Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐧 Add Ubuntu flavors for RPi #1170

Merged
merged 34 commits into from
May 12, 2023
Merged

🐧 Add Ubuntu flavors for RPi #1170

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
cfe9275
added initial Dockerfile for ubuntu-arm-rpi flavor
c0ffee Feb 3, 2023
980f3e8
added Dockerfiles for the other ubuntu arm rpi flavors
c0ffee Feb 3, 2023
a9e7e9c
added overlay files for ubuntu-arm-rpi
c0ffee Feb 4, 2023
cd4fbe0
propagate new flavor ubuntu-arm-rpi through repo
c0ffee Feb 3, 2023
f129cae
propagate ubuntu-20-lts-arm-rpi and ubuntu-22-lts-arm-rpi through the…
c0ffee Feb 4, 2023
61a2ecd
ubuntu-20-lts-arm-rpi: use the correct firmware package
c0ffee Feb 6, 2023
54b1b94
use dracut-network-legacy-compat for all ubuntu lts flavors
c0ffee Feb 6, 2023
51fc6ff
one package per line for rpi ubuntu dockerfiles
c0ffee Feb 10, 2023
1bd893e
some cosmetic changes on the rpi dockefiles
c0ffee Feb 10, 2023
9f48810
removed unnecessary network interface files from dockerfile
c0ffee Feb 10, 2023
2cd7d49
hadolint: ignore apt pinned version and missing no-install-recommend …
c0ffee Feb 10, 2023
0757af0
added explicit systemd-timesyncd to rpi dockerfiles
c0ffee Feb 11, 2023
e583914
removed more unneeded apt-get clean from dockerfiles
c0ffee Feb 11, 2023
3489deb
minor name corrections and removing commented out stuff
c0ffee Feb 11, 2023
b0ab50a
Change sizes for rpi ubuntu images
mauromorales Mar 22, 2023
3f72b02
Lint
mauromorales Mar 22, 2023
0536e42
This was fixed on #821
mauromorales Apr 13, 2023
90d8091
Keep use of cos instead of kairos in bootargs.cfg
mauromorales Apr 13, 2023
004cb74
Add ports to RPi Docker images
mauromorales Apr 18, 2023
5b80ef4
Force platform arm64 on all-arm target
mauromorales May 2, 2023
2cc0de0
Use model to generate the generic ubuntu arm image
mauromorales May 3, 2023
e902861
lint and apply changes to other ubuntu versions
mauromorales May 4, 2023
339f278
force platform and model for all-arm
mauromorales May 4, 2023
4dadfc8
Add missing reference in dockerfiles
mauromorales May 4, 2023
0ff820a
Increment trivy timeout
mauromorales May 5, 2023
80f2523
Update packages for 20.04
mauromorales May 5, 2023
7891ec9
Remove dl3015
mauromorales May 9, 2023
483c444
Fix issue with ubuntu arm rpi overlay files
mauromorales May 10, 2023
3b0136d
Refactor overlay files for rpi
mauromorales May 10, 2023
0d01f87
Part of last commit
mauromorales May 10, 2023
6dbb827
Pass model to framework
mauromorales May 11, 2023
360eb52
No need to have a different persistency config for the rpi
mauromorales May 11, 2023
17abf4f
Disable rpi-eeprom-update
mauromorales May 11, 2023
5d6e6fb
review feedback
mauromorales May 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion .github/flavors-arm.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,17 @@
{
"flavor": "alpine-arm-rpi",
"model": "rpi64"
},
{
"flavor": "ubuntu-arm-rpi",
"model": "rpi64"
},
{
"flavor": "ubuntu-20-lts-arm-rpi",
"model": "rpi64"
},
{
"flavor": "ubuntu-22-lts-arm-rpi",
"model": "rpi64"
}
]
]
81 changes: 52 additions & 29 deletions Earthfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,24 +36,30 @@ ARG IMAGE_REPOSITORY_ORG=quay.io/kairos


