-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bootstrap-commands: implement bootstrap command execution
- Loading branch information
1 parent
17abbba
commit 865ad4b
Showing
15 changed files
with
548 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
d /etc/bootstrap-commands 0750 root root - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
[required-extensions] | ||
bootstrap-commands= "v1" | ||
std = { version = "v1", helpers = ["if_not_null", "toml_encode"]} | ||
+++ | ||
{{#if_not_null settings.bootstrap-commands}} | ||
{{#each settings.bootstrap-commands}} | ||
[bootstrap-commands."{{@key}}"] | ||
{{#if_not_null this.commands}} | ||
commands = {{ toml_encode this.commands }} | ||
{{/if_not_null}} | ||
{{#if_not_null this.mode}} | ||
mode = "{{{this.mode}}}" | ||
{{/if_not_null}} | ||
{{#if_not_null this.essential}} | ||
essential = {{this.essential}} | ||
{{/if_not_null}} | ||
{{/each}} | ||
{{/if_not_null}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
[Unit] | ||
Description=Bootstrap Commands | ||
# We depend on systemd-logind.service for running systemd-inhibit. | ||
After=systemd-logind.service settings-applier.service apiserver.service | ||
Requires=systemd-logind.service settings-applier.service apiserver.service | ||
RefuseManualStart=true | ||
RefuseManualStop=true | ||
|
||
[Service] | ||
Type=oneshot | ||
ExecStart=/usr/bin/systemd-inhibit --what=shutdown --why="Running bootstrap commands" --mode=delay /usr/bin/bootstrap-commands | ||
RemainAfterExit=true | ||
StandardError=journal+console | ||
SyslogIdentifier=bootstrap-commands | ||
|
||
[Install] | ||
RequiredBy=preconfigured.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -32,6 +32,7 @@ Source17: corndog-toml | |
Source18: bootstrap-containers-toml | ||
Source19: host-containers-toml | ||
Source20: bottlerocket-fips-checks-metadata-json | ||
Source21: bootstrap-commands-toml | ||
|
||
# 1xx sources: systemd units | ||
Source100: apiserver.service | ||
|
@@ -52,13 +53,15 @@ Source119: reboot-if-required.service | |
Source120: warm-pool-wait.service | ||
Source122: has-boot-ever-succeeded.service | ||
Source123: pluto.service | ||
Source124: bootstrap-commands.service | ||
|
||
# 2xx sources: tmpfilesd configs | ||
Source200: migration-tmpfiles.conf | ||
Source201: host-containers-tmpfiles.conf | ||
Source202: thar-be-updates-tmpfiles.conf | ||
Source203: bootstrap-containers-tmpfiles.conf | ||
Source204: storewolf-tmpfiles.conf | ||
Source205: bootstrap-commands-tmpfiles.conf | ||
|
||
# 3xx sources: udev rules | ||
Source300: ephemeral-storage.rules | ||
|
@@ -74,6 +77,7 @@ BuildRequires: %{_cross_os}glibc-devel | |
Requires: %{_cross_os}apiclient | ||
Requires: %{_cross_os}apiserver | ||
Requires: %{_cross_os}bloodhound | ||
Requires: %{_cross_os}bootstrap-commands | ||
Requires: %{_cross_os}corndog | ||
Requires: %{_cross_os}certdog | ||
Requires: %{_cross_os}ghostdog | ||
|
@@ -246,6 +250,11 @@ Requires: %{_cross_os}binutils | |
%description -n %{_cross_os}driverdog | ||
%{summary}. | ||
|
||
%package -n %{_cross_os}bootstrap-commands | ||
Summary: Manages bootstrap-commands | ||
%description -n %{_cross_os}bootstrap-commands | ||
%{summary}. | ||
|
||
%package -n %{_cross_os}bootstrap-containers | ||
Summary: Manages bootstrap-containers | ||
Requires: %{_cross_os}host-ctr | ||
|
@@ -350,6 +359,7 @@ echo "** Output from non-static builds:" | |
-p metricdog \ | ||
-p ghostdog \ | ||
-p corndog \ | ||
-p bootstrap-commands \ | ||
-p bootstrap-containers \ | ||
-p prairiedog \ | ||
-p certdog \ | ||
|
@@ -385,7 +395,7 @@ for p in \ | |
storewolf settings-committer \ | ||
migrator prairiedog certdog \ | ||
signpost updog metricdog logdog \ | ||
ghostdog bootstrap-containers \ | ||
ghostdog bootstrap-commands bootstrap-containers \ | ||
shimpei bloodhound \ | ||
bottlerocket-cis-checks \ | ||
bottlerocket-fips-checks \ | ||
|
@@ -473,14 +483,14 @@ if [ -s "%{_cross_repo_root_json}" ] ; then | |
fi | ||
|
||
install -d %{buildroot}%{_cross_templatedir} | ||
install -p -m 0644 %{S:5} %{S:6} %{S:7} %{S:8} %{S:14} %{S:15} %{S:16} %{S:17} %{S:18} %{S:19} \ | ||
install -p -m 0644 %{S:5} %{S:6} %{S:7} %{S:8} %{S:14} %{S:15} %{S:16} %{S:17} %{S:18} %{S:19} %{S:21} \ | ||
%{buildroot}%{_cross_templatedir} | ||
|
||
install -d %{buildroot}%{_cross_unitdir} | ||
install -p -m 0644 \ | ||
%{S:100} %{S:102} %{S:103} %{S:105} \ | ||
%{S:106} %{S:107} %{S:110} %{S:111} %{S:112} \ | ||
%{S:113} %{S:114} %{S:119} %{S:122} %{S:123} \ | ||
%{S:113} %{S:114} %{S:119} %{S:122} %{S:123} %{S:124} \ | ||
%{buildroot}%{_cross_unitdir} | ||
|
||
sed -e 's|PREFIX|%{_cross_prefix}|g' %{S:115} > link-kernel-modules.service | ||
