diff --git a/Earthfile b/Earthfile index f393d8ce..7d58c7ff 100644 --- a/Earthfile +++ b/Earthfile @@ -286,6 +286,7 @@ build-uki-iso: ENV ISO_NAME=${ISO_NAME} COPY overlay/files-iso/ /overlay/ COPY --if-exists +validate-user-data/user-data /overlay/config.yaml + COPY --platform=linux/${ARCH} +stylus-image-pack/stylus-image.tar /overlay/stylus-image.tar COPY --platform=linux/${ARCH} (+third-party/luet --binary=luet) /overlay/luet COPY --if-exists "$EDGE_CUSTOM_CONFIG" /overlay/.edge_custom_config.yaml @@ -772,12 +773,7 @@ base-image: rm -rf /var/lib/apt/lists/* RUN kernel=$(ls /boot/vmlinuz-* | tail -n1) && \ ln -sf "${kernel#/boot/}" /boot/vmlinuz - # Skip dracut when FIPS is enabled - the Dockerfile will include custom dracut modules.fips - IF [ "$FIPS_ENABLED" = "false" ] - RUN kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ - dracut -f "/boot/initrd-${kernel}" "${kernel}" && \ - ln -sf "initrd-${kernel}" /boot/initrd - END + RUN kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ depmod -a "${kernel}" @@ -806,7 +802,6 @@ base-image: IF [ -e "/usr/bin/dracut" ] RUN --no-cache kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && depmod -a "${kernel}" - RUN --no-cache kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && dracut -f "/boot/initrd-${kernel}" "${kernel}" && ln -sf "initrd-${kernel}" /boot/initrd END RUN zypper install -y zstd vim iputils bridge-utils curl ethtool tcpdump && \ @@ -825,6 +820,22 @@ base-image: RUN yum install -y openssl rsyslog logrotate END + # Non-FIPS: strip np* phys-port suffixes from predictable NIC names (bare metal). + # Install-only via /oem marker (see cloudconfigs/80_canvos_net_naming.yaml). + # Installed for all OS/arch (ubuntu, opensuse-leap, sles, rhel) and image types + # (ISO, UKI, cloud/agent-mode AWS, MAAS). Legacy day-2 upgrades keep long names. + IF [ "$FIPS_ENABLED" = "false" ] + COPY overlay/files/usr/lib/canvos/canvos-strip-np-suffix /usr/lib/canvos/canvos-strip-np-suffix + RUN chmod 755 /usr/lib/canvos/canvos-strip-np-suffix + COPY overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules /etc/udev/rules.d/99-canvos-net-naming.rules + COPY cloudconfigs/80_canvos_net_naming.yaml /etc/kairos/80_canvos_net_naming.yaml + IF [ "$IS_UKI" = "false" ] && [ -e "/usr/bin/dracut" ] + RUN --no-cache kernel=$(printf '%s\n' /lib/modules/* | xargs -n1 basename | sort -V | tail -1) && \ + dracut -f "/boot/initrd-${kernel}" "${kernel}" && \ + ln -sf "initrd-${kernel}" /boot/initrd + END + END + DO +OS_RELEASE --OS_VERSION=$KAIROS_VERSION DO +KAIROS_RELEASE --OS_VERSION=$OS_VERSION --OS_DISTRIBUTION=$OS_DISTRIBUTION --ARCH=$ARCH --IS_MAAS=$IS_MAAS @@ -848,6 +859,7 @@ base-image: RUN if ! grep -Fq "systemd.unified_cgroup_hierarchy=1" /etc/cos/bootargs.cfg; then \ sed -i 's|\(set baseCmd="[^"]*\)"|\1 systemd.unified_cgroup_hierarchy=1"|' /etc/cos/bootargs.cfg; \ fi + END KAIROS_RELEASE: diff --git a/cloudconfigs/80_canvos_net_naming.yaml b/cloudconfigs/80_canvos_net_naming.yaml new file mode 100644 index 00000000..4a986984 --- /dev/null +++ b/cloudconfigs/80_canvos_net_naming.yaml @@ -0,0 +1,25 @@ +#cloud-config +stages: + after-install: + - name: "Enable CanvOS np suffix stripping on fresh install" + if: '[ ! -f $STYLUS_ROOT/opt/spectrocloud/state/agent-mode ]' + commands: + - mkdir -p /etc/canvos + - touch /etc/canvos/strip-np-enabled + - if: '[ ! -e "/run/cos/uki_boot_mode" ] && [ ! -e "/run/cos/uki_install_mode" ] && [ ! -f $STYLUS_ROOT/opt/spectrocloud/state/agent-mode ]' + name: "Persist CanvOS np suffix stripping marker on oem" + commands: + - if mount | grep /oem >/dev/null; then umount /oem || /bin/true; fi + - mount $(findfs PARTLABEL=oem) /oem + - touch /oem/.canvos-strip-np-enabled + - umount /oem || /bin/true + - if: '[ -e "/run/cos/uki_install_mode" ] && [ ! -f $STYLUS_ROOT/opt/spectrocloud/state/agent-mode ]' + name: "Persist CanvOS np suffix stripping marker on oem (UKI)" + commands: + - if mount | grep /oem >/dev/null; then umount /oem || /bin/true; fi + - for d in /dev/mapper/*; do if [ ! "$d" = "/dev/mapper/control" ]; then cryptsetup close $d; fi; done + - /usr/lib/systemd/systemd-cryptsetup attach oem $(findfs PARTLABEL=oem) - tpm2-device=auto + - mount /dev/mapper/oem /oem + - touch /oem/.canvos-strip-np-enabled + - if mount | grep /oem >/dev/null; then umount /oem || /bin/true; fi + - if [ -e /dev/mapper/oem ]; then cryptsetup close /dev/mapper/oem; fi diff --git a/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules b/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules new file mode 100644 index 00000000..c5dc5ff6 --- /dev/null +++ b/overlay/files/etc/udev/rules.d/99-canvos-net-naming.rules @@ -0,0 +1,6 @@ +# Shorten bare-metal NIC names like eno12399np0 -> eno12399 after 80-net-setup-link. +# Install-only: enabled when /oem/.canvos-strip-np-enabled exists (fresh install). +# Safe no-op for legacy nodes, VMware/AWS ens*, and agent-mode cloud VMs. +SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME}=="?*", \ + PROGRAM="/usr/lib/canvos/canvos-strip-np-suffix %E{ID_NET_NAME}", \ + NAME="%c" diff --git a/overlay/files/usr/lib/canvos/canvos-strip-np-suffix b/overlay/files/usr/lib/canvos/canvos-strip-np-suffix new file mode 100755 index 00000000..7e0efd49 --- /dev/null +++ b/overlay/files/usr/lib/canvos/canvos-strip-np-suffix @@ -0,0 +1,25 @@ +#!/bin/sh +# Strip trailing np suffix from predictable interface names assigned by udev. +# Enabled only on fresh installs (marker on /oem or /etc). Legacy nodes pass through. +# Names without np* (VMware ens*, AWS ens*, etc.) are unchanged either way. +set -eu + +name=${1:-} +if [ -z "$name" ]; then + exit 1 +fi + +for marker in \ + /oem/.canvos-strip-np-enabled \ + /etc/canvos/strip-np-enabled \ + /sysroot/oem/.canvos-strip-np-enabled \ + /sysroot/etc/canvos/strip-np-enabled +do + if [ -f "$marker" ]; then + short=$(printf '%s' "$name" | sed -E 's/np[0-9]+$//') + printf '%s\n' "$short" | cut -c1-15 + exit 0 + fi +done + +printf '%s\n' "$name" | cut -c1-15