all:
ARG SECURITY_SCANS=true
BUILD +image
BUILD +image-sbom
BUILD +trivy-scan
BUILD +grype-scan
IF [ "$SECURITY_SCANS" = "true" ]
BUILD +image-sbom
BUILD +trivy-scan
BUILD +grype-scan
END
BUILD +iso
BUILD +netboot
BUILD +ipxe-iso

all-arm:
BUILD --platform=linux/arm64 +image
BUILD +image-sbom
BUILD +trivy-scan
BUILD +grype-scan
BUILD +arm-image
ARG SECURITY_SCANS=true
BUILD --platform=linux/arm64 +image --MODEL=rpi64
IF [ "$SECURITY_SCANS" = "true" ]
BUILD --platform=linux/arm64 +image-sbom --MODEL=rpi64
BUILD --platform=linux/arm64 +trivy-scan --MODEL=rpi64
BUILD --platform=linux/arm64 +grype-scan --MODEL=rpi64
END
BUILD +arm-image --MODEL=rpi64

all-arm-generic:
BUILD --platform=linux/arm64 +image
BUILD --platform=linux/arm64 +iso
BUILD --platform=linux/arm64 +image --MODEL=generic
BUILD --platform=linux/arm64 +iso --MODEL=generic

go-deps-test:
ARG GO_VERSION
Expand Down Expand Up @@ -186,27 +192,29 @@ framework-luet:
framework:
FROM alpine
ARG FLAVOR
ARG MODEL
# This ARG does nothing?
ARG VERSION
COPY +framework-luet/framework-luet /framework

# Copy overlay files
# TODO: Make this also a package?
COPY overlay/files /framework
# Copy flavor-specific overlay files
IF [ "$FLAVOR" = "alpine-opensuse-leap" ] || [ "$FLAVOR" = "alpine-ubuntu" ]
COPY overlay/files-alpine/ /framework

# Copy common overlay files for Raspberry Pi
IF [ "$MODEL" = "rpi64" ]
COPY overlay/files-rpi/ /framework
END

IF [ "$FLAVOR" = "alpine-arm-rpi" ]

# Copy flavor-specific overlay files
IF [[ "$FLAVOR" =~ ^alpine* ]]
COPY overlay/files-alpine/ /framework
COPY overlay/files-opensuse-arm-rpi/ /framework
ELSE IF [ "$FLAVOR" = "opensuse-leap-arm-rpi" ] || [ "$FLAVOR" = "opensuse-tumbleweed-arm-rpi" ]
COPY overlay/files-opensuse-arm-rpi/ /framework
ELSE IF [ "$FLAVOR" = "fedora" ] || [ "$FLAVOR" = "rockylinux" ]
COPY overlay/files-fedora/ /framework
ELSE IF [ "$FLAVOR" = "debian" ] || [ "$FLAVOR" = "ubuntu" ] || [ "$FLAVOR" = "ubuntu-20-lts" ] || [ "$FLAVOR" = "ubuntu-22-lts" ]
COPY overlay/files-ubuntu/ /framework
ELSE IF [[ "$FLAVOR" =~ ^ubuntu-arm* ]]
COPY overlay/files-ubuntu-arm-rpi/ /framework
END

SAVE ARTIFACT --keep-own /framework/ framework
Expand All @@ -226,11 +234,12 @@ framework-image:
SAVE IMAGE --push $IMAGE_REPOSITORY_ORG/framework:${VERSION}_${FLAVOR}

base-image:
ARG MODEL
ARG FLAVOR
ARG VARIANT
IF [ "$BASE_IMAGE" = "" ]
# Source the flavor-provided docker file
FROM DOCKERFILE -f images/Dockerfile.$FLAVOR .
FROM DOCKERFILE --build-arg MODEL=$MODEL -f images/Dockerfile.$FLAVOR .
ELSE
FROM $BASE_IMAGE
END
Expand All @@ -247,7 +256,7 @@ base-image:
END

# Includes overlay/files
COPY (+framework/framework --FLAVOR=$FLAVOR --VERSION=$OS_VERSION) /
COPY (+framework/framework --FLAVOR=$FLAVOR --VERSION=$OS_VERSION --MODEL=$MODEL) /

RUN rm -rf /etc/machine-id && touch /etc/machine-id && chmod 444 /etc/machine-id

Expand Down Expand Up @@ -303,7 +312,7 @@ base-image:

