setupos/prep/fscontext-fixes/fscontext-fixes.if rename to ic-os/rootfs/prep/setupos/fscontext-fixes/fscontext-fixes.if diff --git a/ic-os/rootfs/setupos/prep/fscontext-fixes/fscontext-fixes.te b/ic-os/rootfs/prep/setupos/fscontext-fixes/fscontext-fixes.te similarity index 100% rename from ic-os/rootfs/setupos/prep/fscontext-fixes/fscontext-fixes.te rename to ic-os/rootfs/prep/setupos/fscontext-fixes/fscontext-fixes.te diff --git a/ic-os/rootfs/setupos/prep/misc-fixes/misc-fixes.if b/ic-os/rootfs/prep/setupos/misc-fixes/misc-fixes.if similarity index 100% rename from ic-os/rootfs/setupos/prep/misc-fixes/misc-fixes.if rename to ic-os/rootfs/prep/setupos/misc-fixes/misc-fixes.if diff --git a/ic-os/rootfs/setupos/prep/misc-fixes/misc-fixes.te b/ic-os/rootfs/prep/setupos/misc-fixes/misc-fixes.te similarity index 100% rename from ic-os/rootfs/setupos/prep/misc-fixes/misc-fixes.te rename to ic-os/rootfs/prep/setupos/misc-fixes/misc-fixes.te diff --git a/ic-os/rootfs/setupos/prep/prep.sh b/ic-os/rootfs/prep/setupos/prep.sh similarity index 100% rename from ic-os/rootfs/setupos/prep/prep.sh rename to ic-os/rootfs/prep/setupos/prep.sh diff --git a/ic-os/rootfs/setupos/prep/systemd-fixes/systemd-fixes.if b/ic-os/rootfs/prep/setupos/systemd-fixes/systemd-fixes.if similarity index 100% rename from ic-os/rootfs/setupos/prep/systemd-fixes/systemd-fixes.if rename to ic-os/rootfs/prep/setupos/systemd-fixes/systemd-fixes.if diff --git a/ic-os/rootfs/setupos/prep/systemd-fixes/systemd-fixes.te b/ic-os/rootfs/prep/setupos/systemd-fixes/systemd-fixes.te similarity index 100% rename from ic-os/rootfs/setupos/prep/systemd-fixes/systemd-fixes.te rename to ic-os/rootfs/prep/setupos/systemd-fixes/systemd-fixes.te diff --git a/ic-os/rootfs/setupos.bzl b/ic-os/rootfs/setupos.bzl index 805a9015ebd..2c00a63e2f0 100644 --- a/ic-os/rootfs/setupos.bzl +++ b/ic-os/rootfs/setupos.bzl @@ -3,27 +3,7 @@ Enumerate every rootfs file dependency for SetupOS """ rootfs_files = { - # prep files: - Label("setupos/prep/fscontext-fixes/fscontext-fixes.fc"): "/prep/fscontext-fixes/fscontext-fixes.fc", - Label("setupos/prep/fscontext-fixes/fscontext-fixes.if"): "/prep/fscontext-fixes/fscontext-fixes.if", - Label("setupos/prep/fscontext-fixes/fscontext-fixes.te"): "/prep/fscontext-fixes/fscontext-fixes.te", - Label("setupos/prep/misc-fixes/misc-fixes.if"): "/prep/misc-fixes/misc-fixes.if", - Label("setupos/prep/misc-fixes/misc-fixes.te"): "/prep/misc-fixes/misc-fixes.te", - Label("setupos/prep/prep.sh"): "/prep/prep.sh", - Label("setupos/prep/systemd-fixes/systemd-fixes.if"): "/prep/systemd-fixes/systemd-fixes.if", - Label("setupos/prep/systemd-fixes/systemd-fixes.te"): "/prep/systemd-fixes/systemd-fixes.te", - - # consolidated files: - Label("misc/fetch-property/setupos/fetch-property.sh"): "/opt/ic/bin/fetch-property.sh", - Label("upgrade/systemd-generators/systemd-gpt-auto-generator"): "/etc/systemd/system-generators/systemd-gpt-auto-generator", - Label("misc/serial-getty@/setupos/serial-getty@.service"): "/etc/systemd/system/serial-getty@.service", - Label("early-boot/setup-hostname/hostname-setupos"): "/etc/hostname", - Label("networking/generate-network-config/setupos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", - Label("networking/fallback.conf"): "/etc/systemd/resolved.conf.d/fallback.conf", - Label("networking/resolv.conf"): "/etc/resolv.conf", - Label("networking/hosts"): "/etc/hosts", - Label("early-boot/fstab/fstab-setupos"): "/etc/fstab", - Label("early-boot/locale"): "/etc/default/locale", + # setupos-scripts Label("setupos-scripts/check-setupos-age.sh"): "/opt/ic/bin/check-setupos-age.sh", Label("setupos-scripts/config.sh"): "/opt/ic/bin/config.sh", Label("setupos-scripts/devices.sh"): "/opt/ic/bin/devices.sh", @@ -37,5 +17,33 @@ rootfs_files = { Label("setupos-scripts/setupos.sh"): "/opt/ic/bin/setupos.sh", Label("setupos-scripts/config.service"): "/etc/systemd/system/config.service", Label("setupos-scripts/setupos.service"): "/etc/systemd/system/setupos.service", + + # early-boot + Label("early-boot/setup-hostname/hostname-setupos"): "/etc/hostname", + Label("early-boot/fstab/fstab-setupos"): "/etc/fstab", + Label("early-boot/locale"): "/etc/default/locale", Label("early-boot/initramfs-tools/setupos/initramfs.conf"): "/etc/initramfs-tools/initramfs.conf", + + # misc + Label("misc/fetch-property/setupos/fetch-property.sh"): "/opt/ic/bin/fetch-property.sh", + Label("misc/serial-getty@/setupos/serial-getty@.service"): "/etc/systemd/system/serial-getty@.service", + + # networking + Label("networking/generate-network-config/setupos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service", + Label("networking/fallback.conf"): "/etc/systemd/resolved.conf.d/fallback.conf", + Label("networking/resolv.conf"): "/etc/resolv.conf", + Label("networking/hosts"): "/etc/hosts", + + # prep + Label("prep/setupos/fscontext-fixes/fscontext-fixes.fc"): "/prep/fscontext-fixes/fscontext-fixes.fc", + Label("prep/setupos/fscontext-fixes/fscontext-fixes.if"): "/prep/fscontext-fixes/fscontext-fixes.if", + Label("prep/setupos/fscontext-fixes/fscontext-fixes.te"): "/prep/fscontext-fixes/fscontext-fixes.te", + Label("prep/setupos/misc-fixes/misc-fixes.if"): "/prep/misc-fixes/misc-fixes.if", + Label("prep/setupos/misc-fixes/misc-fixes.te"): "/prep/misc-fixes/misc-fixes.te", + Label("prep/setupos/prep.sh"): "/prep/prep.sh", + Label("prep/setupos/systemd-fixes/systemd-fixes.if"): "/prep/systemd-fixes/systemd-fixes.if", + Label("prep/setupos/systemd-fixes/systemd-fixes.te"): "/prep/systemd-fixes/systemd-fixes.te", + + # upgrade + Label("upgrade/systemd-generators/systemd-gpt-auto-generator"): "/etc/systemd/system-generators/systemd-gpt-auto-generator", } diff --git a/ic-os/rootfs/misc/install-upgrade.sh b/ic-os/rootfs/upgrade/install-upgrade.sh similarity index 100% rename from ic-os/rootfs/misc/install-upgrade.sh rename to ic-os/rootfs/upgrade/install-upgrade.sh