github-personal/ucore
1
0
Fork 0
mirror of https://github.com/outbackdingo/ucore.git synced 2026-01-27 10:20:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add a lighter ucore-minimal image (#117)

Browse Source
This commit is contained in:
Benjamin Sherman
2024-01-18 13:16:13 -06:00
committed by GitHub
parent 2ca8ada051
commit 3f6d006820
9 changed files with 119 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/reusable-build.yml vendored
View File

@@ -212,6 +212,7 @@ jobs:
fail-fast: false
matrix:
image_suffix:
- "-minimal"
- ""
- "-hci"
nvidia_tag:
@@ -224,10 +225,12 @@ jobs:
- image_base: ucore
- image_version: ${{ needs.stream_info.outputs.version }}
- pr_prefix: ${{ needs.workflow_info.outputs.pr_prefix }}
- image_suffix: "-minimal"
description: An OCI image of Fedora CoreOS with a few extra tools and suitable for running in a VM
- image_suffix: ""
extra_desc: "n"
description: An OCI image of Fedora CoreOS with a few extra tools, hardware support, and storage utilities
- image_suffix: "-hci"
extra_desc: " hyper-converged infrastructure"
description: A hyper-converged infrastructure OCI image of Fedora CoreOS (storage + hypervisor)
steps:
# Checkout push-to-registry action GitHub repository
@@ -284,7 +287,7 @@ jobs:
labels: |
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/ucore/main/README.md
org.opencontainers.image.description=A${{ matrix.extra_desc }} OCI image of Fedora CoreOS with batteries included
org.opencontainers.image.description=${{ matrix.description }}
org.opencontainers.image.title=${{ matrix.image_base }}${{ matrix.image_suffix }}
org.opencontainers.image.version=${{ matrix.image_version }}