# END

IF [ "$FLAVOR" = "ubuntu-20-lts" ] || [ "$FLAVOR" = "ubuntu" ] || [ "$FLAVOR" = "ubuntu-22-lts" ]
IF [[ "$FLAVOR" =~ ^ubuntu* ]]
# compress firmware
RUN find /usr/lib/firmware -type f -execdir zstd --rm -9 {} \+
# compress modules
Expand Down Expand Up @@ -355,6 +364,7 @@ image:
FROM +base-image
ARG FLAVOR
ARG VARIANT
ARG MODEL
ARG KAIROS_VERSION
IF [ "$KAIROS_VERSION" = "" ]
COPY +version/VERSION ./
Expand All @@ -366,6 +376,7 @@ image:
ARG OS_VERSION=${KAIROS_VERSION}
END
ARG OS_ID
# should we add the model to the resulting iso?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you mean in /etc/os-release? Consider moving it here: #1365

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess to the name. That its a good point. we probably need to rethink the iso naming somehow as it should probably also include the ARCH+MODEL if they are special so we can provide arm64-generic, and arm64-rpi and in the future arm64-nvidia or whatever?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yup indeed to the name of the resulting file whether iso or img

ARG OS_NAME=${OS_ID}-${VARIANT}-${FLAVOR}
ARG OS_REPO=quay.io/kairos/${VARIANT}-${FLAVOR}
ARG OS_LABEL=latest
Expand Down Expand Up @@ -436,21 +447,33 @@ netboot:

arm-image:
ARG OSBUILDER_IMAGE
ARG COMPRESS_IMG=true
FROM $OSBUILDER_IMAGE
ARG MODEL=rpi64
ARG IMAGE_NAME=${FLAVOR}.img
WORKDIR /build
ENV STATE_SIZE="6200"
ENV RECOVERY_SIZE="4200"
# These sizes are in MB
ENV SIZE="15200"
ENV DEFAULT_ACTIVE_SIZE="2000"
IF [[ "$FLAVOR" =~ ^ubuntu* ]]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hate this. This should probably come from some env files where its clear what goes with what flavor and such. Not for this PR

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, can it be done in the /etc/elemental/config.yaml that we include?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah probably not cuz this here has precedence when creating the image ... ok will open an issue

ENV STATE_SIZE="6900"
ENV RECOVERY_SIZE="4600"
ENV DEFAULT_ACTIVE_SIZE="2300"
ELSE
ENV STATE_SIZE="6200"
ENV RECOVERY_SIZE="4200"
ENV DEFAULT_ACTIVE_SIZE="2000"
END
COPY --platform=linux/arm64 +image-rootfs/rootfs /build/image
# With docker is required for loop devices
WITH DOCKER --allow-privileged
RUN /build-arm-image.sh --use-lvm --model $MODEL --directory "/build/image" /build/$IMAGE_NAME
END
RUN xz -v /build/$IMAGE_NAME
SAVE ARTIFACT /build/$IMAGE_NAME.xz img AS LOCAL build/$IMAGE_NAME.xz
IF [ "$COMPRESS_IMG" = "true" ]
RUN xz -v /build/$IMAGE_NAME
SAVE ARTIFACT /build/$IMAGE_NAME.xz img AS LOCAL build/$IMAGE_NAME.xz
ELSE
SAVE ARTIFACT /build/$IMAGE_NAME img AS LOCAL build/$IMAGE_NAME
END
SAVE ARTIFACT /build/$IMAGE_NAME.sha256 img-sha256 AS LOCAL build/$IMAGE_NAME.sha256