|
@@ -502,6 +512,7 @@ install -p -m 0644 %{S:201} %{buildroot}%{_cross_tmpfilesdir}/host-containers.co | |
install -p -m 0644 %{S:202} %{buildroot}%{_cross_tmpfilesdir}/thar-be-updates.conf | ||
install -p -m 0644 %{S:203} %{buildroot}%{_cross_tmpfilesdir}/bootstrap-containers.conf | ||
install -p -m 0644 %{S:204} %{buildroot}%{_cross_tmpfilesdir}/storewolf.conf | ||
install -p -m 0644 %{S:205} %{buildroot}%{_cross_tmpfilesdir}/bootstrap-commands.conf | ||
|
||
install -d %{buildroot}%{_cross_udevrulesdir} | ||
install -p -m 0644 %{S:300} %{buildroot}%{_cross_udevrulesdir}/80-ephemeral-storage.rules | ||
|
@@ -640,6 +651,12 @@ install -p -m 0644 %{S:400} %{S:401} %{S:402} %{buildroot}%{_cross_licensedir} | |
%{_cross_bindir}/certdog | ||
%{_cross_templatedir}/certdog-toml | ||
|
||
%files -n %{_cross_os}bootstrap-commands | ||
%{_cross_bindir}/bootstrap-commands | ||
%{_cross_unitdir}/bootstrap-commands.service | ||
%{_cross_tmpfilesdir}/bootstrap-commands.conf | ||
%{_cross_templatedir}/bootstrap-commands-toml | ||
|
||
%files -n %{_cross_os}bootstrap-containers | ||
%{_cross_bindir}/bootstrap-containers | ||
%{_cross_unitdir}/[email protected] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
[Login] | ||
# Maximum time a system shutdown or sleep request is delayed due to to an inhibitor lock. | ||
# We set it to 5 minutes to let configurations in bootstrap commands to finish before a restart. | ||
InhibitDelayMaxSec=300 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,6 +23,8 @@ members = [ | |
|
||
"bloodhound", | ||
|
||
"bootstrap-commands", | ||
|
||
"bottlerocket-release", | ||
|
||
"bottlerocket-variant", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
[package] | ||
name = "bootstrap-commands" | ||
version = "0.1.0" | ||
authors = ["Piyush Jena <[email protected]>"] | ||
license = "Apache-2.0 OR MIT" | ||
edition = "2021" | ||
publish = false | ||
build = "build.rs" | ||
# Don't rebuild crate just because of changes to README. | ||
exclude = ["README.md"] | ||
|
||
[dependencies] | ||
base64.workspace = true | ||
constants.workspace = true | ||
log.workspace = true | ||
serde = { workspace = true, features = ["derive"] } | ||
serde_json.workspace = true | ||
simplelog.workspace = true | ||
snafu.workspace = true | ||
toml.workspace = true | ||
itertools.workspace = true | ||
bottlerocket-modeled-types.workspace = true | ||
bottlerocket-settings-models.workspace = true | ||
|
||
[dev-dependencies] | ||
tempfile.workspace = true | ||
|
||
[build-dependencies] | ||
generate-readme.workspace = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# bootstrap-commands | ||
|
||
Current version: 0.1.0 | ||
|
||
## Bootstrap commands | ||
|
||
`bootstrap-commands` ensures that bootstrap commands are executed as defined in the system | ||
settings. It is called by `bootstrap-commands.service` which runs prior to the execution of | ||
`bootstrap-containers`. | ||
|
||
Each bootstrap command is a set of Bottlerocket API commands. The settings are first rendered | ||
into a config file. Then, the system is configured by going through all the bootstrap commands | ||
in lexicographical order and running all the commands inside it. | ||
|
||
### Example: | ||
Given a bootstrap command called `001-test-bootstrap-commands` with the following configuration: | ||
|
||
```toml | ||
[settings.bootstrap-commands.001-test-bootstrap-commands] | ||
commands = [[ "apiclient", "set", "motd=helloworld"]] | ||
essential = true | ||
mode = "always" | ||
``` | ||
This would set `/etc/motd` to "helloworld". | ||
|
||
## Additional Information: | ||
Certain valid `apiclient` commands that work in a session may fail in `bootstrap-commands` | ||
due to relevant services not running at the time of the launch of the systemd service. | ||
|
||
### Example: | ||
```toml | ||
[settings.bootstrap-commands.001-test-bootstrap-commands] | ||
commands = [[ "apiclient", "exec", "admin", "ls"]] | ||
essential = true | ||
mode = "always" | ||
``` | ||
This command fails because `bootstrap-commands.service` which calls this binary is launched | ||
prior to `preconfigured.target` while `[email protected]` which is a requirement for | ||
running "exec" commands are launched after preconfigured.target. | ||
|
||
## Colophon | ||
|
||
This text was generated using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# {{crate}} | ||
|
||
Current version: {{version}} | ||
|
||
{{readme}} | ||
|
||
## Colophon | ||
|
||
This text was generated using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
fn main() { | ||
generate_readme::from_main().unwrap(); | ||
} |
Oops, something went wrong.