72
README.md
View File

@@ -7,13 +7,30 @@
You should be familiar with [Fedora CoreOS](https://getfedora.org/coreos/), as this is an OCI image of CoreOS with "batteries included". More specifically, it's an opinionated, custom CoreOS image, built daily with some commonly used tools added in. The idea is to make a lightweight server image including most used services or the building blocks to host them.
WARNING: This image has **not** been heavily tested, though the underlying components have. Please take a look at the included modifications and help test if this project interests you.
Please take a look at the included modifications and help us test uCore if the project interests you.
## Images & Features
The uCore project builds four images, each with different tags for different features.
The image names are:
- [`fedora-coreos`](#fedora-coreos)
- [`ucore-minimal`](#ucore-minimal)
- [`ucore`](#ucore)
- [`ucore-hci`](#ucore-hci)
The [tag matrix](#tag-matrix) includes combinations of the following:
- `stable` - for an image based on the Fedora CoreOS stable stream
- `testing` - for an image based on the Fedora CoreOS testing stream
- `nvidia` - for an image which includes nvidia driver and container runtime
- `zfs` - for an image which includes zfs driver and tools
### `fedora-coreos`
**NOTE: formerly named `fedora-coreos-zfs`, that version of the image did not offer the nvidia option. Please update with `rpm-ostree rebase`.**
*NOTE: formerly named `fedora-coreos-zfs`, the previous version of the image did not offer the nvidia option. If on the previous image name, please update with `rpm-ostree rebase`.*
A generic [Fedora CoreOS image](https://quay.io/repository/fedora/fedora-coreos?tab=tags) image with choice of add-on kernel modules:
@@ -26,20 +43,16 @@ A generic [Fedora CoreOS image](https://quay.io/repository/fedora/fedora-coreos?
*NOTE: currently, zincati fails to start on systems with OCI based deployments (like uCore). Upstream efforts are active to correct this.*
### `ucore`
### `ucore-minimal`
Suitable for running containerized workloads on either baremetal or virtual machines, this image tries to stay lightweight but functional for multiple use cases, including that of a storage server (NAS).
Suitable for running containerized workloads on either bare metal or virtual machines, this image tries to stay lightweight but functional.
- Starts with a [Fedora CoreOS image](https://quay.io/repository/fedora/fedora-coreos?tab=tags)
- Adds the following:
- [cockpit](https://cockpit-project.org)
- [distrobox](https://github.com/89luca89/distrobox)
- [duperemove](https://github.com/markfasheh/duperemove)
- guest VM agents (`qemu-guest-agent` and `open-vm-tools`)
- intel wifi firmware - CoreOS omits this despite including atheros wifi firmware... hardware enablement FTW
- [mergerfs](https://github.com/trapexit/mergerfs)
- moby-engine(docker), docker-compose and podman-compose
- [snapraid](https://www.snapraid.it/)
- [cockpit](https://cockpit-project.org) (podman container and system management)
- [firewalld](https://firewalld.org/)
- guest VM agents (`qemu-guest-agent` and `open-vm-tools`))
- [docker-compose](https://github.com/docker/compose) and [podman-compose](https://github.com/containers/podman-compose) *docker(moby-engine) and podman are pre-installed in CoreOS*
- [tailscale](https://tailscale.com) and [wireguard-tools](https://www.wireguard.com)
- [tmux](https://github.com/tmux/tmux/wiki/Getting-Started)
- udev rules enabling full functionality on some [Realtek 2.5Gbit USB Ethernet](https://github.com/wget/realtek-r8152-linux/) devices
@@ -50,18 +63,31 @@ Suitable for running containerized workloads on either baremetal or virtual mach
- Optional [ZFS versions](#tag-matrix) add:
- [sanoid/syncoid dependencies](https://github.com/jimsalterjrs/sanoid) - [see below](#zfs) for details
- [ZFS driver](https://github.com/ublue-os/ucore-kmods) - latest driver (currently pinned to 2.2.x series)
- Disables Zincati auto upgrade/reboot service
- Enables staging of automatic system updates via rpm-ostreed
- Enables password based SSH auth (required for locally running cockpit web interface)
- Disables Zincati auto upgrade/reboot service
- Provides public key allowing [SecureBoot](#secureboot) (for ucore signed `nvidia` or `zfs` drivers)
Note: per [cockpit instructions](https://cockpit-project.org/running.html#coreos) the cockpit-ws RPM is **not** installed, rather it is provided as a pre-defined systemd service which runs a podman container.
### `ucore`
This image builds on `ucore-minimal` but adds drivers, storage tools and utilities making it more useful on bare metal or as a storage server (NAS).
- Starts with a [`ucore-minimal`](#ucore-minimal) image providing everything above, plus:
- Adds the following:
- [cockpit-storaged](https://cockpit-project.org) (udisks2 based storage management)
- [distrobox](https://github.com/89luca89/distrobox) - a [toolbox](https://containertoolbx.org/) alternative
- [duperemove](https://github.com/markfasheh/duperemove)
- intel wifi firmware - CoreOS omits this despite including atheros wifi firmware... hardware enablement FTW
- [mergerfs](https://github.com/trapexit/mergerfs)
- [snapraid](https://www.snapraid.it/)
### `ucore-hci`
Hyper-Coverged Infrastructure(HCI) refers to storage and virtualization in one place... So this image primarily adds the virtualization stack.
Hyper-Coverged Infrastructure(HCI) refers to storage and hypervisor in one place... This image primarily adds libvirt tools for virtualization.
- Starts with `ucore` to give you everything above, plus:
- Starts with a [`ucore`](#ucore) image providing everything above, plus:
- Adds the following:
- [cockpit-machines](https://github.com/cockpit-project/cockpit-machines): Cockpit GUI for managing virtual machines
- [libvirt-client](https://libvirt.org/): `virsh` command-line utility for managing virtual machines
@@ -180,7 +206,7 @@ The utility will prompt for a password. The password will be used to verify this
## How to Install
### Prerequsites
### Prerequisites
This image is not currently available for direct install. The user must follow the [CoreOS installation guide](https://docs.fedoraproject.org/en-US/fedora-coreos/bare-metal/). There are varying methods of installation for bare metal, cloud providers, and virtualization platforms.
@@ -205,16 +231,26 @@ sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/ublue-os/IMAGE:TAG
|-|-|
| [`fedora-coreos`](#fedora-coreos) - *stable* | `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
| [`fedora-coreos`](#fedora-coreos) - *testing* | `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
| [`ucore-minimal`](#ucore-minimal) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
| [`ucore-mimimal`](#ucore-minimal) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
| [`ucore`](#ucore) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
| [`ucore`](#ucore) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
| [`ucore-hci`](#ucore-hci) - *stable* | `stable`, `stable-nvidia`, `stable-zfs`,`stable-nvidia-zfs` |
| [`ucore-hci`](#ucore-hci) - *testing* | `testing`, `testing-nvidia`, `testing-zfs`, `testing-nvidia-zfs` |
#### Verified Image Updates
This image now includes container policies to support image verification for improved trust of upgrades. Once running one of the `ucore*` images (not included in `fedora-coreos`), the following command will rebase to the verified image reference:
```bash
sudo rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/IMAGE:TAG
```
### Install with Auto-Rebase
Your path to a running uCore can be shortend by using [examples/ucore-autorebase.butane](examples/ucore-autorebase.butane) as the starting point for your CoreOS ignition file.
Your path to a running uCore can be shortened by using [examples/ucore-autorebase.butane](examples/ucore-autorebase.butane) as the starting point for your CoreOS ignition file.
1. As usual, you'll need to [follow the docs to setup a password](https://coreos.github.io/butane/examples/#using-password-authentication). Substitute your password hash for `YOUR_GOOD_PASSWORD_HASH_HERE` in the `ucore-autorebase.butane` file, and add your ssh pub key while you are at it.
1. Generate an ignition file from your new `ucore-autorebase.butane` [using the butane utility](https://coreos.github.io/butane/getting-started/).