ipxe-iso:
Expand Down Expand Up @@ -511,9 +534,9 @@ trivy-scan:
ARG FLAVOR
ARG VARIANT
WORKDIR /build
RUN /trivy filesystem --skip-dirs /tmp --format sarif -o report.sarif --no-progress /
RUN /trivy filesystem --skip-dirs /tmp --format template --template "@/contrib/html.tpl" -o report.html --no-progress /
RUN /trivy filesystem --skip-dirs /tmp -f json -o results.json --no-progress /
RUN /trivy filesystem --skip-dirs /tmp --timeout 30m --format sarif -o report.sarif --no-progress /
RUN /trivy filesystem --skip-dirs /tmp --timeout 30m --format template --template "@/contrib/html.tpl" -o report.html --no-progress /
RUN /trivy filesystem --skip-dirs /tmp --timeout 30m -f json -o results.json --no-progress /
SAVE ARTIFACT /build/report.sarif report.sartif AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.sarif
SAVE ARTIFACT /build/report.html report.html AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.html
SAVE ARTIFACT /build/results.json results.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.json
Expand Down
5 changes: 3 additions & 2 deletions docs/content/en/docs/Reference/image_matrix.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Base images are tagged with specific upstream versions (e.g. Ubuntu 20 LTS is pi
| **Fedora based** | [core][c-fedora], [standard][k-fedora] | |
| **openSUSE Leap based** | [core][c-opensuse-leap], [standard][k-opensuse-leap] | [core][c-opensuse-leap-arm-rpi], [core-img][c-opensuse-leap-arm-rpi-img], [standard][k-opensuse-leap-arm-rpi], [standard-img][k-opensuse-leap-arm-rpi-img] |
| **openSUSE Tumbleweed based** | [core][c-opensuse-tumbleweed], [standard][k-opensuse-tumbleweed] | [core][c-opensuse-tumbleweed-arm-rpi], [standard][k-opensuse-tumbleweed-arm-rpi] |
| **Ubuntu based (rolling)** ** | [core][c-ubuntu], [standard][k-ubuntu] | |
| **Ubuntu based (rolling)** ** | [core][c-ubuntu], [standard][k-ubuntu] | [core][c-ubuntu-rpi], [standard][k-ubuntu-rpi] |
| **Ubuntu based (22 LTS)** ** | [core][c-ubuntu-22-lts], [standard][k-ubuntu-22-lts] | |
| **Ubuntu based (20 LTS)** ** | [core][c-ubuntu-20-lts], [standard][k-ubuntu-20-lts] | |
| **Rocky Linux based** | [core][c-rockylinux], [standard][k-rockylinux] | |
Expand All @@ -52,6 +52,7 @@ Base images are tagged with specific upstream versions (e.g. Ubuntu 20 LTS is pi
[c-ubuntu]: https://quay.io/repository/kairos/core-ubuntu
[c-ubuntu-22-lts]: https://quay.io/repository/kairos/core-ubuntu-22-lts
[c-ubuntu-20-lts]: https://quay.io/repository/kairos/core-ubuntu-20-lts
[c-ubuntu-rpi]: https://quay.io/repository/kairos/core-ubuntu-arm-rpi
[c-rockylinux]: https://quay.io/repository/kairos/core-rockylinux

[k-alpine-opensuse-leap]: https://quay.io/repository/kairos/kairos-alpine-opensuse-leap
Expand All @@ -69,9 +70,9 @@ Base images are tagged with specific upstream versions (e.g. Ubuntu 20 LTS is pi
[k-ubuntu]: https://quay.io/repository/kairos/kairos-ubuntu
[k-ubuntu-22-lts]: https://quay.io/repository/kairos/kairos-ubuntu-22-lts
[k-ubuntu-20-lts]: https://quay.io/repository/kairos/kairos-ubuntu-20-lts
[k-ubuntu-rpi]: https://quay.io/repository/kairos/kairos-ubuntu-arm-rpi
[k-rockylinux]: https://quay.io/repository/kairos/kairos-rockylinux


{{% alert title="Note" color="info" %}}

** The `ubuntu` flavor tracks the latest available Ubuntu release (at the time of writing 22.10). The LTS flavors, on the other hand, track the latest LTS available on DockerHub. For example, ubuntu-22-lts uses 22.04 as the base image.
Expand Down
9 changes: 9 additions & 0 deletions framework-profile.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,15 @@ flavors:
ubuntu:
- systemd-base
- dracut-network-legacy
ubuntu-arm-rpi:
- systemd-base
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably need to start grouping this below and just have a single "metapackage" here to not repeat ourselves this much.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean using anchors? or what is a meta package?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, see how you mark here systemd-base and then below you can see that it contains 2 packages: init-svc/systemd and systemd-default/network ? So Im thinking that we may need to just merge more of the stuff seeing that there is a clear repetition here with systemd-base and dracut-network-legacy*

so something similar to those, like ubuntu-base that includes all those packages, or something shared that includes all of that so its a one line for all. Dont know how, just thinking out loud seeing that this keeps frowing and lines repeating :D

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I get your point now. Yeah I agree, I had the same feeling that this was lots of duplication but didn't know how this part integrates to be able to suggest a recommendation. I'll create an issue out of your comment.

- dracut-network-legacy
ubuntu-20-lts-arm-rpi:
- systemd-base
- dracut-network-legacy-compat
ubuntu-22-lts-arm-rpi:
- systemd-base
- dracut-network-legacy-compat
ubuntu-22-lts:
- systemd-base
- dracut-network-legacy-compat
Expand Down
79 changes: 79 additions & 0 deletions images/Dockerfile.ubuntu-20-lts-arm-rpi
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
ARG BASE_IMAGE=ubuntu:20.04
ARG MODEL=generic

FROM $BASE_IMAGE as base
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install -y software-properties-common \
&& add-apt-repository ppa:oibaf/test \
&& apt-get clean && rm -rf /var/lib/apt/lists/*

FROM base AS generic
RUN apt-get update && apt-get install -y linux-base \
linux-image-generic-hwe-22.04 \
&& apt-get clean && rm -rf /var/lib/apt/lists/*

FROM base AS rpi64
# Normally we install also linux-modules-extra-raspi but this is not available for 20.04, not sure what's the impact to
# remove it.
RUN apt-get update && apt-get install -y linux-firmware-raspi2 \
linux-raspi \
&& apt-get clean && rm -rf /var/lib/apt/lists/*

FROM ${MODEL} AS all
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I...dont get this.

So if we call this with the generic model it will run:

  • FROM $BASE_IMAGE as base
  • FROM base AS generic
  • FROM ${MODEL} AS all

but all its still installing the linux-raspi kernel no? dont we want the rpi to install those packages only? Wont we end up with a generic image that has both kernels inside and the possibility of linking to it?

Copy link
Member Author

@mauromorales mauromorales May 12, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I didn't find it very intuitive at first, but I'm finding it quite helpful now, feels a bit like Earthly ... anyways, my understanding is that all is the requested target (because it's the last one?) and depending on it's base it will only build generic or rpi64. And it properly ignores all the targets it doesn't need to build

see: https://docs.docker.com/build/building/multi-stage/#differences-between-legacy-builder-and-buildkit


FROM all
RUN apt-get update && apt-get install -y \
conntrack \
console-data \
coreutils \
curl \
debianutils \
dosfstools \
dracut \
dracut-network \
e2fsprogs \
gawk \
gdisk \
grub-efi-arm64-bin \
grub2-common \
haveged \
iproute2 \
iptables \
jq \
linux-firmware-raspi2 \
linux-raspi \
lldpd \
nano \
neovim \
open-vm-tools \
openssh-server \
parted \
policykit-1 \
rpi-eeprom \
rsync \
snapd \
snmpd \
squashfs-tools \
sudo \
systemd \
systemd-timesyncd \
tar \
&& apt-get clean && rm -rf /var/lib/apt/lists/*

RUN ln -s /usr/sbin/grub-install /usr/sbin/grub2-install
RUN ln -s /usr/bin/grub-editenv /usr/bin/grub2-editenv
RUN systemctl enable systemd-networkd
RUN systemctl enable ssh
RUN systemctl disable rpi-eeprom-update

# Enable tmp
RUN cp -v /usr/share/systemd/tmp.mount /etc/systemd/system/
RUN systemctl enable tmp.mount

# Fixup sudo perms
RUN chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo


# Clear cache
RUN rm -rf /var/cache/* && journalctl --vacuum-size=1K && rm /etc/machine-id && rm /var/lib/dbus/machine-id && rm /etc/hostname
Loading