36
ucore/Containerfile
View File

@@ -1,8 +1,8 @@
ARG COREOS_VERSION="${COREOS_VERSION:-stable}"
# ucore-hci image section
FROM quay.io/fedora/fedora-coreos:${COREOS_VERSION} AS ucore
# ucore-minimal image section
FROM quay.io/fedora/fedora-coreos:${COREOS_VERSION} AS ucore-minimal
ARG COREOS_VERSION="${COREOS_VERSION:-stable}"
# build with --build-arg NVIDA_TAG="-nvidia" to install nvidia
@@ -20,10 +20,9 @@ COPY packages.json /tmp/packages.json
COPY usr /usr
RUN export IMAGE_NAME=ucore \
&& mkdir -p /var/lib/alternatives \
&& /tmp/install.sh \
&& /tmp/post-install.sh \
RUN mkdir -p /var/lib/alternatives \
&& /tmp/install-ucore-minimal.sh \
&& /tmp/post-install-ucore-minimal.sh \
&& mv /var/lib/alternatives /staged-alternatives \
&& rm -fr /tmp/* /var/* \
&& ostree container commit \
@@ -34,6 +33,26 @@ RUN export IMAGE_NAME=ucore \
COPY --from=docker.io/docker/compose-bin:latest /docker-compose /usr/bin/docker-compose
# ucore image section
FROM ucore-minimal AS ucore
ARG COREOS_VERSION="${COREOS_VERSION:-stable}"
COPY *.sh /tmp/
COPY packages.json /tmp/packages.json
COPY usr /usr
RUN mkdir -p /var/lib/alternatives \
&& /tmp/install-ucore.sh \
&& mv /var/lib/alternatives /staged-alternatives \
&& rm -fr /tmp/* /var/* \
&& ostree container commit \
&& mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives \
&& mkdir -p /tmp /var/tmp \
&& chmod -R 1777 /tmp /var/tmp
# ucore-hci image section
FROM ucore AS ucore-hci
@@ -44,9 +63,8 @@ ARG ZFS_TAG="${ZFS_TAG}"
COPY *.sh /tmp/
COPY packages.json /tmp/packages.json
RUN export IMAGE_NAME=ucore-hci \
&& mkdir -p /var/lib/alternatives \
&& /tmp/install-hci.sh \
RUN mkdir -p /var/lib/alternatives \
&& /tmp/install-ucore-hci.sh \
&& mv /var/lib/alternatives /staged-alternatives \
&& rm -fr /tmp/* /var/* \
&& ostree container commit \

12
ucore/install-hci.sh
View File

@@ -1,12 +0,0 @@
#!/bin/sh
set -ouex pipefail
RELEASE="$(rpm -E %fedora)"
# ucore copr needed for some packages
curl -L https://copr.fedorainfracloud.org/coprs/ublue-os/ucore/repo/fedora-${RELEASE}/ublue-os-ucore-fedora-${RELEASE}.repo \
-o /etc/yum.repos.d/_copr_ublue-os-ucore.repo
# install packages.json stuffs
/tmp/packages.sh

7
ucore/install-ucore-hci.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
set -ouex pipefail
# install packages.json stuffs
export IMAGE_NAME=ucore-hci
/tmp/packages.sh

4
ucore/install.sh → ucore/install-ucore-minimal.sh
View File

@@ -59,7 +59,5 @@ fi
curl -L https://pkgs.tailscale.com/stable/fedora/tailscale.repo -o /etc/yum.repos.d/tailscale.repo
# install packages.json stuffs
export IMAGE_NAME=ucore-minimal
/tmp/packages.sh
# install packages direct from github
/tmp/github-release-install.sh trapexit/mergerfs fc.x86_64

10
ucore/install-ucore.sh Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
set -ouex pipefail
# install packages.json stuffs
export IMAGE_NAME=ucore
/tmp/packages.sh
# install packages direct from github
/tmp/github-release-install.sh trapexit/mergerfs fc.x86_64

23
ucore/packages.json
View File

@@ -1,27 +1,30 @@
{
"all": {
"include": {
"all": [
"all": [],
"ucore-minimal": [
"cockpit-networkmanager",
"cockpit-podman",
"cockpit-selinux",
"cockpit-storaged",
"cockpit-system",
"distrobox",
"duperemove",
"firewalld",
"iwlegacy-firmware",
"iwlwifi-dvm-firmware",
"iwlwifi-mvm-firmware",
"open-vm-tools",
"podman",
"podman-compose",
"qemu-guest-agent",
"snapraid",
"tailscale",
"tmux",
"wget",
"wireguard-tools",
"wireguard-tools"
],
"ucore": [
"cockpit-storaged",
"distrobox",
"duperemove",
"iwlegacy-firmware",
"iwlwifi-dvm-firmware",
"iwlwifi-mvm-firmware",
"snapraid",
"xdg-dbus-proxy",
"xdg-user-dirs"
],
@@ -35,6 +38,8 @@
},
"exclude": {
"all": [],
"ucore-minimal": [],
"ucore": [],
"ucore-hci": [
"nfs-utils-coreos"
]

0
ucore/post-install.sh → ucore/post-install-ucore-minimal.sh
View File